Displaying 20 results from an estimated 30 matches for "add_update_ad".
Did you mean:
add_update_ads
2020 Jul 23
2
Issue with Keytab memory
Hi Louis,
>Try
>
>net ads keytab add_update_ads cifs/$(hostname -f) -U Administrator
>And i hope this is not your hostname : lpeda1.muc
>Because thats a domainname.
>
>Also make sure you check the resolving of the A and PTR records
>
>Greetz,
>
>Louis
My hostname is lpeda1!
hostname returns "lpeda1"
hostna...
2020 Jul 23
5
Issue with Keytab memory
Hello,
I am using Samba as file server as member of a windows domain.
Kerberos is configured with kerberos method = secrets and keytab
Currently some (not all) users get issues when connecting to samba shares from windows.
In the corresponding samba logs I found entries:
....
[2020/07/23 12:08:06.697678, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
2020 Jul 24
0
samba4 kerberized nfs4 with sssd ad client
...k, try sec=sys in a client, if that works, well,
then you setup needs fixing somewhere. DNS/resolvings/SPN's
##### Below are the client and server configs.
# Samba/winbind joined, and you need to add the NFS spn to the keytab file and AD.
### Server1 (NFS SERVER SPN setup)
net ads keytab add_update_ads nfs/$(hostname -f) -U Administrator
### Server1 (NFS exports setup)
# /etc/default/nfs-kernel-server
NEED_SVCGSSD="yes"
### Server1 and 2 (NFS Server and client) ! only need if you setup as shown on server 1.
/etc/default/nfs-common
NEED_STATD="yes"
STATDOPTS="no"...
2020 Jul 24
4
samba4 kerberized nfs4 with sssd ad client
Hi everyone,
I have a samba DC, let's call it dc1.ad.example.com.
I have two members of the domain - server1.ad.example.com and
server2.ad.example.com.?? They are not running smbd and winbind.
Instead, they are running SSSD with AD backend.
I want to create an NFSv4 export on server1.ad.example.com and mount it
on server2.ad.example.com (say, sec=krb5).
I found some instructions online
2020 Mar 09
1
mount share using kerberos ticket fails
After re-join
kinit Administrator
net ads keytab add cifs/$(hostname -f) -k
net ads keytab add_update_ads -k
samba-tool delegation for-any-service COMPUTERNAME$ on
( or use : delegation add-service accountname principal [options] )
Reboot
Should work now. ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Yvan
> Mas...
2020 Mar 09
3
mount share using kerberos ticket fails
Hi list,
I joined a workstation (Debian 10, Samba from distribution) to our AD
domain (Windows 2012 Server). The domain ends by ".local" (yes I know,
not my fault).
However, after a domain user logged to the machine, I can't mount a
share that exists on the AD server using user's kerberos ticket: it
fails with error "Required key not available".
Mounting using
2020 Nov 10
4
nfs root kerberos
Hi Louis,
Thanks for your message.
However, I already have NFS working completely. I'm only trying to work out root NFS access on the client.? I tried your NFS translation fix via idmapd.conf? but that isn't working for me. I've discovered that's because CentOS 7 is using gssproxy so apparently your fix won't work. The fix from Red Hat (adding some lines to krb.conf seen in my
2020 Nov 11
2
nfs root kerberos
...st know that the basics are..
> >
> > 1) The server must have A and PTR record. (optional you can
> use CNAMEs as long A+PTR match).
> >
> > 2) you use nfs/$(hostname -f) and add this in the local
> keytab and in the computer object$
> > net ads keytab add_update_ads nfs/$(hostname -f)
> >
> > ( you dont add the REALM here ) !
> >
> >
> > 3) i know nfs tries mutiple spns, like : ( random order. )
> > nfs/HOSTNAME$
> > nfs/hostname.fqdn
> > root/hostname.fqdn
> > On of these must exist in the local ke...
2020 Jul 23
0
Issue with Keytab memory
Try
net ads keytab add_update_ads cifs/$(hostname -f) -U Administrator
And i hope this is not your hostname : lpeda1.muc
Because thats a domainname.
Also make sure you check the resolving of the A and PTR records
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org]...
2020 Nov 10
0
nfs root kerberos
...y problem is i dont now how Centos/RH is handing this.
I just know that the basics are..
1) The server must have A and PTR record. (optional you can use CNAMEs as long A+PTR match).
2) you use nfs/$(hostname -f) and add this in the local keytab and in the computer object$
net ads keytab add_update_ads nfs/$(hostname -f)
( you dont add the REALM here ) !
3) i know nfs tries mutiple spns, like : ( random order. )
nfs/HOSTNAME$
nfs/hostname.fqdn
root/hostname.fqdn
On of these must exist in the local keytab file. ( in debian /etc/krb5.keytab )
klist -ke /etc/krb5.keytab
Should have at le...
2020 Mar 09
0
mount share using kerberos ticket fails
...you "deleated the computer object" to allow kerberos services.
And did you add the CIFS/spn to the computer and keytab ?
https://wiki.samba.org/index.php/Generating_Keytabs
If its a member, which i assume.
kinit Administrator
net ads keytab add cifs/$(hostname -f) -k
net ads keytab add_update_ads -k
Add these and it should work.
