Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Authenticating with SSSD / Kerberos against Windows Server 2012 R2
Top Forums UNIX for Advanced & Expert Users Authenticating with SSSD / Kerberos against Windows Server 2012 R2 Post 302954115 by Devyn on Friday 4th of September 2015 11:11:06 AM
Old 09-04-2015
Is there a command to find out the key versions that it is saying are incorrect between server and client? Doesn't appear it's an issue with KVNO numbers because sometimes logins don't work (when I see the error above) even if KVNO's match or don't match between servers and client. Any help would be appreciated.

Code:
Ad Master 01: KVNO = 5
Ad Master 02: KVNO = 7

Client (RHEL) I've set the keytabs to KVNO = 5 for each of the 3 keytabs so they 'should' match but I still get the above error and hence Access Denied. If I don't specify -kvno 5 the system picks what appear to be next numbers in line like 29,30,31 etc

Thanks,
Dev
Last edited by Devyn; 09-04-2015 at 12:11 PM.. Reason: Use code tags
 

10 More Discussions You Might Find Interesting

1. AIX

Users not authenticating via Kerberos on MS AD

I have AD (active directory) user, "asdf", created and a matching local AIX user name. Using "kinit", I can successfully authenticate it against the MS AD but when they I try to login via SSH with the same user name, it doesn't work. How can I get AIX to allow kerberos authentication as a valid... (1 Reply)
Discussion started by: kah00na
1 Replies

2. Shell Programming and Scripting

Unix shell script to Copy files from one Windows server to another Windows server.

Can anybody please help me on how to code for the below requirement: I need to write a shell script (on different unix server) to copy files from multiple folders (ex. BRN-000001) from one windows server (\\boldls-mwe-dev4)to a different windows server(\\rrwin-ewhd04.ecomad.int). This shell... (4 Replies)
Discussion started by: SravsJaya
4 Replies

3. Shell Programming and Scripting

gawk convert 2012-Jun-13 to 2012-06-13

I have a value in a file i am processing that has a date like "2012-Jun-13" how can I convert a date like that 2012-06-13? Am I stuck building an array of three digit months and corresponding numbers and running through the logic of figuring out the number?? or can I convert this with... (1 Reply)
Discussion started by: trey85stang
1 Replies

4. Shell Programming and Scripting

Date conversion help from dd/mm/yyyy to dd/Mon/yyyy i.e. 28/10/2012 to 28/Oct/2012

Hi I have a problem with Date format in my code. 1st I am trying to convert today's date to yesterday's using YESTERDAY3=`perl -e '@y=localtime(time()-86400); printf "%04d/%02d/%02d",$y+1900,$y+1,$y;$y;'` And once it is done I am trying to using the yesterday date in a grep command to... (3 Replies)
Discussion started by: nithinankam
3 Replies

5. What is on Your Mind?

Place your bits - 2012 FIFA Ballon d'Or and 2012 FIFA World Coach of the Year

I have added two new sports events. The FIFA Ballon d'Or is an association football award given annually to the player who is considered to have performed the best in the previous season. It is awarded based on votes by coaches and captains of international teams, as well as journalists from... (0 Replies)
Discussion started by: ni2
0 Replies

6. Red Hat

Not authenticating in apache server site for a folder

hi , Im configuring web site with authencation to a folder but the authentication is not happening. below is the conf file of /etc/httpd/conf/httpd.conf <VirtualHost 192.168.1.4:80> DocumentRoot /var/www/html/ ServerName redhatclient.example.com <directory... (0 Replies)
Discussion started by: redhatlbug
0 Replies

7. AIX

How can we share a AIX drive on to Windows 2012 server?

