search for: have_libkadm5srv_mit

...> > https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC > > > > ... in reverse: > > > > $ cat /etc/os-release > > NAME="Ubuntu" > > VERSION="18.04.1 LTS (Bionic Beaver)" > > > > $ smbd -b | grep HAVE_LIBKADM5SRV_MIT > > $ > > > > So, no MIT involved on Ubuntu > > > > Cheers > > Jon > > Thanks for that. > > So, it looks like 'RPM' = Experimental, 'DEB' = Production. Of course > there is always 'Gentoo', but I suppose that distro fal...

...braries, isn't that? what would be used?? >> Here's the ldd on the samba binary... > > It depends on how you actually built Samba, did you pass > '--with-system-mitkrb5 --with-experimental-mit-ad-dc' to configure ? > > You could try running 'smbd -b | grep HAVE_LIBKADM5SRV_MIT' on the DC > > Rowland Hi Rowland, Our auto build system is compiling with this: ? ? ? ? ? ? ? ?? --with-acl-support ???????????????? --with-piddir=/run ???????????????? --with-configdir=/etc/samba ???????????????? --with-statedir=/local/samba/locks ???????????????? --with-cached...

...gt;>>> Here's the ldd on the samba binary... >>> >>> It depends on how you actually built Samba, did you pass >>> '--with-system-mitkrb5 --with-experimental-mit-ad-dc' to configure ? >>> >>> You could try running 'smbd -b | grep HAVE_LIBKADM5SRV_MIT' on the DC >>> >>> Rowland >> >> Hi Rowland, >> >> Our auto build system is compiling with this: >> >> ? ? ? ? ? ? ? ?? --with-acl-support >> ???????????????? --with-piddir=/run >> ???????????????? --with-configdir=/etc/samba &g...

...0 Mark Foley wrote: Thanks for that extensive response! --Mark On Sat Jan 28 05:12:23 2023 Rowland Penny via samba <samba at lists.samba.org> wrote > > [deleted] > You should be able to find out if your Samba packages were built with > MIT by running: > > smbd -b | grep HAVE_LIBKADM5SRV_MIT > > You should get nothing returned if Samba was built using the built in > Heimdal. If this is the case, you need to check if you have the MIT > kerberos kdc installed and if so, I suggest you remove it, you can only > have one kdc. > > If you get back 'HAVE_LIBKADM5SRV...

...l-based > > There are some convenient repos on openSUSE-Build-Server.. > > Markus I thought that the standard suse Samba packages were like the rhel ones, you cannot use them for a DC, or are they like the fedora ones, were you can, but shouldn't ? Try running: smbd -b | grep HAVE_LIBKADM5SRV_MIT If you get back: HAVE_LIBKADM5SRV_MIT Then you are using MIT. If you are using MIT, then I suggest you find and use packages that have been compiled for Heimdal. If you cannot find any, then I suggest you use a different OS, such as Debian 11 Rowland

...g the advice here "Verifying if Samba Has Been Built with MIT Kerberos Support" https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC ... in reverse: $ cat /etc/os-release NAME="Ubuntu" VERSION="18.04.1 LTS (Bionic Beaver)" $ smbd -b | grep HAVE_LIBKADM5SRV_MIT $ So, no MIT involved on Ubuntu Cheers Jon

...'s the ldd on the samba binary... >>>> >>>> It depends on how you actually built Samba, did you pass >>>> '--with-system-mitkrb5 --with-experimental-mit-ad-dc' to configure ? >>>> >>>> You could try running 'smbd -b | grep HAVE_LIBKADM5SRV_MIT' on the DC >>>> >>>> Rowland >>> >>> Hi Rowland, >>> >>> Our auto build system is compiling with this: >>> >>> ? ? ? ? ? ? ? ?? --with-acl-support >>> ???????????????? --with-piddir=/run >>> ???????...

...venient repos on openSUSE-Build-Server.. >> >> Markus > I thought that the standard suse Samba packages were like the rhel ones, > you cannot use them for a DC, or are they like the fedora ones, were you > can, but shouldn't ? > > Try running: > > smbd -b | grep HAVE_LIBKADM5SRV_MIT > > If you get back: > > HAVE_LIBKADM5SRV_MIT > > Then you are using MIT. > > If you are using MIT, then I suggest you find and use packages that have > been compiled for Heimdal. If you cannot find any, then I suggest you > use a different OS, such as Debian 11 > &...

Dear all, a month ago I have filed bug #13066 about Samba 4.7 DC using BIND9_DLZ as DNS backend failing to run samba_dnsupdate using MIT Kerberos. The logs show a kerberos error "Request is a replay". Logs attached here: https://bugzilla.samba.org/show_bug.cgi?id=13066. Since I have not received any feedback on the bug report, I am trying this channel if someone has any idea how to fix

...what would be used?? >>> Here's the ldd on the samba binary... >> >> It depends on how you actually built Samba, did you pass >> '--with-system-mitkrb5 --with-experimental-mit-ad-dc' to configure ? >> >> You could try running 'smbd -b | grep HAVE_LIBKADM5SRV_MIT' on the DC >> >> Rowland > > Hi Rowland, > > Our auto build system is compiling with this: > > ? ? ? ? ? ? ? ?? --with-acl-support > ???????????????? --with-piddir=/run > ???????????????? --with-configdir=/etc/samba > ???????????????? --with-statedir=/loc...

