Server :: Ssh And Kerberos In RHEL?
Aug 3, 2010
I've my RHEL4u4 integrated with Active Directory.
I can logon to computer with username/passwd from AD.
But if I try to use ssh, is doesn't work
When I try to connect to the same computer using kerberos I receive this messages:
ssh -vv server.domain.com
....
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
[Code]....
and it tries to use publickey and finally, user/pass.
What do I've have do for using ssh and kerberos? I use samba for joining computer to AD. I tried it in ubuntu 8.04 and likewise-open and it works, but not in RH-Samba.
View 10 Replies
ADVERTISEMENT
Mar 28, 2011
I am attempting to Kerborize an NFS server on a RHEL6 machine, but I cannot get it quite right. The error message I receive when executing the following command (as myself, not as root) is:
Code:
I have a keytab generated from the KDC for both NFS server and NFS client (both RHEL6 hosts) placed in /etc, and I have configured PAM/Kerberos so I can login via SSH and see I have a valid ticket with klist.
I can login to both NFS server and NFS client via SSH and get a ticket, but I don't know where the problematic NFS permissions reside.
The /etc/exports file on the NFS server looks like:
Code:
I have disabled IP Tables on both client and server, and hosts.allow and hosts.deny are not blocking traffic at the moment. On the NFS server.
Here is the output of rpcinfo:
On the NFS client, here is the output of that same command:
View 1 Replies
View Related
Mar 2, 2011
is possible to edited the default RHEL CD to have it automatically install RHEL based off of a kickstart file that I will store locally on the CD. My plan would be to put a cd in a server and have the OS automatically being installed.
View 3 Replies
View Related
Feb 1, 2011
We are planning to migrate our LINUX server from RHEL 3to RHEL 5. What are the configuration difference between RHEL 3 to RHEL 5 for webserver installations?
View 1 Replies
View Related
Jan 14, 2011
I'm trying to configure SSH for accessing with kerberos. I try to configure a SSO. The computer is joined to Active Directory. I can access with the user/pass from AD (using samba/winbind), but if I try to connect using kerberos, the error:
Server not found in kerberos database. The server is CentOS 5.5, but also tried with RHEL 5.5.
Configuration
Domain: net
Realm: TEST.NET
User: usertom
Server ssh: testul0001.test.net
Client ssh: testul0001.test.net (connect to the same computer)
Domain controler: testgc01.test.net .....
View 8 Replies
View Related
Mar 24, 2011
Following the instructions listed here:[URL].. I have a machine set up to use Kerberos authentication for logins. The problem is, logins are now incredibly slow and any user from the AD fails to log in.Here's the output from the server in debug mode:
[Code]...
What I want to do is use a Windows AD with the UNIX extensions to control user logins on CentOS 5.5 servers. Previously I've used OpenLDAP and AD, but that was still two separate auth methods and I just want one.
View 5 Replies
View Related
Jun 16, 2011
Pretty much as described in the thread title. I'm running RHEL6 on both the server and the client.I followed Red Hat's own instructions to set the kdc upI have a user called krb, that has been added to the KDC and I can get a ticket from the KDC, by using
Code:
kinit -p krb
If I then try to log in to the KDC, from the KDC, with
[code]...
View 4 Replies
View Related
Jul 17, 2010
Is it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.
View 1 Replies
View Related
Oct 14, 2010
I have a samba server for company file shares but we do not use domain services or active directory service. Each workstation is its own standalone system. (And we want to keep it this way.) I would like to have some centralized authentication though, and it looks like Kerberos will provide that. After a lot of searching though, I can't find any instructions for setting up samba to authenticate users using kerberos without an ADS (active directory service) or domain. Is this possible?
View 1 Replies
View Related
Oct 20, 2010
I'm setting up kerberos and I can't login with kadmin but I am getting tickets with kinit, my princs are valid, and my dns resolves with dig/ping, am I missing something?:
kadmin:
Code:
home-plug:/home/steven# kadmin
Authenticating as principal root/admin@SOUR-LAN.LOCAL with password.
