Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Authenticating with SSSD / Kerberos against Windows Server 2012 R2
Top Forums UNIX for Advanced & Expert Users Authenticating with SSSD / Kerberos against Windows Server 2012 R2 Post 302954115 by Devyn on Friday 4th of September 2015 11:11:06 AM
Old 09-04-2015
Is there a command to find out the key versions that it is saying are incorrect between server and client? Doesn't appear it's an issue with KVNO numbers because sometimes logins don't work (when I see the error above) even if KVNO's match or don't match between servers and client. Any help would be appreciated.

Code:
Ad Master 01: KVNO = 5
Ad Master 02: KVNO = 7

Client (RHEL) I've set the keytabs to KVNO = 5 for each of the 3 keytabs so they 'should' match but I still get the above error and hence Access Denied. If I don't specify -kvno 5 the system picks what appear to be next numbers in line like 29,30,31 etc

Thanks,
Dev
Last edited by Devyn; 09-04-2015 at 12:11 PM.. Reason: Use code tags
 

10 More Discussions You Might Find Interesting

1. AIX

Users not authenticating via Kerberos on MS AD

I have AD (active directory) user, "asdf", created and a matching local AIX user name. Using "kinit", I can successfully authenticate it against the MS AD but when they I try to login via SSH with the same user name, it doesn't work. How can I get AIX to allow kerberos authentication as a valid... (1 Reply)
Discussion started by: kah00na
1 Replies

2. Shell Programming and Scripting

Unix shell script to Copy files from one Windows server to another Windows server.

Can anybody please help me on how to code for the below requirement: I need to write a shell script (on different unix server) to copy files from multiple folders (ex. BRN-000001) from one windows server (\\boldls-mwe-dev4)to a different windows server(\\rrwin-ewhd04.ecomad.int). This shell... (4 Replies)
Discussion started by: SravsJaya
4 Replies

3. Shell Programming and Scripting

gawk convert 2012-Jun-13 to 2012-06-13

I have a value in a file i am processing that has a date like "2012-Jun-13" how can I convert a date like that 2012-06-13? Am I stuck building an array of three digit months and corresponding numbers and running through the logic of figuring out the number?? or can I convert this with... (1 Reply)
Discussion started by: trey85stang
1 Replies

4. Shell Programming and Scripting

Date conversion help from dd/mm/yyyy to dd/Mon/yyyy i.e. 28/10/2012 to 28/Oct/2012

Hi I have a problem with Date format in my code. 1st I am trying to convert today's date to yesterday's using YESTERDAY3=`perl -e '@y=localtime(time()-86400); printf "%04d/%02d/%02d",$y+1900,$y+1,$y;$y;'` And once it is done I am trying to using the yesterday date in a grep command to... (3 Replies)
Discussion started by: nithinankam
3 Replies

5. What is on Your Mind?

Place your bits - 2012 FIFA Ballon d'Or and 2012 FIFA World Coach of the Year

I have added two new sports events. The FIFA Ballon d'Or is an association football award given annually to the player who is considered to have performed the best in the previous season. It is awarded based on votes by coaches and captains of international teams, as well as journalists from... (0 Replies)
Discussion started by: ni2
0 Replies

6. Red Hat

Not authenticating in apache server site for a folder

hi , Im configuring web site with authencation to a folder but the authentication is not happening. below is the conf file of /etc/httpd/conf/httpd.conf <VirtualHost 192.168.1.4:80> DocumentRoot /var/www/html/ ServerName redhatclient.example.com <directory... (0 Replies)
Discussion started by: redhatlbug
0 Replies

7. AIX

How can we share a AIX drive on to Windows 2012 server?

Hi, How can we share a AIX drive on to Windows 2012 server. or vise versa. Note: Not using NFS/CIFS/samba. (*we are not able to use samba/NFS/CIFS for some reason) Requirement: How to have real time file sharing over the network between Windows and UNIX Do you guys have any ... (4 Replies)
Discussion started by: System Admin 77
4 Replies

8. AIX

Samba 3.6.22 on AIX 7.1 with Windows AD (Kerberos and winbind)

Hi all, I have installed samba 3.6.22 on AIX 7.1 and join a windows AD with success. All seem to work fine, I have configured smb.conf, methods.cfg, kerberos, user .... the following command work fine wbinfo -u, wbinfo -g, wbinfo -i, wbinfo -s, wbinfo -S, lsuser, id... The unique... (20 Replies)
Discussion started by: PhilippeA
20 Replies

9. Shell Programming and Scripting

List line count of multiple files in windows server 2012

how to find out line count ( wc -l ) for multiple fines in windows cmd the command which i a using to find line count for single file is type sec0001.txt | find /c /v "" but how to use it for multiple files to get output filewise as if this command is run like type sec*.txt |... (2 Replies)
Discussion started by: sagar_1986
2 Replies

10. Solaris

Authenticating UNIX (Solaris 11) to Windows 2012R2 / Active Directory

Gentleman, i am trying to setup Authentication for my Solaris 11 Server through Active Directory (Server 2012 R2). At least some things are already working, for example a getent passwd mydomainuser and ldapsearch command comes back with a correct result. So not everything i did was wrong. ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

LEARN ABOUT DEBIAN

kvno

KVNO(1) 						      General Commands Manual							   KVNO(1)

NAME

       kvno - print key version numbers of Kerberos principals

SYNOPSIS

       kvno [-q] [-h] [-c ccache] [-e etype] service1 service2 ...

DESCRIPTION

       Kvno acquires a service ticket for the specified Kerberos principals and prints out the key version numbers of each.

OPTIONS

       -c ccache
	      specifies the name of a credentials cache to use (if not the default)

       -e etype
	      specifies  the enctype which will be requested for the session key of all the services named on the command line.  This is useful in
	      certain backward compatibility situations.

       -q     suppress printing

       -h     prints a usage statement and exits

       -P     specifies that the service1 service2 ...	arguments are to be treated as services for which credentials  should  be  acquired  using
	      constrained delegation. This option is only valid when used in conjunction with protocol transition.

       -S sname
	      specifies  that  krb5_sname_to_principal()  will be used to build principal names.  If this flag is specified, the service1 service2
	      ...  arguments are interpreted as hostnames (rather than principal names), and sname is interpreted as the service name.

       -U for_user
	      specifies that protocol transition (S4U2Self) is to be used to acquire a ticket on behalf of for_user.  If constrained delegation is
	      not requested, the service name must match the credentials cache client principal.

ENVIRONMENT

       Kvno uses the following environment variable:

       KRB5CCNAME      Location of the credentials (ticket) cache.

FILES

       /tmp/krb5cc_[uid]  default location of the credentials cache ([uid] is the decimal UID of the user).

SEE ALSO

       kinit(1), kdestroy(1), krb5(3)

																	   KVNO(1)
All times are GMT -4. The time now is 02:44 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy