search for: gensec_gssapi

Displaying 20 results from an estimated 149 matches for "gensec_gssapi".

Kerberos ticket lifetime
2020 Sep 30
2
Kerberos ticket lifetime
> > On the client, add: > > gensec_gssapi:requested_life_time = <int> # seconds > > to smb4.conf. E.g. a ticket life time of one hour: > > gensec_gssapi:requested_life_time = 3600 Sorry, I should have written 'Samba member server' instead of 'client', although technically speaking, the member server is...
samba4 ad problems
2012 Nov 16
0
samba4 ad problems
Hello, i have a samba4 ad domain with 5 domain controllers. Since 2-3 weeks, i have problems with kerberos, log.samba: [2012/11/16 16:21:11, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:12, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schem...
Kerberos ticket lifetime
2020 Sep 30
2
Kerberos ticket lifetime
> I hope that you're doing well... I am, thanks. I still need to answer your private email, but I didn't find time yet. >>> On the client, add: >>> >>> gensec_gssapi:requested_life_time = <int> # seconds >>> >>> to smb4.conf. E.g. a ticket life time of one hour: >>> >>> gensec_gssapi:requested_life_time = 3600 >> >> Sorry, I should have written 'Samba member server' instead of 'client', al...
Joining a new Samba AD DC
2023 Aug 01
1
Joining a new Samba AD DC
...al -Uadministrator [deleted] Password for [HPRS\administrator]: gensec_update_send: gssapi_krb5[0xd83f00]: subreq: 0xd85680 gensec_update_send: spnego[0xd831e0]: subreq: 0xd83820 gensec_update_done: gssapi_krb5[0xd83f00]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xd85680/../source4/auth/gensec/gensec_gssapi.c:1054]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0xd85810)] timer[(nil)] finish[../source4/auth/gensec/gensec_gssapi.c:1064] gensec_update_done: spnego[0xd831e0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xd83820/../auth/gensec/spnego.c:1601]: state[2] error[0 (0x0)]...
Kerberos ticket lifetime
2020 Sep 30
3
Kerberos ticket lifetime
> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote: > > > On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote: >>>>> On the client, add: >>>>> >>>>> gensec_gssapi:requested_life_time = <int> # seconds >>>>> >>>>> to smb4.conf. E.g. a ticket life time of one hour: >>>>> >>>>> kdc:user ticket lifetime = 24 = 3600 >>>> Sorry, I should have written 'Samba member server' inste...
DC with outdated secrets
2019 Nov 03
2
DC with outdated secrets
...samba-tool domain exportkeytab, I fail to come up with a way to update the secrets file (/var/lib/samba/private/secrets.ldb) with a new machine password. Can you please help me with an idea how to fix this? Currently I have a lot of these: [2019/11/03 13:36:15.516141, 1] ../../source4/auth/gensec/gensec_gssapi.c:331(gensec_gssapi_client_creds) Wrong username or password: kinit for DC3$@MY.DOMAIN failed (Preauthentication failed) and subsequently failing DRS replication. Thanks a lot! Best regards Johannes
Samba 4.2.14 Group Policy (GPO) sync error
2016 Aug 03
3
Samba 4.2.14 Group Policy (GPO) sync error
...l 10 I get the following errors: ---- [2016/08/03 13:12:41.571366, 1] ../auth/kerberos/gssapi_helper.c:291(gssapi_unseal_packet) gss_unwrap_iov failed: Miscellaneous failure (see text): unknown mech-code 0 for mech 1 2 840 113554 1 2 2 [2016/08/03 13:12:41.571495, 0] ../source4/auth/gensec/gensec_gssapi.c:1051(gensec_gssapi_unseal_packet) gssapi_unseal_packet(hdr_signing=1,sig_size=45,data=144,pdu=176) failed: NT_STATUS_ACCESS_DENIED ---- I am specifically worried about the "unknonwn mech-code" error which might indicate some issues regarding Kerberos crypto. I am running Samba on...