Password for root/admin@SOUR-LAN.LOCAL:
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
auth.log
Code:
Oct 20 22:18:13 home-plug kadmind[8935]: Seeding random number generator
Oct 20 22:18:20 home-plug krb5kdc[8778]: Interrupted system call - while selecting for network input(1)
Oct 20 22:18:20 home-plug krb5kdc[8778]: shutting down
Oct 20 22:18:20 home-plug krb5kdc[8939]: setting up network .....
View 1 Replies
View Related
Jun 3, 2010
How to install kerberos on a local machine ?
View 10 Replies
View Related
Dec 14, 2010
what are the major differences between rhel 5.2 and rhel 5.4
View 2 Replies
View Related
Dec 9, 2009
I have a database server running RHEL 5.1 32 bit that suffered some catastrophic failures about 6 months ago. We were able to patch it back together and keep it running, but now the manufacturing site it supports is going to shut down for two weeks and I would like to replace it permenantly. Does anyone have any guidance for that sort of thing? I'd like to have the new server up and running before hand, basically changing the hostname/ip and restoring the databases only on conversion day. I've done this in the past with HP UX - Red Hat conversions, but this is my first red hat to red hat move. Any advice or shortcuts?I forgot to add the other wrinkle. The new server will be running 64bit linux.
View 1 Replies
View Related
Dec 3, 2009
I have set up a 389 DS server and a kdc. However there is not a howto or any document concerning setting up the DS as a Kerberos database back-end. Nor is there a 389 DS forum, so I am asking here and hopefully some of you could possibly help or throw in some light as to this kind of setup.I have read the 389 DS features page and the Redhat documents but there is no reference to this feature.
View 3 Replies
View Related
Apr 14, 2010
So I was trying to configure my CUPS server and checked the box marked "Use Kerberos Authentication." Now, I cannot change anything and get an unauthorized error every time I try. How can I remove Kerberos? I have access to the local computer as root and can use sudo.
View 2 Replies
View Related
Jun 27, 2010
This problem has taken me the whole Sunday and the only thing I've got left before start kicking my computer equipment is to ask you guys for help.I have a problem on my client side of Kerberos. Basically, none of my clients is able to make a connection to kadmin using DNS SRV-records. Only if I use the relevant directives in the krb5.conf files - it works.
Something is weird regarding the adm server. I mean, without [realms] stanza, the client does query the DNS properly for the KDC master - it can be tracked in the DNS logs and I mean, even logically - with no [realms] stanza - there is no other place than DNS where it can find this information. So, the actual authentication of the principal works. It's the kadmin-part that exits with the error message above. According to all manuals, books, guides I've read - this shouldn't be happening. The [libdefaults] with default_realm defined in krb5.conf in combination with proper DNS records, should be everything kerberos client needs. But apparently not.I don't remember having any problems like this before. This is the first time in several months a freshly install a KDC. I believe Kerberos packages did get updated few times since then. Could this be a bug of some kind introduced in never version of libs? I have the latest packages on centos 5.3.
View 1 Replies
View Related
Aug 9, 2010
I'd like to know if network-manager applet could be run on gdm login menu. Cause i would like to get connected on my network to reach kerberos serveur to login. nm-applet on gdm
View 5 Replies
View Related
Jan 15, 2010
I have a Kerberos/LDAP/OpenAFS server running on Debian lenny, set up according to Davor Ocelic's excellent guide here (url). SSHd has ben configured to use GSSAPI auth and the clients have been configured to pass auth tokens through to the server.
My clients are all Ubuntu 9.10 x86 fully patched. On the clients, OpenAFS has been compiled and installed as a kernel module and git 1.6.6 has been compiled from source and installed. Otherwise, all software is stock Ubuntu repository-ware.
The setup is working fine as long as I connect to the primary server using its hostname:
peter@client01:~$ ssh nana
<connection goes through seamlessly without prompting>
peter@nana:~$
If I try to connect via a DNS alias (actually a second CNAME record), I get:
peter@client01:~$ ssh git1
peter@git1's password:
<connection completes>
peter@nana:~$
I need both passwordless auth and the DNS alias working, as it's internal policy that user connections are only ever made to service names, not real hostnames.
