Displaying 20 results from an estimated 70 matches for "default_keytab_nam".
Did you mean:
default_keytab_name
2017 Nov 13
2
Winbind error "Could not fetch our SID - did we join?"
...tc/hosts:ff02::1 ip6-allnodes
/etc/hosts:ff02::2 ip6-allrouters
/etc/hosts:127.0.0.1 localhost
/etc/hosts:192.168.16.214 villach-file
/etc/krb5.conf:[libdefaults]
/etc/krb5.conf: default_realm = AD.TAO.AT
/etc/krb5.conf: dns_lookup_realm = true
/etc/krb5.conf: dns_lookup_kdc = true
/etc/krb5.conf: default_keytab_name = FILE:/etc/krb5.keytab
/etc/krb5.conf:[domain_realm]
/etc/krb5.conf: .ad.tao.at = AD.TAO.AT
/etc/krb5.conf: ad.tao.at = AD.TAO.AT
/etc/krb5.conf: .tao.at = AD.TAO.AT
/etc/krb5.conf: tao.at = AD.TAO.AT
/etc/resolv.conf:nameserver 192.168.16.1
/etc/resolv.conf:domain ad.tao.at
On 2017-11-13 12:01...
2004 Aug 26
1
Net groupmap fails
Samba 3.0.6 installed.
Net join ads worked perfectly.
Net groupmap add fails as follows:
lildude# net groupmap add unixgroup=admin ntgroup=Administrators
[2004/08/26 09:28:19, 0] param/loadparm.c:map_parameter(2449)
Unknown parameter encountered: "default_keytab_name"
[2004/08/26 09:28:19, 0] param/loadparm.c:lp_do_parameter(3139)
Ignoring unknown parameter "default_keytab_name"
No rid or sid specified, choosing algorithmic mapping
[2004/08/26 09:28:19, 0] lib/smbldap.c:smbldap_connect_system(796)
failed to bind to server with dn= Error: Ca...
2004 Sep 06
1
Upgrade from Samba 3.0.2 to 3.0.6 smbclient -k fails
...east for me, the upgrade introduces a problem with Kerberos.
3.0.2 smbclient //server/share -k works
3.0.6 smbclient //server/share -k fails
I have updated my smb.conf to include 'use kerberos keytab = yes' and I have
updated my /etc/krb5.conf from blank to:
[libdefaults]
default_keytab_name = FILE:/etc/krb5.keytab
When smbclient fails I see the following in my log files:
[2004/09/06 01:50:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
I'm running:
RedHat ES 3.0 with:
kernel-smp-2.4.21-20.EL
krb5-libs-1.2.7-28
Please, someone, give...
2005 Jan 16
0
/etc/krb5.keytab and Preauthentication required
...principal entry in the system
keytab for integration with other kerberized services.
Please refer to the 'use kerberos keytab' entry in
smb.conf(5). When using the heimdal kerberos libraries,
you must also specify the following in /etc/krb5.conf:
[libdefaults]
default_keytab_name = FILE:/etc/krb5.keytab
I'm trying to do a kinit with the following command:
kinit -k -c /etc/.ldapcache -S ldap/dc.example.com \
host/<host> && chmod a+r /etc/.ldapcache
I get the error that preauthentication failed. Joining a PC to a domain also works quite
well. And...
2009 Feb 16
1
samba-3.2.8 - KRB5_KT_UNKNOWN_TYPE;
When "use kerberos keytab = yes" in smb.conf is set with samba-3.2.8 and
the environment variable KRB5_KTNAME is not set with the value using
prefix "FILE:" or the default_keytab in /etc/krb5.conf is set without
the prefix i.e.
default_keytab_name = /etc/v5srvtab
then the function smb_krb5_open_keytab() returns KRB5_KT_UNKNOWN_TYPE.
If smb_krb5_open_keytab with a filename "/etc/v5srvtab" it would work
fine, however if the "default" keytab is used the expectation is that it
must have a prefix "FILE:" or &quo...
2010 Dec 01
2
kerberos @ samba4 DC
...pe: KDC has no support for encryption
type)
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL
My krb5.conf is as follows:
[libdefaults]
default_realm = (WINDOWS 2000 DOMAIN)
dns_lookup_realm = true
dns_lookup_kdc = true
clockskew = 300
default_keytab_name = FILE:/home/pilote/rafa.keytab
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
(WINDOWS 2000 DOMAIN) = {
kdc = (HOSTNAME).(WINDOWS 2000 DOMAIN):88
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/lo...
2014 Oct 23
1
Aix 7.1 + Samba 3.60 + W2003 AD can not access shares
...in.
wbinfo -u works fine but when I try to access a share I get the
following error :
Failed to find authenticated user via getpwnam(), denying access
Aix client is connecting the DC over a VPN.
