similar to: Samba 4 kerberos and kinit

Hi I have Samba 4 installed and working. I recently changed FQDN to dns name hh3.hh3.site. It works OK and e.g. on a windows 7 box which joined the domain, users can logon. But I have a mess in the keytab: klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 HH3$@HH3.HH1.SITE 2

Hi everyone Version 4.0.0alpha18-GIT-bfc7481 I'm using nslcd to map Samba 4 users to uid:gid and home directory. At startup I get this: ldb_wrap open of secrets.ldb WARNING: no socket to connect to and /var/log/messages shows: Jan 15 14:20:13 hh3 nslcd[2425]: [334873] failed to bind to LDAP server ldap://h h3.site/: Can't contact LDAP server: Transport endpoint is not connected Jan

Hi 4.0.8 file server in a 4.0.8 domain After a user logs in on a Linux client which is joined to the domain, smbd is constantly looking for files which don't exist: Here is the file server log after a user login to a Linux client has settled down: [2013/08/24 18:43:24.748511, 3] ../source3/smbd/vfs.c:1140(check_reduced_name) check_reduced_name [steve2/.icons/gnome] [/home/users]

Hi all, Well, I'm completely lost with AD authentification ... server is : Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu Samba 4.0.10 installed (and upgraded) via git, setup as unique Active Directory Domain Controller ( -> how to upgrade to 4.1 via git ?? ) I 'just' would like that the local services (let's say only dovecot and postfix) can query AD to authentifiate

Hi, I am trying to configure the nslcd service on an Ubuntu client for kerberos authentication against samba4. My /etc/nslcd.conf contains the following: uid nslcd gid nslcd uri ldapi:///cofil01.mydomain.net base dc=mydomain,dc=net sasl_mech GSSAPI krb5_ccname FILE:/tmp/host.tkt I have added the host principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" to /etc/krb5.keytab on both

4.0.6 with 3.6.12 file server Hi Ordinary users can connect fine: smbclient //oliva/users -Usteve2 Enter steve2's password: Domain=[HH3] OS=[Unix] Server=[Samba 3.6.9] smb: \> log: schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/OLIVA schannel_store_session_key_tdb: stored schannel info with key SECRETS/SCHANNEL/OLIVA auth_check_password_send: Checking

Hi everyone I'm trying to use kerberos to authenticate to Samba 4 ldap. At the moment, I authenticate by specifying the binddn and password in /etc/nslcd.conf and all works fine If I add the line: sasl_mech GSSAPI to /etc/nslcd.conf and restart nslcd, no one can connect to the database. Nothing works. ldapsearch and getent passwd draw a blank. ldapsearch -x -b '' -sbase

Experts— I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: ERROR(runtime): uncaught exception - Key table entry not found File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 129, in

> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > > Am 14.09.2016 um 18:23 schrieb Michael A Weber: >> Question though, just for my curiosity: >> >> The encryption algorithms specified after each SPN: I see that aes-256 is listed when I export the user, but not the SPN. Are those expected, or have I done

> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Tue, 13 Sep 2016 22:53:44 -0500 > Michael A Weber via samba <samba at lists.samba.org> wrote: > >> Experts— >> >> I’m attempting to export a keytab for a created SPN on the AD DC >> machine but I’m receiving an error: >> >>

Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >> >> >> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>> On Wed, 14 Sep 2016 16:23:27 -0500 >>> Michael A Weber via samba <samba at lists.samba.org> wrote: >>> >>>>> On Sep 14, 2016, at 2:00 PM, Achim

> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 19:53 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 18:23 schrieb

Am 20.12.2016 um 14:50 schrieb Brian Candler via samba: > (2) Can "net ads keytab create" be told to extract just a single named > principal? That would simplify things. But I can't see how to. > > As usual... clues gratefully received. samba-tool domain exportkeytab [keytabfile] --principal=[SPN or UPN] In your case samba-tool domain exportkeytab /etc/krb5.keytab

> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > > Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba: >> Experts— >> >> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: >> >> ERROR(runtime): uncaught exception - Key table entry not

Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: > On Wed, 14 Sep 2016 16:23:27 -0500 > Michael A Weber via samba <samba at lists.samba.org> wrote: > >>> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> >>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 20:33 schrieb Michael A Weber: >>>>>

> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 20:33 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz <mailto:achim at ag-web.biz>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 19:53 schrieb Michael A Weber:

Hi all, i've got samba 3.6 joined to a ad domain (s4 in this case) running winbind all looks ok, but i ran into a problem (for us that is) i've got 2 groups (students and employes) who have there home dirs in 2 different places. /home/students/<user> /home/employ/<user> so far so good, but i can't make the [homes] work for both of them (just 1 group) in winbind

Am 14.09.2016 um 17:54 schrieb Rowland Penny via samba: > On Wed, 14 Sep 2016 10:30:03 -0500 > Michael A Weber <mweber.subscriptions01 at gmail.com> wrote: > >>> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba >>> <samba at lists.samba.org> wrote: >>> >>> On Tue, 13 Sep 2016 22:53:44 -0500 >>> Michael A Weber via samba

Hello, I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it was drifting away from it's origin question :-) I played this afternoon a bit with nslcd and kerberos for extending my Wiki HowTo. But as more as I read, one question comes bigger and bigger: What are the advantages of kerberos against simple bind with DN and password? Simple bind method: Create a

On Fri, 16 Sep 2016 13:00:52 -0700 Robert Moulton via samba <samba at lists.samba.org> wrote: > Achim Gottinger via samba wrote on 9/15/16 1:20 AM: > > > > > > Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: > >> On Wed, 14 Sep 2016 16:23:27 -0500 > >> Michael A Weber via samba <samba at lists.samba.org> wrote: > >> >