Displaying 20 results from an estimated 10000 matches similar to: "Samba 4 kerberos and kinit"
2012 Jan 08
3
Samba 4 krb5.keytab confusion
Hi
I have Samba 4 installed and working. I recently changed FQDN to dns
name hh3.hh3.site. It works OK and e.g. on a windows 7 box which joined
the domain, users can logon. But I have a mess in the keytab:
klist -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
2 HH3$@HH3.HH1.SITE
2
2012 Jan 15
3
Samba 4 ldb_wrap open of idmap.ldb
Hi everyone
Version 4.0.0alpha18-GIT-bfc7481
I'm using nslcd to map Samba 4 users to uid:gid and home directory. At
startup I get this:
ldb_wrap open of secrets.ldb
WARNING: no socket to connect to
and /var/log/messages shows:
Jan 15 14:20:13 hh3 nslcd[2425]: [334873] failed to bind to LDAP server
ldap://h
h3.site/: Can't contact LDAP server: Transport endpoint is not connected
Jan
2013 Aug 24
1
smbd looking for non existent files
Hi
4.0.8 file server in a 4.0.8 domain
After a user logs in on a Linux client which is joined to the domain,
smbd is constantly looking for files which don't exist:
Here is the file server log after a user login to a Linux client has
settled down:
[2013/08/24 18:43:24.748511,
3] ../source3/smbd/vfs.c:1140(check_reduced_name)
check_reduced_name [steve2/.icons/gnome] [/home/users]
2013 Oct 26
2
lost with AD auth
Hi all,
Well, I'm completely lost with AD authentification ...
server is :
Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu
Samba 4.0.10 installed (and upgraded) via git, setup as unique Active
Directory Domain Controller
( -> how to upgrade to 4.1 via git ?? )
I 'just' would like that the local services (let's say only dovecot and
postfix) can query AD to authentifiate
2012 Jul 12
2
nslcd service - "Client not found in Kerberos database"
Hi,
I am trying to configure the nslcd service on an Ubuntu client for kerberos
authentication against samba4. My /etc/nslcd.conf contains the following:
uid nslcd
gid nslcd
uri ldapi:///cofil01.mydomain.net
base dc=mydomain,dc=net
sasl_mech GSSAPI
krb5_ccname FILE:/tmp/host.tkt
I have added the host principal "host/ubuntu-test.mydomain.net @
MYDOMAIN.NET" to /etc/krb5.keytab on both
2013 May 29
1
smbclient fails only for the domain Administrator
4.0.6 with 3.6.12 file server
Hi
Ordinary users can connect fine:
smbclient //oliva/users -Usteve2
Enter steve2's password:
Domain=[HH3] OS=[Unix] Server=[Samba 3.6.9]
smb: \>
log:
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/OLIVA
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/OLIVA
auth_check_password_send: Checking
2012 Jan 17
1
Samba 4 and GSSAPI kerberos ldap connect
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
to /etc/nslcd.conf
and restart nslcd, no one can connect to the database. Nothing works.
ldapsearch and getent passwd draw a blank.
ldapsearch -x -b '' -sbase
2016 Sep 14
4
Exporting keytab for SPN failure
Experts—
I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error:
ERROR(runtime): uncaught exception - Key table entry not found
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 129, in
2016 Sep 14
2
Exporting keytab for SPN failure
> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>
>
> Am 14.09.2016 um 18:23 schrieb Michael A Weber:
>> Question though, just for my curiosity:
>>
>> The encryption algorithms specified after each SPN: I see that aes-256 is listed when I export the user, but not the SPN. Are those expected, or have I done
2016 Sep 14
2
Exporting keytab for SPN failure
> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> On Tue, 13 Sep 2016 22:53:44 -0500
> Michael A Weber via samba <samba at lists.samba.org> wrote:
>
>> Experts—
>>
>> I’m attempting to export a keytab for a created SPN on the AD DC
>> machine but I’m receiving an error:
>>
>>
2016 Sep 16
6
Exporting keytab for SPN failure
Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba:
> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
>>
>>
>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
>>> On Wed, 14 Sep 2016 16:23:27 -0500
>>> Michael A Weber via samba <samba at lists.samba.org> wrote:
>>>
>>>>> On Sep 14, 2016, at 2:00 PM, Achim
2016 Sep 14
2
Exporting keytab for SPN failure
> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz> wrote:
>
>
>
> Am 14.09.2016 um 19:53 schrieb Michael A Weber:
>>
>>> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>>
>>>
>>>
>>> Am 14.09.2016 um 18:23 schrieb
2016 Dec 21
1
Problem with keytab: "Client not found in Kerberos database"
Am 20.12.2016 um 14:50 schrieb Brian Candler via samba:
> (2) Can "net ads keytab create" be told to extract just a single named
> principal? That would simplify things. But I can't see how to.
>
> As usual... clues gratefully received.
samba-tool domain exportkeytab [keytabfile] --principal=[SPN or UPN]
In your case
samba-tool domain exportkeytab /etc/krb5.keytab
2016 Sep 14
5
Exporting keytab for SPN failure
> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>
>
> Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba:
>> Experts—
>>
>> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error:
>>
>> ERROR(runtime): uncaught exception - Key table entry not
2016 Sep 15
3
Exporting keytab for SPN failure
Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
> On Wed, 14 Sep 2016 16:23:27 -0500
> Michael A Weber via samba <samba at lists.samba.org> wrote:
>
>>> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz>
>>> wrote:
>>>
>>>
>>>
>>> Am 14.09.2016 um 20:33 schrieb Michael A Weber:
>>>>>
2016 Sep 14
2
Exporting keytab for SPN failure
> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> wrote:
>
>
>
> Am 14.09.2016 um 20:33 schrieb Michael A Weber:
>>
>>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz <mailto:achim at ag-web.biz>> wrote:
>>>
>>>
>>>
>>> Am 14.09.2016 um 19:53 schrieb Michael A Weber:
2012 May 23
2
multi home dir locations
Hi all,
i've got samba 3.6 joined to a ad domain (s4 in this case)
running winbind
all looks ok, but i ran into a problem (for us that is)
i've got 2 groups (students and employes)
who have there home dirs in 2 different places.
/home/students/<user>
/home/employ/<user>
so far so good, but i can't make the [homes] work for both of them (just
1 group)
in winbind
2016 Sep 14
1
Exporting keytab for SPN failure
Am 14.09.2016 um 17:54 schrieb Rowland Penny via samba:
> On Wed, 14 Sep 2016 10:30:03 -0500
> Michael A Weber <mweber.subscriptions01 at gmail.com> wrote:
>
>>> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba
>>> <samba at lists.samba.org> wrote:
>>>
>>> On Tue, 13 Sep 2016 22:53:44 -0500
>>> Michael A Weber via samba
2013 Aug 28
2
nslcd: kerberos vs. simple bind
Hello,
I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it
was drifting away from it's origin question :-)
I played this afternoon a bit with nslcd and kerberos for extending my
Wiki HowTo. But as more as I read, one question comes bigger and bigger:
What are the advantages of kerberos against simple bind with DN and
password?
Simple bind method: Create a
2016 Sep 16
2
Exporting keytab for SPN failure
On Fri, 16 Sep 2016 13:00:52 -0700
Robert Moulton via samba <samba at lists.samba.org> wrote:
> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
> >
> >
> > Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
> >> On Wed, 14 Sep 2016 16:23:27 -0500
> >> Michael A Weber via samba <samba at lists.samba.org> wrote:
> >>
>