[Samba] Kerberos S4U token with SAMBA4
Rowland Penny
rpenny at samba.org
Tue Jun 12 07:28:49 UTC 2018
On Tue, 12 Jun 2018 08:28:10 +0200
Norbert Hanke via samba <samba at lists.samba.org> wrote:
> Hi Taylor
>
> That's not hard to explain:
>
> The login to a local account is under the control of sshd, and if
> that has enough privileges it works.
>
> The login to a domain account is a kerberos login which requires
> either Username and Password, or possibly PKINIT with a certificate.
> None of them can work with just a public key.
>
> Norbert
>
>
> On 11.06.2018 15:56, Taylor Hammerling via samba wrote:
> > does SAMBA4 support Kerberos S4U tokens?
> >
> > Background:
> > I am trying to get OpenSSH for windows to work on machines joined
> > to our SAMBA4 domain
> > We are running Samba 4.7.3-Debian on Debian 9
> >
> > When attempting to SSH in to a windows client using public key
> > credentials for a domain user it fails. When attempting to SSH
> > into a windows client using public key credentials for a local user
> > it works just fine
> >
> > I have been working with the OpenSSH team trying to figure out why
> > this isn't working, see github issue below
> >
> > https://github.com/PowerShell/Win32-OpenSSH/issues/1177#issuecomment-394789906
> >
> > Thanks in advance for any assistance you can provide. :)
> >
> > Taylor
> >
>
>
Go on, I give in, how did you get a windows user called 'root' ???
As in:
C:\\Users\\root\\.ssh/authorized_keys:1: matching key found: RSA
SHA256:ajJEDL02MZx9advPCbyw8CHcGFdmF4sKnOojxo1/lFI
Have you tried with an actual domain user ?
i.e. not one called 'root' (By the way, 'root' SHOULDN'T exist in AD)
Rowland
More information about the samba
mailing list