Active Directory LDAP SSH
Michael B Allen
ioplex at gmail.com
Tue Sep 4 14:18:05 EDT 2007
On 9/4/07, Roman S <kleinerroemer at hotmail.com> wrote:
>
> Hey guys!
>
> I've configured a Microsoft Active Directory with LDAP and Kerberos, and some Linux (Redhat) clients who authenticate to it.
> I'm able to get some tickets for the users who are in the Active Directory, but SSH behaves a bit strange.
>
> I can always ssh to the same machine again.
> Like
> #foo: ssh foo
>
> but I can't ssh to any other computers. I always get a Permission denied.
> I've only enabled gssapi authentication, all others are disabled.
> Debug output of ssh didn't get me any further.
Hi Roman,
Did you create the host principal and keytab for the target server?
Also, you'll need a .k5login file in the home directory of the target:
$ cat ~/.k5login
alice at EXAMPLE.COM
Google for info about the above and you should find a tutorial I would think.
Mike
> At the moment users are basicly managed over NIS, only a few test users are in LDAP, so they don't have home directories. I don't know if this could cause the trouble.
More information about the Kerberos
mailing list