Hi, I try to connect to a windows 2012R2 ad server with powershell
core from a linux client. I can't use NTLM or ssh, so I have to use
kerbereos.
What I did: I installed a debian8 client and configured
krb5.conf as followes: (comments and blank lines removed)
[logging]
default = FILE:/var/log/krb/krb5libs.log
kdc = FILE:/var/log/krb/krb5kdc.log
admin_server = FILE:/var/log/krb/kadmind.log
[libdefaults]
default_realm = EXAMPLE.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
renew_lifetime = 7d
[realms]
EXAMPLE.LOCAL = {
admin_server = ka-dc3.example.local
kdc = ka-dc3.example.local
}
[domain_realm]
.example.local = EXAMPLE.LOCAL
I also configured sssd.conf and smb.conf. After that I did a domain join.
Now I can see the computer entry in the AD. And I can login
to the linux client with my AD credentials.
But I'm not familiar with kerberos. If I enter the following
command (all the following commands are entered as root user):
kinit -v [email protected]
I get the following output:
Authenticated to Kerberos v5
A
klist
results in:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]
Valid starting Expires Service principal
25.04.2019 09:24:34 25.04.2019 19:24:34 krbtgt/[email protected]
renew until 02.05.2019 09:24:30
The howto told me that a
kinit -k
should work, but I got this error message:
kinit: Client 'host/[email protected]' not found in
Kerberos database while getting initial credentials
A
kadmin
fails with:
Authenticating as principal matthias_admin/[email protected] with password.
kadmin: Client not found in Kerberos database while initializing kadmin
interface
If I enter
klist -k
I get:
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 [email protected]
2 [email protected]
2 [email protected]
2 [email protected]
2 [email protected]
In my opinion my problems with powershell are related to kerberos.
If I enter the following command in powershell:
kinit [email protected]
followed by:
Enter-PSSession -ComputerName ka-dc3.example.local
-Authentication Negotiate -Credential [email protected]
I get this error message:
Enter-PSSession : Connecting to remote server ka-dc3.example.local
failed with the following error message : Authorization failed
Unspecified GSS failure. Minor code may provide more information
Server not found in Kerberos database For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName ka-dc3.example.local -Authentication Ne ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (ka-dc3.example.local:String)
[Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed
Any help is appreciated!
Matthias
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
