search for: kerb

Folks, I seem to have a problem when I upgraded our kerberos from 1.3.1 to 1.4.1 (MIT krb 5), all of a sudden I can't ssh as another user. i.e. ssh host works but ssh joe at host doesn't work. Same with scp's. I've tried recompiling ssh (even though the so-name of kerb libs didn't change), but it didn't work, and still no go...

...bc-md5 forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true [realms] domain.LAN = { kdc = 10.0.0.100:88 # admin_server = 10.0.0.100:749 default_domain = domain.lan } [domain_realm] .domain.lan = DOMAIN.LAN domain.lan = DOMAIN.LAN [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } and my smb.conf file: [global] workgroup = DOMAIN netbios name = SERVIDORES server string = LTSP Server winbind sep...

I cooked this up while trying to figure out why thunderbird on Windows w/ SSPI was not working, but it turned out thunderbird does not use it, so I haven't been able to test it yet. I'm presenting it for discussion only, unless someone else can try it :) Modern versions of MIT kerberos support GSS-SPNEGO natively, but are only willing to negotiate for kerberos tickets and not NTLM messages. This is how the SPNEGO works in libapache-mod-auth-kerb-5.3 which simply passes SPNEGO packets directly to gssapi if the library is new enough. There is even a configure feature test for...

Hi, I'm running OpenSSH 3.8 & 3.9, compiled against Heimdal 0.6.3 for it's GSSAPI & AFS integration. A couple weeks ago, we upgraded our MIT KDC from (ugh) Kerberos 5 1.0.6 to the lastest and greatest 1.3.5. However, it seems that as part of the upgrade, our GSSAPI credentials passing in OpenSSH stopped working. Actually, didn't completely stop... You can still do a GSSAPI-based logon to the same machine, e.g. machine1> ssh machine1 works....

Hi Rowland, Thanks for your explanation. We have set up Samba to authenticate users against an external MIT Kerberos server and usernames match those in Unix password files. The setup was almost exactly like the Ubuntu help page: https://help.ubuntu.com/community/Samba/Kerberos#MIT_Kerberos There are others who have also set up Samba this way: https://serverfault.com/questions/659017/possible-to-authen...

...# We might want to store our files on another file system # We also want to give the user their own directory Entry.file_column :image, {:root_path => "/u/ file_column_db", :store_dir => store_dir_method} e = Entry.new e.image = uploaded_file(file_path("kerb.jpg"), "image/jpeg", "kerb.jpg") assert File.exists?(e.image) assert e.image !~ /\.\./, "#{e.image} is not a simple path" assert_match %r{/u/file_column_db/somebodys_account/images}, e.image end def store_dir_method File.join("so...

...d to open all the other ports otherwise I could not kinit or > anything else. Could you/is there a list of ports which need to be > open for a S3 fileserver which is also a nfs server to be able to > communicate to the rest of the LAN without all ports being opened? > > As we have Kerbeors at both ends maybe it would be better to ssh using > that? --- 1) Define "Better" (less work for which people?, faster operation? easier to manage? But with my idea of better for my usage, whichever works both 'fast' and reliably, is easiest to put in place, and...

...Active Directory for AuthN. There are some great articles and wikis about how to configure SAMBA against AD, but couldn't find much on what I was looking for. For example 1. Does Samba have built in dc locator functionality like windows clients ? 2. What is the default authN it uses, NTLM or Kerb ? 3. I understand from an article (http://timstechnoblog.blogspot.com/search/label/Linux) that Winbind when configured to use * for domain controller will invoke Dc locator mechanism, but couldn't completely understand the relation b/w Samba and Winbind - is it SAMBA always uses winbind for AD...

...t; auth-krb5.c > auth1.c > compat.c > comapt.h > servconf.c > session.c > session.h > sshconnect1.c > sshd_config why do you need to touch these files? for MIT K5? or for adding back the told ticket passing behaviour? i have no string opinion about whether the AFS/Kerb tickets should be passed before or after authentication, however i'd prefer to have it _one_ way, not multiple ways. -m

Is something special required for KerbV auth to work? I've enabled: KerberosAuthentication yes on some test boxes and it doesn't work. I do a kinit, and then ssh and it asks for a password. If y...

