search for: default_keytab_name

...tc/hosts:ff02::1 ip6-allnodes /etc/hosts:ff02::2 ip6-allrouters /etc/hosts:127.0.0.1 localhost /etc/hosts:192.168.16.214 villach-file /etc/krb5.conf:[libdefaults] /etc/krb5.conf: default_realm = AD.TAO.AT /etc/krb5.conf: dns_lookup_realm = true /etc/krb5.conf: dns_lookup_kdc = true /etc/krb5.conf: default_keytab_name = FILE:/etc/krb5.keytab /etc/krb5.conf:[domain_realm] /etc/krb5.conf: .ad.tao.at = AD.TAO.AT /etc/krb5.conf: ad.tao.at = AD.TAO.AT /etc/krb5.conf: .tao.at = AD.TAO.AT /etc/krb5.conf: tao.at = AD.TAO.AT /etc/resolv.conf:nameserver 192.168.16.1 /etc/resolv.conf:domain ad.tao.at On 2017-11-13 12:01,...

Samba 3.0.6 installed. Net join ads worked perfectly. Net groupmap add fails as follows: lildude# net groupmap add unixgroup=admin ntgroup=Administrators [2004/08/26 09:28:19, 0] param/loadparm.c:map_parameter(2449) Unknown parameter encountered: "default_keytab_name" [2004/08/26 09:28:19, 0] param/loadparm.c:lp_do_parameter(3139) Ignoring unknown parameter "default_keytab_name" No rid or sid specified, choosing algorithmic mapping [2004/08/26 09:28:19, 0] lib/smbldap.c:smbldap_connect_system(796) failed to bind to server with dn= Error: Can...

...east for me, the upgrade introduces a problem with Kerberos. 3.0.2 smbclient //server/share -k works 3.0.6 smbclient //server/share -k fails I have updated my smb.conf to include 'use kerberos keytab = yes' and I have updated my /etc/krb5.conf from blank to: [libdefaults] default_keytab_name = FILE:/etc/krb5.keytab When smbclient fails I see the following in my log files: [2004/09/06 01:50:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! I'm running: RedHat ES 3.0 with: kernel-smp-2.4.21-20.EL krb5-libs-1.2.7-28 Please, someone, give m...

...principal entry in the system keytab for integration with other kerberized services. Please refer to the 'use kerberos keytab' entry in smb.conf(5). When using the heimdal kerberos libraries, you must also specify the following in /etc/krb5.conf: [libdefaults] default_keytab_name = FILE:/etc/krb5.keytab I'm trying to do a kinit with the following command: kinit -k -c /etc/.ldapcache -S ldap/dc.example.com \ host/<host> && chmod a+r /etc/.ldapcache I get the error that preauthentication failed. Joining a PC to a domain also works quite well. And t...

When "use kerberos keytab = yes" in smb.conf is set with samba-3.2.8 and the environment variable KRB5_KTNAME is not set with the value using prefix "FILE:" or the default_keytab in /etc/krb5.conf is set without the prefix i.e. default_keytab_name = /etc/v5srvtab then the function smb_krb5_open_keytab() returns KRB5_KT_UNKNOWN_TYPE. If smb_krb5_open_keytab with a filename "/etc/v5srvtab" it would work fine, however if the "default" keytab is used the expectation is that it must have a prefix "FILE:" or &quot...

...pe: KDC has no support for encryption type) Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL My krb5.conf is as follows: [libdefaults] default_realm = (WINDOWS 2000 DOMAIN) dns_lookup_realm = true dns_lookup_kdc = true clockskew = 300 default_keytab_name = FILE:/home/pilote/rafa.keytab default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [realms] (WINDOWS 2000 DOMAIN) = { kdc = (HOSTNAME).(WINDOWS 2000 DOMAIN):88 } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log...

