samba4 success/failure report...all's working despite kerberized ssh
Georg Hopp
georg at steffers.org
Tue Feb 18 07:25:19 MST 2014
OK, here is some more information:
on mail a klist -k -t -e
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ----------------- ----------------------------------------------------=
----
1 02/18/14 11:58:05 mail$@WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
1 02/18/14 11:58:05 mail$@WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
1 02/18/14 11:58:05 mail$@WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
1 02/18/14 11:58:11 MAIL$@WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
1 02/18/14 11:58:11 MAIL$@WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
1 02/18/14 11:58:11 MAIL$@WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
1 02/18/14 11:58:23 host/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
1 02/18/14 11:58:23 host/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
1 02/18/14 11:58:23 host/mail at WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
1 02/18/14 11:58:32 HOST/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-crc)=20
1 02/18/14 11:58:32 HOST/mail at WEIRD-WEB-WORKERS.ORG (des-cbc-md5)=20
1 02/18/14 11:58:32 HOST/mail at WEIRD-WEB-WORKERS.ORG (arcfour-hmac)=20
1 02/18/14 11:58:43 host/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (des-cbc-crc)=20
1 02/18/14 11:58:43 host/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (des-cbc-md5)=20
1 02/18/14 11:58:43 host/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (arcfour-hmac)=20
1 02/18/14 11:58:54 HOST/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (des-cbc-crc)=20
1 02/18/14 11:58:54 HOST/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (des-cbc-md5)=20
1 02/18/14 11:58:54 HOST/mail.weird-web-workers.org at WEIRD-WEB-WORKERS.OR=
G (arcfour-hmac)=20
kvno host/mail.wierd-web-workers.org on mail:
host/mail.wierd-web-workers.org at WEIRD-WEB-WORKERS.ORG: kvno =3D 1
I started with the krb5.conf that was created during the samba=20
domain provisioning but now it looks like this in both www and mail:
[libdefaults]
default_realm =3D WEIRD-WEB-WORKERS.ORG
default_keytab_name =3D FILE:/etc/krb5.keytab
dns_lookup_realm =3D false
dns_lookup_kdc =3D true
forwardable =3D true
proxiable =3D true
allow_wek_crypto =3D true
allow_weak_crypto =3D true
[realms]
WEIRD-WEB-WORKERS.ORG =3D {
kdc =3D samba.weird-web-workers.org 1 :88
default_domain =3D weird-web-workers.org
}
[logging]
default =3D FILE:/var/log/krb5libs.log
kdc =3D FILE:/var/log/krb5kdc.log
admin_server =3D FILE:/var/log/kadm5.log
What I found curious is that the logfiles are not even created.
best regards
Georg Hopp
> On Tue, Feb 18, 2014 at 01:41:57PM +0000, Georg Hopp wrote:
> > Sorry, no it does not.
>
> does
>
> kvno host/mail.wierd-web-workers.org
>
> return you the service ticket?
>
> Can you send your krb5.conf?
>
> bye,
> Sumit
>
> >
> > On Tue, Feb 18, 2014 at 02:34:24PM +0100, Sumit Bose wrote:
> > > On Tue, Feb 18, 2014 at 01:13:53PM +0000, Georg Hopp wrote:
> > > > Hi,
> > > >
> > > >
> > > > And here the one of ssh -vvv -p 2222 mail:
> > >
> > > does it work if you use the fully-qualified name of your mail server?
> > >
> > > bye,
> > > Sumit
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140218/7febae39/attachment.pgp>
More information about the samba-technical
mailing list