samba4 success/failure report...all's working despite kerberized ssh
Chan Min Wai
dcmwai at gmail.com
Tue Feb 18 09:09:36 MST 2014
Dear George,
I've not try sssd but I do try nss-pam-ldapd or so call nslcd.
Below are the guide I wrote while working on 4.1.2 & 3.
http://wiki.gentoo.org/wiki/Centralized_authentication_with_Samba_AD_/HOWTO
You can try method 2.
Hope that help...
> Georg Hopp <georg at steffers.org> 於 18/02/2014 10:25 PTG 寫道:
>
> OK, here is some more information:
>
> on mail a klist -k -t -e
>
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Timestamp Principal
> ---- ----------------- ----------------------------------------------------=
> ----
> 1 02/18/14 11:58:05 mail$@WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
> 1 02/18/14 11:58:05 mail$@WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
> 1 02/18/14 11:58:05 mail$@WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
> 1 02/18/14 11:58:11 MAIL$@WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
> 1 02/18/14 11:58:11 MAIL$@WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
> 1 02/18/14 11:58:11 MAIL$@WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
> 1 02/18/14 11:58:23 host/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
> 1 02/18/14 11:58:23 host/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
> 1 02/18/14 11:58:23 host/mail at WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
> 1 02/18/14 11:58:32 HOST/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
> 1 02/18/14 11:58:32 HOST/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
> 1 02/18/14 11:58:32 HOST/mail at WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
> 1 02/18/14 11:58:43 host/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
> G (des-cbc-crc)=20
> 1 02/18/14 11:58:43 host/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
> G (des-cbc-md5)=20
> 1 02/18/14 11:58:43 host/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
> G (arcfour-hmac)=20
> 1 02/18/14 11:58:54 HOST/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
> G (des-cbc-crc)=20
> 1 02/18/14 11:58:54 HOST/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
> G (des-cbc-md5)=20
> 1 02/18/14 11:58:54 HOST/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
> G (arcfour-hmac)=20
>
> kvno host/mail.wierd-web-workers.org on mail:
>
> host/mail.wierd-web-workers.org at WEIRD-WEB-WORKERS.ORG: kvno =3D 1
>
> I started with the krb5.conf that was created during the samba=20
> domain provisioning but now it looks like this in both www and mail:
>
> [libdefaults]
> default_realm =3D WEIRD-WEB-WORKERS.ORG
> default_keytab_name =3D FILE:/etc/krb5.keytab
> dns_lookup_realm =3D false
> dns_lookup_kdc =3D true
> forwardable =3D true
> proxiable =3D true
> allow_wek_crypto =3D true
> allow_weak_crypto =3D true
>
> [realms]
> WEIRD-WEB-WORKERS.ORG =3D {
> kdc =3D samba.weird-web-workers.org 1 :88
> default_domain =3D weird-web-workers.org
> }
>
> [logging]
> default =3D FILE:/var/log/krb5libs.log
> kdc =3D FILE:/var/log/krb5kdc.log
> admin_server =3D FILE:/var/log/kadm5.log
>
>
> What I found curious is that the logfiles are not even created.
>
> best regards
> Georg Hopp
>
>>> On Tue, Feb 18, 2014 at 01:41:57PM +0000, Georg Hopp wrote:
>>> Sorry, no it does not.
>>
>> does
>>
>> kvno host/mail.wierd-web-workers.org
>>
>> return you the service ticket?
>>
>> Can you send your krb5.conf?
>>
>> bye,
>> Sumit
>>
>>>
>>>> On Tue, Feb 18, 2014 at 02:34:24PM +0100, Sumit Bose wrote:
>>>>> On Tue, Feb 18, 2014 at 01:13:53PM +0000, Georg Hopp wrote:
>>>>> Hi,
>>>>>
>>>>>
>>>>> And here the one of ssh -vvv -p 2222 mail:
>>>>
>>>> does it work if you use the fully-qualified name of your mail server?
>>>>
>>>> bye,
>>>> Sumit
>>
More information about the samba-technical
mailing list