Displaying 20 results from an estimated 149 matches for "gensec_gssapi".
2020 Sep 30
2
Kerberos ticket lifetime
>
> On the client, add:
>
> gensec_gssapi:requested_life_time = <int> # seconds
>
> to smb4.conf. E.g. a ticket life time of one hour:
>
> gensec_gssapi:requested_life_time = 3600
Sorry, I should have written 'Samba member server' instead of 'client', although technically speaking, the member server is...
2012 Nov 16
0
samba4 ad problems
Hello,
i have a samba4 ad domain with 5 domain controllers.
Since 2-3 weeks, i have problems with kerberos, log.samba:
[2012/11/16 16:21:11, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed
[2012/11/16 16:21:12, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit)
Replicated 0 objects (0 linked attributes) for CN=Schem...
2020 Sep 30
2
Kerberos ticket lifetime
> I hope that you're doing well...
I am, thanks. I still need to answer your private email, but I didn't find time yet.
>>> On the client, add:
>>>
>>> gensec_gssapi:requested_life_time = <int> # seconds
>>>
>>> to smb4.conf. E.g. a ticket life time of one hour:
>>>
>>> gensec_gssapi:requested_life_time = 3600
>>
>> Sorry, I should have written 'Samba member server' instead of 'client', al...
2023 Aug 01
1
Joining a new Samba AD DC
...al -Uadministrator
[deleted]
Password for [HPRS\administrator]:
gensec_update_send: gssapi_krb5[0xd83f00]: subreq: 0xd85680
gensec_update_send: spnego[0xd831e0]: subreq: 0xd83820
gensec_update_done: gssapi_krb5[0xd83f00]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xd85680/../source4/auth/gensec/gensec_gssapi.c:1054]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0xd85810)] timer[(nil)] finish[../source4/auth/gensec/gensec_gssapi.c:1064]
gensec_update_done: spnego[0xd831e0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xd83820/../auth/gensec/spnego.c:1601]: state[2] error[0 (0x0)]...
2020 Sep 30
3
Kerberos ticket lifetime
> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote:
>
>
> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote:
>>>>> On the client, add:
>>>>>
>>>>> gensec_gssapi:requested_life_time = <int> # seconds
>>>>>
>>>>> to smb4.conf. E.g. a ticket life time of one hour:
>>>>>
>>>>> kdc:user ticket lifetime = 24 = 3600
>>>> Sorry, I should have written 'Samba member server' inste...
2019 Nov 03
2
DC with outdated secrets
...samba-tool domain
exportkeytab, I fail to come up with a way to update the secrets file
(/var/lib/samba/private/secrets.ldb) with a new machine password.
Can you please help me with an idea how to fix this?
Currently I have a lot of these:
[2019/11/03 13:36:15.516141, 1]
../../source4/auth/gensec/gensec_gssapi.c:331(gensec_gssapi_client_creds)
Wrong username or password: kinit for DC3$@MY.DOMAIN failed
(Preauthentication failed)
and subsequently failing DRS replication.
Thanks a lot!
Best regards
Johannes
2016 Aug 03
3
Samba 4.2.14 Group Policy (GPO) sync error
...l 10 I get the following errors:
----
[2016/08/03 13:12:41.571366, 1]
../auth/kerberos/gssapi_helper.c:291(gssapi_unseal_packet)
gss_unwrap_iov failed: Miscellaneous failure (see text): unknown mech-code 0
for mech 1 2 840 113554 1 2 2
[2016/08/03 13:12:41.571495, 0]
../source4/auth/gensec/gensec_gssapi.c:1051(gensec_gssapi_unseal_packet)
gssapi_unseal_packet(hdr_signing=1,sig_size=45,data=144,pdu=176) failed:
NT_STATUS_ACCESS_DENIED
----
I am specifically worried about the "unknonwn mech-code" error which might
indicate some issues regarding Kerberos crypto. I am running Samba on...
2020 Sep 30
2
Kerberos ticket lifetime
On 9/30/2020 11:15 AM, Rowland penny via samba wrote:
> On 30/09/2020 15:51, Jason Keltz via samba wrote:
>> Hi.
>>
>> I have a question about Kerberos ticket lifetime in AD with Samba.
