[Samba] Trouble in ssh into Windows machines in the Windows/Samba Domain
L.P.H. van Belle
belle at bazuin.nl
Wed Apr 14 09:17:17 UTC 2021
Hai,
from your previous mail :
No key table entry found matching host/beta.windom.borghi.lan@
when you re-joined, it should have created a keytab file.
net ads remove
mv /etc/krb5.keytab{,.old}
net ads join
klist -ke /etc/krb5.keytab
On that .k5login /etc/krb5.conf
add in default ( or per realm )
ignore_k5login = true
you can try that then you most probely dont need to use the .k5login at all
I was typing this when you sended it worked.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nicola Mingotti
> via samba
> Verzonden: woensdag 14 april 2021 11:09
> Aan: Rowland penny; sambalist
> Onderwerp: Re: [Samba] Trouble in ssh into Windows machines in the
> Windows/Samba Domain
>
>
>
> YYEEEEEESSSSSSS ! I WORKSSSSS !!!!!
>
> Thank to all of YOU people and the 'strace' command !!!!!
>
> For me, besides all misconfigurations I had it was necessary to put
> into 'beta' this
>
> ---------- beta : /home/WINDOM-nicola/.k5login ----
> nicola at WINDOM.BORGHI.LAN
> ------------------------------------------------------------------
>
> That is, a file saying who is allowed to login into beta machine via
> kerberos.
>
> I saw the file format in this page:
> https://web.mit.edu/kerberos/krb5-devel/doc/user/user_config/k5login.html
>
>
> ==== STATUS SSH AUTH IN THE Domain ================
> -] ssh auth with publick key : Linux / Linux working
> -] ssh auth with kerberos : Linux / Linux working
>
> *) Let's wait to see what the guys on the OpenSSH gitHub are able to
> do/fix
> before trying again with Windows.
> ==========================================
>
> Bye
> Nicola
>
>
>
>
>
>
> On 4/13/21 7:43 PM, Rowland penny via samba wrote:
> > On 13/04/2021 17:34, Nicola Mingotti wrote:
> >>
> >> Ok, I corrected all what you found. Except for the name ".lan", which
> >> I can' change in short time.
> >>
> >> Still, ssh -K is not working unfortunately.
> >
> >
> > I have a couple of packages you haven't, one I think you need:
> > libpam-krb5 python3-samba
> >
> > Please Install them.
> >
> > When you left the domain, did you delete /etc/krb5.keytab ?
> >
> > If you didn't, try deleting it and creating a new one with the 'net'
> > command I posted earlier.
> >
> > Rowland
> >
> >
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list