|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
Authenticating with SSSD / Kerberos against Windows Server 2012 R2
Post 302953933 by Devyn on Wednesday 2nd of September 2015 05:36:00 PM
09-02-2015
|
|
10 More Discussions You Might Find Interesting
1. AIX
I have AD (active directory) user, "asdf", created and a matching local AIX user name. Using "kinit", I can successfully authenticate it against the MS AD but when they I try to login via SSH with the same user name, it doesn't work. How can I get AIX to allow kerberos authentication as a valid... (1 Reply)
Discussion started by: kah00na
1 Replies
2. Shell Programming and Scripting
Can anybody please help me on how to code for the below requirement:
I need to write a shell script (on different unix server) to copy files from multiple folders (ex. BRN-000001) from one windows server (\\boldls-mwe-dev4)to a different windows server(\\rrwin-ewhd04.ecomad.int). This shell... (4 Replies)
Discussion started by: SravsJaya
4 Replies
3. Shell Programming and Scripting
I have a value in a file i am processing that has a date like "2012-Jun-13"
how can I convert a date like that 2012-06-13?
Am I stuck building an array of three digit months and corresponding numbers and running through the logic of figuring out the number??
or can I convert this with... (1 Reply)
Discussion started by: trey85stang
1 Replies
4. Shell Programming and Scripting
Hi I have a problem with Date format in my code.
1st I am trying to convert today's date to yesterday's using
YESTERDAY3=`perl -e '@y=localtime(time()-86400); printf "%04d/%02d/%02d",$y+1900,$y+1,$y;$y;'`
And once it is done I am trying to using the yesterday date in a grep command to... (3 Replies)
Discussion started by: nithinankam
3 Replies
5. What is on Your Mind?
I have added two new sports events.
The FIFA Ballon d'Or is an association football award given annually to the player who is considered to have performed the best in the previous season. It is awarded based on votes by coaches and captains of international teams, as well as journalists from... (0 Replies)
Discussion started by: ni2
0 Replies
6. Red Hat
hi ,
Im configuring web site with authencation to a folder but the authentication is not happening.
below is the conf file of /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.1.4:80>
DocumentRoot /var/www/html/
ServerName redhatclient.example.com
<directory... (0 Replies)
Discussion started by: redhatlbug
0 Replies
7. AIX
Hi,
How can we share a AIX drive on to Windows 2012 server. or vise versa.
Note: Not using NFS/CIFS/samba. (*we are not able to use samba/NFS/CIFS for some reason)
Requirement: How to have real time file sharing over the network between Windows and UNIX
Do you guys have any ... (4 Replies)
Discussion started by: System Admin 77
4 Replies
8. AIX
Hi all,
I have installed samba 3.6.22 on AIX 7.1 and join a windows AD with success.
All seem to work fine, I have configured smb.conf, methods.cfg, kerberos, user .... the following command work fine wbinfo -u, wbinfo -g, wbinfo -i, wbinfo -s, wbinfo -S, lsuser, id...
The unique... (20 Replies)
Discussion started by: PhilippeA
20 Replies
9. Shell Programming and Scripting
how to find out line count ( wc -l ) for multiple fines in windows cmd
the command which i a using to find line count for single file is
type sec0001.txt | find /c /v ""
but how to use it for multiple files
to get output filewise as if this command is run like
type sec*.txt |... (2 Replies)
Discussion started by: sagar_1986
2 Replies
10. Solaris
Gentleman,
i am trying to setup Authentication for my Solaris 11 Server through Active Directory (Server 2012 R2).
At least some things are already working, for example a getent passwd mydomainuser and ldapsearch command comes back with a correct result. So not everything i did was wrong.
