Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
1
vote
0 answers

IIS SSO not working, asking for login via login-prompt every new session

We are facing an issue where we don't get SSO to work on an IIS web app. We have set Windows-Authentication as enabled and Negotiate and NTLM as providers (IIS Windows Authentication and Providers). We have the same setup on a test-environment where…
Niclas
  • 11
  • 2
1
vote
2 answers

OpenSSH + Active Directory: allow sftp for a group while disallowing everyone else

My objective is to allow a given Active Directory group members to use OpenSSH SFTP in chroot, and deny access to SSH for them and all others that aren't members of that group, while still allowing local (non-AD) system accounts. I've already…
Daichi42
  • 55
  • 1
  • 1
  • 6
1
vote
2 answers

On linux, is there a way to record the ports a program tries to communicate over?

Problem: I am trying to determine which ports to open for specific programs I have a number of programs that need to access services on remote hosts, but I don't know which ports they are trying to use for the purpose. Rather than opening the…
Steen
  • 127
  • 7
1
vote
0 answers

Limit access on network share to a specific computer, Device claim under DAC not working

There are certain confidential data and we want to make sure that is does not get copied by user and eventually leaked out of organisation. For achieving the same, we have defined a restricted windows machine which a user can access but no data can…
Amit
  • 111
  • 2
1
vote
1 answer

How to disable basic authentication when using kerberos on nginx?

My task is to configure Kerberos authentication on nginx. The backend is django. The idea is that when a request is made to api, nginx should perform kerberos authentication. But in case the user is not in the domain, then a redirect to the /auth…
user12844285
  • 11
  • 2
1
vote
1 answer

Is there a way to force active directory group assignation without logoff/login?

as stated here and there, it looks like there is no way to avoid a user logoff/login in order to activate a new group assignation for this user (my use case was : activate an access to a shared folder by adding a user in a group). Is there still no…
Alex T.
  • 185
  • 2
  • 12
1
vote
0 answers

Join AD domain failed SPNEGO login failed: {Access Denied} A process has requested access to an object but has not been granted those access rights

I meet a problem when trying to join Active Directory domain with Samba. The error message is cli_session_creds_prepare_krb5: Doing kinit for myaccount@domain.com to access domaincontroller.hostname cli_session_setup_spnego_send: Connect to access…
zhaorong
  • 136
  • 5
1
vote
1 answer

Microsoft Active Directory kerberos returns unknown principal

I m trying to authenticate the host for kbr5p nfs mount where Microsoft active directory is acting as the Kerberos server. sudo kinit -k -t /etc/krb5.keytab host/ROBODAROBODA@EXAMPLE.COM kinit: Client 'host/ROBODAROBODA@EXAMPLE.COM' not found in…
suresh
  • 231
  • 1
  • 3
  • 9
1
vote
1 answer

Active Directory as uid/gid provider within a cluster

I have a CentOS 8 HPC cluster setup with a login node that is connected to an active directory via sssd/kerberos. Only the login node is accessible from the user network. Users use their normal domain account to access the login node. All the…
DayAndNight
  • 11
  • 1
1
vote
1 answer

Get history of remote connections for a user

One of our disabled admin account credentials is still used to perform (failed) login attempts on some Windows servers from a bunch of other servers. The login attempts were made using Kerberos authentication. Question: How can identify on the…
MedAl
  • 121
  • 6
1
vote
1 answer

autofs with samba, sssd, openldap, kerberos

I want to mount a samba share with autofs. srv.xxxxxxx.net is the samba server (proxmox container, Debian 10) ldap2.xxxxxxx.net is the openldap (proxmox container, Debian 10) gui.xxxxxxx.net is the client (proxmox vm, Ubuntu 18.04) Samba runs in…
user12682985
  • 23
  • 4
1
vote
1 answer

Migrating from Heimdal to MIT Kerberos

Does anyone know of any existing documentation, HOWTO, SE question, or even a blog post that shows an example Kerberos database migration from Heimdal to MIT KDCs? Has anyone done this operation themselves, and if so, did you discover any pitfalls,…
stevegt
  • 240
  • 1
  • 5
0
votes
2 answers

Mixture of authentication methods for SSH

Is there a way to accomplish Kerberos authentication for some accounts and ssh-key authentication for the others in Linux? The Kerberos method is for accounts that are in Windows and Linux, whereas the key method is for Linux accounts.
Anant Raman
  • 1
  • 1
0
votes
0 answers

Is it possible to deploy from a Linux docker container with ansible installed on it to a windows machine in network domain? If it is how?

Currently I am able to do this by using ansible in WSL(Windows Subsystem for Linux) with kerberos authentication. But when I use Docker container instead of WSL and follow same procedure as with WSL, I am not able to do it. I get the following error…
Prajesh Jain
  • 11
  • 1
0
votes
1 answer

service on nfs with sec=krb5i

I'm trying to install nextcloud on an ArchLinuxARM box and would like to store uploaded data on an NFS server (debian testing). NFS server uses sec=krb5i to export shares. I have SSSD running and NFS works smoothly for ordinary users. However, I…
Snakebite
  • 3
  • 3
1 2 3
75 76