You might need to restart or reboot., sometimes its needed.
Dont know why.
Cifs and NFS (kerberized) work in debian without any changing any files if you setup correctly.
All you need is above.
If you not having a "regular" setup, you might need to...
2020 Sep 18
3
Mailserver + Samba4
Hi,
I want to install a dovecot mail server with postfix. And want to be able to use kerberos for authentication. Has someone experience with this. And maybe some links to info.
Is there also someone with experience with SoGo?
Philip
2020 Nov 11
0
nfs root kerberos
....
>> >
>> > 1) The server must have A and PTR record. (optional you can
>> use CNAMEs as long A+PTR match).
>> >
>> > 2) you use nfs/$(hostname -f) and add this in the local
>> keytab and in the computer object$
>> > net ads keytab add_update_ads nfs/$(hostname -f)
>> >
>> > ( you dont add the REALM here ) !
>> >
>> >
>> > 3) i know nfs tries mutiple spns, like : ( random order. )
>> > nfs/HOSTNAME$
>> > nfs/hostname.fqdn
>> > root/hostname.fqdn
>> > On...
2018 Dec 20
3
samba AD, keberos, NFS - not working
Hi,
Upgraded the samba from 4.7.7 to 4.9.3 in debian. Trying to get Samba AD
4.9.3 as a Kerberos source for nfs4.
Until 4.7.7 able to mount the nfs4 over krb5 security. After upgrade unable
to mount it.
Suggest me is there any configure change in 4.9.3. Please look the
following configuration.
[Global] available= yes restrict anonymous= 0 Workgroup= SAM netbios name=
x2 realm= SAM.COM password
2020 Mar 09
2
mount share using kerberos ticket fails
...derstand the above: mount requires a keytab
AND a user ticket?
> https://wiki.samba.org/index.php/Generating_Keytabs
>
> If its a member, which i assume.
Yes, the workstation is a domain member.
> kinit Administrator
> net ads keytab add cifs/$(hostname -f) -k
> net ads keytab add_update_ads -k
>
> Add these and it should work.
> You might need to restart or reboot., sometimes its needed.
> Dont know why.
>
> Cifs and NFS (kerberized) work in debian without any changing any files if you setup correctly.
> All you need is above.
> If you not having a "reg...
2020 Jul 30
1
ntlm authentication issues
Hi,
I set up Squid 4.6 on Debian 10 and I'm having problems with browser
authentication on a Windows station.
I did the tests on the command line and apparently it's OK.
root at proxy:/etc/squid/acls# /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global
2018 Aug 15
1
[Announce] Samba 4.9.0rc3 Available for Download
...ased service.
net ads keytab changes
----------------------
net ads keytab add no longer attempts to convert the passed serviceclass
(e.g. nfs, html etc.) into a Windows SPN which is added to the Windows AD
computer object. By default just the keytab file is modified.
A new keytab subcommand 'add_update_ads' has been added to preserve the
legacy behaviour. However the new 'net ads setspn add' subcommand should
really be used instead.
net ads keytab create no longer tries to generate SPN(s) from existing
entries in a keytab file. If it is required to add Windows SPN(s) then
'net ads s...
2018 Aug 15
1
[Announce] Samba 4.9.0rc3 Available for Download
...ased service.
net ads keytab changes
----------------------
net ads keytab add no longer attempts to convert the passed serviceclass
(e.g. nfs, html etc.) into a Windows SPN which is added to the Windows AD
computer object. By default just the keytab file is modified.
A new keytab subcommand 'add_update_ads' has been added to preserve the
legacy behaviour. However the new 'net ads setspn add' subcommand should
really be used instead.
net ads keytab create no longer tries to generate SPN(s) from existing
entries in a keytab file. If it is required to add Windows SPN(s) then
'net ads s...
2018 Jul 31
1
[Announce] Samba 4.9.0rc2 Available for Download
...ased service.
net ads keytab changes
----------------------
net ads keytab add no longer attempts to convert the passed serviceclass
(e.g. nfs, html etc.) into a Windows SPN which is added to the Windows AD
computer object. By default just the keytab file is modified.
A new keytab subcommand 'add_update_ads' has been added to preserve the
legacy behaviour. However the new 'net ads setspn add' subcommand should
really be used instead.
net ads keytab create no longer tries to generate SPN(s) from existing
entries in a keytab file. If it is required to add Windows SPN(s) then
'net ads s...
2018 Jul 31
1
[Announce] Samba 4.9.0rc2 Available for Download
...ased service.
net ads keytab changes
----------------------
net ads keytab add no longer attempts to convert the passed serviceclass
(e.g. nfs, html etc.) into a Windows SPN which is added to the Windows AD
computer object. By default just the keytab file is modified.
A new keytab subcommand 'add_update_ads' has been added to preserve the
legacy behaviour. However the new 'net ads setspn add' subcommand should
really be used instead.
net ads keytab create no longer tries to generate SPN(s) from existing
entries in a keytab file. If it is required to add Windows SPN(s) then
'net ads s...