...in. wbinfo -u works fine but when I try to access a share I get the following error : Failed to find authenticated user via getpwnam(), denying access Aix client is connecting the DC over a VPN. This is my krb5.conf : [libdefaults] default_realm = MYDOMAIN.COM default_keytab_name = FILE:/etc/krb5/krb5.keytab clockskew = 300 [realms] MYDOMAIN.COM = { kdc = dc.mydomain.com:88 admin_server = dc.mydomain.com:749 default_domain = MYDOMAIN.COM } [domain_realm] .mydomain.com = MYDOMAIN.C...

...y in your unixmachine: /home1/kerberos5/sbin/ktutil ktutil: rkt /etc/krb5/unixmachine.keytab ktutil: wkt /etc/krb5/krb5.keytab ktutil: q 5. Configure some env vars:: KRB5_CONFIG=/etc/krb5/krb5.conf KRB5_KDC_PROFILE=/var/kerberos/krb5kdc/kdc.conf DEFAULT_KEYTAB_NAME=/etc/krb5/krb5.keytab LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local: \ /usr/local/include:/usr/local/lib:/usr/lib/iconv export KRB5_CONFIG KRBR_KDC_PROFILE LD_LIBRARY_PATH \ DEFAULT_KEYTAB_NAME 6. Generate libraries links for nsswitch Copy from /export/programas/samba/samba-3.0.14a/sour...

...=== (lots of these) fd00::32d is the address of the domain controller. SOFTLAB is my Win2008 domain. HQ-GC.norma.com is the name of the domain controller. krb5.conf looks like this (Kerberos seems to be working using IPv6, as I already said): ===Cut=== [libdefaults] default_realm = NORMA.COM default_keytab_name = /etc/krb5.keytab [realms] NORMA.COM = { kdc = tcp/hq-gc.norma.com admin_server = hq-gc.norma.com } [domain_realm] .kerberos.server = NORMA.COM [logging] default = SYSLOG:INFO ===Cut=== Any ideas ? Thanks. Eugene.

...ks fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf: use kerberos keytabe = true and as mentioned in man smb.conf i have set in krb5.conf default_keytab_name = FILE:/etc/krb5/krb5.keytab after a "net join ads" the krb5.keytab file is not created? do i have to create it myself? Is this not really implemented? What am I doing wrong? Help would be really apreciated. Thanks and Regards, Oliver Weinmann Unix/Linux Administrator VEGA IT GmbH E...

...asic credentialsttl 1 hours external_acl_type ldap_group children-max=20 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl authenticate_ttl 1 hours authenticate_ip_ttl 1 hours krb5.conf [libdefaults] default_realm = MYDOMINIO.COM dns_lookup_kdc = no dns_lookup_realm = no ticket_lifetime = 24h default_keytab_name = /etc/squid3/PROXY.keytab ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes256-cts-hmac-sha1-9...

...s is allowed on that share they will get in, otherwise they will be ?? # denied ?? map to guest = Bad User ?? client ldap sasl wrapping = sign ?? client ntlmv2 auth = no ?? usershare max shares = 10 >>>>> krb5.conf >>>>> [libdefaults] ?default_realm = MYDOMAIN.COM ?default_keytab_name = FILE:/opt/arc/node-config/krb5.keytab ?udp_preference_limit = 50 ?default_tkt_enctypes = rc4-hmac ?default_tgs_enctypes = rc4-hmac [realms] MYDOMAIN.COM = { ? kdc = serv1.mydomain.com ? kpasswd_server = serv1.mydomain.com:464 } [domain_realm] mydomain.com? = MYDOMAIN.COM .mydomain.com = MYDOMAI...

....DOMAIN.TLD ? 12??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ? 13??? 1???????? HOST/rtd-dc1 at INTERNAL.DOMAIN.TLD ? 14??? 1 HOST/rtd-dc1.INTERNAL.DOMAIN.TLD at INTERNAL.DOMAIN.TLD ? 15??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ? ? in the krb5.conf i need to define the default keytab name ? ?default_keytab_name = FILE:/etc/krb5.keytab but now the question, which keytab should i use? I know?i have to configure our DNS server to support dynamic DNS updates in the clear (insecure) by using the allow-update directive ? i've seen the update policy ? cat /var/lib/samba/private/named.conf.update /* this f...

