Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
2
votes
1 answer

cifs automounts suddenly stopped working

Had been working for several years but has suddenly stopped. Obviously, something in the environment must have changed but I need some ideas for where to look Linux workstation automounting SMB shares from a NAS device in a Windows AD domain Fedora…
Michael Keane
  • 21
  • 2
2
votes
1 answer

sssd active directory password integration not working

We are in the process of setting up sssd to be used with active directory using the config below. We do not use attribute mapping as we want to use attributes defined in the AD ldap objects such as custom uid, unixHomeDirectory and public keys…
ZZ9
  • 838
  • 3
  • 16
  • 47
2
votes
1 answer

Kerberos service started with Error: Cannot open DB2 database on Ubuntu 18

I installed kerberos on Ubuntu 18 with sudo apt install krb5-kdc krb5-admin-server But, When I ran systemctl status krb5-kdc.service, it turns out: Feb 17 21:25:23 device2 krb5kdc[8675]: Cannot open DB2 database '/var/lib/krb5kdc/principal': No such…
DennisLi
  • 125
  • 1
  • 5
1
vote
2 answers

SSSD, openLDAP, MIT Kerberos: "id username" doesn't find enty in LDAP, but ldapsearch does

I have installed openLDAP, MIT Kerberos and SSD on Debian 10 Systems based on this tutorial Integrated Kerberos-OpenLDAP provider on Debian squeeze. Each of the three components is on its own Proxmox LXC Container. ldap: 192.168.1.120 …
user12682985
  • 23
  • 4
1
vote
0 answers

Kerberos with HTTP Resource Server Login

I am having an http (IIS) resource server which uses Kerberos 5 for authentication. Every time I reach the page I need to key in my username and password but if I have done kinit in my machine (Windows 10) and have configured my browser (Firefox)…
Kishore Chandran
  • 111
  • 2
1
vote
1 answer

Seed Kerberos with existing LDAP users

My organization was using 389 Directory Server LDAP up until now to manage authentication. I was tasked with switching to Kerberos for that purpose but I still want to keep LDAP for non-auth relevant data. My problem lies in seeding the existing…
IGP
  • 63
  • 6
1
vote
0 answers

Kerberos on NameBased vhosts with SSL

Im trying to figure out how to implement kerberos for SSO on sites that are using name based vhosts on apache ( linux server) e.g. Lets say that I have domains a.com and b.com. Both are set as CNAME of the domain c.com in DNS (Trying to save…
TheBeardWithoutKnowledge
  • 143
  • 1
  • 1
  • 7
1
vote
1 answer

nfs kerberos: multiple clients different directories

I've set up kerberos with NFS and it's working fine. However there seems to be a problem with the way it works, any kerberos client seems to be able to access any directory (if they take the right ip) On the NFS server (192.168.1.12): $ exportfs…
confused_nfs
  • 11
  • 2
1
vote
1 answer

Getting the Network Credentials of a running process?

If a Windows program is run with ‘runas’ using the ‘/netonly’ argument is there any way to see what credentials are being used by it for the network? Similar to the way you might see a process is being run by a certain user in the task manager, or…
leeand00
  • 4,807
  • 13
  • 64
  • 106
1
vote
1 answer

Can't start Samba on Fedora Linux

I'm trying to get Samba running as an Active Directory Domain Controller with Kerberos, but when I try to start its service I get a strange error that I can't seem to find anywhere on the internet. Running sudo systemctl start samba fails, and sudo…
William Brandes
  • 11
  • 3
1
vote
0 answers

GSSAPI errors when running remctl

While migrating my Kerberos servers from CentOS 6 to CentOS 7 I seem to have broken something on the current KDC and, despite several hours of trial-and-error and searching documentation, I cannot figure out what happened. When a user logs in using…
scarville
  • 51
  • 5
1
vote
0 answers

New SPN required when renaming server?

I am in the process of decommissioning a Win 2008 server, that runs an app that uses Kerberos authentication, and has an SPN created for our service account. The replacement server will be renamed to match the old server. What I am unsure if is if…
MegaHurtz83
  • 11
  • 1
1
vote
1 answer

Kerberos and IIS6: Working with only specific users

I am setting up Kerberos and I have some strange issues. I am testing it with two users one who has a valid SPN and are trusted for delegation (user1) and one who does not have a valid SPN and is not trusted for delegation (user2). The tests are…
user17562
  • 147
  • 4
1
vote
0 answers

Kerberos slave doesn't update his Master KDC DB fields

Since we've put in place a Master/Slave for our Kerberos, we've noticed that our fields doesn't get updated (Information wise) Last password change: Fri Aug 02 10:18:08 GMT 2019 Last modified: Fri Aug 02 10:18:08 GMT 2019…
Tolsadus
  • 1,123
  • 11
  • 22
1
vote
2 answers

Enabling Unconstrained Delegation on Active Directory Domains

Where can i see the setting in domain , if i enable "unconstrained Delegation" by using below command? netdom.exe trust fabrikam.com /domain:contoso.com /EnableTGTDelegation:Yes
Darktux
  • 827
  • 5
  • 20
  • 36
1 2 3
75 76