similar to: Migrating kerberos KDC data into Samba4 internal KDC

I finally found it, thanks to a clue from https://wiki.archlinux.org/index.php/Active_Directory_Integration This works: kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$' These don't work: kinit -k -t /etc/krb5.keytab kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net kinit -k -t /etc/krb5.keytab host/wrn-radtest That is: the keytab contains three different principals: root

Hi. As I said... I will bother you. :) I'm wondering if it's possible to make samba as a primary domain controller without having samba passwords, but instead using my two KDCs (MIT K5). Is it possible? What should I use in my smb.conf? The wonderful and less painful thing is samba authenticating via pam... but I don't know how... the documentation is quite misty. -- Sensei

Hi all, I'm about to begin building a single-sign-on environment (hopefully). We just brought our first set of Windows-based PCs in, and would like to integrate them into our existing Linux/MacOS X environment. We are currently running MIT Kerberos, and would like to create a Samba PDC which authenticates against these KDCs. Another parallel project is to migrate to OpenLDAP. I

Folks: We use an old AFS cell with Kerberos 4. Our use of Kerberos 4 is fairly limited; we have never needed to implement rcmd host principals for most of our systems. Indeed, given that Kerberos 4 strips off the domain name portion of a hostname when determining the rcmd instance, we would not be able to do this, since we do have duplicate hostnames in multiple subdomains. For AFS

>From searching the web, I found that many people have encountered this problem. The fixes the suggested don't seem to work for me... My smb.conf file looks like this [global] workgroup = OURDOMAIN security = ADS realm = OURDOMAIN.com password server = OURSERVER encrypt passwords = yes add user script = /usr/sbin/useradd %u hosts allow = 192.168.X. 127. winbind uid = 10000-20000 winbind

I'm nearly finished setting up a new Samba server in a Win2000 ADS domain. So far, things have been going quite well, the combination of Samba 3.0.0rc4 (with winbindd), krb5 1.3.1, CUPS 1.1.19, etc. has performed admirably and was easy to configure. I have only three issues to mention: - the HOWTO collection, in the section talking about joining an ADS domain as a member server, does not

Hello, After each reboot, my Samba AD member server lost domain join after reboot, I have to re-enter the server in the domain with the "net ads join -U administrator". I use version 4.4.3 of samba. The domain controller is a Samba AD server. After reboot, when I exectute "net ads testjoin" I have: kerberos_kinit_password SMB2$@AD.SAMDOM.LOCAL failed: failed

Hi, This is just curiosity. We are monitoring failed logons, and there seem to be three types: - LDAP,simple bind/TLS (obious, failed ldap logons) and these two: - SamLogon,network - Kerberos KDC,ENC-TS Pre-authentication Could someone explain what (the difference between) these two types is? Google doesn't really seem to help. MJ

I was told recently that Kerberos authentication won't work against a non-windows KDC. Is that accurate? So for instance, it is not possible for Samba running on say RHEL, to authenticate against a Linux server running MIT Kerberos? Additionally, many people said that setting this up was well-documented. Any suggestions of particularly good docs / how-to's?' And lastly, is

Hi Due to putting a DVD in my Virtual Machine Host Computer which then filled the logs with errors and subsequently filled the drive crashing all vms. Luckily I had a backup of the DC image which I restored and some machines just worked and some can?t find KDC kinit: Cannot contact any KDC for realm 'BALEWAN.UNICORN.COM' while getting initial credentials I have tried leaving the domain

Hello, I have different Sites in my domain and want the different members to use the respective domain controller of their site. I can't get this to work right. I have a member that is in site B but executing "net ads info" outputs the DC of site A as active. I read about enabling "winbind_krb5_locator", but it is already located in

Hello, I've been trying to add a new server to my Samba 4 Active directory, but I've been failing so far. I'm running the command "net ads join -k" and it fails with "Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found." The answers I found so far imply a problem with the RPC service, but

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, After a bit of research and sniffing about, I am curious as to what it would take to run Samba3 with kerberos (MIT or Hemidal) as the password backend http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/s1-samba-servers.html Shows how you can use share mode ADS, with krb5 auth. Is it possible to use any KDC as the

On Fri, 10 May 2024 23:19:32 +1200 "Samba @ Pegasusnz via samba" <samba at lists.samba.org> wrote: > Hi > > Due to putting a DVD in my Virtual Machine Host Computer which then > filled the logs with errors and subsequently filled the drive > crashing all vms. So, to all intents and purposes, your domain was dead. > Luckily I had a backup of the DC image which

Hello, i'm currently trying to find a way to integrate a openafs cell and samba (without plaintext passwords). this should all be possible with a windows kdc, giving out afs tickets and forward these tickets to the samba server. unfortuntely this is not an option here. is there a way to connect samba 3.x to a mit krb5 server ? Holger Brueckner net-labs Systemhaus GmbH

On Mon, 2018-03-26 at 09:08 +0200, mj via samba wrote: > Hi, > > No one knows..? > > My guess is: > - SamLogon,network is an interactive logon, so a user typing a password > on a windows domain joined workstation No, that would be SamLogon,interactive. SamLogon,network is NTLM authentication accessing another server in the domain (in general). > - Kerberos KDC,ENC-TS

On Sun, 14 Aug 2016 21:52:43 +0100 Alex Crow via samba <samba at lists.samba.org> wrote: > > > I am fairly sure this is your problem, it should be able to find the > > KDC on its own DC. Have you checked /etc/krb5.conf, /etc/hosts > > and /etc/resolv.conf ? > > With the BIND server not running, and this krb5.conf: > > [libdefaults] >

Just a question. Did you create this server on site a and the moved it to site b? >-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Felix >Matouschek >Verzonden: vrijdag 14 augustus 2015 8:58 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] winbind_krb5_locator usage > >Hello, > >i investigated further and

Is it possible to specify a list of DCs for Samba to use, rather than have it look them up dynamically via DNS? I have an issue with Kerberos, Samba, and SSSD where my machines stop authenticating after a period of time – preAuthentication errors, etc. I suspect it's because of a "DC mismatch" between the three. Because we have numerous DCs all over the world, I specifically

Hello, I've got a little problem with NFSv4 + Kerberos. I can do a mount with Kerberos with a valid ticket, but read-only. After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/ I can see: #klist: Feb 6 07:22:47 Feb 6 17:22:43 nfs/nfsserver at my.domain #/var/heimdal/kdc.log: 2013-02-06T07:28:26 TGS-REQ clientnfs at my.domain from IPv4:192.168.0.23 for nfs/nfsserver at