Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
1
vote
1 answer

Windows Admin Center Resource Based delegation stopped working with KRB_AP_ERR_MODIFIED error

Our WAC installation SSO (via resource based delegation) stopped working last week for unknown reasons and it's driving me mad. The following event is logged on the WAC server when attempting to connect to a managed client (any of them) in the…
JulioQc
  • 62
  • 1
  • 9
1
vote
0 answers

Does NT SERVICE\MSSQLSERVER require Kerberos authentication if the sql instance is on the local machine?

I had a bizarre issue today where NT SERVICE\MSSQLSERVER was being denied login as a service on a domain joined computer. I also noticed group policy was not being applied via gpupdate /force. I disconnected the computer from the domain, deleted the…
SophisticatedBear
  • 35
  • 6
1
vote
0 answers

Can't mount NFSv4 with Kerberos from a Linux client to a FreeBSD server

I'm trying to set up NFSv4 with Kerberos. The server is FreeBSD 13.0-RELEASE and the client is Ubuntu 20. I have the Kerberos part running and I can automaatically get a ticket on login for my user, and SSH into the server while being authenticated…
hjf
  • 181
  • 1
  • 2
1
vote
0 answers

Tell saslauthd to reject authentication attempts for all domains other than ours

We are running Postfix and require authentication for the sending of mail through SMTP. The authentication uses Cyrus' saslauthd which does a Kerberos authentication against our Kerberos domain. Is there a way to tell saslauthd to attempt…
user35042
  • 2,601
  • 10
  • 32
  • 57
1
vote
4 answers

IIS time is different from server time

I have ASP.NET 2.0 site configured to perform Windows Integrated Security using Kerberos delegation. The servers including DC are running on Windows 2003 and the delegation is raised to Windows 2003 level. BTW, all servers are set to EST The…
G33kKahuna
  • 289
  • 1
  • 4
  • 10
1
vote
1 answer

Apache HTTP with Kerberos not working with Chromium-powered navigators on machines outside of domain

Here is the Apache HTTP Kerberos module configuration in /etc/apache2/sites-available/my.server.tld.conf: # ... Authname "SSO Authentication" AuthType Kerberos KrbAuthRealms MY.DOMAIN.TLD KrbServiceName…
kagmole
  • 113
  • 5
1
vote
0 answers

Forest trust: SPN mismatch for non-fully-qualified name

Setup All computers running Windows Server 2019. Domain A Item Value Fully Qualified Domain Name DomainA DomainA.local User UserA UserA@DomainA.local Server FileServer FileServer.DomainA.local Domain B Item Value Fully…
Chris Stankevitz
  • 11
  • 3
1
vote
0 answers

How to configure the apache authorization chain for Kerberos (mod_auth_kerb) and SSL?

What directives and conditions to configure the Apache configuration as follows: We try to authorize through Kerberos. If successful (What condition to use?), Then we redirect to URL1. Otherwise, we try to authorize through Certificates. If…
Александр Беляков
  • 11
  • 2
1
vote
1 answer

Ubuntu 18.04/20.04 SSSD Configuration Issues

I would like to first mention that I have more experience with the CentOS/RHEL world than I do with configuration of Ubuntu. Most of the Ubuntu systems that I have had to build use default configurations or I have been able to figure out what the…
abrousseau001
  • 11
  • 2
1
vote
1 answer

AIX Samba user access getpwuid failed

I have installed Samba 4.12.10 via yum in AIX 7.2. I have also installed kerberos package to authenticate samba with kerberos. My objective is to allow users access of folders/files in AIX from their windows machines. # yum list installed | grep…
Kevin Lee
  • 11
  • 2
1
vote
3 answers

Server Not Found in Kerberos database - where is the database located?

Testing setup: Weblogic 12.2.1.4 running on a Windows 10 machine joined to an active directory JVM 1.8.0_281 The java web application is using Java GSSAPI to access the fileshare over Samba essentially using the code from…
Nathan
  • 276
  • 1
  • 5
  • 13
1
vote
0 answers

winbind works but Squid acts wrong

I am trying to get a Squid Proxy running with Kerberos+Samba+Winbind, which is connected to my AD. Everything works great so far! krb auth working wbinfo -u, -a, -g working I made some new testing-groups and testing-users in the AD for testing the…
Shouma
  • 21
  • 2
1
vote
0 answers

Kerberos issues with Samba4 AD DC when resolv.conf not set to use localhost

I recently did a "classis conversion" of our small NT4 Samba domain to an AD one on my Debian 10 "Buster" system. I got everything working as far as I can tell, but I don't understand one issue I came across: Kerberos does not work unless the…
Tim T
  • 111
  • 3
1
vote
3 answers

Moving from OpenLDAP/Kerberos to Active Directory

I have a well working setup using OpenLDAP for user information and Kerberos for authentication, but we need to have windows integration too, and for this we have decided that moving into Active Directory could be a good idea. Moving account…
tstm
  • 313
  • 1
  • 4
  • 13
1
vote
1 answer

Kerberos pre-authentication failed for unused Administrator account on domain controllers

Our three Active Directory domain controllers are collectively reporting thousands of 'Kerberos pre-authentication failed' events a week, where the IpAddress field is of a domain controller (but always a different one) and the TargetSid field is the…
Daniel
  • 6,780
  • 5
  • 31
  • 60
1 2 3
75 76