[Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

Quinn Plattel qiet72 at gmail.com
Tue Jul 10 08:07:52 MDT 2012


I solved my ssh GSSAPI problem.  There were a lot of solutions on google
referring to a proper fqdn in the /etc/hosts file and having the
fqdn's/principals in the kerberos server's keytab file but I found out that
my problem was that the samba4/kerberos server was running on a multi-homed
machine and that the ssh server kerberos authentication needed the
following parameter in order for it to work on multi-homed machines:

GSSAPIStrictAcceptorCheck no

The default is yes, using "no" will, according to the manpage "clients may
authenticate against any service key stored in the machine's default store."

I hope this helps others that have similar setups as I do.

Thank you all for your input.


More information about the samba mailing list