Hi James, thanks a lot for your interesting reply.. in order to investigate this issue, I've set up an Windows Server 2012 evaluation copy on my Linux laptop as an VM using QEMU. With that, I also added two more VM's : a Windows 10 client and a Linux Fedora 37 server with sssd configured and both VMs joined to the Active Directory domain.
I now can login to the Windows 10 VM using my AD account and password. Next I use Putty ( with 'Allow GSSAPI Credential Delegation' enabled ) to get to the Linux server, and I get logged in without specifying a password, because sshd is configured to allow GSSAPIAuthentication and detected a valid Kerberos ticket. And then : yesss ! 'klist' showed that I have a valid Kerberos ticket ! While reading your post, I looked at the Linux machine object using Adsiedit.msc... this is the userAccountControl for that server : 0x11000 = ( WORKSTATION_TRUST_ACCOUNT | DONT_EXPIRE_PASSWORD) umm.. the TRUSTED_FOR_DELEGATION flag is not set, but still , Putty login gives me a TGT. This does not match your explanation.. Am I doing something not right ? Thanks ! _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
