search for: hh3

Hi I have Samba 4 installed and working. I recently changed FQDN to dns name hh3.hh3.site. It works OK and e.g. on a windows 7 box which joined the domain, users can logon. But I have a mess in the keytab: klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 HH3$@HH...

...via sssd. Just gone from 4.1.2 to 4.1.3. I've done this: http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html After which the forward zone update is working fine: 2014-01-10T12:32:35.376142+01:00 hh16 named[4963]: samba_dlz: starting transaction on zone hh3.site 2014-01-10T12:32:35.382352+01:00 hh16 named[4963]: samba_dlz: allowing update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site tcpaddr=192.168.1.22 type=A key=4172394391.sig-hh16.hh3.site/160/0 2014-01-10T12:32:35.382917+01:00 hh16 named[4963]: client 192.168.1.22#48586/key CATRAL\$\@HH3.SITE...

Hi everyone After almost 2 days up-time with Samba 4, it failed again. This time it simply will not restart. The krb5.conf had got corrupted. I replaced it with this one from /usr/local/samba/private /etc/krb5.conf [libdefaults] default_realm = HH3.SITE dns_lookup_realm = false dns_lookup_kdc = true It starts up OK: samba -i -d 3 lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf" samba version 4.0.0alpha18-GIT-bfc7481...

Hi openSUSE 12.1 server and client. I can't get the s4 fileserver nor uid:gid mappings working with s4. I used nfs and idmapd instead. It's working, but I've a couple of qns. 1. Server fqdn hh3.hh3.site Samba 4, DNS and NFS4 I set up the nfs server with GSSAPI as in this screenshot: http://2.bp.blogspot.com/-IspbLnfxizc/Txsp-Z1z1tI/AAAAAAAAADk/lsgel498elg/s1600/yastnfs1.png The nfs server would not start until I had made a nfs principal and stuck it in the keytab. Then I could mount the...

Hi After upgrading to Version 4.0.0alpha18-GIT-24ed8c5 on Ubuntu 11.10, Samba 4 no longer looks in the keytab for my nfs server entry: mount -t nfs4 foo bar --o sec=krb5 Kerberos: AS-REQ nfs/hh3.hh3.site at HH3.SITE from ipv4:192.168.1.3:53213 for krbtgt/HH3.SITE at HH3.SITE Kerberos: UNKNOWN -- nfs/hh3.hh3.site at HH3.SITE: no such entry found in hdb The nfs entry is in the keytab: klist -ke /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- ---------------------...

...trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong zone: Kerberos: ENC-TS Pre-authentication succeeded -- LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2014-05-20T14:01:35 starttime: unset endtime: 2014-05-21T00:01:35 renew till: 2014-...

Hi everyone openSUSE 12.1 samba Version 4.0.0alpha18-GIT-30d4484 Following the wiki instructions for Samba 4, I added include "/usr/local/samba/private/named.conf"; to /etc/named.conf (the last line) The logs give: 3 23:52:50 hh3 named[5743]: Loading 'AD DNS Zone' using driver dlopen 3 23:52:50 hh3 named[5743]: dlz_dlopen failed to open library '/usr/local/samba/modules/bind9/dlz_bind9.so' - /usr/local/samba/modules/bind. . .no such file. . . 3 23:52:50 hh3 named[5743]: dlz_dlopen of 'AD DNS Zone'...

...t instead of: mount -t nfs hh1:/home2 /home2 -osec=rw,krb5 I changed to: mount -t cifs //hh1/home2 /home2 -osec=rw,sec=krb5,multiuser This works fine for console logins, but is very slow (unusable) for graphical logins to either LXDE or XFCE. The login sometimes works: Kerberos: AS-REQ steve3 at HH3.SITE from ipv4:192.168.1.41:57380 for krbtgt/HH3.SITE at HH3.SITE Kerberos: Client sent patypes: 149 Kerberos: Looking for PKINIT pa-data -- steve3 at HH3.SITE Kerberos: Looking for ENC-TS pa-data -- steve3 at HH3.SITE Kerberos: No preauth found, returning PREAUTH-REQUIRED -- steve3 at HH3.SITE Ke...

...pdate request is sent. The DC responds correctly as for e.g. successful updates from xp clients. Question, does this work against a DC with bind dlz? Any solution meanwhile? Thanks, Steve Here is the output: sudo nsupdate -g -d [sudo] password for steve: > server 192.168.1.16 > realm HH3.SITE > update add pinoso.hh3.site 3600 A 192.168.1.100 > send Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7006 ;; flags: qr; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;pinoso.hh3.site. IN SOA Reply from SOA query:...

...trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong zone: Kerberos: ENC-TS Pre-authentication succeeded -- LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2014-05-20T14:01:35 starttime: unset endtime: 2014-05-21T00:01:35 renew till: 2014-...

Hi I've rfc2703'd the Samba 4 LDAP for a user e.g. steve4. I can search the database and view it with phpldapadmin. I can't login from a linux console: ldapsearch -LLL "(cn=steve4)" SASL/GSSAPI authentication started SASL username: steve4 at HH3.SITE SASL SSF: 56 SASL data security layer installed. dn: CN=steve4,CN=Users,DC=hh3,DC=site cn: steve4 instanceType: 4 whenCreated: 20111228090516.0Z uSNCreated: 3796 name: steve4 objectGUID:: SmOVmHoGLEKtIAG387qdKg== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLo...

