search for: default_etypes

...rpc: files services: files netgroup: files publickey: files automount: files aliases: files /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.QC.CA default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [realms] MYDOMAIN.QC.CA = { default_domain = mydomain.qc.ca kdc = server1.mydomain.qc.ca:88 kdc = server2.mydomain.qc.ca:88 admin_server = server1.mydomain.qc.ca:749 } [domain_realm] .mydomain.qc.ca = MYDOMAIN....

...kages; heimdal-0.8.1, openldap-2.3.36, sasl-2.1.22, openssl-0.9.8e. The krb5.conf, and the smb.conf files look as follows: ******************************************** [libdefaults] default_realm = AD.RICE.EDU # default_tkt_enctypes = rc4-hmac # default_tgs_enctypes = rc4-hmac default_etypes = des-cbc-crc large_msg_size = 1 # default_etypes = des-cbc-crc "Have tried all these combinations to no avail" # default_etypes_des = des-cbc-crc # default_tkt_enctypes = des-cbc-md5 # default_tgs_enctypes = des-cbc-md5 # default_tkt_enctypes = rc4-hmac #...

...led to verify incoming ticket!" suggests this is some kind of kerberos error. Samba is linked to heimdal 0.6.3 and I've no problems getting tickets from the DCs. My krb5.conf looks like this (with some private bits removed) [libdefaults] default_realm = MYREALM.COM default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [realms] MYREALM.COM= { kdc = tcp/10.0.0.239 default_domain = myrealm.com } [domain_realm] .myrealm.com = MYREALM.COM myrealm.com = MYREALM.COM...

...th-ldap --with-winbind --with-acl-support --with-utmp --with-quotas --with-sendfile-support openldap-2.3.19 ./configure --enable-crypt --without-cyrus-sasl unixODBC-2.2.11 gcc 3.3.2 /etc/krb5.conf: [libdefaults] default_realm = MYREALM.COM default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 ticket_lifetime = 24000 clockskew = 300 dns_lookup_realm = false dns_lookup_kdc = false [realms] MYREALM.COM = { kdc = myadsserver.mydomain.com de...

...cl-support --with-utmp --with-quotas > --with-sendfile-support > > openldap-2.3.19 > > ./configure --enable-crypt --without-cyrus-sasl > > > unixODBC-2.2.11 > gcc 3.3.2 > > /etc/krb5.conf: > > [libdefaults] > default_realm = MYREALM.COM > default_etypes = des-cbc-crc des-cbc-md5 > default_etypes_des = des-cbc-crc des-cbc-md5 > ticket_lifetime = 24000 > clockskew = 300 > dns_lookup_realm = false > dns_lookup_kdc = false > > [realms] > MYREALM.COM = { > kdc =...

...use_first_pass use_authtok session required pam_limits.so session required pam_resmgr.so ------------/etc/krb5.conf--------------- [libdefaults] default_realm = WAYNE.LOCAL clockskew = 300 dns_lookup_realm = false dns_lookup_kdc = false default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [realms] WAYNE.LOCAL = { kdc = 192.168.1.11 default_domain = WAYNE.LOCAL admin_server = police.wayne.local kpasswd_server = police.wayne.l...

...= yes writable = yes write list = root, @'APMC\domain users' <<<< My krb5.conf >>>>> [logging] default = FILE:/var/log/krb5/libs.log kdc = FILE:/var/log/krb5/kdc.log admin_server = FILE:/var/log/krb5/admin.log [libdefaults] default_realm = APMC.LOCAL default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [domain_realms] .apmc.local = APMC.LOCAL apmc.local = APMC.LOCAL [realms] APMC.LOCAL = { kdc = pdc.apmc.local admin_server = pdc.apmc.local default_domain = apmc.local } <<<<< I have...

I've been trying to setup Samba to authenticate users against accounts existing on a Windows 2003 Server without any backwards capability. Ideally, this needs to be done without any changes to the Windows 2003 Server. Users will not be logging into the Samba shares at all. This is merely for authentication. I'm running FreeBSD 4.10-Relase #4 with Samba 3.0.8. This is my smb.conf file:

...ncipal 108 arcfour-hmac-md5 cifs/fs-sahre at dom.corp 108 des-cbc-md5 cifs/fs-sahre at dom.corp 108 des-cbc-crc cifs/fs-sahre at dom.corp it worked for several days, to make it work I used ktutils and adding the spn again to have 109. my /etc/krb5.conf: [Libdefaults] default_realm = DOM.CORP default_etypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4 des3-hmac-sha1 des3-cbc-sha1 allow_weak_crypto = true dns_lookup_kdc = true dns_lookup_realm = false forwardable = true proxiable = true kdc_timesync = 1 debug = false any help ? :)

....univ-poitiers.fr/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No *--- /etc/krb5.conf --- * [libdefaults] default_realm = sci.univ-poitiers.fr dns_lookup_realm = false dns_lookup_kdc = false default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-mb5 [appdefaults] proxiable = true ticket_lifetime = 24h debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert...