>>
>> I'm running on CentOS 7 with Samba 4.11.? If I change
>> "ticket_lifetime=24h" on the AD server /etc/krb5.conf, or the client
>> /etc.krb5.conf, it
2016 Aug 03
0
Samba 4.2.14 Group Policy (GPO) sync error
...----
> [2016/08/03 13:12:41.571366, 1]
> ../auth/kerberos/gssapi_helper.c:291(gssapi_unseal_packet)
> gss_unwrap_iov failed: Miscellaneous failure (see text): unknown mech-
> code 0
> for mech 1 2 840 113554 1 2 2
> [2016/08/03 13:12:41.571495, 0]
> ../source4/auth/gensec/gensec_gssapi.c:1051(gensec_gssapi_unseal_packet)
> gssapi_unseal_packet(hdr_signing=1,sig_size=45,data=144,pdu=176)
> failed:
> NT_STATUS_ACCESS_DENIED
> ----
>
>
> I am specifically worried about the "unknonwn mech-code" error which might
> indicate some issues regarding...
2020 Sep 30
0
Kerberos ticket lifetime
On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote:
>>>> On the client, add:
>>>>
>>>> gensec_gssapi:requested_life_time = <int> # seconds
>>>>
>>>> to smb4.conf. E.g. a ticket life time of one hour:
>>>>
>>>> gensec_gssapi:requested_life_time = 3600
>>> Sorry, I should have written 'Samba member server' instead of 'client&...
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
...08:20:55.506420, 5]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC mechanism spnego
[2017/12/27 08:20:55.506501, 5]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC submechanism gssapi_krb5
[2017/12/27 08:20:55.536259, 5]
../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal)
gensec_gssapi: credentials were delegated
[2017/12/27 08:20:55.536320, 5]
../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal)
GSSAPI Connection will be cryptographically sealed
[2017/12/27 08:20:55.538591, 6] ../lib/util/util_ldb.c...
2016 Aug 04
3
Samba 4.2.14 Group Policy (GPO) sync error
...41, 1]
> > ../auth/kerberos/gssapi_helper.c:291(gssapi_unseal_packet)
> > gss_unwrap_iov failed: Miscellaneous failure (see text): unknown
> mech-
> > code 0
> > for mech 1 2 840 113554 1 2 2
> > [2016/08/03 17:48:48.064868, 0]
> > ../source4/auth/gensec/gensec_gssapi.c:1051(gensec_gssapi_unseal_packet)
> > gssapi_unseal_packet(hdr_signing=1,sig_size=45,data=144,pdu=176)
> > failed:
> > NT_STATUS_ACCESS_DENIED
> >
> >
> > Many thanks for your patience trying to debug this issue. I am a bit out
> > of
> > ideas n...
2023 Aug 02
1
Joining a new Samba AD DC
...deleted]
> Password for [HPRS\administrator]:
> gensec_update_send: gssapi_krb5[0xd83f00]: subreq: 0xd85680
> gensec_update_send: spnego[0xd831e0]: subreq: 0xd83820
> gensec_update_done: gssapi_krb5[0xd83f00]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xd85680/../source4/auth/gensec/gensec_gssapi.c:1054]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0xd85810)] timer[(nil)] finish[../source4/auth/gensec/gensec_gssapi.c:1064]
> gensec_update_done: spnego[0xd831e0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xd83820/../auth/gensec/spnego.c:1601]: state[2] error[0 (0...
2020 Jun 09
2
include in smb.conf
Hi Rowland
>Hi Marcio, we would need more info, where are you migrating the
home folders from ? and where to ?
I copied Windows Server 2008 folders and permissions with ROBOCOPY to my
Samba 4 server.
>I know you mentioned a Win 2008 server, are the home folders stored
on that ?
The personal folders were stored on it (Windows), but now they are on my
new Samba 4 file server.