...rberos. He fixed everything in his branch, and updates worked. > > > @Andreas: Do you remember if these fixes are all in master/4.7? I can > confirm that dynamic updates fail here on F27 with self-compiled 4.7.1 > and latest master (both with MIT). > > > # smbd -b | grep HAVE_LIBKADM5SRV_MIT > HAVE_LIBKADM5SRV_MIT > > # samba_dnsupdate --verbose --all-names This command does not work correctly because MIT Kerberos has a replay cache to circumvent attacks. This command does replay attacks :-) http://web.mit.edu/kerberos/krb5-devel/doc/basic/rcache_def.html It is not t...

...'s the ldd on the samba binary... >>>> >>>> It depends on how you actually built Samba, did you pass >>>> '--with-system-mitkrb5 --with-experimental-mit-ad-dc' to configure ? >>>> >>>> You could try running 'smbd -b | grep HAVE_LIBKADM5SRV_MIT' on the DC >>>> >>>> Rowland >>> >>> Hi Rowland, >>> >>> Our auto build system is compiling with this: >>> >>> ? ? ? ? ? ? ? ?? --with-acl-support >>> ???????????????? --with-piddir=/run >>> ???????...

...esponse! > > --Mark > > On Sat Jan 28 05:12:23 2023 Rowland Penny via samba <samba at lists.samba.org> wrote >> >> [deleted] > >> You should be able to find out if your Samba packages were built with >> MIT by running: >> >> smbd -b | grep HAVE_LIBKADM5SRV_MIT >> >> You should get nothing returned if Samba was built using the built in >> Heimdal. If this is the case, you need to check if you have the MIT >> kerberos kdc installed and if so, I suggest you remove it, you can only >> have one kdc. >> >> If you get b...

...pdate problems if the system used MIT Kerberos. He fixed everything in his branch, and updates worked. @Andreas: Do you remember if these fixes are all in master/4.7? I can confirm that dynamic updates fail here on F27 with self-compiled 4.7.1 and latest master (both with MIT). # smbd -b | grep HAVE_LIBKADM5SRV_MIT HAVE_LIBKADM5SRV_MIT # samba_dnsupdate --verbose --all-names ... update failed: REFUSED Failed nsupdate: 2 update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdom.example.com DC3.samdom.example.com 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._si...

...in his branch, and updates worked. >> >> >> @Andreas: Do you remember if these fixes are all in master/4.7? I can >> confirm that dynamic updates fail here on F27 with self-compiled 4.7.1 >> and latest master (both with MIT). >> >> >> # smbd -b | grep HAVE_LIBKADM5SRV_MIT >> HAVE_LIBKADM5SRV_MIT >> >> # samba_dnsupdate --verbose --all-names > This command does not work correctly because MIT Kerberos has a replay cache > to circumvent attacks. > > This command does replay attacks :-) > > > http://web.mit.edu/kerberos/krb5-de...

On 10/5/2020 12:16 PM, Rowland penny via samba wrote: > On 05/10/2020 17:01, Jason Keltz via samba wrote: >> On 10/5/2020 11:58 AM, Rowland penny via samba wrote: >> >>> On 05/10/2020 16:30, Jason Keltz via samba wrote: >>>> Hi. >>>> >>>> Using MIT5 backend with Samba.. >>> I hope you mean on the clients, the use of MIT as the

Hi Thorsten, hi Rowland, Am Donnerstag, 12. Januar 2023, 15:57:45 CET schrieb Thorsten Marquardt via samba: > Am 12.01.23 um 14:03 schrieb Rowland Penny via samba: > > On 12/01/2023 12:51, Rowland Penny via samba wrote: > >> On 12/01/2023 12:28, Thorsten Marquardt via samba wrote: > >>> srv-kb-dc1:~ # klist > >>> Ticket cache: DIR::/run/user/0/krb5cc/tkt

On Sat Jan 28 02:37:16 2023 Rowland Penny via samba <samba at lists.samba.org> wrote: > On 28/01/2023 06:44, Mark Foley via samba wrote: > > I wrote earlier about setting the domain user password minimum to > 14 > > characters. It was advised that my first step should be to upgrade from Samba > > 4.8.2 to the most recent version available which for my Slackware 15.0

...n Built with MIT > Kerberos Support" > https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC > > ... in reverse: > > $ cat /etc/os-release > NAME="Ubuntu" > VERSION="18.04.1 LTS (Bionic Beaver)" > > $ smbd -b | grep HAVE_LIBKADM5SRV_MIT > $ > > So, no MIT involved on Ubuntu > > Cheers > Jon Thanks for that. So, it looks like 'RPM' = Experimental, 'DEB' = Production. Of course there is always 'Gentoo', but I suppose that distro falls into the 'compile it yourself' realm :-) Ro...

On Tue, 2018-09-25 at 09:44 +0100, Rowland Penny via samba wrote: > On Mon, 24 Sep 2018 21:22:06 GMT > "Torin Woltjer" <torin.woltjer at granddial.com> wrote: > > > > > Thanks for the quick reply, I believe I am using MIT based on log > > file names; but is there a better way to tell? I'm not very > > knowledgeable about the distinction