Hi everyone openSUSE 12.1 After a recent Samba 4 pull I have these errors: Dec 7 19:53:37 hh3 named[3121]: command channel listening on 127.0.0.1#953 Dec 7 19:53:37 hh3 named[3121]: the working directory is not writable Dec 7 19:53:37 hh3 named[3121]: managed-keys-zone ./IN: loading from master file /var/lib/named/dyn//managed-keys.bind failed: file not found Dec 7 19:53:37 hh3 named[31...

samba -b Samba version: 4.0.0alpha18-GIT-5c53926 Build environment: Build host: Linux hh3 3.1.0-1.2-desktop #1 SMP PREEMPT Thu Nov 3 14:45:45 UTC 2011 (187dde0) i686 i686 i386 GNU/Linux openSUSE 12.1 i586 Hi everyone. After. ./source4/setup/provision --realm=hh3.site --domain=HH1 --adminpass=SOMEPASSWORD --server-role='domain controller' The wiki howto is for DNS seems to b...

Hi Joining a lubuntu 11.10 client to the domain I get this: net ads join -UAdministrator Enter Administrator's password: Using short domain name -- POLOP Joined 'LUBUNTU7' to realm 'hh3.site' No DNS domain configured for lubuntu7. Unable to perform DNS Update. DNS update failed! during the join this all seems OK: Kerberos: Looking for PKINIT pa-data -- LUBUNTU7$@HH3.SITE Kerberos: Looking for ENC-TS pa-data -- LUBUNTU7$@HH3.SITE Kerberos: No preauth found, returning PREA...

Hi everyone Version 4.0.0alpha18-GIT-bfc7481 openSUSE 12.1 Conventional nfs4 export works fine, but I'm having trouble kerberizing it for Samba 4 for my Samba 4 users. I've setup the nfs4 pseudo stuff like this: hh3:/ # mkdir /export hh3:/ # mkdir /export/home hh3:/ # mount --bind /home /export/home Here is /etc/exports: /export gss/krb5(rw,fsid=0,insecure,no_subtree_check,async) /export/home gss/krb5(rw,nohide,insecure,no_subtree_check,async) /etc/sysconfig/nfs has: NFS_SECURITY_GSS="yes&quot...

...why logins to Linux clients are sometimes slow. Here is a login with the user steve2 requesting his (automounted) home folder: ] Kerberos: TGS-REQ authtime: 2013-05-01T20:57:27 starttime: 2013-05-01T20:57:27 endtime: 2013-05-02T06:57:27 renew till: 2013-05-02T20:57:25 Kerberos: AS-REQ steve2 at HH3.SITE from ipv4:192.168.1.21:58661 for krbtgt/HH3.SITE at HH3.SITE Kerberos: Client sent patypes: 149 Kerberos: Looking for PKINIT pa-data -- steve2 at HH3.SITE Kerberos: Looking for ENC-TS pa-data -- steve2 at HH3.SITE Kerberos: No preauth found, returning PREAUTH-REQUIRED -- steve2 at HH3.SITE Ke...

4.0.6 with 3.6.12 file server Hi Ordinary users can connect fine: smbclient //oliva/users -Usteve2 Enter steve2's password: Domain=[HH3] OS=[Unix] Server=[Samba 3.6.9] smb: \> log: schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/OLIVA schannel_store_session_key_tdb: stored schannel info with key SECRETS/SCHANNEL/OLIVA auth_check_password_send: Checking password for unmapped user [HH3]\[steve2]@[\\HH...

Hi I think I've managed to get the automount classes into the the schema: ldbsearch --url=/usr/local/samba/private/sam.ldb.d/"CN=SCHEMA,CN=CONFIGURATION,DC=HH3,DC=SITE.ldb" | grep "dn: CN=automount" dn: CN=automountKey,CN=Schema,CN=Configuration,DC=hh3,DC=site dn: CN=automount,CN=Schema,CN=Configuration,DC=hh3,DC=site dn: CN=automountInformation,CN=Schema,CN=Configuration,DC=hh3,DC=site dn: CN=automountMapName,CN=Schema,CN=Configuration,DC=...

Hi I'm trying to make a share called dropbox rw for members of a group. /usr/local/samba/etc/smb.conf [global] server role = domain controller workgroup = CACTUS realm = hh3.site netbios name = HH3 passdb backend = samba4 template shell = /bin/bash [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [home] path = /home/CACTUS/%USERNAM...

Hi I have a s3 fileserver joined to a s4 DC Here is smb.conf on the fileserver: [global] workgroup = HH3 realm = HH3.SITE security = ADS kerberos method = system keytab winbind enum users = Yes winbind enum groups = Yes idmap config *:backend = tdb idmap config *:range = 3000-4000 idmap config HH3:backend = ad idmap config HH3:range = 20000-40000000 idmap config HH3:schema_mode = rfc2307 winbind nss...