Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

vote

0 answers

wildcard NFS export with kerberos works in some format but not working in some formats

I have been trying to export NFS using following format $ cat /etc/exports /share server*.example.com(sec=krb5p,rw) This format is working fine and I am able to mount respective directories on respective servers. However, following format is not…

asked Oct 20 '17 at 16:19

darwik

vote

2 answers

Unable to connect to SQL Server from RHEL Server 7.4 using Kerberos

So I'm trying to connect to one of our SQL server from a RHEL Server 7.4 machine, I already installed kerberos, unixodbc and Microsoft ODBC for Linux. The SQL Server I'm trying to connect to is inside Active Directory domain, I was able to…

linux sql-server redhat kerberos

asked Oct 11 '17 at 12:17

chad

vote

0 answers

IIS impersonate 401 Unauthorized (2x asp.net MVC)

I have IIS website with windows auth (only) enabled (lets say site.domain.com). My site calls HTTP rest API on it's subsite (lets say site.domain.com/api). It is different application. It works OK, when I call this api as application pool identity.…

iis authentication kerberos asp.net-mvc

asked Oct 04 '17 at 15:22

Miroslav Adamec

vote

2 answers

Linux SSSD with two AD Domains

I Joined my Centos Box to a Windows Active Directory Domain with realm join --user=DomUser dom2.local Without any Problems. The Domain hast a one-way Trust relationship to Dom1. Our Windows Users can: Log-In with Dom1/User to Dom1/Host Log-In…

linux centos active-directory kerberos sssd

asked Sep 26 '17 at 14:46

embedded

vote

0 answers

Autofs + Kerberos + NFSv4 works on RHEL, but not Ubuntu

We have our /home directories stored on a NetApp SVN, and are automounting them as NFSv4 with Kerberos. This seems to work flawlessly on RHEL7.x, however it will not work in Ubuntu 14.04 or 16.04 no matter what we try. Both RHEL and Ubuntu are using…

ubuntu nfs kerberos sssd autofs

asked Sep 15 '17 at 22:35

drchrist68

vote

0 answers

IIS App Pool won't start with gMSA identity if it is first used after the number of days in msDS-ManagedPasswordInterval

We have been using Group Managed Service Accounts (gMSAs) in our environment without issues until recently. We deployed several apps to production where the gMSAs had been created about 60 days ago but had not yet been used. On the gMSA's…

active-directory iis load-balancing kerberos managed-service-accounts

asked Aug 24 '17 at 22:14

jhiller

vote

1 answer

How to configure Heimdal Kerberos to use OpenLDAP?

From http://www.h5l.org/manual/HEAD/info/heimdal/Using-LDAP-to-store-the-database.html#Using-LDAP-to-store-the-database A current release of Heimdal, configured with --with-openldap=/usr/local The OpenBSD package of Heimdal is not configured with…

kerberos openbsd make heimdal

asked Aug 23 '17 at 21:06

Neil McGuigan

vote

1 answer

Kerberos KDC won't start : invalid credentials

I'm having troubles my kerberos server (LDAP back-end). I wanted to restart the KDC service and it failed. It has been working fine for several weeks. Since I had just tweaked LDAP ACLs, I tried the following commands: $ slapacl -D…

linux debian ldap openldap kerberos

asked Aug 20 '17 at 14:12

dblouis

vote

1 answer

Using MIT Kerberos as Account Realm for Windows AD

My situation is as follows: We have a large number of Linux users and thus our accounts are on a MIT Kerberos Server. We have a few Windows users whose accounts are in Windows AD. And we have a growing number of users who sometimes use both systems.…

active-directory kerberos login cross-platform

asked Aug 18 '17 at 16:43

Kestrel

vote

0 answers

Does Authenticator Timestamps in Kerberos Tickets from Active Directory have Microsecond Granularity?

We have a problem with false positives in Kerberos replay detection. It happens more often than we would expect. Our KDC is Active Directory. I have come to suspect that the timestamps in the authenticators effectively have less than the microsecond…

active-directory kerberos timestamp resolution

asked Jul 25 '17 at 15:09

Karsten Spang

vote

1 answer

klist returns no tickets when using "pam_krb5.so try_first_pass"

We have auth optional pam_krb5.so try_first_pass in /etc/pam.d/password-auth-ac and /etc/pam.d/system-auth-ac however when I do a klist after successful login, I get klist: No credentials cache found (filename: /tmp/nnnnn) What…

linux centos7 kerberos pam sssd

asked Jun 29 '17 at 19:57

Saqib Ali

vote

0 answers

Kerberos login for existing domain: realm and workgroup don't match causing CLIENT_NOT_FOUND

I have recently inherited the responsibilities of maintaining our Samba domain controller which is used primarily for managing logging into the domain as well as serving as a secure file share. The initial configuration of this system is not…

active-directory kerberos samba4

asked Jun 22 '17 at 18:36

Matthew Alexander Taylor

vote

1 answer

Domain Controller not auto enrolling Kerberos Certificate from new 2016 CA

I migrated a Windows 2008 R2 DC and Enterprise Root CA to a new Windows 2016 DC and CA. Everything seemed stable except I had a few RODCs and writeable DCs that were showing "Failed Requests" in the CA for their auto enrollment of the…

certificate kerberos certificate-authority windows-server-2016

asked Jun 06 '17 at 19:07

TheCleaner

32,352
26
126
188

vote

1 answer

Cannot contact any KDC for requested realm in log.winbindd-dc-connect every 10 seconds

I have a Ubuntu box, used for cifs file shares, that is using Samba. It is joined to an Active Directory Domain. We are using trusted domains. We have a pretty large AD infrastructure with many child domains. This box is joined to one of the child…

active-directory samba ubuntu-14.04 kerberos cifs

asked Mar 20 '17 at 20:39

Travis-Zadara

vote

0 answers

After a domain acct password change, what is the (max) length of time a windows service continue to run if not updated

I know the question is awkwardly phrased, and I also realize there are going to be multiple factors in this that don't lead to a single definitive answer. I seem recall in the past, having services that were started up and frankly "just kept…

authentication kerberos windows-service windows-authentication authorization

asked Mar 16 '17 at 17:09

dave_the_dev

Prev 1 2 3

…

75 76 Next