search for: lyc

Displaying 20 results from an estimated 25 matches for "lyc".

Did you mean: lmc
2017 Jun 19
7
DRS stopped working after upgrade from debian Jessie to Stretch
...' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr[,seal] resolve_lmhosts: Attempting lmhosts lookup for name fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr<0x20> resolve_lmhosts: Attempting lmhosts lookup for name fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr<0x20> Wrong username or password: kinit for...
2017 Jun 20
5
DRS stopped working after upgrade from debian Jessie to Stretch
...count problem. But I can't find any > >> problem in Kerberos : > >> > >> > >> -------------------------------- > >> # kinit -k FICHDC$ > >> # klist > >> Ticket cache: FILE:/tmp/krb5cc_0 > >> Default principal: FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR > > > > Can you do this against the secrets.keytab in Samba's private/ dir? > > > > You can reset the Samba machine account pw with > > ./source4/scripting/devel/chgtdcpass, but: > > - it wont be packaged so you will have to...
2017 Jun 21
4
DRS stopped working after upgrade from debian Jessie to Stretch
...ce lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff > added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 > added interface eth0 ip=172.16.0.20 bcast=172.16.255.255 netmask=255.255.0.0 > resolve_lmhosts: Attempting lmhosts lookup for name > fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr<0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT =...
2017 Jun 21
4
DRS stopped working after upgrade from debian Jessie to Stretch
21.06.2017 11:45, L.P.H. van Belle via samba пишет: > I suggest before you upgrade do a very good read here. > > https://wiki.samba.org/index.php/Updating_Samba#Notable_Enhancements_and_Changes > > https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) > And a summerize version for with all parameter changes as of upgrade from 4.2 up to 4.6 >
2017 Jun 21
0
DRS stopped working after upgrade from debian Jessie to Stretch
...------------------------ > HOSTS : Don't take care of "puppet" entry. In use use puppet > to configure all my DCs and all my Linux Clients. But it's > currently disabled during the update. > ~# cat /etc/hosts > 127.0.0.1 localhost > 172.16.0.20 fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr > fichdc > 172.16.0.20 > puppet.net.lyc-guillaume-fichet.ac-grenoble.fr puppet ( better would be, create and CNAME in the dns and point that to the DC name ) For now, i also suggest, you change this to : /etc/hosts 127.0.0.1 localhost 172....
2017 Jun 21
0
DRS stopped working after upgrade from debian Jessie to Stretch
...55.0.0 added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 added interface eth0 ip=172.16.0.20 bcast=172.16.255.255 netmask=255.255.0.0 resolve_lmhosts: Attempting lmhosts lookup for name fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr<0x20> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPIN...
2017 Jun 20
0
DRS stopped working after upgrade from debian Jessie to Stretch
...p ! I have analysed samba logs more closely. I'am very worried. I have three DC (fichdc, fichds01, fichds02) but here I talk just about fichdc's logs. -> Almost every times, "AS-REQ" fail for the 3 DCs with something like this : ---------------- Kerberos: AS-REQ FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR from ipv4:172.16.0.20:59818 for krbtgt/NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR at NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR Kerberos: Client sent patypes: encrypted-timestamp Kerberos: Looking for PKINIT pa-data -- FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR...
2017 Jun 20
2
DRS stopped working after upgrade from debian Jessie to Stretch
On Tue, 20 Jun 2017 22:31:02 +1200 Andrew Bartlett via samba <samba at lists.samba.org> wrote: > On Tue, 2017-06-20 at 11:13 +0200, L.P.H. van Belle via samba wrote: > > Now choose, of > > dedicated keytab file = /etc/krb5.keytab > > To be clear, this parameter is not used in the AD DC. > > Thanks, > > Andrew Bartlett > Shouldn't that be
2018 Mar 13
1
Workaround for bind9 reload bug : samba_dlz Ignoring duplicate zone
...ee a "rndc reconfig" command that make > bind9 fail. (Full log in attachment). > > ------------------- > starting BIND 9.10.3-P4-Debian <id:ebd72b3> -f -u bind > ... > Loading 'AD DNS Zone' using driver dlopen > samba_dlz: started for DN > DC=lan,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr > samba_dlz: starting configure > samba_dlz: configured writeable zone > 'lan.lyc-guillaume-fichet.ac-grenoble.fr' > samba_dlz: configured writeable zone '16.172.in-addr.arpa' > samba_dlz: configured writeable zone > '_msd...
2018 Mar 12
9
Workaround for bind9 reload bug : samba_dlz Ignoring duplicate zone
Hi samba team ! I'm face with a new problem on a new Samba PDC install (Debian 9). I don't know why, but systemd run multiples "rndc reconfig" commands during the init script. So the bind9 log file show : -> A successful start -> A failed reconfig (samba_dlz Ignoring duplicate zone) at each boot/reboot. So I need to restart bind9 each time manually. I created a wrapper
2013 Oct 24
1
Existing DNS zone and Samba4 DLZ
Hello ! I am the network administrator of a French high school. I have already configured a BIND9 server with dynamic DNS update from the ISC DHCP server for my zone : lyc-guillaume-fichet.ac-grenoble.fr And I would like to add a samba4 server in this zone. How can I add the samba's DNS entries to this existing zone keeping my previous static and dynamic entries ? I can't use directly the SAMBA_DLZ module because it try to create a new zone of same name so...
