I'm authenticating with SSSD / Kerberos against Windows Server 2012 R2. I've setup credentails delegation using these options:
Host *
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPITrustDns yes
For both client/server but no luck. I've read online that I need to run ADSIEdit.msi
to edit the user flags in Windows Server 2012 R2 to enable a delegation tab, which I've done, but no luck setting the delegation parameters. Thinking my issue is on the Windows Server 2012 with the setting I put for SPN ( servicePrincipalName
) but not 100%. 3
My question is does Linux SSSD / Kerberos care about the Windows Server 2012 R2 delegation settings and what should I set the servicePrincipalName too in Windows so my SSSD / Kerberos implementation will work?
What should I look for in the log files to determine if the credentials deletation is working or not working? I searched for *deleg*
but nothing comes up.
What do I need to look for in the log files to determine where the delegation is breaking and hence not working?
Thanks,
Dev