[Freeipa-users] authentication with latest putty fails
Han Boetes
hboetes at gmail.com
Fri Jan 4 13:31:33 UTC 2013
I've set up windows with the instructions given over here:
http://freeipa.com/page/Windows_authentication_against_FreeIPA
And all seems to be working fine. After I run klist I see valid tickets:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.
C:\Users\fh>klist
Aktuelle Anmelde-ID ist 0:0x153b25
Zwischengespeicherte Tickets: (1)
#0> Client: fh @ REALM
Server: krbtgt/REALM @ REALM
KerbTicket (Verschlüsselungstyp): AES-256-CTS-HMAC-SHA1-96
Ticketkennzeichen 0x40e10000 -> forwardable renewable initial
pre_authen
t name_canonicalize
Startzeit: 1/4/2013 14:03:11 (lokal)
Endzeit: 1/5/2013 14:03:11 (lokal)
Erneuerungszeit: 1/11/2013 14:03:11 (lokal)
Sitzungsschlüsseltyp: AES-256-CTS-HMAC-SHA1-96
I can do a passwordless login with the latest putty with kerberos
authentication, I disabled password and key logins. And then on the host I
checked klist and got this:
[fh at test-server-ipa ~]$ klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1554800011)
sudo also doesn't work. To test the setup I did the same from linux host
and login in, sudo, klist etc etc all work fine. So I checked the sshd -d
output difference and the only difference I see is:
-Postponed gssapi-with-mic for fh from 192.168.2.73 port 50334 ssh2
-debug1: Received some client credentials
+Postponed gssapi-with-mic for fh from 192.168.2.56 port 49168 ssh2
+debug1: Got no client credentials
Where .73 is the linux host and .56 is the windows host.
What am I missing here?
--
# Han
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130104/3251c69a/attachment.htm>
More information about the Freeipa-users
mailing list