Mateo Duffour
2022-Mar-30 14:51 UTC
[Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
From: "Mateo Duffour" <mduffour at fnr.gub.uy> To: "samba" <samba at lists.samba.org> Cc: "Juan Andr?s Ghigliazza" <aghigliazza at fnr.gub.uy> Sent: Wednesday, 30 March, 2022 10:53:38 Subject: Samba AD DC on a trust relationship with IdM - kpasswd not working porperly Hi, We are experiencing a problem on our installation of Samba AD DC that it's on a trust relationship with an IdM server. We are having issues when executing kpasswd on a user account of Samba AD DC from the IdM Server as described here https://bugzilla.samba.org/show_bug.cgi?id=15021 Any help is appreciated, regards Lic. Mateo Duffour Unidad Inform?tica 2901.40.91 [ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] [ http://www.fnr.gub.uy/ | ] No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la informaci?n adjunta al mismo est? dirigido exclusivamente a su destinatario. Puede contener informaci?n confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibi? este e-mail por error, por favor, s?rvase notificarle a quien se lo envi? y borrar el original. Cualquier otro uso del e-mail por Ud. est? prohibido.
Denis CARDON
2022-Mar-30 16:05 UTC
[Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
Hi Mateo, Le 30/03/2022 ? 16:51, Mateo Duffour via samba a ?crit?:> > From: "Mateo Duffour" <mduffour at fnr.gub.uy> > To: "samba" <samba at lists.samba.org> > Cc: "Juan Andr?s Ghigliazza" <aghigliazza at fnr.gub.uy> > Sent: Wednesday, 30 March, 2022 10:53:38 > Subject: Samba AD DC on a trust relationship with IdM - kpasswd not working porperly > > Hi, > > We are experiencing a problem on our installation of Samba AD DC that it's on a trust relationship with an IdM server. > We are having issues when executing kpasswd on a user account of Samba AD DC from the IdM Server as described here https://bugzilla.samba.org/show_bug.cgi?id=15021I just answer on the bugzilla entry. Your kpasswd is expecting FAST support which has been added in samba 4.16. So you either have to disable FAST or upgrade first. Cheers, Denis> > Any help is appreciated, regards > > Lic. Mateo Duffour > Unidad Inform?tica > 2901.40.91 > > [ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] > [ http://www.fnr.gub.uy/ | ] > > > > No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la informaci?n adjunta al mismo est? dirigido exclusivamente a su destinatario. Puede contener informaci?n confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibi? este e-mail por error, por favor, s?rvase notificarle a quien se lo envi? y borrar el original. Cualquier otro uso del e-mail por Ud. est? prohibido. >
Mateo Duffour
2022-Apr-07 15:39 UTC
[Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly
Hi, We've updated our Samba server version to 4.16.0 and we're getting this error now (when trying to login with any user): Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error constructing AP-REQ armor: Server krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos database Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error constructing AP-REQ armor: Server krbtgt/ADTEST.xxx.xxx.xx at IDMPRU.xxx.xxx.xx not found in Kerberos database Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.9.9.4 user=usu7 at adtest.xxx.xxx.xx Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: pam_sss(sshd:auth): received for user usu7 at adtest.xxx.xxx.xx: 4 (System error) Apr 07 11:50:48 idmsrvpru.idmpru.xxx.xxx.xx sshd[4840]: error: PAM: Authentication failure for usu7 at adtest.xxx.xxx.xx from 10.9.9.4 Any help is appreciated, regards. Lic. Mateo Duffour Unidad Inform?tica 2901.40.91 [ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] [ http://www.fnr.gub.uy/ | ] No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la informaci?n adjunta al mismo est? dirigido exclusivamente a su destinatario. Puede contener informaci?n confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibi? este e-mail por error, por favor, s?rvase notificarle a quien se lo envi? y borrar el original. Cualquier otro uso del e-mail por Ud. est? prohibido. From: "Denis CARDON" <dcardon at tranquil.it> To: "Mateo Duffour" <mduffour at fnr.gub.uy>, "samba" <samba at lists.samba.org> Cc: "Juan Andr?s Ghigliazza" <aghigliazza at fnr.gub.uy> Sent: Wednesday, 30 March, 2022 13:05:10 Subject: Re: [Samba] Samba AD DC on a trust relationship with IdM - kpasswd not working porperly Hi Mateo, Le 30/03/2022 ? 16:51, Mateo Duffour via samba a ?crit : From: "Mateo Duffour" <mduffour at fnr.gub.uy> To: "samba" <samba at lists.samba.org> Cc: "Juan Andr?s Ghigliazza" <aghigliazza at fnr.gub.uy> Sent: Wednesday, 30 March, 2022 10:53:38 Subject: Samba AD DC on a trust relationship with IdM - kpasswd not working porperly Hi, We are experiencing a problem on our installation of Samba AD DC that it's on a trust relationship with an IdM server. We are having issues when executing kpasswd on a user account of Samba AD DC from the IdM Server as described here https://bugzilla.samba.org/show_bug.cgi?id=15021 I just answer on the bugzilla entry. Your kpasswd is expecting FAST support which has been added in samba 4.16. So you either have to disable FAST or upgrade first. Cheers, Denis BQ_BEGIN Any help is appreciated, regards Lic. Mateo Duffour Unidad Inform?tica 2901.40.91 [ http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] [ http://www.fnr.gub.uy/ | ] No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje y la informaci?n adjunta al mismo est? dirigido exclusivamente a su destinatario. Puede contener informaci?n confidencial, privilegiada o de uso restringido, protegida por las normas. Si Ud. recibi? este e-mail por error, por favor, s?rvase notificarle a quien se lo envi? y borrar el original. Cualquier otro uso del e-mail por Ud. est? prohibido. BQ_END