Displaying 20 results from an estimated 41 matches for "kerberise".
Did you mean:
kerberised
2003 Sep 30
1
AD SAMBA Kerberos participation with other AD Kerberised services
Hi All,
anyone else found that adding a Samba server to an AD domain appears to be incompatible with using an AD Kerberos realm to provide other Kerberised services such as NFS from the same UNIX host?
Problem I have is that when you join an AD domain thorough Samba 3.x net command this creates a computer account in the AD to which the administrator does not know the account password. If you following MS guidelines for configuring other UNIX Kerber...
2016 Aug 03
4
FW: kerberos nfs4's principals and root access
...KrbMethodK5Passwd Off
KrbServiceName HTTP
KrbAuthRealms EXAMPLE.COM
Krb5KeyTab /etc/httpd/conf/keytab
require valid-user
</Directory>
chmod 400 /etc/httpd/conf/keytab
chown www-data:www-data /etc/httpd/conf/keytab
> In fact i'm stuck between my two problems (root acces to Kerberised NFS
> share / www-data access to userdir into a Kerberised NFS share),
> contrary to what I thought It's the root acces the more difficult to
> resolve...
This is because of your layout for your website.
Now, your "abuseing" the user homedir, and normaly thats a private dir...
2003 Dec 03
1
MIT Kerberos with Solaris
As Samba 3.x does not work with the Kerberos included with Solaris (it has no headers) I have to remove it and replace it with MIT kerberos. Does anyone know if Solaris kerberised services will still work normally (without modification) such as kerberised NFS? I briefly tested this and couldn't het it to work, but if someone has a definative answer it might save me a lot of trouble,
thanks in advance, Andy.
BBCi at http://www.bbc.co.uk/
This e-mail (and any attachme...
2016 Aug 02
3
FW: kerberos nfs4's principals and root access
It's ok
So, if I create a httpuser and an httpgroup in my AD and use these at
owner and group for my apache2 daemon, this one could access to userdirs
(while permissions granting it) ? But I need to cron 'kinit' to keep
valid ticket... ?
My local root user always can't access to the share, but my other
problem seems to be resolved.
Thanks
Le 02/08/2016 à 16:37, Rowland
2016 Aug 03
1
FW: kerberos nfs4's principals and root access
...ctory>
> >>> chmod 400 /etc/httpd/conf/keytab
> >>> chown www-data:www-data /etc/httpd/conf/keytab
> >>>
> >> That's exactly what I thought. I'll try this soon.
> >>>> In fact i'm stuck between my two problems (root acces to Kerberised
> NFS
> >>>> share / www-data access to userdir into a Kerberised NFS share),
> >>>> contrary to what I thought It's the root acces the more difficult to
> >>>> resolve...
> >>> This is because of your layout for your website.
> &g...
2016 Aug 03
0
FW: kerberos nfs4's principals and root access
...require valid-user
> > </Directory>
> > chmod 400 /etc/httpd/conf/keytab
> > chown www-data:www-data /etc/httpd/conf/keytab
> >
> That's exactly what I thought. I'll try this soon.
> >> In fact i'm stuck between my two problems (root acces to Kerberised NFS
> >> share / www-data access to userdir into a Kerberised NFS share),
> >> contrary to what I thought It's the root acces the more difficult to
> >> resolve...
> > This is because of your layout for your website.
> > Now, your "abuseing" the...
2017 Apr 17
2
Samba authentication using non-AD Kerberos?
...memory:
> >
> > security=user
> >
> > use kerberos keytab = system keytab
>
> Thanks! Obviously there is no "net ads join" command, so
> anything to be done instead of that?
You need a keytab for cifs/hostname just as you would for IMAP or some
other kerberised service.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
2018 Aug 29
2
Jessie And Stretch samba 4.8.5 ( help/test wanted ) (amd64/i386)
Hai Achim,
Thank you for helping out a bit. Very welkom.
For the 4.8.5 anything with winbind because there was a location change in the krb5_locator
(Winbind krb5 locator, to usr/lib/*/krb5/plugins/winbind) ( was bugzilla nr 13489 )
Im deploying now a to my production, sofar i dont any seen problem.
The where a lot of changes in the build, better safe then sorry..
Greetz,
Louis
2007 Jan 02
1
Getting host keys with samba
I have samba working find against our windows 2000/3 network under
solaris 9/10. Users can attach to samba using the Kerberos credentials
on their windows XP PCs.
I would now like to kerberise the unix applications. Statring with the
supplied Sun rlogind, telnetd, etc.
As I understand things I now need to have a host key on the end systems.
Will samba's net ads keytab create do this for me? And avoid me having
to run ktpass.exe on windows for each and every host?
I am h...
2016 Aug 03
1
FW: kerberos nfs4's principals and root access
...e... After some research, I think I need to
install mod_auth_krb5 to specify at least how to find this keytab (even
if I don't need Apache authentication against Kerberos).
I will try this today and comme back to say if it works !
In fact i'm stuck between my two problems (root acces to Kerberised NFS
share / www-data access to userdir into a Kerberised NFS share),
contrary to what I thought It's the root acces the more difficult to
resolve...
Thanks Rowland,
Greetz,
Bruno
Le 02/08/2016 à 18:20, Rowland Penny a écrit :
> On Tue, 2 Aug 2016 17:05:37 +0200
> Bruno MACADRÉ <...
