Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

vote

1 answer

Are Kerberos service tickets cached by mount.cifs or kernel?

When mounting a CIFS share using krbr5i and destroying my Kerberos tickets with kdestroy afterwards its still possible to mount other shares on the same server. How is this possible? Doesn't mount.cifs have to send the service ticket to the sharing…

asked Jun 04 '18 at 18:04

sahisb

vote

1 answer

CentOS 7:Reoccurring failure in accessing AD member samba shares

I have a Samba 4.6.2 samba ActiveDirectory member server. Every month or so, all clients lose the ability to connect to all the shares. I can work around the issue by leaving the domain, deleting the machine account, and re-joining the domain, but…

active-directory samba kerberos gssapi

asked May 24 '18 at 03:41

Charlweed

vote

0 answers

kerberos setup with freeipa installation

I tried installing freeipa on ubuntu v16 (cloud server) using the following: modified /etc/host to use the private IP address of the virtual machine and the corresponding host (the A name has propagated) ran the freeipa-server installation: sudo…

kerberos freeipa

asked Apr 28 '18 at 17:12

ali haider

1,120
3
15
26

vote

1 answer

Kerberos: cannot propagate database between linux master and slave kdc's

The command sudo kprop -r MY.DOMAIN -f /var/lib/krb5kdc/slave_datatrans slave_kdc.my.domain returns kprop: Key table entry not found while getting initial credentials This is a new installation on two linux debian servers. The master_kdc seems to…

linux kerberos

asked Apr 21 '18 at 00:30

Paul B

vote

1 answer

NFS Access restrictions using kerberos

I have got the following setup: One linux machine is the backup storage for a whole network of machines. The network is considered save in the sense that no real bad guy is assumed on it. In the network are multiple nodes (A, B,...,F) that put their…

nfs kerberos

asked Apr 05 '18 at 11:31

Christian Wolf

vote

0 answers

Squid with AD groups + Kerberos authentication in pfsense?

I followed steps found on the link: https://journeyofthegeek.com/2017/12/30/pfsense-squid-kerberos/ And the kerberos authentication without AD group membership restriction works very well, but I don't want all the users to have internet access. I…

active-directory squid kerberos pfsense security-groups

asked Mar 27 '18 at 15:27

Marko Farkas

vote

0 answers

Kerberos setup in Debian error Cannot contact any KDC for realm

I am trying to get a Kerberos KDC server up and running, but somehow get stuck at remote access of the KDC service. When trying 'kinit' from another Linux (Debian Stretch) system, I always get the error "kinit: Cannot contact any KDC for realm…

debian kerberos

asked Feb 02 '18 at 21:25

Noppes123

vote

1 answer

Is Samba 4 a good alternative to FreeIPA?

Our goal is to set up one file server / print server on a small LAN. To solve file permissions issues and access issues we have encountered, we believe a type of LDAP solution should be part of this. Two of the solutions we are considering…

kerberos samba4 nfs4 freeipa

asked Jan 30 '18 at 09:27

MountainX

vote

1 answer

How to set up a FreeIPA server on Arch Linux?

I am looking for instructions to set up a FreeIPA server on Arch Linux. Unfortunately, I am only seeing tutorials for setting up a FreeIPA server on RedHat or its derived distributions. (And I'm only seeing instructions for Arch Linux for a FreeIPA…

linux ldap kerberos arch-linux freeipa

asked Jan 30 '18 at 07:30

MountainX

vote

0 answers

NFS : restrict kerberos authentication to some user accounts

I'm trying to grant access to a single freeipa user to an nfs share (if possible the machine account). My etc exports looks like : /data lemp1.domain.local(rw,sync,sec=krb5p) And my working mount is : mount -t nfs4 -o sec=krb5p…

linux nfs kerberos

asked Jan 23 '18 at 12:40

setenforce 1

vote

1 answer

How to configure delegation in an ASP.Net Core 2.0 app on windows with users authenticated via Azure AD

The Setup: I have a web app written in ASP.NET Core 2.0 that authenticates against Azure AD using OpenID Connect. It is running on a machine that is part of an Azure AD domain. The app does have an Application set up in Azure AD. The problem: We…

windows sql-server asp.net kerberos delegation

asked Dec 15 '17 at 22:17

Geoff

vote

2 answers

Active Directory: What connects the KDC's principals to LDAP entries?

In Active Directory, what connects the KDC's principals to their corresponding LDAP entries? For example, my KC principal might be Name[/Instance]@REALM john/admin@company.com and my LDAP entry might be: dn: cn=john,dc=company,dc=com objectclass:…

active-directory ldap kerberos

asked Nov 18 '17 at 01:12

mellow-yellow

vote

1 answer

How to make sssd obtain a ticket to mount NFS shares for the service?

I have a working setup in a corporate environment where we use RHEL7 together with SSSD to authenticate against Active Directory. Regular authentication works well. I managed to get the NFSv4 server to work with NFSv4 clients all using the same…

nfs kerberos sssd

asked Nov 07 '17 at 17:03

Nicolas

vote

1 answer

Configure Kerberos/PAM on CentOS 7

I'm trying out Kerberos on two VMs running CentOS 7. One VM acts as the server and the other one as a client host where users are supposed to log in. My complete setup is shown below. When I create a new user to test my setup, this user can SSH (or…

centos authentication kerberos pam

asked Nov 03 '17 at 22:34

bassjoe

vote

1 answer

SQL Server Kerberos Configuration Manager error "The LDAP server is unavailable"

Running v3.1 of the SQL Server Kerberos Configuration Manager (KerberosConfigMgr) on Windows Server 2012 against a SQL Server Developer 2016 instance on same server. Running tool as admin (logged in to server as domain admin account). Default blank…

active-directory sql-server ldap kerberos

asked Oct 31 '17 at 02:59

Luke Oglethorpe

Prev 1 2 3

…

75 76 Next