search for: generating_keytabs

...the wording is confusing on the wiki page, specifically “this should then produce the keytab for the principAL ‘that you have exported’…” I’ve already exported a principAL? When? Or, am I currently exporting a principal with the samba-tool right then and there? https://wiki.samba.org/index.php/Generating_Keytabs <https://wiki.samba.org/index.php/Generating_Keytabs> Mike

...the keytab file with the correct credentials? nfs/server at subdomain.domain.com nfs/client at subdomain.domain.com Are these created manually by adding some account in ADUC and then use "samba-tool domain exportkeytab" to export the krb5.keytab file https://wiki.samba.org/index.php/Generating_Keytabs -Ken On 02/04/2018 06:29 PM, Luc Lalonde wrote: > Hey Ken, > > We’re using AD as a Kerberos server for NFSv4 in our Linux labs to automount the students home directories. > > I can answer specific questions if you’ve got some. > > Cheers, Luc. > > > Luc Lalonde, an...

...> “this should then produce the keytab for the principAL ‘that you have >> exported’…” >> >> I’ve already exported a principAL? When? Or, am I currently >> exporting a principal with the samba-tool right then and there? >> >> https://wiki.samba.org/index.php/Generating_Keytabs >> <https://wiki.samba.org/index.php/Generating_Keytabs> >> >> Mike >> > I have updated the wiki, corrected the obvious errors and spelling. > > Rowland > > Hi Rowland, No offence but it is indeed possible to use the SPN as principal name. Try it it wo...

...9 2012 lost+found > > > In /tmp i can see 4 krb5cc files for users there has used kerberos > on this member. So this look ok between Client and Fileserver. But > not between Member an DC > > For recreate keytab i can use this manual? > https://wiki.samba.org/index.php/Generating_Keytabs > <https://wiki.samba.org/index.php/Generating_Keytabs> > > If need be yes, but joining the domain should recreate the keytab for you, provided you ensure there isn't an existing one before the join. What OS's are you using ? Please post the smb.conf from the DC and doma...

...llo All. I am using Samba AD DC and Linux server with Squid, and I try to configure kerberos authentication for proxy server users. I need to add SPN for user and then export keytab with it to file. I am add user with RSAT and add SPN for it with samba-tool (like https://wiki.samba.org/index.php/Generating_Keytabs): -------------------- root at ad41:/# samba-tool spn list proxy proxy User CN=proxy,CN=Users,DC=dc,DC=S****,DC=ru has the following servicePrincipalName: HTTP/proxy.S****.ru at DC.S****.RU host/proxy.S****.ru at DC.S****.RU ------------------ But I cannot export exactly this...

...ork for some time in Debian Jessie about 6-12 months ago, then it stopped there also. See also my message to debian: https://lists.debian.org/debian-kernel/2017/11/msg00079.html Now about the keytab nfs generation. ( use sys for now that works fine.) >From : https://wiki.samba.org/index.php/Generating_Keytabs samba-tool spn add host/hostname.dom.tld "NETBIOSNAME\$" samba-tool spn add host/hostname.dom.tld at REALM "NETBIOSNAME\$" < i dont use this one, imo only when you use muliple REALMS. samba-tool domain exportkeytab --principal=nfs/hostname.dom.tld ~/nfs-hostname.keytab Co...

...ki page, specifically > “this should then produce the keytab for the principAL ‘that you have > exported’…” > > I’ve already exported a principAL? When? Or, am I currently > exporting a principal with the samba-tool right then and there? > > https://wiki.samba.org/index.php/Generating_Keytabs > <https://wiki.samba.org/index.php/Generating_Keytabs> > > Mike > I have updated the wiki, corrected the obvious errors and spelling. Rowland

...xample, Samba member1 ( installed as 4.3.x ) upgraded to 4.5.3 here im missing :  msDS-SupportedEncryptionTypes Samba member2 ( installed as 4.5.3 ) is haveing them.   With the upgrades of samba, are these AD attibutes not all updated?   Now i have seen : https://wiki.samba.org/index.php/Generating_Keytabs   now after running : net ads enctypes set computername$   Its added on the server it was missing, i noticed this because i needed AES128-CTS-HMAC-SHA1-96 AES256-CTS-HMAC-SHA1-96 in my keytab of my new proxy. Is this normaly behaivor?   And can someone explain why the default keytabs h...

Hello, I am trying to export keytab by following this guide: https://wiki.samba.org/index.php/Generating_Keytabs OS: CentOS 7.5 Samba: samba-dc-4.7.6-0.el7.centos.x86_64 (from Tranquil repo) Everything seems to work, but keytab is not exported (keytab file is not created). [root at ads1 /]# net ads enctypes list svc_confluence_sso 'svc_confluence_sso' uses "msDS-SupportedEncryptionTypes":...

...ials? > > nfs/server at subdomain.domain.com > > nfs/client at subdomain.domain.com > > Are these created manually by adding some account in ADUC and then use > "samba-tool domain exportkeytab" to export the krb5.keytab file > > https://wiki.samba.org/index.php/Generating_Keytabs > > -Ken > > > > On 02/04/2018 06:29 PM, Luc Lalonde wrote: >> Hey Ken, >> >> We’re using AD as a Kerberos server for NFSv4 in our Linux labs to >> automount the students home directories. >> >> I can answer specific questions if you’ve got som...