I have tried adding a second host principal to Kerberos for the alias (git1.darling.local) in addition to the host principal for the hostname (nana.darling.local).
If I turn off PasswordAuthentication in sshd_config, then "ssh git1" doesn't even fall through to passwords; it just denies logins. So it looks like it's not even using GSSAPI for the DNS alias.
So:
1) Is what I want even possible? I can't find anything that indicates that there's anything odd about DNS aliases such that this should happen.
2) Which config files should I post to help debug this? There's a lot and I didn't want to start blarfing them here if they aren't helpful.
View 1 Replies
View Related
Apr 23, 2011
we're running an Ubuntu 10.04 LTS network on our company, authenticating against an Openldap/heimdal-kerberos server.Previously, the clients were authenticating against a Windows 2003 Domain without any problems.After modifying the krb.conf, ldap.conf, nsswitch.conf and nscd.conf files to authenticate the machines against the openldap/heimdal setup, we started experiencing strange problems.
One issue is, for example, the polkit-agent-gnome not starting. This component integrates policykit into gnome. It looks like the agent is unable to start due to some kind of delay with DBUS. Starting the agent manually keeps giving errors until about 70 seconds after login, when the agent can be started without problems. During the delay it is also impossible, for instance, to open the "shut down" menu on the top right of gnome. You can click on the menu, but nothing appears.Trying to start the polkit-agent manually gives these errors (I'll be attaching detailed errors when at work!):
Code:
DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken
GLIB ERROR ** default - Not enough memory to set up DBusConnection for use with GLib It really looks like DBus or something related to it is starting "too late" but I can't seem to find the reason. I'm pretty sure this has to do with some timings or whatever in the krb/ldap config files...
View 3 Replies
View Related
Dec 10, 2009
I wish to setup a network that works like windows but for with lunix of course!. It will need to be able to handle security/DNS/DHCP & Document store from one location. I've been doing some reading and have found that I think I need to be using one of the following:
LDAP
NIS
Kerberos
I have looked at a few Linux based OS's. I did notice that when you install fedora live desktop it gives you the option to connect to one of the above. So I am looking for a complete solution.
1. How to setup fedora to act as server for my needs (or other Linux build)
2. Add fedora/linux mint machines to server to use new security settings. (or other linux build)
View 3 Replies
View Related
Feb 13, 2011
Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.
I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.
When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.
View 3 Replies
View Related
Feb 19, 2010
I am trying to deploy Kerberos and LDAP so users will be able to login in to a server on the edge of the LAN, and afterwards be able to establish a SSH connection to all the computers in that LAN without the need to type any passwords, and without the need for me to manage SSH keys [beside the SSH keys on the login server] and local user accounts.
1. When i create the users in OpenLDAP i use a template that i created by reading documentation from the Internet. In the template one piece of information that is neede is the UID. Is there any clever way the keep track of the numbers so i do not assign the same UID to two users, besides using a pen and paper?
2. For the users to be able to establish SSH connections between the computers, the host is going to be added to the keytab like this: ktadd host/client.example.com Is is possible to replace client with something genric so i do not need to mange these keytab files between the hosts?
3. Users will be logging on the the server on the edge of LAN by using SSH keys. How can i configure the setup so the users will recieve a ticket automatically when the logon without executing kinit and without entering a password, just by having a valid SSH key?
4. krb5kdc is running on all the network interfaces in the server i want it to only run on eth1, how can this be done?
View 2 Replies
View Related
May 24, 2010
I am getting these error in RHEL 5.3 while i did "yum update".
---> Package libstdc++-devel.i386 0:4.1.2-46.el5_4.2 set to be updated
---> Package libstdc++-devel.x86_64 0:4.1.2-46.el5_4.2 set to be updated
---> Package libstdc++44-devel.i386 0:4.4.0-6.el5 set to be updated
[code]....
The program package-cleanup is found in the yum-utils package.
