With Denison Barobosa's guidance, I managed to create a Windows server and a Ubuntu client machines.
In the client I issue: ---> # realm list testdomain.com type: kerberos realm-name: TESTDOMAIN.COM domain-name: testdomain.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %[email protected] login-policy: allow-realm-logins # login [email protected] Password: Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 6.8.0-52-generic x86_64) [...] [email protected]@Jammy-client:~$ klist Ticket cache: FILE:/tmp/krb5cc_746401104_JmHIJ0 Default principal: [email protected] Valid starting Expires Service principal 31.03.2025 03:04:43 31.03.2025 13:04:43 krbtgt/[email protected] renew until 01.04.2025 03:04:43 <--- Now I'm trying to figure out how exactly a browser enters this plot. It seems that client-side this would be straightforward to configure[1], but not nearly as much server-side. Maybe [2] is it, but again, advise if you have better ideas. [1]https://docs.active-directory-wp.com/Networking/Single_Sign_On/Configure_browsers_to_use_Kerberos.html [2]https://plugins.miniorange.com/guide-to-setup-kerberos-single-sign-sso -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1849346 Title: [snap] kerberos GSSAPI no longer works after deb->snap transition To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1849346/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
