Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

0 answers

Why do I get "Server not found in Kerberos database" using testsaslauthd?

I'm trying to setup Kerberos auth over SASL using OpenLDAP. As I understand it, I need a host keytab in /etc/krb5.keytab from the KDC I'm using and then {SASL}user@realm in the given user's LDAP password attribute. Switching users from root > nobody…

asked Nov 02 '20 at 16:40

Server Fault

3,454
7
48
88

votes

0 answers

How to replace NIS authentication with Kerberos: Client not found in Kerberos database

I followed the Oracle tutorial for configuring NIS and using Kerberos as the authentication mechanism. I believe I got the Realm and KDC configured and running correctly on a server that is running NIS, so ypserv and ypbind are running. On a…

fedora kerberos nis

asked Oct 19 '20 at 19:40

RobbieTheK

votes

1 answer

How does IIS know which AD server/domain to use for kerberos?

I am currently setting up an IIS Web Application. For Authentication I use integrated Windows Authentication with Kerberos. But i am kinda new to all that AD, Windows Authentication and Kerberos stuff. I got my application going as i want it, but…

active-directory iis kerberos

asked Oct 15 '20 at 14:42

TostMaster

votes

1 answer

Configure CentOS 7 sftp and a separate samba server

I am a Windows admin and my boss requested that I build a sftp and samba server. The sftp and samba server both use Windows AD to authenticate. The external customers need to only sftp and must be jailed to their directory. The internal users have…

linux centos samba kerberos sftp

asked Sep 25 '20 at 22:49

Sage

votes

1 answer

Centos joined to domain successfully, can't create keytab?

Hello I'm trying to create keytab. This client system is already joined to domain. Below I have a flurry of errors. Looks like 2 main errors though, most notably: create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file…

centos domain kerberos

asked Sep 16 '20 at 14:28

bluesquare

votes

0 answers

kerberos - cannot contact any kdc

i don't understand kerberos. from a you tube video,i configure kerberos. and got error. i create principal for client from kdc server.. but,from client side for root user is shows : [root@client ~]# kadmin Authenticating as principal…

linux redhat kerberos

asked Sep 10 '20 at 08:28

tamjidul islam

votes

1 answer

Single Sign On in Solarwinds Security events manager (SEM)

I am having an issue where I am getting a prompt from SEM web gui to provide my credentials. I provide credentials (we use both tokens and passwords). It does not fail unless I close the prompt. LDAP works fine. I have a CA that I signed the ssl…

java kerberos single-sign-on

asked Aug 11 '20 at 18:13

Nicholas Buckingham

votes

0 answers

Single sign on with Samba AD DC, Linux servers, GSSAPI/Kerberos and Windows clients that are not joined to the domain

Setup We have: a machine running Samba 4 on Debian Buster as AD DC. another Debian Buster machine running Samba 4 as file server, joined to the domain with net join and using winbind for authentication (let's call this FILE). a third Debian Buster…

windows active-directory kerberos samba4 single-sign-on

asked Aug 07 '20 at 17:19

Magnus Holmgren

votes

2 answers

Can't determine the principal used to LDAP syncrepl GSSAPI

I've configured two openldap fully functional in HA (syncrepl mode provider - slave). After testing that simple bind syncrepl works flawlessly, I'm trying to deploy from scratch using only GSSAPI to avoid the use of plain text passwords. I've…

ldap openldap kerberos sasl gssapi

asked Jul 10 '20 at 09:46

DG DM

votes

1 answer

Specify Keytab Location for Slapd

I need help. How can I set up the ldap keytab location path in order that slapd uses it instead of the system /etc/krb5.keytab? I can't find the configuration in documentation. Thank you so much.

openldap kerberos slapd

asked Jul 09 '20 at 07:04

DG DM

votes

1 answer

ADFS 4.0 IDPinitiatedSignOn Page Error: HTTP 400 - Bad Request (Request header too long)

We are facing an issue with our WHFB enrollment process. The ADFS server Windows Intergrated login process is throwing error: HTTP 400 - Bad Request (Request header too long). The issue is limited to one user at this point of time ADFS…

active-directory kerberos adfs

asked Jun 04 '20 at 09:14

IshRaj

votes

1 answer

Windows domain joined Linux server tries to authenticate to multiple AD controllers

i have set up a Debian Server and let i join our domain. Our company has multiple domain controllers around europe. I have installed Winbind, Samba, Kerberos5, PAM and Open SSL on this machine. After the domain join i noticed that this machine tires…

linux active-directory ldap domain-controller kerberos

asked May 28 '20 at 11:27

phL

votes

1 answer

FreeIPA on RPi3 Kerberos5 timeout

I pulled a magic trick from a hat. I put Kerberos 5 using FreeIPA on a Raspberry Pi 3 B. It's an inexpensive box that does one thing only, issuing tickets. I modified the 60 second timeout to 2000 seconds, and it completed the install. Here is the…

tomcat java python kerberos freeipa

asked May 20 '20 at 03:31

JohnnyShivers

votes

3 answers

Kerberos second-hops using PowerShell Sessions

I often use PowerShell remote sessions to manage windows servers remotely, generally using the following command, though the following is true for any remote powershell commands such as Invoke-Command: Enter-PSSession Server01 This works perfectly…

powershell kerberos

asked May 18 '20 at 14:53

Cpt.Whale

votes

1 answer

Can a kerberos principal use a hostname/instance not matching the realm?

Let say our realm is CARS.LOCAL and I can't change it. Would a principal like HTTP/portal.houses.com@CARS.LOCAL works? In other words, our internet domain name doesn't match our realm and I would like to use our registered domain name with…

active-directory kerberos

asked May 14 '20 at 14:53

bbigras

Prev 1 2 3

…

75 76 Next