Displaying 20 results from an estimated 25 matches for "lyc".
Did you mean:
lmc
2017 Jun 19
7
DRS stopped working after upgrade from debian Jessie to Stretch
...' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr<0x20>
Wrong username or password: kinit for...
2017 Jun 20
5
DRS stopped working after upgrade from debian Jessie to Stretch
...count problem. But I can't find any
> >> problem in Kerberos :
> >>
> >>
> >> --------------------------------
> >> # kinit -k FICHDC$
> >> # klist
> >> Ticket cache: FILE:/tmp/krb5cc_0
> >> Default principal: FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR
> >
> > Can you do this against the secrets.keytab in Samba's private/ dir?
> >
> > You can reset the Samba machine account pw with
> > ./source4/scripting/devel/chgtdcpass, but:
> > - it wont be packaged so you will have to...
2017 Jun 21
4
DRS stopped working after upgrade from debian Jessie to Stretch
...ce lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
> added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
> added interface eth0 ip=172.16.0.20 bcast=172.16.255.255 netmask=255.255.0.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT =...
2017 Jun 21
4
DRS stopped working after upgrade from debian Jessie to Stretch
21.06.2017 11:45, L.P.H. van Belle via samba пишет:
> I suggest before you upgrade do a very good read here.
>
> https://wiki.samba.org/index.php/Updating_Samba#Notable_Enhancements_and_Changes
>
> https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release)
> And a summerize version for with all parameter changes as of upgrade from 4.2 up to 4.6
>
2017 Jun 21
0
DRS stopped working after upgrade from debian Jessie to Stretch
...------------------------
> HOSTS : Don't take care of "puppet" entry. In use use puppet
> to configure all my DCs and all my Linux Clients. But it's
> currently disabled during the update.
> ~# cat /etc/hosts
> 127.0.0.1 localhost
> 172.16.0.20 fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr
> fichdc
> 172.16.0.20
> puppet.net.lyc-guillaume-fichet.ac-grenoble.fr puppet
( better would be, create and CNAME in the dns and point that to the DC name )
For now, i also suggest, you change this to :
/etc/hosts
127.0.0.1 localhost
172....
2017 Jun 21
0
DRS stopped working after upgrade from debian Jessie to Stretch
...55.0.0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=172.16.0.20 bcast=172.16.255.255 netmask=255.255.0.0
resolve_lmhosts: Attempting lmhosts lookup for name
fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPIN...
2017 Jun 20
0
DRS stopped working after upgrade from debian Jessie to Stretch
...p !
I have analysed samba logs more closely. I'am very worried. I have
three DC (fichdc, fichds01, fichds02) but here I talk just about
fichdc's logs.
-> Almost every times, "AS-REQ" fail for the 3 DCs with something like this :
----------------
Kerberos: AS-REQ FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR
from ipv4:172.16.0.20:59818 for
krbtgt/NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR at NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR
Kerberos: Client sent patypes: encrypted-timestamp
Kerberos: Looking for PKINIT pa-data --
FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR...
2017 Jun 20
2
DRS stopped working after upgrade from debian Jessie to Stretch
On Tue, 20 Jun 2017 22:31:02 +1200
Andrew Bartlett via samba <samba at lists.samba.org> wrote:
> On Tue, 2017-06-20 at 11:13 +0200, L.P.H. van Belle via samba wrote:
> > Now choose, of
> > dedicated keytab file = /etc/krb5.keytab
>
> To be clear, this parameter is not used in the AD DC.
>
> Thanks,
>
> Andrew Bartlett
>
Shouldn't that be
2018 Mar 13
1
Workaround for bind9 reload bug : samba_dlz Ignoring duplicate zone
...ee a "rndc reconfig" command that make
> bind9 fail. (Full log in attachment).
>
> -------------------
> starting BIND 9.10.3-P4-Debian <id:ebd72b3> -f -u bind
> ...
> Loading 'AD DNS Zone' using driver dlopen
> samba_dlz: started for DN
> DC=lan,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr
> samba_dlz: starting configure
> samba_dlz: configured writeable zone
> 'lan.lyc-guillaume-fichet.ac-grenoble.fr'
> samba_dlz: configured writeable zone '16.172.in-addr.arpa'
> samba_dlz: configured writeable zone
> '_msd...
2018 Mar 12
9
Workaround for bind9 reload bug : samba_dlz Ignoring duplicate zone
Hi samba team !
I'm face with a new problem on a new Samba PDC install (Debian 9).
I don't know why, but systemd run multiples "rndc reconfig" commands
during the init script. So the bind9 log file show :
-> A successful start
-> A failed reconfig (samba_dlz Ignoring duplicate zone)
at each boot/reboot.
So I need to restart bind9 each time manually. I created a wrapper
2013 Oct 24
1
Existing DNS zone and Samba4 DLZ
Hello !