...ce3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB3_00 [libdefaults] default_realm = HEBE.US dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true default_keytab_name = FILE:/etc/krb5.keytab [realms] HEBE.US = { kdc = MAIA.HEBE.US admin_server = MAIA.HEBE.US default_domain = HEBE.US } [domain_realm] .hebe.us = HEBE.US hebe.us = MAIA.HEBE.US [appdefaults] pam = {...

...o problem ... kinit klist are all running fine .. below my krb5 config file # cat /etc/krb5/krb5.conf [logging] kdc = FILE:/var/log/krb5/krb5kdc.log # admin_server = FILE:/var/log/krb5/kadmind.log default = FILE:/var/log/krb5/krb5libs.log [libdefaults] default_realm = XXX.XXX default_keytab_name = /etc/krb5/krb5.keytab dns_lookup_realm = false dns_lookup_kdc = false forwardable = true ticket_lifetime = 24000 [realms] XXX.XXX = { kdc = server1.xxx.xxx:88 kdc = server2.xxx.xxx:88 default_domain = XXX.XXX } [domain_realm] .xxx.xxx = XXX.XXX xx...

...inbind enum groups = yes # winbind nss info = rfc2307 [anyone] path = /home/anyone guest ok = yes browseable = yes [testing] path = /home/testing guest ok = no valid users = test01 admin users = test01 write list = test01 KRB5.CONF [libdefaults] default_realm = TEST.LOCAL default_keytab_name = FILE:/etc/krb5/krb5.keytab default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc [realms] TEST.LOCAL = { kdc = adtest.test.local:88 admin_server = adtest.test.local:749 default_domain...

...in smbpasswd with separate passwords outside of kerberos. I already compiled samba with --with-krb5 configure switch and have following options in smb.conf: client use spnego = yes realm = KERBEROS.REALM.NAME use kerberos keytab = yes While it is heimdal's kerberos implementation, I added default_keytab_name = FILE:/etc/krb5.keytab to the [libdefaults] section of /etc/krb5.conf as I saw somewhere. But this is still not working for me: Debud on the client side: $ smbclient -d3 -U komanek //127.0.0.1/homes lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing...

...principal entry in the system keytab for integration with other kerberized services. Please refer to the 'use kerberos keytab' entry in smb.conf(5). When using the heimdal kerberos libraries, you must also specify the following in /etc/krb5.conf: [libdefaults] default_keytab_name = FILE:/etc/krb5.keytab o Support for maintaining individual printer names stored separately from the printer's sharename. The source code can be downloaded from: http://download.samba.org/samba/ftp/rc/ The uncompressed tarball and patch file have been signed using GnuPG. Please...

...principal entry in the system keytab for integration with other kerberized services. Please refer to the 'use kerberos keytab' entry in smb.conf(5). When using the heimdal kerberos libraries, you must also specify the following in /etc/krb5.conf: [libdefaults] default_keytab_name = FILE:/etc/krb5.keytab o Support for maintaining individual printer names stored separately from the printer's sharename. The source code can be downloaded from: http://download.samba.org/samba/ftp/rc/ The uncompressed tarball and patch file have been signed using GnuPG. Please...

...wins server = server ldap ssl = no idmap uid = 10000-80000 idmap gid = 10000-80000 template homedir = /home/others template shell = /bin/bash winbind cache time = 3000 winbind enable local accounts = No krb5.conf: [libdefaults] default_keytab_name = FILE:/etc/krb5.keytab <FILE:/etc/krb5.keytab> # clockskew = 300 default_realm = DomA.net # default_tgs_type = DES-CBC-CRC # default_tkt_type = DES-CBC-CRC # default_etypes = DES-CBC-CRC des-cbc-md5 # default_etypes_des = DES-CBC-CRC des-cbc-md5 [realm...