Kerberos ticket lifetime
2020 Sep 30
2
Kerberos ticket lifetime
On 9/30/2020 11:15 AM, Rowland penny via samba wrote: > On 30/09/2020 15:51, Jason Keltz via samba wrote: >> Hi. >> >> I have a question about Kerberos ticket lifetime in AD with Samba. >> >> I'm running on CentOS 7 with Samba 4.11.? If I change >> "ticket_lifetime=24h" on the AD server /etc/krb5.conf, or the client >> /etc.krb5.conf, it
Samba 4.2.14 Group Policy (GPO) sync error
2016 Aug 03
0
Samba 4.2.14 Group Policy (GPO) sync error
...---- > [2016/08/03 13:12:41.571366, 1] > ../auth/kerberos/gssapi_helper.c:291(gssapi_unseal_packet) > gss_unwrap_iov failed: Miscellaneous failure (see text): unknown mech- > code 0 > for mech 1 2 840 113554 1 2 2 > [2016/08/03 13:12:41.571495, 0] > ../source4/auth/gensec/gensec_gssapi.c:1051(gensec_gssapi_unseal_packet) > gssapi_unseal_packet(hdr_signing=1,sig_size=45,data=144,pdu=176) > failed: > NT_STATUS_ACCESS_DENIED > ---- > > > I am specifically worried about the "unknonwn mech-code" error which might > indicate some issues regarding...
Kerberos ticket lifetime
2020 Sep 30
0
Kerberos ticket lifetime
On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote: >>>> On the client, add: >>>> >>>> gensec_gssapi:requested_life_time = <int> # seconds >>>> >>>> to smb4.conf. E.g. a ticket life time of one hour: >>>> >>>> gensec_gssapi:requested_life_time = 3600 >>> Sorry, I should have written 'Samba member server' instead of 'client&...
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
...08:20:55.506420,  5] ../auth/gensec/gensec_start.c:739(gensec_start_mech)   Starting GENSEC mechanism spnego [2017/12/27 08:20:55.506501,  5] ../auth/gensec/gensec_start.c:739(gensec_start_mech)   Starting GENSEC submechanism gssapi_krb5 [2017/12/27 08:20:55.536259,  5] ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal)   gensec_gssapi: credentials were delegated [2017/12/27 08:20:55.536320,  5] ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal)   GSSAPI Connection will be cryptographically sealed [2017/12/27 08:20:55.538591,  6] ../lib/util/util_ldb.c...
Samba 4.2.14 Group Policy (GPO) sync error
2016 Aug 04
3
Samba 4.2.14 Group Policy (GPO) sync error
...41, 1] > > ../auth/kerberos/gssapi_helper.c:291(gssapi_unseal_packet) > > gss_unwrap_iov failed: Miscellaneous failure (see text): unknown > mech- > > code 0 > > for mech 1 2 840 113554 1 2 2 > > [2016/08/03 17:48:48.064868, 0] > > ../source4/auth/gensec/gensec_gssapi.c:1051(gensec_gssapi_unseal_packet) > > gssapi_unseal_packet(hdr_signing=1,sig_size=45,data=144,pdu=176) > > failed: > > NT_STATUS_ACCESS_DENIED > > > > > > Many thanks for your patience trying to debug this issue. I am a bit out > > of > > ideas n...
Joining a new Samba AD DC
2023 Aug 02
1
Joining a new Samba AD DC
...deleted] > Password for [HPRS\administrator]: > gensec_update_send: gssapi_krb5[0xd83f00]: subreq: 0xd85680 > gensec_update_send: spnego[0xd831e0]: subreq: 0xd83820 > gensec_update_done: gssapi_krb5[0xd83f00]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xd85680/../source4/auth/gensec/gensec_gssapi.c:1054]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0xd85810)] timer[(nil)] finish[../source4/auth/gensec/gensec_gssapi.c:1064] > gensec_update_done: spnego[0xd831e0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xd83820/../auth/gensec/spnego.c:1601]: state[2] error[0 (0...
