Tag Archives: kerberos

Windows: Enable Share access for alias/cname or IP address with kerberos

Hi,

if you have completely disabled NTLM and you want to a mount a cifs share by an DNS alias you have to set an Service Principal Name for the alias at the computerobject.
Continue reading Windows: Enable Share access for alias/cname or IP address with kerberos

Samba: Setup an Active Directory









Hi,

unfortunately Microsoft has deceided to discontinue its Small Buisiness Server and for small environments you not really want to buy an Windows Server and install them as an Active Directory Domain Controller. When Microsofts Cloud isn’t also an option then you can use Samba :-).
Continue reading Samba: Setup an Active Directory

Linux: Mount a Windows share with kerberos authentication

Hi,

in some secure environments only kerberos authentication is allowed to connect to a Windows file share.

This example demonstrate the procedure on how to mount a share on a Debian 7 (Wheezy)  Linux. Other distributions should provide a simliar way.

First of all install the necessary pakets.

michael@debdev:~# apt-get install krb5-user krb5-config cifs-utils keyutils

After installing the packages the Kerberos configuration wizard starts.
Continue reading Linux: Mount a Windows share with kerberos authentication

Linux: Kerberos authentification against Windows Active Directory

Hi,

here are some steps to use kerberos authentification against a active directory with OS Version Windows Server 2008 R2 or later on your linux machine.

The default krb5 configuration implementation of the most linux distributions did not work out of the box. I assume that the REALM in /etc/krb5.conf is already configured.

Typical error messages are:

kinit: KDC has no support for encryption type while getting initial credentials
kinit: KDC reply did not match expectations while getting initial credentials

michael@debdev:~# kinit  michael@subdomain.domain.local
Password for michael@subdomain.domain.local:
kinit: KDC has no support for encryption type while getting initial credentials

To eliminate the “KDC has no support for encryption type while getting initial credentials” issue change the default encryption type in the libdefaults section of the /etc/krb5.conf file.
Continue reading Linux: Kerberos authentification against Windows Active Directory