I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? 2. If yes, I have not been able to get it to work. If I have a posix user account with the same name as one in

...domain, which does not fit in UDP DNS packet, I found another interesting issue. winbindd generates a temporary krb5.conf for each realm it uses, and stores it in /run/samba/smb_krb5/krb5.conf.$REALM. Here's a typical such config in fully-automatic mode: libdefaults] default_realm = RGS.RU default_etypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 dns_lookup_realm = false dns_lookup_kdc = true [realms] FOO.BAR = { kdc = 10.221.1.98 kdc = 10.53.1.100 kdc = 10.45.1.100 kdc = 10.59.1.100 } These are addresses of 4 DCs winbindd found in _ldap._tcp.dc._msdcs.FOO.BAR...

...en I restart smbd and winbindd everything is working for another 10 hours. I wrote a perl script that detects this and restarts the servers but I would prefer not to use this script. The Kerberos version I use is: heimdal-0.4e-207 my /etc/krb5.conf: [libdefaults] default_realm = SRV.DOMAIN.DE default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 dns_lookup_realm = false dns_lookup_kdc = true [realms] SRV.DOMAIN.DE = { kdc = 193.16.226.81 default_domain = srv.domain.de } [domain_realm] .srv.domain.de = SRV.DOMAIN.DE srv.domain.de = SRV.DOMAIN.DE [appdefaults]...

...Create a krb5.conf file int /etc that looks like this: logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = YOURDOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [realms] FSKLAW.NET = { kdc = kerberos.yourdomain.com admin_server = servername.yourdomain.com default_domain= yourdomain.com } [domain_realm] .kerberos.server = KERBEROS.FSKLAW.NET [kdc] profile = /var/kerberos/kr...

...000 winbind enable local accounts = No krb5.conf: [libdefaults] default_keytab_name = FILE:/etc/krb5.keytab <FILE:/etc/krb5.keytab> # clockskew = 300 default_realm = DomA.net # default_tgs_type = DES-CBC-CRC # default_tkt_type = DES-CBC-CRC # default_etypes = DES-CBC-CRC des-cbc-md5 # default_etypes_des = DES-CBC-CRC des-cbc-md5 [realms] DomA.net= { kdc = server.DomA.net default_domain = DomA.net kpasswd_server = server.DomA.net } [domain_realm] doma.net=DomA.net .doma.n...

Hi, I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on LM10.0. A similar summary to what I'm seeing could be found here. http://lists.samba.org/archive/samba/2004-July/090210.html My relevant config info could be found below. May I ask how could I solve this in LM10.0? What packages do I need to update? The problem does not arise with NT. It happens to only W2K, XP,

...th-ldap --with-winbind --with-acl-support --with-utmp --with-quotas --with-sendfile-support openldap-2.3.19 ./configure --enable-crypt --without-cyrus-sasl unixODBC-2.2.11 gcc 3.3.2 /etc/krb5.conf: [libdefaults] default_realm = MYREALM.COM default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 ticket_lifetime = 24000 clockskew = 300 dns_lookup_realm = false dns_lookup_kdc = false [realms] MYREALM.COM = { kdc = myadsserver.mydomain.com de...

...roup = HOME security = ADS /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/loc/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = HOME.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [realms] HOME.EXAMPLE.COM = { kdc=server01.home.example.com admin_server = server01.home.example.com default_domain = home.example.com } [domain_realm] .home.example.com = HOME.EXAMPLE.COM home.example.com = HOM...

...00-65535 KRB5.CONF [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DATANAT.COM dns_lookup_realm = true dns_lookup_kdc = true forwardable = true proxiable = true default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [realms] DATANAT.COM = { kdc = dcpdc.datanat.com:88 admin_server = 140.100.10.150:749 default_domain = datanat.com } [domain_realm] .datanat.com = DATANAT.COM datanat.com = DATANAT.COM [kdc] profile = /var/kerberos/krb...

hi list, I'm just curious if someone succesfully done dovecot authentication of Active directory and I will appreciage any link in this regards Thanks Askar