Strange problem with putty/sso
Douglas E. Engert
deengert at anl.gov
Thu Oct 11 17:35:28 EDT 2012
On 10/11/2012 3:44 PM, Jarek wrote:
> I have windows 2008R2 with AD and few Linux servers.
> I've installed debian squeeze on one of the servers and next integrated
> it with domain (kerberos, winbind, samba etc) with test PDC.
> As the SSO with putty was working fine, the system has been cloned to
> remaining machines.
> Next all Linux servers has been connected to production PDC but
> something went wrong: on part of the servers SSO is not working - I have
> to use the password.
> All servers has exactly same krb5.conf and samba.conf, DNS, NTP has been
> triple checked.
> kinit, password login, wbinfo, getent works but GSSAPI (from putty) is
> working only on part of them.
> keytabs has been created with:
> net ads join -U administrator -k
> net ads keytab create -U administrator
> When there is a problem with SSO, in the ssh log, I see the message:
> Wrong principal in request.
> How can I debug this problem ?
> Is there any way to see what principal is send from putty ?
PuTTY has logging capabilities, under Session->Logging.
Wireshark on the client would show the Kerberos client to KDC traffic.
Windows is case insensitive. Unix is case sensitive it could
be a issue with the case of a host name in a service principal.
> Are there any other files beside krb5.conf and samba.conf which should
> be checked ?
> I have installed simmilar configuration in few systems, and it works
> years without any problem, but here I can't find where is the problem.
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the Kerberos