search for: intranet

...nd. The krb.conf was as long and ugly as the smb.conf, already cut most of it, but your 3 line example configuration did not work fully. With the following getting kerberos tickets and the domain join are still working. Thanks for the ongoing support! My krb5.conf: [libdefaults] default_realm = INTRANET.MAYWEG.NET dns_lookup_realm = false dns_lookup_kdc = true [realms] INTRANET.MAYWEG.NET = { kdc = 192.168.11.250 admin_server = 192.168.11.250 default_domain = INTRANET.MAYWEG.NET } [domain_realm] .intranet.mayweg.net = INTRANET.MAYWEG.NET intranet.mayweg.net = INTRANET.MAYWEG.NET On 20 Marc...

...authentication Winbind NT/Active Directory authentication LDAP Authentication GNOME Keyring Daemon - Login keyring management ConsoleKit Session Management > > Rowland > > Thanks for the ongoing support! >> >> My krb5.conf: >> [libdefaults] >> default_realm = INTRANET.MAYWEG.NET <http://INTRANET.MAYWEG.NET> >> dns_lookup_realm = false >> dns_lookup_kdc = true >> >> [realms] >> INTRANET.MAYWEG.NET <http://INTRANET.MAYWEG.NET> = { >> kdc = 192.168.11.250 >> admin_server = 192.168.11.250 >> default_domai...

...| grep -i dlz 19-Mar-2015 08:05:26.396 Registering DLZ_dlopen driver 19-Mar-2015 08:05:26.396 Registering SDLZ driver 'dlopen' 19-Mar-2015 08:05:26.396 Registering DLZ driver 'dlopen' 19-Mar-2015 08:05:26.405 Loading SDLZ driver. 19-Mar-2015 08:05:26.646 samba_dlz: started for DN DC=intranet,DC=mayweg,DC=net 19-Mar-2015 08:05:26.646 SDLZ driver loaded successfully. 19-Mar-2015 08:05:26.646 DLZ driver loaded successfully. 19-Mar-2015 08:05:26.646 samba_dlz: starting configure 19-Mar-2015 08:05:26.647 samba_dlz: configured writeable zone '11.168.192.in-addr.arpa' 19-Mar-2015 08:0...

...and so on... That's means, a connection could be established from both systems to each other. Connection in both directions: ============================== Server A <---> Server B Now I will write a program, that synchronises also two servers but only in one way. One server is in the intranet zone and the other in the internet zone. The challenge in this exercise is, that a connection could only be established from the intranet server to the internet server, but not in the other direction. Connections from the internet server to the intranet server will be blocked by the firewall. Conn...

...File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 129, in run >> net.export_keytab(keytab=keytab, principal=principal) >> >> Steps taken to recreate: >> >> 1. Create a user for the SPN >> >> samba-tool user create web-intranet-macmini >> <provided password when prompted> >> >> 2. Add the SPN: >> >> samba-tool spn add HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD web-intranet-macmini >> <succeeded without error> >> >> 3. Export the keytab file to...

...his. *IP Server:* 192.168.1.99 *[root at smb ~]# smbd -V* Version 4.2.13 *[root at smb ~]# smbclient -V* Version 4.2.13 *I try install version 4.4.4 but this error continues* *[root at smb ~]# cat /etc/samba/smb.conf* # Global parameters [global] workgroup = ROPA realm = ROPA.INTRANET netbios name = SMB server role = active directory domain controller dns forwarder = 8.8.8.8 [netlogon] path = /usr/local/samba/var/locks/sysvol/ropa.intranet/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only...

...cmd/domain.py", line 129, in run >>>> net.export_keytab(keytab=keytab, principal=principal) >>>> >>>> Steps taken to recreate: >>>> >>>> 1. Create a user for the SPN >>>> >>>> samba-tool user create web-intranet-macmini >>>> <provided password when prompted> >>>> >>>> 2. Add the SPN: >>>> >>>> samba-tool spn add HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD <mailto:HTTP/hostname.domain2.domain1.tld at domain2.domain1.tld>...

Hi folks, big problem with my testint environment... my windows 2003-domain exists since 2004 and the credentials are correct, guaranteed. This problem is actually same on Ubuntu 12.04.3 and Debian 7... <code> root at pa-lnxd-04:~# /usr/local/samba/bin/samba-tool domain join INTRANET.DOMAIN.DE DC -Uintranet/admin --realm=intranet.DOMAIN.de Finding a writeable DC for domain 'INTRANET.DOMAIN.DE' Found DC wi-pas01.intranet.DOMAIN.de Password for [INTRANET\admin]: workgroup is INTRANET realm is intranet.DOMAIN.de checking sAMAccountName Adding CN=PA-LNXD-04,OU=Domain Contr...

...e dns when I'm work with more than one DC server. When samba (or bind) need to reload all zones, the module bind9_dlz is shutting down and then all my environment stops and I need to restart the bind to up again. See my log: ... Jan 10 22:32:41 movd-gcp-002 named[9728]: Loading 'lovato.intranet' using driver dlopen Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: starting configure Jan 10 22:32:41 movd-gcp-002 named[9728]: samba_dlz: Ignoring duplicate zone 'lovato.intranet' from 'DC=@,DC=lovato.intranet,CN=MicrosoftDNS,DC=DomainDnsZones,DC=lovato,DC=intranet' Jan...

