kerberos

I have setup a KDC with a personal principal myname@MY.DOMAIN, and a NFS principal nfs/nfs.my.domain@MY.DOMAIN, whose keyfile I have installed at /etc/keyfile in the NFS server. Then I logged in my personal principal from my Laptop in both root a regular user, but was unable to mount the...

I try to switch from Samba to NFSv4 since it works in jail starting from 14.0-RELEASE, but I want a bit of security. I use the following guide: https://www.freebsdhandbook.com/security#kerberos5 After I installed security/heimdal I noticed, that 2 versions of kadmin exist. /usr/bin/kadmin...

The main host is FreeBSD 13, I created a VM to run FreeBSD and have Poudriere on it, for this, I am using vm-bhyve, here is the config of the VM: loader="bhyveload" cpu=8 memory=32G network0_type="virtio-net" network0_switch="public" disk0_type="virtio-blk" disk0_name="disk0"...

I would like to ask if there is any confirmed solution to solve to problem with compatibility between Windows 11 22H2 and the Samba in FreeBSD? I cannot login to domain with my current version of system. But I do not want to try to update to not solve this. Thanks for answers and your...

Hi, I have setup a PNFS server (NFSv4 only) with kerberos (heimdal) and I have a problem with gssd. I want to use kerberos on PNFS MDS as a NFS client to its PNFS DSs and as a NFS Server to its NFS clients which is connect to the PNFS MDS itself. But let's break down the problem. I can not use...

Hi, I want to share a directory with NFSv4 + Kerberos. Here is my configuration: NFS Server: (also tested with -alldirs before and yes I want to use the krb5p) /etc/exports V4: /tank/ds -sec=krb5p client.domain.net /tank/ds -sec=krb5p -maproot=root client.domain.net Also /etc/rc.conf ...

I've been poking at this for a while... basically, I've got a server I've migrated from an older system that worked (copied the slapd.conf file over) and ran with it for several months before realizing that kerberos auth wasn't working... and all my local network clients were working off of...

I am struggling to get a nfsv4 kerberos share on a linux server to mount on Freebsd 13 client. (The other way it worked.) On Linux there are to option to specify a kerberos share: /etc/exports on linserv: /nfs *(rw,sec=krb5:krb5i:krb5p,async,fsid=0) /nfs/home...

Has anyone got a good reference for how to set up krb5p security? I've got NFSv4 running fine without security, but that kerberos setup has been a major pain in the neck. There doesn't seem to be much logging going on, no matter how much -d or -h's I use. It appears, Wireshark is my only utility...

Hi, I followed this tutorial and was actually able to get pretty far in making a samba server on FreeBSD with AD as the authentication backend, but I'm running into an issue and don't know where to begin in tracing it out. The user auth looks good, and it appears to retrieve the groups from the...

Good day. Tell me why when trying to connect to Windows share on network through GUI applications, for example, Krusader, Files is still required password? Test Kerberos through kinit, klist - all good.

A beginner's question: Does it make sense to set up a server in a company (<100 Win Clients) as follows. Samba. OpenLDAP & Kerberos and run each in its own jail. Is that too much of a good and possibly more insecure than just Samba? The clients are all Windows 10 as well as 6 printers and 1...

Hi all, I am exploring the world of Kerberos authentication, but running into an issue while trying to setup a server (not the KDC). Specifically, the following: root@kerb-server:~ # kadmin root/admin@EXAMPLE.ORG's Password: kadmin> add --random-key host/kerb-server.example.org Max ticket life...

Hello, I'm a new user of FreeBSD - I recently installed FreeBSD 11.2 p4, and I use it as a backup- and fileserver using Samba48 and bacula. I also play around with it. I've joined the machine to a Samba domain and log in with winbind with domain users works using GSSAPI. NFSv4 with kerberos...

Hi all, I've tried to use the built-in kerberos system in FreeBSD 11.2 which is not the latest release of Heimdal. Not that I was actually looking for the latest but I've realised that the action of exporting a specific keytab to a different path (to move it afterwards to the target server)...

Dear FreeBSD Community! I'm planning to setup a NAS (for my family, a mix of Windows, Linux and Mac OS Clients) in a jail on my FreeBSD machine (which should replace my actual Linux-based homeserver step by step). So I prepared a jail with it's own IP, set up samba and joined our Active...

Hello everyone ;). I am currently trying to create a heterogen computer network (FreeBSD 10 Fileserver using ZFS, Ubuntu+Windows Clients). I've already set up a samba (4.3) active directory domain, which works mostly (but this is another topic). Because I am fairly new to the whole...

Hi all, So, I'm configuring a FreeBSD instance to run kerberos via a keytab to AD. Basically, I am at the point of the system being able to register in AD, the machine account is successfully created... (from first glance)... however, the msktutil command dies with it unable to locate the net...