search for: kadmin

Displaying 20 results from an estimated 152 matches for "kadmin".

Did you mean: admin
2003 Feb 12
2
Samba 3.0 AD usage problems
...ep in "ADS-HOWTO.txt". But mapping a network directory from a Windows client failed (step 4: Test your server setup). (Succeeded in other steps.... Including step 5) Only local users in the samba server can access the share folder. (Please refer to the smb.conf listed below...) And "#kadmin -p administrator" fails with the error message: "kadmin: Database error! Requeired KADM5 principal missing while initializing kadm in interface" My configurations are as followed: Kernel : Linux 2.4.18 Krb5-devel & krb5-lib & krb5-workstation : 1.2.4-1 Openldap-devel : 2.0....
2006 Oct 31
0
6403208 kadmin.local -q ''cpw -randkey <princ>'' not using all supported enctypes
Author: willf Repository: /hg/zfs-crypto/gate Revision: efc14bf5fbfc26ff040aab6292cb3b1d7b6334aa Log message: 6403208 kadmin.local -q ''cpw -randkey <princ>'' not using all supported enctypes Files: update: usr/src/cmd/krb5/kadmin/cli/kadmin.c
2009 Jan 11
1
Configure usage of MS Kerberos
Hi, i would like to use on Centos 5 Microsoft kerberos tickets for authentication for some applications. LDAP FDS for example. For that I have to add some spn to Active Directory. And afterwards to export this to local keytab. --------- kadmin -q "add_principal -randkey ldap/${INSTANCE}.${fully-qualified-domain}" Then, export that key to a keytab file. If you've deployed other services which also authenticate users using Kerberos on the same system, it's recommended that you give each one its own keytab file. kadmi...
2012 Jul 13
1
Understanding kerberos principals in samba4
...ot; but how do you add the principal to the domain? Will adding the missing principal using "samba-tool spn" solve problems like these? According to https://help.ubuntu.com/community/SingleSignOn , you add a host to the kerberos realm by doing these two commands on the kerberos server: kadmin: addprinc -randkey host/client.example.com @ EXAMPLE.COM kadmin: ktadd -k ~/client.keytab host/client.example.com @ EXAMPLE.COM I am guessing that "kadmin: ktadd -k ~/client.keytab host/client.example.com@ EXAMPLE.COM" is the equivalent of "samba-tool domain exportkeytab ~/client.ke...
2008 Nov 07
0
Error: client not found in kerberos database while initializing kadmin interface
...ke it is working fine. I get no errors, I can use kinit, net ads join works, wbinfo and co. work perfectly. The AD sees the computer added, the dns and reverse dns entries are created. Login via ssh even works with the AD users (but not with SSO). To make that work, I need a keytab, but when I run kadmin, I get the error: "client not found in kerberos database while initializing kadmin interface" How can I troubleshoot this? Degbert (losing hair)
2008 Nov 10
2
klist versus kadmin
I'm having a problem with kadmin not doing what klist says should work. klist will show my keytab file (with minus k), but when I try and use a principal in that keytab with kinit, I get an error: kinit(v5): Client not found in Kerberos database while getting initial credentials I setup both the Windows server and the Linux cli...
2015 Sep 04
1
Authentication against Apple Open Directory (was: Re: LDAP authentication without Samba schema)
...host principals correctly on OS X. > > Do you have any update on that? Kerberos should be the right way, but > I'm stuck in a similar spot with my client. We kept on having the > ticket come back as 'service expired'. > > It seems it should be as simple as: > kadmin -l > kadmin> add --random-key cifs/mynas.apples-od.local at APPLES-OD.LOCAL > Max ticket life [unlimited]: > Max renewable life [unlimited]: > Principal expiration time [never]: > Password expiration time [never]: > Attributes []: > Policy [default]: > > kadmin> e...
2009 May 20
1
[PATCH server] update host-browser to use ipa commands rather than kadmin
...r # TODO need a way to test this portion unless (defined? TESTING) || File.exists?(@keytab_filename) # TODO replace with Kr5Auth when it supports admin actions - puts "Writing keytab file: #{@keytab_filename}" unless defined?(TESTING) - kadmin_local('addprinc -randkey ' + libvirt_princ) - kadmin_local('ktadd -k ' + @keytab_filename + ' ' + libvirt_princ) - kadmin_local('addprinc -randkey ' + qpidd_princ) - kadmin_local('ktadd -k ' + @keytab_filename + ' ' +...
2015 Aug 12
2
LDAP authentication without Samba schema
Hi, I am in a position where I would like to have LDAP authentication for CIFS shares, but cannot modify the LDAP server. The LDAP server is Open Directory and does not have the Samba schema included or configured. I only have read only access, a keytab, and possibly a read only bind user. Is this possible? I have attempted to get this working in various ways. I tried enabling plaintext auth and
2017 Sep 25
1
coredump and MIT-krb5 exits when a joined client windows7 try to login on
hi, all, I'm using MIT-krb5 and it seems it's not quite stable. Everything seemed fine and krb5, samba daemon started as well unless I tried to use "ad\xxx" to login a windows7 machine. Here is part coredump log, :Sep 25 15:08:54 pdc.ad.pthl.hk samba[2579]: /usr/sbin/krb5kdc: krb5k= dc: starting... :Sep 25 15:11:56 pdc.ad.pthl.hk samba[2579]: /usr/sbin/krb5kdc:
2012 Mar 21
0
Kerberos failed password not working
...rposefully munge my password multiple times, it does not lock me out.? Nor does getprinc reflect the failed attempts.? I can't find much documentation on this feature, there doesn't seem to be any configuration options in kdc.conf or elsewhere other than in the User Policy.? Even there, the kadmin man page is out of date and doesn't include the password lockout duration flags to add_policy and the like.? Any pointers? [root at hpctest-krb2 ~]# kadmin.local -q 'add_policy -maxlife "101 days" -minlength 8 -minclasses 2 -history 2 -maxfailure 3 -failurecountinterval "5m...