...you for the answers Peter and Rowland and sorry to everybody for the spam...switched to another e-mail address and hope my messages will arrive only once from now on. As I wrote in my first mail, Kerberos does work. I can successfully request and list a ticket on the AC DC. kinit administrator at INTRANET.MAYWEG.NET Password for administrator at INTRANET.MAYWEG.NET: klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at INTRANET.MAYWEG.NET Valid starting Expires Service principal 19.03.2015 10:05:48 19.03.2015 20:05:48 krbtgt/ INTRANET.MAYWEG.NET at INTRANET...

...omedir = /home/HCCMHMRC template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config * : range = 16777216-33554431 idmap config * : backend = tdb cups options = raw [Intranet] path = /home/Intranet valid users = @intranet read only = No Not sure what you mean by ACL on the folder but here's this: drwxrwxr-x 6 apache intranet 4096 Dec 10 14:34 Intranet Carl Carpenter Director, Information Services Hill Country MHDD Centers (830)258-...

...ackages/samba/netcmd/domain.py", >>> line 129, in run >>> net.export_keytab(keytab=keytab, principal=principal) >>> >>> Steps taken to recreate: >>> >>> 1. Create a user for the SPN >>> >>> samba-tool user create web-intranet-macmini >>> <provided password when prompted> >>> >>> 2. Add the SPN: >>> >>> samba-tool spn add >>> HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD >>> <mailto:HTTP/hostname.domain2.domain1.tld at domain2.domain1.t...

...he end of the log. I saw samba source code and found the destroy dns function in dlz_bind9.c and called by turture blz_bind9.c. When dlz_bind9.c is shutting down, I get this error when I try to update dns. update failed: NOTAUTH Failed nsupdate: 2 update(nsupdate): SRV _ldap._tcp.ForestDnsZones.intranet.dominio movd-gcp-003.intranet.dominio 389 Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.intranet.dominio movd-gcp-003.intranet.dominio 389 (add) Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;;...

...ck to the old and ugly smb.conf ;) Will try to add/exchange some lines to create a working minimal configuration. I added the rather simple hosts and resolv.conf files of server13 as well. The new smb.conf: [global] netbios name = server13 workgroup = MAYWEG.NET security = ADS realm = INTRANET.MAYWEG.NET dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config MAYWEG.NET:backend = ad idmap config MAYWEG.NET:schema_mode = rfc2307 idmap config MAYWEG.NET:range = 10000-99999...

...| grep -i dlz 19-Mar-2015 08:05:26.396 Registering DLZ_dlopen driver 19-Mar-2015 08:05:26.396 Registering SDLZ driver 'dlopen' 19-Mar-2015 08:05:26.396 Registering DLZ driver 'dlopen' 19-Mar-2015 08:05:26.405 Loading SDLZ driver. 19-Mar-2015 08:05:26.646 samba_dlz: started for DN DC=intranet,DC=mayweg,DC=net 19-Mar-2015 08:05:26.646 SDLZ driver loaded successfully. 19-Mar-2015 08:05:26.646 DLZ driver loaded successfully. 19-Mar-2015 08:05:26.646 samba_dlz: starting configure 19-Mar-2015 08:05:26.647 samba_dlz: configured writeable zone '11.168.192.in-addr.arpa' 19-Mar-2015 08:0...

...quot;, line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 129, in run net.export_keytab(keytab=keytab, principal=principal) Steps taken to recreate: 1. Create a user for the SPN samba-tool user create web-intranet-macmini <provided password when prompted> 2. Add the SPN: samba-tool spn add HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD web-intranet-macmini <succeeded without error> 3. Export the keytab file to be used on the intranet host: samba-tool domain exportkeytab ~/intranet...

...licy creator owners read-only domain controllers grupo_tecnologia *[root at smb~]# cat /etc/security/limits.conf* root hard nofile 131072 root soft nofile 65536 mioutente hard nofile 32768 mioutente soft nofile 16384 *[root at smb~]# cat /etc/krb5.conf* [libdefaults] default_realm = ROPA.INTRANET dns_lookup_realm = false dns_lookup_kdc = true [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log ROPA.INTRANET = { kdc = smb.ropa.intranet default_domain = ropa.intranet a...

...and that's a discussion in a future thread.  Note "domain" is a replacement for the actual domain name.  Nothing is internet facing, and shouldn't be apart from DNS (well, I hope!). --------------------------------------------------------------------- Old AD Name - ad.domain.intranet IP - 192.168.0.17 Operating System: Debian GNU/Linux 9 (stretch) Kernel: Linux 4.9.0-8-amd64 Samba version: 4.5.12-Debian /etc/hostname: ad /etc/hosts: 127.0.0.1       localhost 192.168.0.17    ad.domain.intranet ad 192.168.0.21    domain-ad.domain.intranet     domain-ad # The following lines ar...

I´m not suscribed to the list. Hi, i have a little intranet with 2 servers, both of them are running mandrake 10, one of them is dedicated as firewall and router, this one use shorewall 2.0 and has been configured like says on the quick guide for two interfaces. The other one is been used as webserver, mail server and ftp server. I used apache 2.0 as we...

...enBSD uses newer openssh server. I looked through the release notes and didn't see any changes related to internal-sftp. I fixed the /home/chroot-user/etc/localtime permissions to 0644 and run strace on internal-sftp process and got following output: read(0, "\0\0\0\23\v\0\0\0009\0\0\0\n/intranet/", 16384) = 23 openat(AT_FDCWD, "/intranet/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3 select(2, [0], [1], NULL, NULL) = 1 (out [1]) write(1, "\0\0\0\rf\0\0\0009\0\0\0\4\0\0\0\0", 17) = 17 select(2, [0], [], NULL, NULL) = 1 (in [0]) read(0, "\0\0...