windows linux sso ssh
Hallo:
I'm trying to do a ssh connection (using Quest Putty) from Windows to Linux. As linux are joined to Active Directory, is possible to do a SSO (using kerberos). If I connect from linux to linux using ssh, it works fine. If I connect form Windows (Win7) to Linux using Quest Putty or Centrify Putty, an error is displayed: Code:
Thanks |
Did you check the list of possible causes/fixes ?
1) Unix login name is correct 2) Target service principal name is correct 3) Kerberos authentication is enabled in SSH server 4) Clock in the host is syncrhonized with the clock in AD |
Yes, I've tried that.
As I say, I've added different CentOS 5.5 to Active Directory. And I can do a SSO from Linux to Linux using that user. The problem is when I try to connect from Windows. Tried with Centrify and Quest Putty. I've tried from Window2003SR2, Quest Putty and AD Win2003SR2 and it works fine. If I try with Windows7, Quest Putty and AD Win2003SR1 a GSSAPI error is received. Trying the same with Centrify Putty I see: Code:
Thanks |
Quote:
|
Sorry.
I've changed names as I don't want to write domains, IP and names of my company. I'm asked for password in the format: user1@sever1.company.com More detailed information in: http://allthingsunix.inside.quest.co...=119796⻋ Any suggestion? Thanks. |
Which version of AD did you want to use ? ... 2003 and 2003R2 have different schemas and you need to install different products (SFU for 2003 and IDMU for 2003R2) to enable *nix logons.
|
Version:
- Domain Controllers: Windows 20003. - Schemas: Windows 2003 R2 (Schemas where updated from Win2003, but not the software/domain controllers. What do I have to install/configure? Thanks |
I'm not sure .. was there a specific reason you didn't update the OS as well ?
|
Active Directory is work of another department.
I can use, but not modify/configure it. Any other suggestion? Thanks |
Ask them to install IDMU and see if it works
|
No possible to install IDMU in Active Directory (ADS department is not going to do that).
I'll have to wait for a migration of Active Directory to ADS 2008, but it cant take months (or years). Any other suggestion is welcome. Thanks |
Sorry, I'm all out, good luck
|
All times are GMT -5. The time now is 12:12 PM. |