This is my krb5.conf :
[libdefaults]
default_realm = MYDOMAIN.COM
default_keytab_name = FILE:/etc/krb5/krb5.keytab
clockskew = 300
[realms]
MYDOMAIN.COM = {
kdc = dc.mydomain.com:88
admin_server = dc.mydomain.com:749
default_domain = MYDOMAIN.COM
}
[domain_realm]
.mydomain.com = MYDOMAIN....
2005 Aug 27
1
Samba works!: Samba, Kerberos, Win2K Active Directory authentication
...y in your unixmachine:
/home1/kerberos5/sbin/ktutil
ktutil: rkt /etc/krb5/unixmachine.keytab
ktutil: wkt /etc/krb5/krb5.keytab
ktutil: q
5. Configure some env vars::
KRB5_CONFIG=/etc/krb5/krb5.conf
KRB5_KDC_PROFILE=/var/kerberos/krb5kdc/kdc.conf
DEFAULT_KEYTAB_NAME=/etc/krb5/krb5.keytab
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local: \
/usr/local/include:/usr/local/lib:/usr/lib/iconv
export KRB5_CONFIG KRBR_KDC_PROFILE LD_LIBRARY_PATH \
DEFAULT_KEYTAB_NAME
6. Generate libraries links for nsswitch
Copy from
/export/programas/samba/samba-3.0.14a/sou...
2011 Jun 09
1
winbind and ipv6
...===
(lots of these)
fd00::32d is the address of the domain controller. SOFTLAB is my
Win2008 domain. HQ-GC.norma.com is the name of the domain controller.
krb5.conf looks like this (Kerberos seems to be working using IPv6, as I
already said):
===Cut===
[libdefaults]
default_realm = NORMA.COM
default_keytab_name = /etc/krb5.keytab
[realms]
NORMA.COM = {
kdc = tcp/hq-gc.norma.com
admin_server = hq-gc.norma.com
}
[domain_realm]
.kerberos.server = NORMA.COM
[logging]
default = SYSLOG:INFO
===Cut===
Any ideas ?
Thanks.
Eugene.
2008 Apr 02
3
Urgent... winbind and keytab file creation
...ks fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf:
use kerberos keytabe = true
and as mentioned in man smb.conf i have set in krb5.conf
default_keytab_name = FILE:/etc/krb5/krb5.keytab
after a "net join ads" the krb5.keytab file is not created? do i have to create it myself? Is this not really implemented? What am I doing wrong?
Help would be really apreciated.
Thanks and Regards,
Oliver Weinmann
Unix/Linux Administrator
VEGA IT GmbH...
2018 Jun 08
2
samba4+squid3+ntlm
...asic credentialsttl 1 hours
external_acl_type ldap_group children-max=20 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl
authenticate_ttl 1 hours
authenticate_ip_ttl 1 hours
krb5.conf
[libdefaults]
default_realm = MYDOMINIO.COM
dns_lookup_kdc = no
dns_lookup_realm = no
ticket_lifetime = 24h
default_keytab_name = /etc/squid3/PROXY.keytab
; for Windows 2003
; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; for Windows 2008 with AES
default_tgs_enctypes = aes256-cts-hmac-sha1-...
2014 Mar 01
1
Need help joining an IPv6 Windows 2008 AD server
...s is allowed on that share they will get in, otherwise they will be
?? # denied
?? map to guest = Bad User
?? client ldap sasl wrapping = sign
?? client ntlmv2 auth = no
?? usershare max shares = 10
>>>>> krb5.conf >>>>>
[libdefaults]
?default_realm = MYDOMAIN.COM
?default_keytab_name = FILE:/opt/arc/node-config/krb5.keytab
?udp_preference_limit = 50
?default_tkt_enctypes = rc4-hmac
?default_tgs_enctypes = rc4-hmac
[realms]
MYDOMAIN.COM = {
? kdc = serv1.mydomain.com
? kpasswd_server = serv1.mydomain.com:464
}
[domain_realm]
mydomain.com? = MYDOMAIN.COM
.mydomain.com = MYDOMA...
2014 Mar 04
1
keytab question.
....DOMAIN.TLD
? 12??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD
? 13??? 1???????? HOST/rtd-dc1 at INTERNAL.DOMAIN.TLD
? 14??? 1 HOST/rtd-dc1.INTERNAL.DOMAIN.TLD at INTERNAL.DOMAIN.TLD
? 15??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD
?
?
in the krb5.conf i need to define the default keytab name
?
