N
N
Nicholas Secret2018-07-29 22:19:15
SSH
Nicholas Secret, 2018-07-29 22:19:15

Kerberos ssh authentication not happening through AD?

Scheme:
Domain corp.domain.com
Server server.corp.domain.com ip 192.168.0.10/24
Client host1.corp.domain.com ip 192.168.0.11/24
All packets forwarded via DNAT from external ip address 7.7.7.7 to 192.168 .0.10, and on the dns server there is an entry server.domain.ru A 7.7.7.7
All machines are included in the AD domain using SSSD, and are well authenticated using passwords from AD.
I wanted to check authentication using kerberos.
I'm trying to connect via ssh from host1(192.168.0.11) to server.corp.domain.com(192.168.0.10), everything goes well.
And when I try to connect from host1(192.168.0.11) to server.domain.ru (7.7.7.7), it doesn't work.
What could be the problem with DNAT or domain name?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
N
Nicholas Secret, 2018-07-31
@Ncla

Tests have shown that the domain specified in the ticket must match the domain to which you are connecting.

V
vreitech, 2018-07-29
@fzfx

at least you need to configure hairpin nat on the router.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question