Web lists-archives.com

Re: [Samba] Winbind, Kerberos, SSH and Single Sign On


I solved my problem. For some reason the auth_to_local rule didn't work. When I change the krb5.conf to

        default_realm = SUBDOM2.SUBDOM1.EXAMPLE.DE
        dns_lookup_realm = true
        dns_lookup_kdc = true
        ticket_lifetime = 24h
        renew_lifetime = 7d
        forwardable = true

        auth_to_local = RULE:[1:$0@$1](SUBDOM2\.SUBDOM1\.EXAMPLE\.DE@.*)s/\.SUBDOM1\.EXAMPLE\.DE@/+/
        auth_to_local = RULE:[1:$0@$1](EXAMPLE\.DE@.*)s/\.DE@/+/
        auth_to_local = DEFAULT

everything is working. But I have no idea why it didn't work.


Am 02.11.2017 um 11:29 schrieb Andreas Hauffe via samba:

a new hint. If I change the default_realm in krb5.conf to EXAMPLE.DE than the kerberized ssh is working for a user from example.de (user1@xxxxxxxxxx) and not working for a user from subdom2.subdom1.example.de (testuser@xxxxxxxxxxxxxxxxxxxxxxxxxx)

So with the actuall configuration I'm able to use kerberized ssh for users from example.de or users from subdom2.subdom1.example.de but not both.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba