search for: ticketflags

...samba4-server. I've created /etc/krb5.conf: [libdefaults] default_realm = ADA.DE <http://ada.de/> dns_lookup_realm = false dns_lookup_kdc = true kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] ADA.DE <http://ada.de/> = { kdc = ad01.ada.de kdc = ad02.ada.de admin_server = ad01.ada.de chpasswd_server = ad01.ada.de default_domain = ada.de } [domain_realm] .ada.de =...

...no joy :( My /etc/krb5.conf: ------SNIP-------- [libdefaults] default_realm = HPRS.LOCAL dns_lookup_realm = false dns_lookup_kdc = true [libdefaults] default_realm = HPRS.LOCAL dns_lookup_kdc = true kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] HPRS.LOCAL = { default_domain = hprs.local auth_to_local_names = { Administrator = root } } [domain_realm] hprs.local = HPRS.LOCAL # this is not a mistake .hprs.local = HPRS.LOCAL ------PINS----------- you wrote: > You can remove the krb4_ stuff I'...

...-crc des-cbc-md5 default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] MYDOMAIN.NET = { kdc = cofil01.mydomain.net:88 default_domain = mydomain.net } [domain_realm] .mydomain.net = MYDOMAIN.NET mydomain.net = MYDOMAIN.NET [login] krb4_convert = true krb4_get_tickets = false ====================================...

...b5.conf > [logging] > ???????Default = FILE:/var/log/krb5.log > > [libdefaults] > ???????default_realm = HOME.RAHIM-DALE.ORG > ???????ticket_lifetime = 24000 > ???????clock-skew = 300 > # The following libdefaults parameters are only for Heimdal Kerberos. > ???????fcc-mit-ticketflags = true > ?????? rdns = false > [realms] > ???????HOME.RAHIM-DALE.ORG = { > ???????????????kdc = dc1.home.rahim-dale.org > ???????????????admin_server = dc1.home.rahom-dale.org > ???????} > > [domain_realm] > ???????.rahim-dale.org = HOME.RAHIM-DALE.ORG > ???????rahim-d...

...end = ad idmap config * : range = 5000-9999 idmap config * : backend = tdb printing = bsd /etc/security/pam_winbind.conf [global] cached_login = yes /etc/krb5.conf [libdefaults] default_realm = AD.FVG.LNF.IT kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: files gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files r...

...gt;>> dns_lookup_kdc = true >>> >>> [libdefaults] >>> default_realm = HPRS.LOCAL >>> dns_lookup_kdc = true >>> kdc_timesync = 1 >>> ccache_type = 4 >>> forwardable = true >>> proxiable = true >>> fcc-mit-ticketflags = true >>> >>> [realms] >>> HPRS.LOCAL = { >>> default_domain = hprs.local >>> auth_to_local_names = { >>> Administrator = root >>> } >>> } >>> >>> [domain_realm] >>> hprs.local = HPRS...

...lookup_realm = false > > dns_lookup_kdc = true > > > > [libdefaults] > > default_realm = HPRS.LOCAL > > dns_lookup_kdc = true > > kdc_timesync = 1 > > ccache_type = 4 > > forwardable = true > > proxiable = true > > fcc-mit-ticketflags = true > > > > [realms] > > HPRS.LOCAL = { > > default_domain = hprs.local > > auth_to_local_names = { > > Administrator = root > > } > > } > > > > [domain_realm] > > hprs.local = HPRS.LOCAL > > # this is...

...l_xattr shadow_copy2 [work] comment = IAP MW Work folder path = /storage/work read only = No and on the server, the krb5.conf: # cat /etc/krb5.conf [libdefaults] default_realm = <redacted> kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] <redacted> = { kdc = <redacted> admin_server =<redacted> } and on one client machine, i.e. workstation: # testparm -s Load smb config files from /etc/samba/smb.conf Loaded services file OK. Weak crypto is allowed by GnuTLS (e.g. NTLM a...

...nistrator" It's ok. With the same configuration but on IPv4 all works fine. krb5.conf: [libdefaults] default_realm = DOMAIN.LOCAL v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] DOMAIN.LOCAL = { kdc = kdc.domain.local admin_server = kdc.domain.local default_domain = domain.local } [domain_realm] .domain.local = DOMAIN.LOCAL domain.local = DOMAIN.LOCAL [login] krb4_convert = true krb4_get_tickets = false smb.conf: [global] workgrou...

...*************************************** [libdefaults] default_realm = AD.TEST.LOC clockskew = 900 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] TEST.TEST.LOC = { kdc = dc.ad.test.loc kdc = dc1.ad.test.loc kdc = dc2.ad.test.loc kdc = dc3.ad.test.loc admin_server = dc.test.loc } [domain_realm] .test.loc = AD.TEST.LOC [login] krb4_convert = true krb4_get_tickets = false [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_...

...v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] FS.UML.EDU = { kdc = FSDC1.FS.UML.EDU kdc = FSDC2.FS.UML.EDU admin_server = FSDC1.FS.UML.EDU } STUDENT.UML.EDU = { kdc = STDC1.STUDENT.UML.EDU kdc = STDC2.STUDENT.UML.EDU...

...lts] default_realm = WINDOWS.CORP.XXX.COM krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] WINDOWS.CORP.XXX.COM = { kdc = whiskey.windows.corp.XXX.com:88 kdc = wine.windows.corp.XXX.com:88 admin_server = whiskey.windows.corp.XXX.com:749 } [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimu...

...? ????? v4_instance_resolve = false ??????? v4_name_convert = { ??????????????? host = { ??????????????????????? rcmd = host ??????????????????????? ftp = ftp ??????????????? } ??????????????? plain = { ??????????????????????? something = something-else ??????????????? } ??????? } ??????? fcc-mit-ticketflags = true [realms] ??????? IETR.UNIV-RENNES1.FR = { ??????????????? kdc = admin.toto.fr:88 ??????????????? admin_server = admin.toto.fr ??????? } ... ? [domain_realm] ??????? .mit.edu = ATHENA.MIT.EDU ??????? mit.edu = ATHENA.MIT.EDU ??????? .media.mit.edu = MEDIA-LAB.MIT.EDU ??????? media.mit.edu...

On 03/06/15 21:29, ivenhov wrote: > I reproduced error WERR_DEFAULT_JOIN_REQUIRED in two scenarios: > - user account that is used to join machine to domain is not part of Domain > Admin group. > - OU path for computer (specified in createcomputer) is invalid > > In both of those cases I'm getting detailed error messages: 'insufficient > access' and 'invalid

...ync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] RADIODJIIDO.NC = { kdc = serveur admin_server = serveur } [domain_realm] .radiodjiido.nc = RADIODJIIDO.NC radiodjiido.nc = RADIODJIIDO.NC [login] krb4_convert = true krb4_get_tickets = false syslog shows : -> Oct 26 11:09:36 serveu...

...is a *SAMPLE* configuration: [libdefaults] default_realm = YOUR.REALM dns_lookup_kdc = true krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] YOUR.REALM = { default_domain = your.domain.name auth_to_local_names = { Administrator = root } } [domain_realm] your.domain.name = YOUR.REALM # this is not a mistake .your.domain.na...

...v4_name_convert = { > host = { > rcmd = host > ftp = ftp > } > plain = { > something = something-else > } > } > fcc-mit-ticketflags = true .... to here. > > [realms] > MY-DOMAIN.LOCAL = { > kdc = adserver.my-domain.local <-- tried with adserver > admin_server = adserver.my-domain.local and > adserver.my-domain.local add: default_domain...

...ult_realm = HIJ.KLM.COM dns_lookup_realm = false dns_lookup_kdc = false krb4_config = /etc/krb.conf kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] HIJ.KLM.COM = { kdc = ad1.hij.klm.com kdc = ad2.hij.klm.com admin_server = ad.hij.klm.com default_domain = hij.klm.com } [domain_realm] .xyz.hij.klm.com = HIJ.KLM.COM .hij.klm.com = HIJ.KLM.COM [login] krb4_convert = true krb4_get_tickets = false [logging] kdc = FILE:/var/log/krb...

...MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] WIN-NET.DOMAIN.COM.BR = { kdc = server.domain.com.br kdc = server1.domain.com.br default_domain = domain.com.br kpasswd_server = server.domain.com.br admin_server = server.domain.com.br } [domain_realm] .domain.com.br = WIN-NET.DOMAIN.COM.BR domain.com.br = WIN-NET.D...

...og/krb5.log >>> >>> [libdefaults] >>> ???????default_realm = HOME.RAHIM-DALE.ORG >>> ???????ticket_lifetime = 24000 >>> ???????clock-skew = 300 >>> # The following libdefaults parameters are only for Heimdal Kerberos. >>> ???????fcc-mit-ticketflags = true >>> ?????? rdns = false >>> [realms] >>> ???????HOME.RAHIM-DALE.ORG = { >>> ???????????????kdc = dc1.home.rahim-dale.org >>> ???????????????admin_server = dc1.home.rahom-dale.org >>> ???????} >>> >>> [domain_realm] >&...