2013 Sep 24
2
delete kerberos databases and start over
...gs say they can't establish a secure connection to authenticate. SSH works; I can get in via putty or via ssh on a Linux box. I have added the users using samba-tool user add jjkwkla. Kinit works. When I kinit jjkwkla, it asks for a password, then complains that it will expire. When I try kadmin, it says 'Authenticating as principal jjkwkla/admin at domain.suffix with password kadmin: Client not found in Kerberos database while initializing kadmin interface' smbclient works. samba-tool testparm complains about long share names, but nothing else. krb5.conf is: [libdefaults]...
2003 Nov 13
1
Client accessing Samba doesn't authenticate against Active Directory
...tgt/3KINGSINC.LOCAL@3KINGSINC.LOCAL renew until 11/13/03 14:18:01 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached ----- Output of kinit administrator@3KINGSINC.LOCAL Password for administrator@3KINGSINC.LOCAL:<passwd> [root@dataserver samba]# ----- Output of kadmin: Authenticating as principal administrator/admin@3KINGSINC.LOCAL with password. kadmin: Client not found in Kerberos database while initializing kadmin interface ----- Output of kadmin -p ADMINISTRATOR@3KINGSINC.LOCAL: Authenticating as principal ADMINISTRATOR@3KINGSINC.LOCAL with password. Passwo...
2016 Feb 25
1
Trouble adding a service principal to keytab
...s, **kwargs) File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 117, in run net.export_keytab(keytab=keytab, principal=principal) Removing the realm from the request fails in the same way. If I was using Kerberos without samba, I would just do: kadmin -q "addprinc -randkey GEMSTONE64/bunk.gemtalksystems.com" kadmin -q "xst -norandkey -k my.keytab GEMSTONE64/bunk.gemtalksystems.com" but I know kadmin is a no-no under samba. How can I get a keytab which contains the service principal? Norm Green
2002 Jul 26
1
Kerberos V help
...that you DO NOT FORGET this password. Enter Password: <password entered> Re-enter Password: <password re-entered> kerberos_config[64]: 3664 Abort(coredump) ERROR: Unable to create the database. Press 'Enter' Key to go back to the main menu... Also when i run kadmin # ./kadmin Enter password: ****** The error is : ------------- /usr/lib/dld.sl: Unresolved symbol: dce_g_ipv6_enabled (data) from /usr/lib/libd4r.1 /usr/lib/dld.sl: Unresolved module for symbol: getservbyname_r (code) from /opt/krb5/lib/libk5.sl Abort(coredump) Suggestions to fix the problem is...
2003 Oct 05
0
nwebie problems.
...i and -vv I get: got principal=pdc$@REALM Doing kerberos session setup signing_good: SMB signature check failed on seq 1! SMB Signature verification failed on incoming packet! failed kerberos session setup with NT_STATUS_OK failed anonymous session setup with NT_STATUS_OK Every 10 minutes or so. kadmin also doesn't seem to work - I get: ]# kadmin Authenticating as principal Username/user@REALM with password. kadmin: Client not found in Kerberos database while initializing kadmin interface. my machine didn't have a /var/kerberos/krb5kdc/kdc.conf file - do I create one by hand or is there...
2005 Jun 28
3
sync ldap samba passwds with heimdal kerberos passwds
How do I sync whem. I have tryied out this in my smb.conf unix password sync = yes passwd program = /usr/sbin/kadmin -l passwd %u passwd chat = "*Password:*" %n\n "*Password:*" %n\n "*" But then i try to change a passwd in windows it rejects it, and telling me that I dont have permissing to change the passwd. Anyone solved this issue?
2019 Mar 19
1
Location of KDC Principal Database on AD-DC
Does the built-in Samba 4.5 Heimdal KDC use a principal database, or is everything Kerberos stored in LDAP? I am trying to add a service/host alias via 'kadmin.heimdal -l' but a database 'dump' results in 'hdp_open: opening /var/lib/heimdal-kdc/heimdal: No such file or directory'. I know just enough Kerberos to be dangerous, so some background on what I am trying to achieve: Two sites with one Samba 4.5 (Debian) AD-DC each. Our users...
2015 Sep 04
0
Authentication against Apple Open Directory (was: Re: LDAP authentication without Samba schema)
...t familiar with how to > handle host principals correctly on OS X. Do you have any update on that? Kerberos should be the right way, but I'm stuck in a similar spot with my client. We kept on having the ticket come back as 'service expired'. It seems it should be as simple as: kadmin -l kadmin> add --random-key cifs/mynas.apples-od.local at APPLES-OD.LOCAL Max ticket life [unlimited]: Max renewable life [unlimited]: Principal expiration time [never]: Password expiration time [never]: Attributes []: Policy [default]: kadmin> ext_keytab cifs/mynas.apples-od.local at APPLE...
2001 Jul 24
1
OpenSSH 2.9p2+Kerberos5 on RH7.1 fails
I've been installing OpenSSH 2.9p2 onto several RedHat Linux machines, after compiling in the GSSAPI/Kerberos5 patch from here: http://www.sxw.org.uk/computing/patches/openssh.html I've been using ssh both to let users in via passwords and Kerberos tickets, and both have been working fine... except for one irritating machine, which (for no good reason I can see) fails when using kerberos