View 2 Replies
View Related
Oct 9, 2010
RHEL 5 is my proxy server. i want to remove temp files and cache . How do i remove cache and temp files.
View 3 Replies
View Related
Apr 11, 2010
I am trying to do a https access with virtual hosting with apache.
But when I install mod_ssl rpm httpd server does not start again
I am stumped
httpd -t shows syntax is OK
View 5 Replies
View Related
Aug 11, 2010
I cannot ssh into an RHEL 5.5 server (192.168.20.104) from another RHEL 5.5 server (192.168.20.101) unless server debug is turned on 192.168.20.104, and even then, I have to wait several minutes before the connection is established. scp to and from the 104 server is also not working.Here is the debug output on the 101 server when server debug is not enabled on the 104 server-:
Code:
[applmgr@tclg-clone-01 ~]$ ssh -vvv 192.168.20.104
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
[code]...
View 6 Replies
View Related
Jun 21, 2010
Having some issues setting up sendmail on a (basically) blank RHEL 5.5 server setup. My ultimate goal is to be able to automagically send logs / errors / notifications to ourselves from the server.
Our basic setup is a Win 2003 domain with exchange running on mail.domain.com.au.
I've edited the '/etc/mail/sendmail.mc' and added the :
Code:
line to it.
Also added the domain (domain.com.au) to the '/etc/mail/local-host-names' files
Also edited submit.mc and added
Code:
When I try and send a mail from root or a test user to one of the domain accounts, it seems to go fine, i.e no errors are reported but it never gets delivered.
From the mail logs:
Code:
So it seems to be sent to the queue no problems and when I check the queue :
Code:
Total requests: 0
Not nothing ever gets received. Am I missing something? I have read and read and read but dont seem to be getting any furthur.
So in the end this server doesn't need to do anything except be able to send mail from root to an external mail address.
View 1 Replies
View Related
Oct 29, 2010
In oreder to run an application software on RHEL 3 ES server, I created a link forcefully using following command from root id:
# cd /lib64/tls/
# ln -sf libc-2.3.4.so libc.so.6
before that I copied file libc-2.3.4.so from a workstation with OS RHEL 4 WS so that a link can be created.
Now I am unable to run any command except cd & pwd and it gives error messaage as given below:
ls:relocation error:/lib64/tls/libc.so.6:symbol _rtld_global_ro,version GLIBC_PRIVATE not defined in file ld-linux-x86-64.so.2with link time reference.
Before running this command libc.so.6 was pointing to libc-2.3.so file in path /lib64/libc-2.3.2.so.
I am now unable even to open a new window on the server.Please send me some solution as early as possible because this server is running production data and many users are runnig application on this server.
View 3 Replies
View Related
Mar 12, 2010
we are running a Red Hat Enterprise Linux ES release 3 (Taroon Upd 5) Kernel 2.4.21-32.ELsmp since several years. The server hosts an old ERP system who will be replaced at the end of the year.However it is necessary that some collegues are able to write some files to that server regulary. Since we are running Windows 7 on several machines, those users aren't anymore able to write to the samba share. Getting files from the share works fine.
But the problem seems not to be situated at the samba service because also the transfer using SSH (WINSCP) from any Win7 system to the server doesn't work.During testing we recogniced that transfering files smaller then 1kb works fine ... any file greater then 1kb ends up in an connection abort. This works with samba and also using SSH.All the workarounds editing some registry entries in Win7 for improving the interoperability between vista / win7 and samba don't work for us ... and also seem not to be the source of the problem.Is there a general known incompatibility between our RHEL version / kernel and Windows 7 regarding file transfers?
View 6 Replies
View Related
May 24, 2010
I have a RHEL 5 server with 32 bit architechture that is not recognizing more that 4 GB of RAM and I am trying to locate a version of the kernel-PAE package that will work well with the 2.6.18-53 kernel. I found something on Open VZ called ovzkernel-PAE that is built for the 2.6.18-53 kernel [URL]
and wanted to find out if there were any known issues with this release before I attempted to install it. Is anyone aware of any issues with any rpms on openvz.org or with this particular rpm in general?
View 1 Replies
View Related
