Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

0 answers

Samba authentication and LDAP

I have an OpenLDAP server that I use for authentication and authorization for various services. All users are of object type inetOrgPerson and my groups are groupOfNames. Now I want to configure Samba to authenticate against LDAP as well (with group…

asked Jun 17 '15 at 05:47

Chris

votes

3 answers

Check Primary Authentication Protocol for Active Directory (NTLM or Kerberos?)

How can I check, from a client machine (in Global Group)(also is local admin), whether the domain controller is authenticating my login request to the domain using NTLM or Kerberos? I know that Kerberos is enabled by default, but the domain Admin…

active-directory authentication kerberos ntlm

asked Apr 11 '15 at 15:11

Andrew Watson

votes

2 answers

March 10th Patch Tuesday appears to cause SQL Server client connection problems

Since applying the full set of patches on a Win 7.1 Pro desktop and a Windows 2012 R2 Datacenter Azure server running SQL 2014, SQL Management Studio (2008 and 2014 versions) won't connect to the SQL 2014 Azure server. The client connection attempt…

windows sql-server kerberos windows-update ntlm

asked Mar 13 '15 at 12:43

Spike

votes

2 answers

Why does a SPN on a different host cause a server to lose its trust? How should I fix it?

I have a brand new server image that loses its trust as soon as it's joined to the domain. I suspect it's because of the duplicate SPN I discovered using the LDAP version of this Powershell script Powershell script #Set Search cls $search =…

kerberos active-directory spn

asked Dec 12 '14 at 04:23

makerofthings7

8,821
28
115
196

votes

3 answers

In a Windows PKI, what is a Workstation Authentication CA Template used for? What happens if it expires?

Many workstations have an expiring computer certificate that was issued using the Workstation Authentication CA template. The CA of this template expires in 2 days. I've deployed a new CA, with an extended date, and have successfully enrolled many…

active-directory kerberos ad-certificate-services

asked Dec 06 '14 at 15:21

makerofthings7

8,821
28
115
196

votes

2 answers

IIS 7.5 web application failing with NT Authority\Anonymous Logon

I am finding various google results, but none seem to fix my problem. I am setting up a new WINDOWS 2008 R2 box at work that is to communicate with an existing SQL 2012 box via web tools running in IIS 7.5 within our intranet. We are to use windows…

sql-server iis-7.5 kerberos windows-authentication application-pools

asked Dec 03 '14 at 19:59

Dan Appleyard

votes

1 answer

Cross-Realm trust verify failed with 'netdom' command

Question 1: Am having my ActiveDirectory in Windowsserver 2012 machine - its domain name is AD-DEMO.LOCAL Kerberos admin-server is in another Ubuntu machine - its realm KERBEROS.COM Added trust in 'Active Directory Domains and…

active-directory windows-server-2012 kerberos mitkerberos

asked Nov 21 '14 at 06:52

Dinesh Kumar P

votes

6 answers

Kerberos Configuration Manager for SQL Server error "unable to access user principal information from the system"

When I launch the Kerberos Configuration Manager for SQL Server and try to connect to the local machine it's on, I am getting the error "Kerberos Configuration Manager for SQL Server error "unable to access user principal information from the…

windows-server-2008-r2 sql-server kerberos ssrs

asked Sep 16 '14 at 17:23

Geoff Dawdy

votes

7 answers

kinit: Cannot contact any KDC for realm 'UBUNTU' while getting initial credentials

I am installing Kerberos5-1.12.1 on ubuntu machine with these instructions. Whenever i am trying to do : kinit user1 I am facing an error: kinit: Cannot contact any KDC for realm 'UBUNTU' while getting initial credentials Below are my krb5.conf…

kerberos

asked Jul 16 '14 at 05:29

user3279174

votes

1 answer

Does IIS NTLM/Kerberos authentication still work with an offline domain controller?

We have multiple IIS instances spread across remote regional branches. Each IIS instance (v.7.5) is running the same application and authenticates its users with Integrated Authentication (NTLM in the providers list). A few branches get frequently…

windows security iis kerberos ntlm

asked Nov 19 '13 at 07:49

Starbuck3000

votes

4 answers

How to re-join an AD2003 domain with Samba after deleting the machine account?

During some troubleshooting I deleted the machine account for a Linux server running samba from our AD 2003 domain. We are using Kerberos for authentication, and after I deleted the machine account I tried to join the domain again using net ads join…

linux active-directory samba kerberos

asked Aug 18 '09 at 13:27

Guss

2,520
5
32
55

votes

3 answers

Kerberos - Adding a SPN to a Domain User

When adding a new SPN into the Kerberos domain, you have the option of mapping the SPN to a user. In general, I join the domain through Integrated Windows Authentication, and this creates a new computer account for the service, but now, I would like…

active-directory kerberos service integrated-authentication spn

asked Sep 23 '13 at 16:02

lululoo

votes

2 answers

If an IIS hosted site is secured using Kerberos, can Linux machines connect to it?

I'm running into a problem configuring my IIS 7.0 website in a test environment with Kerberos. I have a trial version of Windows Server 2008 R2 with AD DS, AD RMS, DHCP, DNS & IIS roles installed. I have gone into the IIS security settings for the…

active-directory windows-server-2008-r2 iis-7 kerberos

asked Sep 03 '13 at 17:58

D. G.

votes

1 answer

Does Windows (Active Directory) kerberos use DNS for Realm mapping?

Will Windows clients use DNS to map hosts to specific kerberos realms? Specifically, do they use _kerberos.host.example.com IN TXT OTHERREALM.COM records?

windows kerberos

asked Jun 13 '13 at 16:31

84104

12,698
6
43
75

votes

4 answers

Locking a user's account locally when kerberos is enabled

I'm trying to set up Chef-managed accounts for a group of machines with the following characteristics: If there is no local account, login is blocked. If there is a local account with SSH keys, use those for authentication is possible. If there is…

linux kerberos pam

asked May 24 '13 at 07:16

Stephen C

Prev 1 2 3

…

75 76 Next