search for: kdc_timesync

...in gives an error (but computer was previously joined ok) wbinfo --sequence shows: GATEWAY : 1 BUILTIN : 1 TEST : DISCONNECTED Configuration files are: -------------krb5.conf------------------------------- [libdefaults] default_realm = TEST.COM dns_lookup_realm = false dns_lookup_kdc = false kdc_timesync = 1 forwardable = true proxiable = true [realms] CIKAUTXO.ES ={ kdc = PDC admin_server = PDC default_domain = TEST } [domain_realm] .test.com = TEST.COM test.com = TEST.COM -------------krb5.conf------------------------------- PDC address is included in /etc/hosts -------------nsswi...

...ian, Samba 4.11 After successfully setting up samba4, I want this machine to authenticate against the running samba4-server. I've created /etc/krb5.conf: [libdefaults] default_realm = ADA.DE <http://ada.de/> dns_lookup_realm = false dns_lookup_kdc = true kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] ADA.DE <http://ada.de/> = { kdc = ad01.ada.de kdc = ad02.ada.de admin_server = ad01.ada.de chpa...

Aki - made your suggested changes, but no joy :( My /etc/krb5.conf: ------SNIP-------- [libdefaults] default_realm = HPRS.LOCAL dns_lookup_realm = false dns_lookup_kdc = true [libdefaults] default_realm = HPRS.LOCAL dns_lookup_kdc = true kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] HPRS.LOCAL = { default_domain = hprs.local auth_to_local_names = { Administrator = root } } [domain_realm] hprs.local = HPRS.LOCAL # this is not a mistake .hprs.local = HPRS...

...ts] default_realm = DOM.CORP default_etypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4 des3-hmac-sha1 des3-cbc-sha1 allow_weak_crypto = true dns_lookup_kdc = true dns_lookup_realm = false forwardable = true proxiable = true kdc_timesync = 1 debug = false any help ? :)

...ailed: No more connections can be made to this remote computer at this time because the computer has already accepted the maximum number of connections. In /etc/krb5.conf i've set: [libdefaults] default_realm = AD.AC.CONCORDIA-PORDENONE.IT dns_lookup_realm = false dns_lookup_kdc = false kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] AD.AC.CONCORDIA-PORDENONE.IT = { kdc = kdc.ad.ac.concordia-pordenone.it master_kdc = kdc.ad.ac.concordia-pordenone.it admin_server = kdc.ad.ac.concordia-pordenone.it default_domain = ad.ac.concordia-pordenone.it } clea...

...h Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults] default_realm = MYDOMAIN.NET krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true dns_fallback = yes default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 v4_instance_resolve = false v4_name_convert = { host =...

...= rfc2307 idmap config lnffvg : range = 10000-49999 idmap config lnffvg : backend = ad idmap config * : range = 5000-9999 idmap config * : backend = tdb printing = bsd /etc/security/pam_winbind.conf [global] cached_login = yes /etc/krb5.conf [libdefaults] default_realm = AD.FVG.LNF.IT kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: files gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files...

...;> ------SNIP-------- >>> [libdefaults] >>> default_realm = HPRS.LOCAL >>> dns_lookup_realm = false >>> dns_lookup_kdc = true >>> >>> [libdefaults] >>> default_realm = HPRS.LOCAL >>> dns_lookup_kdc = true >>> kdc_timesync = 1 >>> ccache_type = 4 >>> forwardable = true >>> proxiable = true >>> fcc-mit-ticketflags = true >>> >>> [realms] >>> HPRS.LOCAL = { >>> default_domain = hprs.local >>> auth_to_local_names = { >>&gt...

...h:5 [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/beo.imp/scripts read only = No /etc/krb5.conf [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = BEO.IMP kdc_timesync = 1 ccache_type = 4 [realms] [domain_realm] /etc/resolve.conf search BEO.IMP nameserver 200.2.2.15 nameserver 200.2.2.1 nameserver 200.2.2.2 ??, 23 ???. 2023 ?., 13:33 Rowland Penny via samba <samba at lists.samba.org>: > On Mon, 23 Oct 2023 13:11:27 +0300 &gt...

