On Wed, 2020-11-11 at 18:34 -0500, Jason Keltz wrote:
But when I change into the directory as "root", nothing is logged into KRB5_TRACE.
Note that setting debug level to 3 would automatically ad KRB5_TRACE in the logs (as the man page says :).
I enable the auth_to_local rule: auth_to_local = RULE:[1:$1@$0](J1$.*)s/.*/root/ again, and it doesn't work but then I realized that the $ in J1 could be escaped, and the rule now becomes:
BUT... auth_to_local = RULE:[1:$1@$0](J1$@AD.EECS.YORKU.CA)s/.*/root/
... which finally works!!!
Yes if you look carefully this seem to be an AD environment so the UPN for a workstation is shortname$ instead of host/fqdn, so you have to account for that in auth_to_local.
Persistence does pay off I guess. I'd still like your help understanding those other GSS errors, but I'll get back to that tomorrow as a separate issue.
Glad you solved it.
Simo.