[Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]
Quinn Plattel
qiet72 at gmail.com
Tue Jul 10 08:07:52 MDT 2012
Hi,
I solved my ssh GSSAPI problem. There were a lot of solutions on google
referring to a proper fqdn in the /etc/hosts file and having the
fqdn's/principals in the kerberos server's keytab file but I found out that
my problem was that the samba4/kerberos server was running on a multi-homed
machine and that the ssh server kerberos authentication needed the
following parameter in order for it to work on multi-homed machines:
GSSAPIStrictAcceptorCheck no
The default is yes, using "no" will, according to the manpage "clients may
authenticate against any service key stored in the machine's default store."
I hope this helps others that have similar setups as I do.
Thank you all for your input.
br,
Quinn
More information about the samba
mailing list