2018 Jan 15
1
Avoiding uid conflicts between rfc2307 user/groups and computers
...ure you can figure out how to use > them ;-) > If not, contact me off list and I will provide a sample. On my SAM database I have an CN=samdom,CN=ypservers entry : # ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b CN=fichnet,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr # record 1 dn: CN=fichnet,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr objectClass: top objectClass: msSFU30DomainInfo cn: fichnet instanceType: 4 whenCreated: 20150630144502.0Z whenChanged: 2015063014450...
2017 Jun 20
0
DRS stopped working after upgrade from debian Jessie to Stretch
Hai, Just saying samba does not use /etc/krb5.keytab is not totaly correct. A lot of setups use the setting : dedicated keytab file = /etc/krb5.keytab Because systemd defaults point to /etc/krb5.keytab. >From his logs: Failed to find FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR(kvno 2) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5) And from his command (klist -k : Keytab name: FILE:/etc/krb5.keytab ) the above server is found. Only the HOST/SPN entry is missing. This looks like that : dedicated keytab file = /e...
2017 Jun 19
0
DRS stopped working after upgrade from debian Jessie to Stretch
...you are trying to use NFS). > > This seem to be a computer account problem. But I can't find any > problem in Kerberos : > > > -------------------------------- > # kinit -k FICHDC$ > # klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR Can you do this against the secrets.keytab in Samba's private/ dir? You can reset the Samba machine account pw with ./source4/scripting/devel/chgtdcpass, but: - it wont be packaged so you will have to build Samba and tell it to operate against the right paths...
2018 Jan 16
3
Avoiding uid conflicts between rfc2307 user/groups and computers
Mandi! Kacper Wirski via samba In chel di` si favelave... > I understand the OP, I was asking some time ago similar question, but it was > in relation to samba domain member. Thanks, Kacper. > I couldn't get backend: ad to work for > machine accounts, so i switched to idmap: rid and it solved everything. I > tried manually adding UID and GID to Domain Computer group and to
2014 Apr 26
1
SIGSEGV with pam_winbind kerberos authentication
Hello, I can't get Kerberos authentication works with my Linux clients. Server : samba 4.1.4 (compiled from source) Client : Debian Wheezy with sernet-samba 4.0.17-8 Without Kerberos authentication, everything works : -> the domain users can log with pam_winbind (with ssh, gdm ....). -> "kinit myuser at MYREALM" works fine. -> "wbinfo -K MYDOM\\myuser" works.
2018 Jan 17
0
Avoiding uid conflicts between rfc2307 user/groups and computers
...> > If not, contact me off list and I will provide a sample. >> >> On my SAM database I have an CN=samdom,CN=ypservers entry : >> >> # ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b >> CN=fichnet,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr >> # record 1 >> dn: >> CN=fichnet,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr >> objectClass: top objectClass: msSFU30DomainInfo >> cn: fichnet >> instanceType: 4 &gt...
2018 Jan 15
2
Avoiding uid conflicts between rfc2307 user/groups and computers
On Mon, 15 Jan 2018 16:18:57 +0100 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > I understand the OP, I was asking some time ago similar question, but > it was in relation to samba domain member. I couldn't get backend: ad > to work for machine accounts, so i switched to idmap: rid and it > solved everything. I tried manually adding UID and GID to
2017 Jun 21
1
DRS stopped working after upgrade from debian Jessie to Stretch
...better safe than sorry.. > > Stop samba and related services ( check it at least nmbd smbd winbind > samba samba-ad-dc) > > > Well here is a choice, i preffer to keep the debian settings, which > would be : ( and yes Rowland i know.. ;-) domain/search ) > domain net.lyc-guillaume-fichet.ac-grenoble.fr > search net.lyc-guillaume-fichet.ac-grenoble.fr > nameserver 172.16.0.20 > This wouldn't be the first stupid thing that Debian has done ;-) From 'man resolv.conf' : The domain and search keywords are mutually exclusive. If more...
2018 Oct 08
1
Persistent Winbind gid cache
...you're right, maybe this is not the right workaround. But actually I can't find another. I need to assign a correct gid to my users. > > Here my smb.conf (on clients) : > > > > [global] > > workgroup = FICHLAN > > security = ADS > > realm = LAN.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR > > > > dedicated keytab file = /etc/krb5.keytab > > kerberos method = secrets and keytab > > winbind refresh tickets = Yes > > > > winbind trusted domains only = no > > winbind use default domain = yes > &g...