When logging in, putty only shows: 
Using username "drext...@net.dr.dk". 
drext...@net.dr.dk@rhel02udv.linux.dr.dk's password: 

Putty log shows its only using SSPI, secur32.dll for GSSAPI, but fails: 

Event Log: Using SSPI from SECUR32.DLL 
Event Log: Attempting GSSAPI authentication 
Outgoing packet #0x6, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST) 
00000000 00 00 00 12 64 72 65 78 74 72 68 61 40 6e 65 74 ....drextrha@net 
00000010 2e 64 72 2e 64 6b 00 00 00 0e 73 73 68 2d 63 6f .dr.dk....ssh-co 
00000020 6e 6e 65 63 74 69 6f 6e 00 00 00 0f 67 73 73 61 nnection....gssa 
00000030 70 69 2d 77 69 74 68 2d 6d 69 63 00 00 00 01 00 pi-with-mic..... 
00000040 00 00 0b 06 09 2a 86 48 86 f7 12 01 02 02 .....*.H...... 
Incoming packet #0x6, type 60 / 0x3c (SSH2_MSG_USERAUTH_GSSAPI_RESPONSE) 
00000000 00 00 00 0b 06 09 2a 86 48 86 f7 12 01 02 02 ......*.H...... 
Event Log: GSSAPI authentication initialisation failed 
Event Log: The target was not recognized. 

----- On Sep 7, 2016, at 9:27 AM, Alexander Bokovoy <aboko...@redhat.com> 
wrote: 

> On Wed, 07 Sep 2016, Troels Hansen wrote:

>> Running RHEL 7.2, IPA 4.2 and SSSD 1.13, we have set up a IPA-AD trust
>> and trying to get Putty GSSAPI login to work. In Putty GSSAPI have
>> been enabled, and GSSAPI is enabled in sshd.

>> Logging in using password from Windows to Linux works, and logging in
>> from Linux to Linux using kerberos works.

>> AD trust is a follows:

>> # ipa trust-find
>> ----------------
>> 2 trusts matched
>> ----------------
>> Realm name: net.dr.dk
>> Domain NetBIOS name: NET
>> Domain Security Identifier: S-1-5-21-xxxxxxxxx-xxxxxxxx-xxxxxxxx

>> Realm name: place.dr.dk
>> Domain NetBIOS name: PLACE
>> Domain Security Identifier: S-1-5-21-xxxxxx-xxxxxx-xxxxxxx
>> Trust type: Active Directory domain
>> ----------------------------
>> Number of entries returned 2
>> ----------------------------

>> # ipa trust-show place.dr.dk
>> Realm name: place.dr.dk
>> Domain NetBIOS name: PLACE
>> Domain Security Identifier: S-1-5-21-xxxx-xxxx-xxxxx
>> Trust direction: Trusting forest
>> Trust type: Active Directory domain

>> # ipa trust-show net.dr.dk
>> Realm name: net.dr.dk
>> Domain NetBIOS name: NET
>> Domain Security Identifier: S-1-5-21-xxxxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxxxxx

>> users are located in net.dr.dk.

>>> From looking at the doc's this should just work... However, can't get
>>> it to work. Am I missing something?
> Make screenshots of PuTTY screens showing what you configured and what
> does not work. You can also ask PuTTY to generate logs.

> --
> / Alexander Bokovoy

-- 

Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 

T (+45) 70 20 10 63 

M (+45) 22 43 71 57 
Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og 
meget mere. 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to