...ce the following.   When you go to : https://wiki.samba.org/index.php/User_Documentation  search site: keytab, nothing :-(   I cant find anything about keytabs..   ( not on the first sight ), which i needed... but there is this page, ( google was your friend ) : https://wiki.samba.org/index.php/Generating_Keytabs    Can someone add this in the Advanced section and make change where needed. after this part, or if you have a better place, but its usefull info imho. ........ This should print something like this: 'ACCOUNTNAME' uses "msDS-SupportedEncryptionTypes": 31 (0x0000001f) [X] 0x000...

...t subdomain.domain.com >> >> nfs/client at subdomain.domain.com >> >> Are these created manually by adding some account in ADUC and then >> use "samba-tool domain exportkeytab" to export the krb5.keytab file >> >> https://wiki.samba.org/index.php/Generating_Keytabs >> >> -Ken >> >> >> >> On 02/04/2018 06:29 PM, Luc Lalonde wrote: >>> Hey Ken, >>> >>> We’re using AD as a Kerberos server for NFSv4 in our Linux labs to >>> automount the students home directories. >>> >>> I...

...com" and the temporarily assigned user password and with a Keytab including the principal http-www.samdom.example.com at SAMDOM.EXAMPLE.COM it works. mount.cifs shows the same behaviour. Is it not possible to use a SPN in this scenario? Thanks, Christian [1] https://wiki.samba.org/index.php/Generating_Keytabs -- ifu Hamburg - material flows and software "We enable sustainable production." ifu Hamburg GmbH Max-Brauer-Allee 50 - 22765 Hamburg - Germany fon: +49 40 480009-0 - fax: +49 40 480009-22 - email: info at ifu.com Managing Director: Jan Hedemann - Commercial Register: Hamburg, HRB 526...

Hai Oliver,   Yes, thats ook pretty standard. On this questiosn. >thats the only one kerberos cache file in /tmp right now. >looks like kerberos does not renew the ticket :(? Do you have something like :  ( look in /var/tmp )   These are the tickes generated by the server. -rw-------  1 root  root   488 Sep 27 10:05 host_0 -rw-------  1 proxy proxy 9646 Sep 30 09:05 HTTP_13

...11 16 drwx------ 2 root root 16384 Aug 9 2012 lost+found In /tmp i can see 4 krb5cc files for users there has used kerberos on this member. So this look ok between Client and Fileserver. But not between Member an DC For recreate keytab i can use this manual? https://wiki.samba.org/index.php/Generating_Keytabs <https://wiki.samba.org/index.php/Generating_Keytabs> OLIVER WERNER Systemadministrator > Am 30.09.2016 um 09:17 schrieb L.P.H. van Belle via samba <samba at lists.samba.org>: > > Hai Oliver, > > > > Yes, thats ook pretty standard. > > > On t...

Hi list, I joined a workstation (Debian 10, Samba from distribution) to our AD domain (Windows 2012 Server). The domain ends by ".local" (yes I know, not my fault). However, after a domain user logged to the machine, I can't mount a share that exists on the AD server using user's kerberos ticket: it fails with error "Required key not available". Mounting using

30.11.2017 14:00, Rowland Penny via samba пишет: >> I am add user with RSAT and add SPN for it with samba-tool (like >> https://wiki.samba.org/index.php/Generating_Keytabs): >> -------------------- >> root at ad41:/# samba-tool spn list proxy >> proxy >> User CN=proxy,CN=Users,DC=dc,DC=S****,DC=ru has the following >> servicePrincipalName: >> HTTP/proxy.S****.ru at DC.S****.RU >> host/proxy.S****.ru at D...

...ssword and with a Keytab including the principal > http-www.samdom.example.com at SAMDOM.EXAMPLE.COM it works. > mount.cifs shows the same behaviour. > > Is it not possible to use a SPN in this scenario? > > Thanks, > Christian > > [1] https://wiki.samba.org/index.php/Generating_Keytabs > > -- > ifu Hamburg - material flows and software "We enable > sustainable production." > > ifu Hamburg GmbH > Max-Brauer-Allee 50 - 22765 Hamburg - Germany > fon: +49 40 480009-0 - fax: +49 40 480009-22 - email: info at ifu.com > > Managing Director: Ja...

...ated the computer object" to allow kerberos services. > > And did you add the CIFS/spn to the computer and keytab ? > > > I am sorry, I don't really understand the above: mount > requires a keytab > AND a user ticket? > > > https://wiki.samba.org/index.php/Generating_Keytabs > > > > If its a member, which i assume. > Yes, the workstation is a domain member. > > > kinit Administrator > > net ads keytab add cifs/$(hostname -f) -k > > net ads keytab add_update_ads -k > > > > Add these and it should work. > > You mig...

Experts— I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error: ERROR(runtime): uncaught exception - Key table entry not found File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 129, in