... (1 Reply)
Discussion started by: bahnhasser83
1 Replies
LEARN ABOUT CENTOS
ipa-getkeytab
ipa-getkeytab(1) IPA Manual Pages ipa-getkeytab(1) NAME
ipa-getkeytab - Get a keytab for a Kerberos principal SYNOPSIS
ipa-getkeytab -s ipaserver -p principal-name -k keytab-file [ -e encryption-types ] [ -q ] [ -D|--binddn BINDDN ] [ -w|--bindpw ] [ -P|--password PASSWORD ] DESCRIPTION
Retrieves a Kerberos keytab. Kerberos keytabs are used for services (like sshd) to perform Kerberos authentication. A keytab is a file with one or more secrets (or keys) for a Kerberos principal. A Kerberos service principal is a Kerberos identity that can be used for authentication. Service principals contain the name of the ser- vice, the hostname of the server, and the realm name. For example, the following is an example principal for an ldap server: ldap/foo.example.com@EXAMPLE.COM When using ipa-getkeytab the realm name is already provided, so the principal name is just the service name and hostname (ldap/foo.exam- ple.com from the example above). WARNING: retrieving the keytab resets the secret for the Kerberos principal. This renders all other keytabs for that principal invalid. This is used during IPA client enrollment to retrieve a host service principal and store it in /etc/krb5.keytab. It is possible to retrieve the keytab without Kerberos credentials if the host was pre-created with a one-time password. The keytab can be retrieved by binding as the host and authenticating with this one-time password. The -D|--binddn and -w|--bindpw options are used for this authentication. OPTIONS
-s ipaserver The IPA server to retrieve the keytab from (FQDN). -p principal-name The non-realm part of the full principal name. -k keytab-file The keytab file where to append the new key (will be created if it does not exist). -e encryption-types The list of encryption types to use to generate keys. ipa-getkeytab will use local client defaults if not provided. Valid values depend on the Kerberos library version and configuration. Common values are: aes256-cts aes128-cts des3-hmac-sha1 arcfour-hmac des-hmac-sha1 des-cbc-md5 des-cbc-crc -q Quiet mode. Only errors are displayed. --permitted-enctypes This options returns a description of the permitted encryption types, like this: Supported encryption types: AES-256 CTS mode with 96-bit SHA-1 HMAC AES-128 CTS mode with 96-bit SHA-1 HMAC Triple DES cbc mode with HMAC/sha1 ArcFour with HMAC/md5 DES cbc mode with CRC-32 DES cbc mode with RSA-MD5 DES cbc mode with RSA-MD4 -P, --password Use this password for the key instead of one randomly generated. -D, --binddn The LDAP DN to bind as when retrieving a keytab without Kerberos credentials. Generally used with the -w option. -w, --bindpw The LDAP password to use when not binding with Kerberos. EXAMPLES
Add and retrieve a keytab for the NFS service principal on the host foo.example.com and save it in the file /tmp/nfs.keytab and retrieve just the des-cbc-crc key. # ipa-getkeytab -s ipaserver.example.com -p nfs/foo.example.com -k /tmp/nfs.keytab -e des-cbc-crc Add and retrieve a keytab for the ldap service principal on the host foo.example.com and save it in the file /tmp/ldap.keytab. # ipa-getkeytab -s ipaserver.example.com -p ldap/foo.example.com -k /tmp/ldap.keytab Retrieve a keytab using LDAP credentials (this will typically be done by ipa-join(1) when enrolling a client using the ipa-client-install(1) command: # ipa-getkeytab -s ipaserver.example.com -p host/foo.example.com -k /etc/krb5.keytab -D fqdn=foo.example.com,cn=comput- ers,cn=accounts,dc=example,dc=com -w password EXIT STATUS
The exit status is 0 on success, nonzero on error. 0 Success 1 Kerberos context initialization failed 2 Incorrect usage 3 Out of memory 4 Invalid service principal name 5 No Kerberos credentials cache 6 No Kerberos principal and no bind DN and password 7 Failed to open keytab 8 Failed to create key material 9 Setting keytab failed 10 Bind password required when using a bind DN 11 Failed to add key to keytab 12 Failed to close keytab IPA
Oct 10 2007 ipa-getkeytab(1)