Hi, How can we share a AIX drive on to Windows 2012 server. or vise versa. Note: Not using NFS/CIFS/samba. (*we are not able to use samba/NFS/CIFS for some reason) Requirement: How to have real time file sharing over the network between Windows and UNIX Do you guys have any ... (4 Replies)
Discussion started by: System Admin 77
4 Replies

8. AIX

Samba 3.6.22 on AIX 7.1 with Windows AD (Kerberos and winbind)

Hi all, I have installed samba 3.6.22 on AIX 7.1 and join a windows AD with success. All seem to work fine, I have configured smb.conf, methods.cfg, kerberos, user .... the following command work fine wbinfo -u, wbinfo -g, wbinfo -i, wbinfo -s, wbinfo -S, lsuser, id... The unique... (20 Replies)
Discussion started by: PhilippeA
20 Replies

9. Shell Programming and Scripting

List line count of multiple files in windows server 2012

how to find out line count ( wc -l ) for multiple fines in windows cmd the command which i a using to find line count for single file is type sec0001.txt | find /c /v "" but how to use it for multiple files to get output filewise as if this command is run like type sec*.txt |... (2 Replies)
Discussion started by: sagar_1986
2 Replies

10. Solaris

Authenticating UNIX (Solaris 11) to Windows 2012R2 / Active Directory

Gentleman, i am trying to setup Authentication for my Solaris 11 Server through Active Directory (Server 2012 R2). At least some things are already working, for example a getent passwd mydomainuser and ldapsearch command comes back with a correct result. So not everything i did was wrong. ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

LEARN ABOUT OPENSOLARIS

ktutil

ktutil(1)							   User Commands							 ktutil(1)

NAME

       ktutil - Kerberos keytab maintenance utility

SYNOPSIS

       /usr/bin/ktutil

DESCRIPTION

       The  ktutil command is an interactive command-line interface utility for managing  the keylist in keytab files. You must read in a keytab's
       keylist	before you can manage it. Also, the user running the ktutil command must have read/write permissions on the keytab.  For  example,
       if a keytab is owned by root, which it typically is, ktutil must be run as root to have the appropriate permissions.

COMMANDS

       clear_list	      Clears the current keylist.
       clear

       read_kt file	      Reads a keytab into the current keylist. You must specify a keytab file to read.
       rkt file

       write_kt file	      Writes  the  current  keylist  to a keytab file. You must specify a keytab file to write. If the keytab file already
       wkt file 	      exists, the current keylist is appended to the existing keytab file.

       add_entry number       Adds an entry to the current keylist. Specify the entry by the keylist slot number.
       addent number

       delete_entry number    Deletes an entry from the current keylist. Specify the entry by the keylist slot number.
       delent number

       list		      Lists the current keylist.
       l

       list_request	      Lists available requests (commands).
       lr

       quit		      Exits utility.
       exit
       q
EXAMPLES

       Example 1 Deleting a principal from a file

       The following example deletes the host/denver@ACME.com principal from the /etc/krb5/krb5.keytab file. Notice that if you want to delete	an
       entry  from an existing keytab, you must first write the keylist to a temporary keytab and then overwrite the existing keytab with the tem-
       porary keytab. This is because the wkt command actually appends the current keylist to an existing keytab, so you can't use it to overwrite
       a keytab.

	 example# /usr/krb5/bin/ktutil
	     ktutil: rkt /etc/krb5/krb5.keytab
	     ktutil: list
	 slot KVNO Principal
	 ---- ---- ---------------------------------------
	    1	 8 host/vail@ACME.COM
	    2	 5 host/denver@ACME.COM
	     ktutil:delent 2
	     ktutil:l
	 slot KVNO Principal
	 ---- ---- --------------------------------------
	    1	 8 host/vail@ACME.COM
	     ktutil:wkt /tmp/krb5.keytab
	     ktutil:q
	 example# mv /tmp/krb5.keytab /etc/krb5/krb5.keytab

FILES

       /etc/krb5/krb5.keytab	keytab file for Kerberos clients

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWkrbu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |See below.		   |
       +-----------------------------+-----------------------------+

       The command arguments are Evolving. The command output is Unstable.

SEE ALSO

       kadmin(1M), k5srvutil(1M), attributes(5), kerberos(5)

SunOS 5.11							    16 Nov 2006 							 ktutil(1)
All times are GMT -4. The time now is 01:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy