Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
1
vote
2 answers

Authenticating with Exchange WebDAV / Outlook Web Access

I'm having issues accessing Exchange WebDav / OWA from any machine but the IIS & Exchange server. We've got a small development domain running Windows 2003. One server (which we'll call IIS_box) runs IIS and Exchange 2003. The IIS_Box has Outlook…
Grhm
  • 293
  • 5
  • 16
1
vote
1 answer

How to generate kerberos traffic?

I'm trying to verify the encryption types allowed for kerberos by viewing packet captures in order to prepare to remove support for RC4 with kerberos. Does anyone know what I can do on Windows Server machines to generate some kerberos traffic that…
Roman
  • 386
  • 5
  • 16
1
vote
0 answers

Linux mount to FSx using AD user disconnects after interval; initial mount works but message HOST IS DOWN occurs after some time

When I run the mount command I’m able to connect/ls to the share until, what appears to be the ticket renewal, timing occurs. Then I get host is down. I have looked through all the suggested similar questions and searched the web. See "a little…
Robel Robel Lingstuyl
  • 111
  • 2
1
vote
1 answer

ldapsearch finds my account/user, sssd does not

I am trying to setup a new Server(Ubuntu 22.04 LTS) and authenticate users using organization accounts. This is the public Documentation provided: https://www.hs-regensburg.de/supportwiki/doku.php?id=en:public:netz:auth When executing ldapsearch…
Sammy
  • 13
  • 3
1
vote
0 answers

How to confgure multi realm Kerberos

Intention I want to set up 2 Kerberos realms where one can authenticate the users in the other. Current Setup I have 2 Kerberos Servers (ad.somedomain.com and kerb.foo.bar) I have my users on kerb.foo.bar User user1 alice bob I can…
Wessel Scholtz
  • 11
  • 2
1
vote
1 answer

FreeIPA migrate the current NFSv4 storing home directories to another server

I have a FreeIPA set-up that uses NFSv4 to store users' home directories. NFS is running on the same physical server as the FreeIPA. CentOS btw. I'd like to move the NFS server on a new machine and add more storage. I have searched for documentation…
lolz
  • 11
  • 1
1
vote
1 answer

Cross realm constrained delegation

I have Red Hat IdM on RHEL8 with a two-way trust to AD on Windows 2019. What currently works: Constrained delegation for NFS clients. NFS clients can impersonate users from the IdM realm (gssproxy). Users from the AD domain can log on to the hosts…
KrisVandenbergh
  • 61
  • 5
1
vote
1 answer

Kerberized NFS4 takes 5 seconds to open a file

I set up a NFSv4 server and a client both running Debian 11.3 on Linux 5.10.0-13. It basically works i.e., I see all files with correct permissions and can open, modify, etc. However, opening a file causes a 5 second delay. The server exports…
Lars Hanke
  • 281
  • 2
  • 15
1
vote
1 answer

GSSAPI Error: KDC has no support for encryption type on RHEL 8 joined to multi-domain AD forest

I have a simple MS ADDS multi-domain forest setup with a parent domain and one sub-domain. I joined a RHEL 8 server successfully to the sub-domain by using this official documentation. All OSs have been setup by using as much defaults as possible. I…
stackprotector
  • 445
  • 1
  • 3
  • 20
1
vote
0 answers

Squid doesn't cache with Kerberos auth

I am using a squid proxy with kerberos auth. Everything works great for months now, but my only problem is, that squid isn't caching anything! As soon as I switch to NTLM auth, squid is caching, so I don't think, that it's a squid config problem. Is…
Shouma
  • 21
  • 2
1
vote
1 answer

When trying to nfs4 mount a share with sec=krb5 I get "not exported" error message on nfs server

I run two nfs servers with user home directories and other shares on them. The servers offer kerberized nfsv4 mounts as well as old v3 ones. Until recently I was able to nfs4-mount a krb5-exported share from one server on the second without any…
rainer042
  • 31
  • 3
1
vote
1 answer

How to export shares so that users don't create file as root

I am trying to export home directories from my NAS to ubuntu clients - the server is a TrueNAS Scale, which is Debian based. Kerberos works, so users get the proper tickets to authenticate to the server. My main goal is that users can mount their…
francisaugusto
  • 170
  • 9
1
vote
1 answer

Can Samba authenticate against MIT Kerberos?

We have a network with mostly Linux servers and clients, which we recently moved from NIS to Kerberos & LDAP. One of the main reasons was to secure our NFS shares using Kerberos. This is all working great. Now we do have a few windows clients and we…
Mika Fischer
  • 113
  • 1
  • 4
1
vote
0 answers

Apache reverse proxy with Kerberos authenticate and LDAP authorization

Server version: Apache/2.4.37 (Red Hat Enterprise Linux) Apache is launched as a container in the Openshift cluster. I am using Apache as a forward and reverse proxy for Kibana. Mandatory requirement is use Kerberos and need a role model to…
Andrew
  • 11
  • 1
1
vote
0 answers

NFS stale file handle for regular user but not root

I've installed freeipa container on a Ubuntu server and an NFS server on the server itself. When I mount the NFS directory on a client machine or even the server itself, I can view the mounted directory as root. However, as a regular user, I get…
YuvGM
  • 153
  • 4
1 2 3
75 76