include in smb.conf
2020 Jun 09
2
include in smb.conf
Hi Rowland >Hi Marcio, we would need more info, where are you migrating the home folders from ? and where to ? I copied Windows Server 2008 folders and permissions with ROBOCOPY to my Samba 4 server. >I know you mentioned a Win 2008 server, are the home folders stored on that ? The personal folders were stored on it (Windows), but now they are on my new Samba 4 file server. >Another
TSIG error with server: tsig verify failure - Failed DNS update with exit code 5
2023 Nov 17
0
TSIG error with server: tsig verify failure - Failed DNS update with exit code 5
...ec_update_send: gssapi_krb5_sasl[0x55875ce215f0]: subreq: 0x55875c95d990 <27>Nov 16 20:21:05 camus samba[30387]: /usr/local/samba/sbin/samba_dnsupdate: gensec_update_done: gssapi_krb5_sasl[0x55875ce215f0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x55875c95d990/../../source4/auth/gensec/gensec_gssapi.c:1058]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x55875c95db40)] timer[(nil)] finish[../../source4/auth/gensec/gensec_gssapi.c:1068] <27>Nov 16 20:21:05 camus samba[30387]: /usr/local/samba/sbin/samba_dnsupdate: Starting GENSEC mechanism gssapi_krb5_sasl <27&gt...
Samba 4.2.14 Group Policy (GPO) sync error
2016 Aug 04
0
Samba 4.2.14 Group Policy (GPO) sync error
...th/gensec/gensec_start.c:672(gensec_start_mech) > Starting GENSEC mechanism spnego > [2016/08/04 10:44:54.786480, 5] > ../auth/gensec/gensec_start.c:672(gensec_start_mech) > Starting GENSEC submechanism gssapi_krb5 > [2016/08/04 10:44:54.789262, 5] > ../source4/auth/gensec/gensec_gssapi.c:499(gensec_gssapi_update) > gensec_gssapi: NO credentials were delegated > [2016/08/04 10:44:54.789373, 5] > ../source4/auth/gensec/gensec_gssapi.c:514(gensec_gssapi_update) > GSSAPI Connection will be cryptographically sealed > [2016/08/04 10:44:54.806151, 1] > ../auth/...
Kerberos ticket lifetime
2020 Sep 30
0
Kerberos ticket lifetime
...Zandwijk via samba wrote: >> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote: >> >> >> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote: >>>>>> On the client, add: >>>>>> >>>>>> gensec_gssapi:requested_life_time = <int> # seconds >>>>>> >>>>>> to smb4.conf. E.g. a ticket life time of one hour: >>>>>> >>>>>> kdc:user ticket lifetime = 24 = 3600 >>>>> Sorry, I should have written 'Samba member...
Joining a new Samba AD DC
2023 Jul 30
1
Joining a new Samba AD DC
...SEC submechanism gssapi_krb5 Password for [HPRS\administrator]: gensec_update_send: gssapi_krb5[0xeeaf00]: subreq: 0xeec680 gensec_update_send: spnego[0xeea1e0]: subreq: 0xeea820 gensec_update_done: gssapi_krb5[0xeeaf00]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xeec680/../source4/auth/gensec/gensec_gssapi.c:1054]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0xeec810)] timer[(nil)] finish[../source4/auth/gensec/gensec_gssapi.c:1064] gensec_update_done: spnego[0xeea1e0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xeea820/../auth/gensec/spnego.c:1601]: state[2] error[0 (0x0)]...
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
...ensec_start_mech) > >   Starting GENSEC mechanism spnego > > [2017/12/27 08:20:55.506501,  5] > > ../auth/gensec/gensec_start.c:739(gensec_start_mech) > >   Starting GENSEC submechanism gssapi_krb5 > > [2017/12/27 08:20:55.536259,  5] > > ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal) > >   gensec_gssapi: credentials were delegated > > [2017/12/27 08:20:55.536320,  5] > > ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal) > >   GSSAPI Connection will be cryptographically sealed > > [2017/1...
New DNS-Records not aviable
2020 Feb 11
0
New DNS-Records not aviable
...trator at DOMAIN.DE succeeded > gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x209f180 > gensec_update_send: spnego[0x20a1450]: subreq: 0x208fe80 > gensec_update_done: gssapi_krb5[0x20a1840]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x209f180/../../source4/auth/gensec/gensec_gssapi.c:1057]: > state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state > (0x209f330)] timer[(nil)] > finish[../../source4/auth/gensec/gensec_gssapi.c:1067] > gensec_update_done: spnego[0x20a1450]: > NT_STATUS_MORE_PROCESSING_REQUIRED > tevent_req[0x208fe80/../../auth/gensec/s...