Web lists-archives.com

Re: [Samba] Kerberos S4U token with SAMBA4




Hi Taylor

That's not hard to explain:

The login to a local account is under the control of sshd, and if that has enough privileges it works.

The login to a domain account is a kerberos login which requires either Username and Password, or possibly PKINIT with a certificate. None of them can work with just a public key.

Norbert


On 11.06.2018 15:56, Taylor Hammerling via samba wrote:
does SAMBA4 support  Kerberos S4U tokens?

Background:
I am trying to get OpenSSH for windows to work on machines joined to our
SAMBA4 domain
We are running Samba 4.7.3-Debian on Debian 9

When attempting to SSH in to a windows client using public key credentials
for a domain user it fails.  When attempting to SSH into a windows client
using public key credentials for a local user it works just fine

I have been working with the OpenSSH team trying to figure out why this
isn't working, see github issue below

https://github.com/PowerShell/Win32-OpenSSH/issues/1177#issuecomment-394789906

Thanks in advance for any assistance you can provide. :)

Taylor



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba