[Samba] Samba 4 / Kerberos / ssh
steve
steve at steve-ss.com
Thu May 29 05:18:03 MDT 2014
On Thu, 2014-05-29 at 11:05 +0000, Vogel, Sven wrote:
> Hi Steve, Hi Roland,
>
> so tryed many different things.
>
> 1. i create an keytab alice$ (works)
>
> Samba-tool domain exportkeytab /etc/krb5.keytab -principal=ALICE$
>
> 2. i changed sshd_config to your suggestions...
>
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials no
> GSSAPIKeyExchange yes
> GSSAPIStrictAcceptorCheck no
>
> 3. i got an ticket on BOB$ with (works)
>
> kinit -v -k -t /etc/krb5.keytab ALICE$
>
> after these changes i bot the following error
>
> May 29 12:41:43 alice sshd[22664]: debug1: Unspecified GSS failure. Minor code may provide more information\nNo such file or directory\n
> May 29 12:41:43 alice sshd[22664]: debug1: Got no client credentials
> May 29 12:41:43 alice sshd[22664]: fatal: Zero length token output when incomplete [preauth]
>
> I found out i need an ssh service kerberos prinicpal
Hi
What do we get:
klist -k /etc/krb5.keytab
>
> After that i added the following to the krb5.keytab to ALICE because the ssh service needs to authenticate to kerberos
>
> kinit -v -k -t /etc/krb5.keytab host/alice.example.com
>
> 4. After that i tryed it again with different users e.g. the service account ALICE$ and Guest Account but i get the following error
>
> May 29 12:57:00 alice sshd[22753]: input_userauth_request: invalid user Guest [preauth]
and:
id Guest
Cheers,
Steve
More information about the samba
mailing list