...conf: > > > > ------SNIP-------- > > [libdefaults] > > default_realm = HPRS.LOCAL > > dns_lookup_realm = false > > dns_lookup_kdc = true > > > > [libdefaults] > > default_realm = HPRS.LOCAL > > dns_lookup_kdc = true > > kdc_timesync = 1 > > ccache_type = 4 > > forwardable = true > > proxiable = true > > fcc-mit-ticketflags = true > > > > [realms] > > HPRS.LOCAL = { > > default_domain = hprs.local > > auth_to_local_names = { > > Administrator = r...

...SPNEGO login failed: An invalid parameter was passed to a service or function. ----- Here are the contents of the krb5.conf and smb.conf files: #----krb5.conf---- [libdefaults] default_realm = THIS.DOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d kdc_timesync = 1 forwardable = true proxiable = true canonicalize = true rdns = false spake_preauth_groups = edwards25519 default_ccache_name = KEYRING:persistent:%{uid} #----krb5 end---- #----smb.conf---- [global] workgroup = DOMAIN netbios name = MACHINENAME logging = file log file = /var/log/samba/log.%m ma...

...sers = @IAP_MW veto files = /Thumbs.db/._*/.DS_Store/.Trash-*/.~lock*/ vfs objects = fruit acl_xattr shadow_copy2 [work] comment = IAP MW Work folder path = /storage/work read only = No and on the server, the krb5.conf: # cat /etc/krb5.conf [libdefaults] default_realm = <redacted> kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] <redacted> = { kdc = <redacted> admin_server =<redacted> } and on one client machine, i.e. workstation: # testparm -s Load smb config files fro...

...system keytab winbind offline logon = yes # get quota command = /root/sambaquota.sh krb5.conf [libdefaults] default_realm = FS.UML.EDU # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disabl...

...> >> On client i've the default: >> [libdefaults] >> default_realm = TTU.RED >> >> # The following krb5.conf variables are only for MIT Kerberos. >> krb4_config = /etc/krb.conf >> krb4_realms = /etc/krb.realms >> kdc_timesync = 1 >> ccache_type = 4 >> forwardable = true >> proxiable = true >> ........ >> >> [realms] >> TTU.RED = { >> kdc = pdc >> admin_server = pdc >> } >> ........ &g...

...27.0.0.1 localhost 127.0.1.1 freeradius.windows.corp.XXX.com freeradius 192.168.127.131 whiskey.windows.corp.XXX.com whiskey 192.168.112.4 wine..windows.corp.XXX.com wine /etc/krb5.conf [libdefaults] default_realm = WINDOWS.CORP.XXX.COM krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] WINDOWS.CORP.XXX.COM = { kdc = whiskey.windows.corp.XXX.com:88 kdc = wine.windows.c...

...for MIT Kerberos. default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = {...

...ogging] ??? default = FILE:/var/log/krb5.log [libdefaults] ??????? default_realm = TOTO.FR ??????? dns_lookup_realm = false ??????? dns_lookup_kdc = true # The following krb5.conf variables are only for MIT Kerberos. ??????? krb4_config = /etc/krb.conf ??????? krb4_realms = /etc/krb.realms ??????? kdc_timesync = 1 ??????? ccache_type = 4 ??????? forwardable = true ??????? proxiable = true default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 permitted_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 supported_enctypes = aes2...

On 03/06/15 21:29, ivenhov wrote: > I reproduced error WERR_DEFAULT_JOIN_REQUIRED in two scenarios: > - user account that is used to join machine to domain is not part of Domain > Admin group. > - OU path for computer (specified in createcomputer) is invalid > > In both of those cases I'm getting detailed error messages: 'insufficient > access' and 'invalid

...Service principal 26/10/2013 10:11:34 26/10/2013 20:11:34 krbtgt/RADIODJIIDO.NC at RADIODJIIDO.NC renew until 27/10/2013 10:11:34 grep ^[^#] /etc/krb5.conf -> [libdefaults] default_realm = RADIODJIIDO.NC krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-tic...

additional: the krb5.conf from the former admin, I assume it could or should be boiled down: # cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5.log [libdefaults] ticket_lifetime = 24000 clock_skew = 300 default_realm = customer.INTRA kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] DOMAIN.LOCAL = { kdc = DC1.customer.INTRA:88 admin_server = DC1.customer.INTRA:464 default_domain = customer.INTRA } [domain_realm] .customer.INTRA = customer.INTRA customer.INTRA = cu...