Active Directory LDAP SSH

From: Roman S <kleinerroemer@xxxxxxxxxxx>
Date: Tue, 4 Sep 2007 10:36:09 +0200

Hey guys!

I've configured a Microsoft Active Directory with LDAP and Kerberos, and some Linux (Redhat) clients who authenticate to it.
I'm able to get some tickets for the users who are in the Active Directory, but SSH behaves a bit strange.

I can always ssh to the same machine again.
Like
#foo: ssh foo

but I can't ssh to any other computers. I always get a Permission denied.
I've only enabled gssapi authentication, all others are disabled.
Debug output of ssh didn't get me any further.

At the moment users are basicly managed over NIS, only a few test users are in LDAP, so they don't have home directories. I don't know if this could cause the trouble.

Thanks for your help

Roman

_________________________________________________________________
JETZT die neueste Version des Windows Live Messenger downloaden!
http://get.live.com/de-at/messenger/overview.

Prev by Date: Re: Kerberos 5 certified under NIST 140-2.
Next by Date: RE: Kerberos 5 certified under NIST 140-2.
Previous by thread: Re: regarding clock skew difference between client and KDC
Next by thread: Re: Active Directory LDAP SSH
Index(es):
- Date
- Thread

Relevant Pages

Re: Active Directory LDAP SSH
... I've configured a Microsoft Active Directory with LDAP and Kerberos, and some Linux clients who authenticate to it. ... I'm able to get some tickets for the users who are in the Active Directory, but SSH behaves a bit strange. ... Did you create the host principal and keytab for the target server? ...
(comp.protocols.kerberos)
Re: Domain Trusts and LDAP
... Another solution may could be to use ADAM (Active Directory in Application ... and create ProxyUser Accounts that relays to ... > web via LDAP. ... > internal users to authenticate to the external system without creating new ...
(microsoft.public.windows.server.active_directory)
Re: Active Directory bind to 3rd party LDAP for authentication
... Since LDAP is not an authentication protocol, it would be helpful to know ... If you can use Kerberos, ... It might be possible to get AD to authenticate ... >> I have a standalone Active Directory in a test domain. ...
(microsoft.public.windows.server.active_directory)
Re: Trouble Authenticating users from trusted domains
... We have a new ERP system that can either authenticate with it's own user ... much prefer authenticating via Active Directory as it makes Administration ... If you specify an LDAP server, ... >> login as a user from the child domain, ...
(microsoft.public.win2000.active_directory)
Trouble Authenticating users from trusted domains
... I have an ERP application that can authenticate users from Active Directory ... domain information is passed to my DCs or LDAP Server. ... login as a user from the child domain, ...
(microsoft.public.win2000.active_directory)