I am the network administrator of a French high school. I have already
configured a BIND9 server with dynamic DNS update from the ISC DHCP
server for my zone :
lyc-guillaume-fichet.ac-grenoble.fr
And I would like to add a samba4 server in this zone. How can I add
the samba's DNS entries to this existing zone keeping my previous
static and dynamic entries ?
I can't use directly the SAMBA_DLZ module because it try to create a
new zone of same name so...
2018 Jan 15
1
Avoiding uid conflicts between rfc2307 user/groups and computers
...ure you can figure out how to use
> them ;-)
> If not, contact me off list and I will provide a sample.
On my SAM database I have an CN=samdom,CN=ypservers entry :
# ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b
CN=fichnet,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr
# record 1
dn: CN=fichnet,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr
objectClass: top
objectClass: msSFU30DomainInfo
cn: fichnet
instanceType: 4
whenCreated: 20150630144502.0Z
whenChanged: 2015063014450...
2017 Jun 20
0
DRS stopped working after upgrade from debian Jessie to Stretch
Hai,
Just saying samba does not use /etc/krb5.keytab is not totaly correct.
A lot of setups use the setting : dedicated keytab file = /etc/krb5.keytab
Because systemd defaults point to /etc/krb5.keytab.
>From his logs:
Failed to find
FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR(kvno 2) in keytab FILE:/var/lib/samba/private/secrets.keytab (arcfour-hmac-md5)
And from his command (klist -k : Keytab name: FILE:/etc/krb5.keytab ) the above server is found.
Only the HOST/SPN entry is missing.
This looks like that :
dedicated keytab file = /e...
2017 Jun 19
0
DRS stopped working after upgrade from debian Jessie to Stretch
...you are trying to use NFS).
>
> This seem to be a computer account problem. But I can't find any
> problem in Kerberos :
>
>
> --------------------------------
> # kinit -k FICHDC$
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR
Can you do this against the secrets.keytab in Samba's private/ dir?
You can reset the Samba machine account pw with
./source4/scripting/devel/chgtdcpass, but:
- it wont be packaged so you will have to build Samba and tell it to
operate against the right paths...
2018 Jan 16
3
Avoiding uid conflicts between rfc2307 user/groups and computers
Mandi! Kacper Wirski via samba
In chel di` si favelave...
> I understand the OP, I was asking some time ago similar question, but it was
> in relation to samba domain member.
Thanks, Kacper.
> I couldn't get backend: ad to work for
> machine accounts, so i switched to idmap: rid and it solved everything. I
> tried manually adding UID and GID to Domain Computer group and to
2014 Apr 26
1
SIGSEGV with pam_winbind kerberos authentication
Hello,
I can't get Kerberos authentication works with my Linux clients.
Server : samba 4.1.4 (compiled from source)
Client : Debian Wheezy with sernet-samba 4.0.17-8
Without Kerberos authentication, everything works :
-> the domain users can log with pam_winbind (with ssh, gdm ....).
-> "kinit myuser at MYREALM" works fine.
-> "wbinfo -K MYDOM\\myuser" works.
2018 Jan 17
0
Avoiding uid conflicts between rfc2307 user/groups and computers
...> > If not, contact me off list and I will provide a sample.
>>
>> On my SAM database I have an CN=samdom,CN=ypservers entry :
>>
>> # ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b
>> CN=fichnet,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr
>> # record 1
>> dn:
>> CN=fichnet,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr
>> objectClass: top objectClass: msSFU30DomainInfo
>> cn: fichnet
>> instanceType: 4
>...
2018 Jan 15
2
Avoiding uid conflicts between rfc2307 user/groups and computers
On Mon, 15 Jan 2018 16:18:57 +0100
Kacper Wirski via samba <samba at lists.samba.org> wrote:
> Hello,
> I understand the OP, I was asking some time ago similar question, but
> it was in relation to samba domain member. I couldn't get backend: ad
> to work for machine accounts, so i switched to idmap: rid and it
> solved everything. I tried manually adding UID and GID to
2017 Jun 21
1
DRS stopped working after upgrade from debian Jessie to Stretch
...better safe than sorry..
>
> Stop samba and related services ( check it at least nmbd smbd winbind
> samba samba-ad-dc)
>
>
> Well here is a choice, i preffer to keep the debian settings, which
> would be : ( and yes Rowland i know.. ;-) domain/search )
> domain net.lyc-guillaume-fichet.ac-grenoble.fr
> search net.lyc-guillaume-fichet.ac-grenoble.fr
> nameserver 172.16.0.20
>
This wouldn't be the first stupid thing that Debian has done ;-)
From 'man resolv.conf' :
The domain and search keywords are mutually exclusive.
If more...
2018 Oct 08
1
Persistent Winbind gid cache
...you're right, maybe this is not the right
workaround. But actually I can't find another. I need to assign a
correct gid to my users.
> > Here my smb.conf (on clients) :
> >
> > [global]
> > workgroup = FICHLAN
> > security = ADS
> > realm = LAN.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR
> >
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> > winbind refresh tickets = Yes
> >
> > winbind trusted domains only = no
> > winbind use default domain = yes
> &g...