Hi, Need you help on this question : 1) How to configure samba for Irix 6.5 (Samba version is 2.0.7 ) to connect to Windows 95 / NT 2) How to make SGI Irix share the printer which are connect to Windows 95 / NT (printserver) Thanks & regards - rosli -

I've setup samba to use ldap. I've propogated the directory. I've setup the kerberos realm. I can authen to samba & browse shares via uid/passw held in ldap. I cannot seem to get samba to accept kerb authen instead of uid/passw. Help...... Thanks. Read the #$@^(!*&$!* manual, and about 200 webpages. Scanning news groups, recompiling..... Grrrrr!

I'm very interesting in attempting to get the control over my windows machines that AD offers, without actually have AD. I know samba 3 can be a AD member server.. Are there any other projects that integrate samba, ldap, kerberos to make a active directory like system? Note that I said AD like. My goals include 1) single sign on through kerb 2) access control through ldap groups 3) directory services for failover of some resources (printers) 4) pushdown of windows security policies Any pointers welcome. prefer open...

...st, Just in order to avoid loosing my time, I would be happy to know any success stories about configuring a Win2k3 as a Samba 3 client, just as any others MS client ( WinNT pro, Win2k pro, WinXP pro ). If so, is there any tuning on the Win2k3 client and the server ( Samba 3 PDC + ldapsam, but no kerb ) ? I'm expecting mistakes with users sharing their roaming profiles between Win2k and Win2k3. Thanks, -- Pierre-Fran?ois LAURAND

... Setting up a Samba PDC with the following: FreeBSD 5.3 Samba 3.0.x OpenLDAP 2.2.x Kerberos (Heimdal) Would like LDAP to take care of both posixAccount(s) and sambaSamAccount(s). Posix account via nsswitch+pam_ldap. Hope to find one complete documentation that describes this setup from scratch, start to finish. A Ports style install of all packages is fine but I can download, com...

...of GPO advantages?, etc). We have the money to upgrade to 2003 on all our 20 servers(20 win2000 server and 2 samba servers). But could save money by consolidating and mixing samba and 2000. Is there really better security in that higher 2003 mode? What in particular? Will winbind (ADS and kerb mode) break? As we use it for squid auth, etc. How long before SAMBA can work at the highest level with 2003? I'm feeling that MS have provided some functional incentives to go with the highest mode. Can someone suggest some ways to take the hype out this higher level? I know from my re...

Anyone able to post a copy of the svn trunk of file_column? The website''s been down for the past few days, and I''ve only got the last release (0.31, I think), which is missing a whole load of goodies. Tx

...assword of the users (without forcing them to reset it) I've red this thread : https://lists.samba.org/archive/samba/2017-April/207637.html. So, it should be possible to backup the unicodePwd attr, then restore it and wipe supplementalCredentials. But, I'd prefer being able to generate AES kerb tickets (as users do not change their password often) Can I backup the whole user entry, and restore it later ? Or just a set of attributes ? Only supplementalCredentials and unicodePwd are enough ? In the SMB 3 days, I could just backup hashes from /etc/shadow and /etc/smb/smbpasswd (or OpenLDAP...

...or several years now to integrate my workstations and laptops into a Windows world. My goal is to be able to hand a Linux laptop to an end user and off they trot with everything in place and properly useable. I'm rather close to my goal. Evolution for Exchange, Libre Office for errrr office, Kerberos all over the shop for as much as possible (Evo EWS can do Kerb). autofs with mount.cifs and Kerb for "drive mappings". CUPS can take Kerb auth and supports everything that prints (ta Apple). You can import your AD CA cert to the OpenSSL trust store so LDAPS works properly and your b...

...amba 4 is running an samba AD DC on a machine called vc1. The samba 4 file services is running on a system called srv1. I've made the share on the srv1 smb.conf and have been able to connect to it using the smbclient tool. I've also been able to connect to it using a fuse file system and a kerb tgt. Connection with smbclient use the form of smbclient \\\\srv1\\share -U IN\user Where IN is my AD DC domain name This works as expected. However, I cannot use a user name in the form of user at IN . I'm not sure if that is the fault of the smbclient tool or something in my setup. kinit...