Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

Access Denied when mounting Kerberised NFS v4 Share

I want to mount an NFS4 share, but with Kerberos security enabled. This is my setup: Debian Server (dns fqdn: nfsv4test.subnet.example.org) Debian Client (dns fqdn: nfsv4client.subnet.example.org) Windows ADC, acts also as KDC My realm is…

active-directory nfs kerberos

asked Dec 15 '21 at 16:37

Standard

votes

0 answers

NFS4 + Kerberos and ownership of mounted share

I have the following setup: NFS4 server on Debian Buster, Kerberos server on the same machine, no LDAP or AD. The hostname is bohr.digital. List of…

kerberos file-permissions nfs4

asked Dec 08 '21 at 14:49

QkiZ

votes

0 answers

Squid does not write into access.log with kerberos authentication

I finally managed to get squid with kerberos authentication and LDAP group checking to work. I am using squid 4.1, kerberos v5 and Linux Mint Cinnamon 20.1. Everything works fine, but I got a little problem: As soon as I am using Kerberos as…

ldap squid kerberos ntlm

asked Dec 08 '21 at 10:54

Shouma

votes

1 answer

Does Windows SSO work with ADFS 2016 for OIDC Web Application?

Our web application uses OpenID-Connect (OIDC) Implicit Flow for user login with ADFS 2016. Login generally works, however users get login screen for user name and password. Does Windows-Login / SSO (kerberos?) work with such setup so users don't…

kerberos adfs single-sign-on

asked Dec 06 '21 at 15:03

Vilmantas Baranauskas

votes

0 answers

Microsoft AD/Kerberos and non-Windows clients (RHEL and Cisco)

I currently manage a small network with mostly Win Server 2016 hosts in a standard Active Directory domain, plus a couple RHEL 7 boxes. We will be going to Win Server 2019 and RHEL 8 in the medium future. Switches and routers are Cisco. Someone up…

active-directory redhat cisco kerberos

asked Nov 02 '21 at 20:27

SKaye

votes

0 answers

Ubuntu Kerberos Parent Domain Auth Fails

We have an Ubuntu 18.4 server joined to the child domain. I'm able to ssh to the server with child domain account but not with parent domain account. Here is my krb5.conf [libdefaults] default_realm = DOMAIN.LOCAL ticket_lifetime =…

active-directory kerberos ubuntu-18.04 sssd windows-authentication

asked Oct 29 '21 at 22:14

AAABL

votes

1 answer

Ubuntu SSSD Auth Error with child/sub AD Domain

Need help authenticating linux (Ubuntu) server that is joined to child domain. I can see the server name on the Domain Controller and able to run authentication test successfully however I am not able to login with my domain account. Seems like a…

ubuntu active-directory authentication kerberos sssd

asked Oct 22 '21 at 22:18

AAABL

votes

0 answers

how to get the auth statistics of kerberos server (MIT kerberos krb5kdc)

I am looking for a way to show Kerberos authentication statistics like how many auth success/failed/duration on krb5kdc. for success/failure I can get it from the syslog, but for the duration (the time taken to service the request successfully),…

kerberos mitkerberos

asked Oct 18 '21 at 07:07

chocripple

2,039
14
9

votes

0 answers

Linux server joined to child AD domain unable to authenticate users from parent domain

I have an Ubuntu 20.04 server that I have successfully joined to my domain using realm, US.EXAMPLE.COM. The way our AD is structured is that all machines are joined to the child domain for their region and all users are setup in the parent domain,…

linux active-directory kerberos sssd

asked Oct 15 '21 at 20:39

dan9k1

votes

1 answer

Ubuntu 18.04 multi-AD-User mount share in /home

I have an Ubuntu 18.04 server which is joined to our windows domain. I have set up so users can log in to the server using their AD creds which is working great. I also set up script that mounts a windows share automatically at login. sudo mount -t…

linux ubuntu ldap kerberos cifs

asked Oct 01 '21 at 17:17

TL_Arwen

votes

0 answers

Apache HTTPD Kerberos, silently redirect if no auth offered

I've configured Apache HTTPD as a reverse proxy (for SSL) for my Artifactory instance, and I'm now trying to get HTTP SSO working on it. Using the below configuration, I am successfully automatically signed in from my machine. However, when I run…

apache-2.4 kerberos single-sign-on google-chrome artifactory

asked Oct 01 '21 at 07:07

tj94

votes

1 answer

Powershell Remote PSSession Failing - Domain Administrator Account - Error 0x80090322

I am troubleshooting an issue I have with a PRTG sensor not collecting Windows Update information from one of our servers. It is using WinRM and a remote PowerShell command to do that. Server 1 - Issue Server Server 2 - Working Server When I try to…

windows kerberos winrm

asked Sep 09 '21 at 20:02

Logan

votes

0 answers

Windows Server 2012 R2, Kerberos: Should the SPN "host/localhost" exist?

I noticed that the eventlog "Microsoft-Windows-Security-Kerberos" is filled with the same entry around every minute (sometimes three times per minute, sometimes only after two or three minutes): Event ID: 100 Description (roughly translated from…

windows-server-2012-r2 kerberos windows-event-log

asked Aug 30 '21 at 09:55

Larsen

votes

2 answers

Set network.auth.use-sspi in Firefox with Group Policy

I have downloaded the Group Policy templates and copied them to the appropriate location. In gpedit.msc I have set: Computer Configuration > Administrative Templates > Mozilla > Firefox > Authentication > SPNEGO to include the required domain names…

group-policy kerberos firefox mitkerberos

asked Jul 29 '21 at 15:42

Jon

votes

1 answer

Kerberos kinit with keytab not working with certain encryption methods -- PER USER

I have two users, say userA and userB. userA can use a keytab with aes but not rc4 and userB can use a keytab with rc4 but not aes. This is the snippet that makes the keytab, tests it, and puts it into place: #!/bin/sh PRINCIPAL="xxxxx" #…

kerberos

asked Jul 09 '21 at 17:37

rrauenza

Prev 1 2 3

…

75 76 Next