search for: kacper_wirski

...r fast response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003 Using principal: DOMAINkacper_wirski at AD.MYDOMAIN.COM kinit: Client 'DOMAINkacper_wirski at AD.MYDOMAIN.COM' not found in Kerberos database while getting initial credentials but then when I do: [DOMAIN\kacper_wirski at v...

Hello, I'm setting up AD user logins for centos 7.4 box. I've almost managed to do everything the way I want and the way I think it should be, but I'm missing last piece:   For ssh access I read parts of the https://wiki.samba.org/index.php/OpenSSH_Single_sign-on Most docs recommend using setting in smb.conf: winbind use default domain = no that means that all domain users have

...ing to live migrate VM from remote hyper-v to the one i'm logged in I get authentication error. The weirdest thing is the samba log, it boggles my mind and if anyone has any idea I'll be very thankful notes: BMSRV2$ is machine added to domain with Hyper-V with all spn's and settings kacper_wirski is DOMAIN USER account and in the log there is clearly: " /Kerberos: Server not found in database: kacper_wirski at MYDOMAIN.COM.XYZ: No such entry in the database/* *Which is absurd, as obviously this account exists and is all well and fine. Relevant samba log below. When i do from console...

...from host B (logged in as user from DOMAIN ADMINS group). Kerberos constrained delegation is set in accordnance to microsoft instructions with proper SPN's set (well, proper as in with the workaround I wrote earlier). Below logs from wireshark and Samba 4 DC (the one that handled request). kacper_wirski user, that belongs to DOMAIN ADMINS group is the one "giving" the command. I tried already with different user, also tried the other way round (from host B -> to host A when logged into host B). Same errors. Tried with different Hyper-V host C, same error I have bar to none experi...

...from host B (logged in as user from DOMAIN ADMINS group). Kerberos constrained delegation is set in accordnance to microsoft instructions with proper SPN's set (well, proper as in with the workaround I wrote earlier). Below logs from wireshark and Samba 4 DC (the one that handled request). kacper_wirski user, that belongs to DOMAIN ADMINS group is the one "giving" the command. I tried already with different user, also tried the other way round (from host B -> to host A when logged into host B). Same errors. Tried with different Hyper-V host C, same error I have bar to none experi...

...o + and changed > krb5.conf rule accordingly, it changed nothing. Issue is not with > kerberos for login, it works a-ok. The issue is that for whatever > reason POSIX user is used with full name as principal. > > When i changed winbind separator, my posix user was > "DOMAIN+kacper_wirski", and "kinit" used > > DOMAIN+kacper_wirski at BMAD.BABKAMEDICA.PL as principal. > > > I consider setting up new machine from scratch from centos minimal > and go from there or I'll take my risks and set "use default domain = > yes", then everyt...

On Wed, 1 Nov 2017 19:49:32 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Wed, 1 Nov 2017 20:28:05 +0100 > Kacper Wirski <kacper.wirski at gmail.com> wrote: > > > I'm going to start with clean centos install, so I might as well use > > some additional guidelines, thank You. > > > > When You run kinit, does Your user have

...b5.conf rule accordingly, it changed nothing. Issue is not with > > kerberos for login, it works a-ok. The issue is that for whatever > > reason POSIX user is used with full name as principal. > > > > When i changed winbind separator, my posix user was > > "DOMAIN+kacper_wirski", and "kinit" used > > > > DOMAIN+kacper_wirski at BMAD.BABKAMEDICA.PL as principal. > > > > > > I consider setting up new machine from scratch from centos minimal > > and go from there or I'll take my risks and set "use default domain =...