?default_keytab_name = FILE:/etc/krb5.keytab
but now the question, which keytab should i use?
I know?i have to configure our DNS server to support dynamic DNS updates in the clear (insecure) by using the allow-update directive
?
i've seen the update policy
?
cat /var/lib/samba/private/named.conf.update
/* this...
2016 Oct 10
1
unable to browse shares
...ce3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
Selected protocol SMB3_00
[libdefaults]
default_realm = HEBE.US
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_keytab_name = FILE:/etc/krb5.keytab
[realms]
HEBE.US = {
kdc = MAIA.HEBE.US
admin_server = MAIA.HEBE.US
default_domain = HEBE.US
}
[domain_realm]
.hebe.us = HEBE.US
hebe.us = MAIA.HEBE.US
[appdefaults]
pam = {...
2008 Oct 28
1
"Failed to set servicePrincipalNames" join ADS issue.
...o problem ... kinit klist
are all running fine .. below my krb5 config file
# cat /etc/krb5/krb5.conf
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
# admin_server = FILE:/var/log/krb5/kadmind.log
default = FILE:/var/log/krb5/krb5libs.log
[libdefaults]
default_realm = XXX.XXX
default_keytab_name = /etc/krb5/krb5.keytab
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
ticket_lifetime = 24000
[realms]
XXX.XXX = {
kdc = server1.xxx.xxx:88
kdc = server2.xxx.xxx:88
default_domain = XXX.XXX
}
[domain_realm]
.xxx.xxx = XXX.XXX
x...
2008 Aug 11
1
AD on 2003R2 NT_STATUS_NO_SUCH_USER
...inbind enum groups = yes
# winbind nss info = rfc2307
[anyone]
path = /home/anyone
guest ok = yes
browseable = yes
[testing]
path = /home/testing
guest ok = no
valid users = test01
admin users = test01
write list = test01
KRB5.CONF
[libdefaults]
default_realm = TEST.LOCAL
default_keytab_name = FILE:/etc/krb5/krb5.keytab
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
[realms]
TEST.LOCAL = {
kdc = adtest.test.local:88
admin_server = adtest.test.local:749
default_domain...
2005 May 26
5
samba3 and kerberos authentication of users
...in smbpasswd with separate
passwords outside of kerberos.
I already compiled samba with --with-krb5 configure switch and have
following options in smb.conf:
client use spnego = yes
realm = KERBEROS.REALM.NAME
use kerberos keytab = yes
While it is heimdal's kerberos implementation, I added
default_keytab_name = FILE:/etc/krb5.keytab
to the [libdefaults] section of /etc/krb5.conf
as I saw somewhere. But this is still not working for me:
Debud on the client side:
$ smbclient -d3 -U komanek //127.0.0.1/homes
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processin...
2004 Jul 09
0
Samba 3.0.5rc1 Available for Download
...principal entry in the system
keytab for integration with other kerberized services.
Please refer to the 'use kerberos keytab' entry in
smb.conf(5). When using the heimdal kerberos libraries,
you must also specify the following in /etc/krb5.conf:
[libdefaults]
default_keytab_name = FILE:/etc/krb5.keytab
o Support for maintaining individual printer names
stored separately from the printer's sharename.
The source code can be downloaded from:
http://download.samba.org/samba/ftp/rc/
The uncompressed tarball and patch file have been signed using GnuPG.
Pleas...
2004 Jul 09
0
Samba 3.0.5rc1 Available for Download
...principal entry in the system
keytab for integration with other kerberized services.
Please refer to the 'use kerberos keytab' entry in
smb.conf(5). When using the heimdal kerberos libraries,
you must also specify the following in /etc/krb5.conf:
[libdefaults]
default_keytab_name = FILE:/etc/krb5.keytab
o Support for maintaining individual printer names
stored separately from the printer's sharename.
The source code can be downloaded from:
http://download.samba.org/samba/ftp/rc/
The uncompressed tarball and patch file have been signed using GnuPG.
Pleas...
2004 Sep 22
0
ADS and trusted domains=no
...wins server = server
ldap ssl = no
idmap uid = 10000-80000
idmap gid = 10000-80000
template homedir = /home/others
template shell = /bin/bash
winbind cache time = 3000
winbind enable local accounts = No
krb5.conf:
[libdefaults]
default_keytab_name = FILE:/etc/krb5.keytab <FILE:/etc/krb5.keytab>
# clockskew = 300
default_realm = DomA.net
# default_tgs_type = DES-CBC-CRC
# default_tkt_type = DES-CBC-CRC
# default_etypes = DES-CBC-CRC des-cbc-md5
# default_etypes_des = DES-CBC-CRC des-cbc-md5
[real...