>Another
2023 Nov 17
0
TSIG error with server: tsig verify failure - Failed DNS update with exit code 5
...ec_update_send:
gssapi_krb5_sasl[0x55875ce215f0]: subreq: 0x55875c95d990
<27>Nov 16 20:21:05 camus samba[30387]:
/usr/local/samba/sbin/samba_dnsupdate: gensec_update_done:
gssapi_krb5_sasl[0x55875ce215f0]: NT_STATUS_MORE_PROCESSING_REQUIRED
tevent_req[0x55875c95d990/../../source4/auth/gensec/gensec_gssapi.c:1058]:
state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
(0x55875c95db40)] timer[(nil)]
finish[../../source4/auth/gensec/gensec_gssapi.c:1068]
<27>Nov 16 20:21:05 camus samba[30387]:
/usr/local/samba/sbin/samba_dnsupdate: Starting GENSEC mechanism
gssapi_krb5_sasl
<27>...
2016 Aug 04
0
Samba 4.2.14 Group Policy (GPO) sync error
...th/gensec/gensec_start.c:672(gensec_start_mech)
> Starting GENSEC mechanism spnego
> [2016/08/04 10:44:54.786480, 5]
> ../auth/gensec/gensec_start.c:672(gensec_start_mech)
> Starting GENSEC submechanism gssapi_krb5
> [2016/08/04 10:44:54.789262, 5]
> ../source4/auth/gensec/gensec_gssapi.c:499(gensec_gssapi_update)
> gensec_gssapi: NO credentials were delegated
> [2016/08/04 10:44:54.789373, 5]
> ../source4/auth/gensec/gensec_gssapi.c:514(gensec_gssapi_update)
> GSSAPI Connection will be cryptographically sealed
> [2016/08/04 10:44:54.806151, 1]
> ../auth/...
2020 Sep 30
0
Kerberos ticket lifetime
...Zandwijk via samba wrote:
>> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote:
>>
>>
>> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote:
>>>>>> On the client, add:
>>>>>>
>>>>>> gensec_gssapi:requested_life_time = <int> # seconds
>>>>>>
>>>>>> to smb4.conf. E.g. a ticket life time of one hour:
>>>>>>
>>>>>> kdc:user ticket lifetime = 24 = 3600
>>>>> Sorry, I should have written 'Samba member...
2023 Jul 30
1
Joining a new Samba AD DC
...SEC submechanism gssapi_krb5
Password for [HPRS\administrator]:
gensec_update_send: gssapi_krb5[0xeeaf00]: subreq: 0xeec680
gensec_update_send: spnego[0xeea1e0]: subreq: 0xeea820
gensec_update_done: gssapi_krb5[0xeeaf00]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xeec680/../source4/auth/gensec/gensec_gssapi.c:1054]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0xeec810)] timer[(nil)] finish[../source4/auth/gensec/gensec_gssapi.c:1064]
gensec_update_done: spnego[0xeea1e0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0xeea820/../auth/gensec/spnego.c:1601]: state[2] error[0 (0x0)]...
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
...ensec_start_mech)
> > Starting GENSEC mechanism spnego
> > [2017/12/27 08:20:55.506501, 5]
> > ../auth/gensec/gensec_start.c:739(gensec_start_mech)
> > Starting GENSEC submechanism gssapi_krb5
> > [2017/12/27 08:20:55.536259, 5]
> > ../source4/auth/gensec/gensec_gssapi.c:668(gensec_gssapi_update_internal)
> > gensec_gssapi: credentials were delegated
> > [2017/12/27 08:20:55.536320, 5]
> > ../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal)
> > GSSAPI Connection will be cryptographically sealed
> > [2017/1...
2020 Feb 11
0
New DNS-Records not aviable
...trator at DOMAIN.DE succeeded
> gensec_update_send: gssapi_krb5[0x20a1840]: subreq: 0x209f180
> gensec_update_send: spnego[0x20a1450]: subreq: 0x208fe80
> gensec_update_done: gssapi_krb5[0x20a1840]:
> NT_STATUS_MORE_PROCESSING_REQUIRED
> tevent_req[0x209f180/../../source4/auth/gensec/gensec_gssapi.c:1057]:
> state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
> (0x209f330)] timer[(nil)]
> finish[../../source4/auth/gensec/gensec_gssapi.c:1067]
> gensec_update_done: spnego[0x20a1450]:
> NT_STATUS_MORE_PROCESSING_REQUIRED
> tevent_req[0x208fe80/../../auth/gensec/s...