Authenticating with SSSD / Kerberos against Windows Server 2012 R2
I'm authenticating with SSSD / Kerberos against Windows Server 2012 R2. I've setup credentails delegation using these options:
For both client/server but no luck. I've read online that I need to run ADSIEdit.msi to edit the user flags in Windows Server 2012 R2 to enable a delegation tab, which I've done, but no luck setting the delegation parameters. Thinking my issue is on the Windows Server 2012 with the setting I put for SPN (servicePrincipalName) but not 100%. 3
My question is does Linux SSSD / Kerberos care about the Windows Server 2012 R2 delegation settings and what should I set the servicePrincipalName too in Windows so my SSSD / Kerberos implementation will work?
What should I look for in the log files to determine if the credentials deletation is working or not working? I searched for *deleg* but nothing comes up.
What do I need to look for in the log files to determine where the delegation is breaking and hence not working?
Thanks,
Dev
Last edited by Don Cragun; 09-01-2015 at 05:17 PM..
Reason: Add CODE and ICODE tags. Delete extraneous BOLD tags.
I have AD (active directory) user, "asdf", created and a matching local AIX user name. Using "kinit", I can successfully authenticate it against the MS AD but when they I try to login via SSH with the same user name, it doesn't work. How can I get AIX to allow kerberos authentication as a valid... (1 Reply)
Can anybody please help me on how to code for the below requirement:
I need to write a shell script (on different unix server) to copy files from multiple folders (ex. BRN-000001) from one windows server (\\boldls-mwe-dev4)to a different windows server(\\rrwin-ewhd04.ecomad.int). This shell... (4 Replies)
I have a value in a file i am processing that has a date like "2012-Jun-13"
how can I convert a date like that 2012-06-13?
Am I stuck building an array of three digit months and corresponding numbers and running through the logic of figuring out the number??
or can I convert this with... (1 Reply)
Hi I have a problem with Date format in my code.
1st I am trying to convert today's date to yesterday's using
YESTERDAY3=`perl -e '@y=localtime(time()-86400); printf "%04d/%02d/%02d",$y+1900,$y+1,$y;$y;'`
And once it is done I am trying to using the yesterday date in a grep command to... (3 Replies)
I have added two new sports events.
The FIFA Ballon d'Or is an association football award given annually to the player who is considered to have performed the best in the previous season. It is awarded based on votes by coaches and captains of international teams, as well as journalists from... (0 Replies)
hi ,
Im configuring web site with authencation to a folder but the authentication is not happening.
below is the conf file of /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.1.4:80>
DocumentRoot /var/www/html/
ServerName redhatclient.example.com
<directory... (0 Replies)
Hi,
How can we share a AIX drive on to Windows 2012 server. or vise versa.
Note: Not using NFS/CIFS/samba. (*we are not able to use samba/NFS/CIFS for some reason)
Requirement: How to have real time file sharing over the network between Windows and UNIX
Do you guys have any ... (4 Replies)
Hi all,
I have installed samba 3.6.22 on AIX 7.1 and join a windows AD with success.
All seem to work fine, I have configured smb.conf, methods.cfg, kerberos, user .... the following command work fine wbinfo -u, wbinfo -g, wbinfo -i, wbinfo -s, wbinfo -S, lsuser, id...
The unique... (20 Replies)
how to find out line count ( wc -l ) for multiple fines in windows cmd
the command which i a using to find line count for single file is
type sec0001.txt | find /c /v ""
but how to use it for multiple files
to get output filewise as if this command is run like
type sec*.txt |... (2 Replies)
Gentleman,
i am trying to setup Authentication for my Solaris 11 Server through Active Directory (Server 2012 R2).
At least some things are already working, for example a getent passwd mydomainuser and ldapsearch command comes back with a correct result. So not everything i did was wrong.
... (1 Reply)
Discussion started by: bahnhasser83
1 Replies
LEARN ABOUT DEBIAN
sss_usermod
SSS_USERMOD(8) SSSD Manual pages SSS_USERMOD(8)NAME
sss_usermod - modify a user account
SYNOPSIS
sss_usermod [options] LOGIN
DESCRIPTION
sss_usermod modifies the account specified by LOGIN to reflect the changes that are specified on the command line.
OPTIONS -c,--gecos COMMENT
Any text string describing the user. Often used as the field for the user's full name.
-h,--home HOME_DIR
The home directory of the user account.
-s,--shell SHELL
The user's login shell.
-a,--append-group GROUPS
Append this user to groups specified by the GROUPS parameter. The GROUPS parameter is a comma separated list of group names.
-r,--remove-group GROUPS
Remove this user from groups specified by the GROUPS parameter.
-l,--lock
Lock the user account. The user won't be able to log in.
-u,--unlock
Unlock the user account.
-Z,--selinux-user SELINUX_USER
The SELinux user for the user's login.
-h,--help
Display help message and exit.
THE LOCAL DOMAIN
In order to function correctly, a domain with "id_provider=local" must be created and the SSSD must be running.
The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see
sss_groupadd(8)) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote
server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups.
SEE ALSO sss_groupadd(8), sss_groupdel(8), sss_groupmod(8), sss_groupshow(8), sss_useradd(8), sss_userdel(8).
AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd
SSSD 03/04/2013 SSS_USERMOD(8)