Hi Roger,
On Tue, Feb 14, 2017 at 4:54 PM, Michael Hirmke <mh@mike.franken.de> wrote:
Hi Roger,
Ok, now i understand your real problem - you never see both sides 8-< For problems like this IMHO this is essential.
I am curious: if I can authenticate using kinit, what can I then do? Or is that just that a program (samba, apache) can authenticate a user and then, upon success, the program can do something? Or is there something general I may look at? I guess this is just curiosity more than a solution to this problem. I have on my list using the same AD to authenticate some things in apache. That is next on my list.
I try to explain, how I understand it - be careful, that might be at least partially incorrect: Kerberos is the authentication method - you get a ticket granting ticket from the kdc, in this case the AD Domain controller. With this ticket you can get a service ticket for accessing a service on a certain machine providing that service, for example a file share. This is the authorization part. In your case the authentication part works, but the authorization part fails.
I have requested a log of the access attempts from the machine with a problem. Maybe there will be a clue there. My users are getting restless :)
Good luck!
-- Roger Oberholtzer
Bye. Michael. -- Michael Hirmke -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org