2008 Aug 13
1
"security = server" vs "security = domain" + samba auth problems
...rse negTokenTarg at offset 54
Started to wonder why this was happening, then read more about
"security = domain" and found:
"In order for this method to work, the Samba server needs to join the
MS Windows NT security domain"
Well, of course I don't have this. I have a kerberised samba solaris
host using an OpenLDAP system as a PDC/KDC. How does one achieve
"security = domain" in this circumstance? How does my samba server
join the OpenLDAP "domain" per se?
Thanks.
JC
2019 Apr 26
1
Configured AD backend but getting different uid and gid
...> However, I need to find a way to take care of the
> mapping after the domain user log in.
You mean a domain users login on a linux member?
I use CIFS/NFS auto mounting homedirs, i use NFSv4 (kerberized) and automounting currently.
I'll make a small howto on howto setup the NFSv4 kerberised part, my current setup is stable and im can repeat it without problems.
And as usual, it is pretty easy IF you know how. ;-)
And is you "different gid/uid" problem also solved?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.s...
2009 Mar 11
1
Samba PDC - Kerberised CIFS access
Hi All,
I have machine M1 hosting Samba PDC. It stores only user information.
I have machine M2 acting as KDC server.
I have machine M3 hosting CIFS shares and it joins into the domain hosted
by PDC M1.
I have machine M4 used as CIFS client.
On M2, I have added users and cifs/host service principals for M3. Also
added service principal in keytab file.
I have added all the user and service
2012 Feb 09
1
Unable to create principle and join domain with solaris / samba 3.5.8
Has anyone had any success using net ads join to create a new service
principal and join Active Directory using samba 3.5.8. This works fine
in 3.0.35 but I'm not able to get a working create/join with 3.5.8
In samba 3.0.35 (on a host which is already allowing kerberised
loginsvia AD), the following works:
net ads join createupn='CIFS/host.domain.com' \
createcomputer='path/to/principal/' -U myadlogin
After upgrading and restarting, samba works fine but deleting the AD
service principal and samba/private files to reconfigure, the net join
fails:...
2019 Jul 10
1
Winbind issues with AD member file server
...2
> 2
> > }) Unspecified GSS failure. Minor code may provide more information,
> > Client 'host/smb.soe.ucsc.edu at AD.SOE.UCSC.EDU' not found in Kerberos
> > database
>
> It would complain, GSS is a kerberos thing, so you need a ticket for it.
>
> Can you kerberise NFS ?
>
Kerberizing NFS is something we've wanted to do for a while as a way out of
our low ID issue but wasn't ever implemented. We may be forced to do it
now.
> > We have an existing Samba 4.8.3 server that is configured to use the ldap
> > backend and does not run winb...
2006 Jan 18
1
MIT KDC for Samba authentication?
Hi Samba Users,
I have Samba providing shares to several XP clients. The clients
currently authenticate using private/smbpasswd. I do not have an Active
Directory server nor any Windows servers.
I also have an MIT KDC. Various services have been Kerberised including
SSH (proper GSSAPI negotiation) and Apache (Basic auth). This is all
functioning correctly. The Apache login and SSH logins from the XP
clients obviously are not SSO.
I want the Samba software to use Kerberos authentication as well.
However it won't be possible for the XP clients t...
2015 Sep 11
1
SAMBA as AD DC
...t's more interesting
> is that you CAN make Samba 4 from EL 7 work with FreeIPA for
> authentication via NTLM AND Kerberos. I already have implemented this
> using the stock Red Hat Packages and authentication works via FreeIPA
> using both MS-RPC authentication in NTLM form and Kerberised
> authentication. ....
>
This means that that never will be a samba-ad for redhat/centos.
Then, if I as I understand the reply, with Centos7 + Samba 4 in old NT4
-DC mode + Kerberos + FreeIPA ( I do not know what it is FreeIPA) it's
possible setup a Linux PDC working with all version...
2017 Apr 20
4
Samba AD DC autenticated by non-AD Kerberos (~ Re: Samba authentication using non-AD Kerberos?)
On Thu, 20 Apr 2017 07:32:16 -0600 (MDT)
S P Arif Sahari Wibowo via samba <samba at lists.samba.org> wrote:
> On 2017-04-20, 03:35, Andrew Bartlett via samba wrote:
> > I think you really want to move to Samba as an AD DC.
>
> In that case, how can I setup a Samba AD DC which has its
> authentication came from another non-AD Kerberos service?
> Preferably in a
2019 Jul 10
2
Winbind issues with AD member file server
I agree that this sounds like, and indeed is, a recipe for disaster. I was
going to explain some of the woes of our environment but I don't think it's
actually relevant after looking at my problem a bit more. If I'm way off
base I'm happy to be herded back, but please tolerate me as I share what I
am seeing today because I really hope to solve the narrow issue of SMB file
access
2017 Apr 19
2
Samba authentication using non-AD Kerberos?
...rberos
> server as the authentication source.
>
> Will this be possible?
>
> Can this be done without the MS Windows and macOS client have direct
> access to the Kerberos server?
>
>> You need a keytab for cifs/hostname just as you would for IMAP or some
>> other kerberised service.
>
> Do you know how this works in MS Windows / macOS?
>
There is a tutorial how to make a Kerberos server to be a samba server too.
It is available at:
http://www.danbishop.org/2015/01/30/ubuntu-14-04-ultimate-server-guide/8/