search for: kerberos

Displaying 20 results from an estimated 9578 matches for "kerberos".

2006 Mar 30
0
Samba 3.0.21c on AIX 5.2 ML7
...m = CORP.YW.KELDA security = ADS log level = 3 log file = /opt/Samba/3.0.21b/var/log.%m ldap ssl = no [WMSTRAIN:root]/opt/samba-3.0.21c/lib> net ads join -U Administrator Administrator's password: Using short domain name -- CORP [2006/03/30 11:07:04, 0] libads/kerberos.c:get_service_ticket(356) get_service_ticket: kerberos_kinit_password WMSTRAIN$@CORP.YW.KELDA@CORP.YW.KELDA failed: Client not found in Kerberos database [2006/03/30 11:07:04, 0] libads/kerberos.c:get_service_ticket(356) get_service_ticket: kerberos_kinit_password WMSTRAIN$@CORP.YW.KELDA@CORP.Y...
2006 Aug 24
2
Can't net ads join
...g the below errors when I try and rejoin the domain after a Windows server reboot. What am I doing wrong? :b! [2006/08/23 19:45:00, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for mustang already exists - modifying old account [2006/08/23 19:45:00, 0] libads/kerberos.c:get_service_ticket(337) get_service_ticket: kerberos_kinit_password MUSTANG$@MACHINEVISIONPRODUCTS.COM@MACHINEVISIONPRODUCTS.COM failed: Clock skew too great [2006/08/23 19:45:00, 0] libads/kerberos.c:get_service_ticket(337) get_service_ticket: kerberos_kinit_password MUSTANG$@MACHINEVISIONPR...
2014 Dec 01
1
Can windows clients get kerberos tickets from samba3 PDC?
On Mon, 1 Dec 2014, Gaiseric Vandal wrote: > On 12/01/14 11:17, Tiit Kaeeli wrote: >>> Is it possible for windows clients to authenticate against kerberos and >>> receive tickets from a Samba3 PDC, when kerberos server is MIT kerberos >>> running on a Linux server, not a Windows AD server? >>> >>> https://help.ubuntu.com/community/Samba/Kerberos >>> Suggests that this may be possible and I can succesful...
2018 Mar 04
1
Samba AD + Kerbero + NFS "Client no longer in database"
I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES...
2014 May 20
2
Ubuntu client ddns failure
...1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong zone: Kerberos: ENC-TS Pre-authentication succeeded -- LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2014-05-20T14:01:35 starttime: unset endtime: 2014-05-21T00:01:35 renew till: 2014-05-21T14:01:35 Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-...
2015 Sep 04
3
sernet kerberos
On 09/04/2015 03:59 AM, mathias dufresne wrote: > Hi, > > I don't think there is sernet kerberos package. You would have to install > kerberos client using your package manager: krb5-workstation on Centos or > krb5-user on Debian I think... As I understand things: Samba4.2 and lower is designed for the Heimal (sp!) kerberos. Redhat/Fedora/Centos provides the MIT kerberos. Thus Sernet...
2002 Oct 31
2
Re: Samba PDC and Kerberos(MIT or SEAM in Uinx, without microsoft ADS)
Hi, Andrew, Thank you very much for your answer. Now our case is as below: 1, our client machine is the windows 2000 2, We want our Kerberos run in the Unix box. 3, We also want the samba as PDC for all windows user and machine. 4, We want integrate the Kerberos Authentication with samba authentication. So in this situation, can we get the kerberos login from the windows 2000 client because the windows 2000 is support kerberos...
2014 Dec 01
2
Can windows clients get kerberos tickets from samba3 PDC?
> Is it possible for windows clients to authenticate against kerberos and > receive tickets from a Samba3 PDC, when kerberos server is MIT kerberos > running on a Linux server, not a Windows AD server? > > https://help.ubuntu.com/community/Samba/Kerberos > Suggests that this may be possible and I can succesfully authenticate with > smbclient -k....
2013 Aug 07
2
Samba 4 empty password
Hello, We are trying to setup a SAMBA-Server with users that have empty passwords. We are using: Samba 4.0.8 Kernel 3.10.5 Slackware 14.0 x64 When we set a password the login successes! That's what we get when trying to login: [2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ media1 at BC from ipv4:10.0.99.100:62078 for krbtgt/BC at BC [2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client sent patypes: 128 [2013/08/07 13:31:46, 3] ../source4/...
2014 May 20
1
ddns failure on Ubuntu client
...1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong zone: Kerberos: ENC-TS Pre-authentication succeeded -- LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2014-05-20T14:01:35 starttime: unset endtime: 2014-05-21T00:01:35 renew till: 2014-05-21T14:01:35 Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-...
2015 Jun 30
0
Account lockout
...count where it should be 3. When I traced log.samba while attempting login with a bad password, it appears that when I press enter after entering a bad password, 2 attempts are made at checking it. The second time I enter a bad password, the account is locked. <grep aslate log.samba> Kerberos: AS-REQ aslate at DOMAIN from ipv4:123.123.123.50:65414 for krbtgt/DOMAIN at DOMAIN Kerberos: Looking for PKINIT pa-data -- aslate at DOMAIN Kerberos: Looking for ENC-TS pa-data -- aslate at DOMAIN Kerberos: No preauth found, returning PREAUTH-REQUIRED -- aslate at DOMAIN Kerberos: AS-...
2005 Nov 10
0
net ads join problems
...RODUCTS.COM = { kdc = chicken.visionpro.com:88 admin_server = chicken.visionpro.com:749 default_domain = machinevisionproducts.com kdc = * } [domain_realm] .machinevisionproducts.com = MACHINEVISIONPRODUCTS.COM machinevisionproducts.com = MACHINEVISIONPRODUCTS.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } ---> net ads join output [2005/11/10 08:11:51, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for mu...
2015 Mar 19
1
Kerberos: Failed to decrypt PA-DATA
...users can't logon to their workstation if the session is negotiating with samba domain controller, the password is requested again and again. Samba is joined as a Domain Controller in a windows domain controllers. The users' s computers are joined also to the domain. But for some users the kerberos ticket is failing. Samba version 4.1.15 - Debian 7.8 Samba debug logs, level 3: Kerberos: Failed to decrypt PA-DATA -- com130100003$@MYDOMAIN (enctype aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 Kerberos:...
2005 Nov 10
2
net ads join
...PRODUCTS.COM = { kdc = chicken.visionpro.com:88 admin_server = chicken.visionpro.com:749 default_domain = machinevisionproducts.com kdc = * } [domain_realm] .machinevisionproducts.com = MACHINEVISIONPRODUCTS.COM machinevisionproducts.com = MACHINEVISIONPRODUCTS.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } ---> net ads join output [2005/11/10 08:11:51, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for mu...
2014 Nov 10
0
User's DPAPI/backupkey protected data lost when changing domain password
...;> </Data> <Data Name="RecoveryKeyId"> </Data> <Data Name="FailureReason">0x7a</Data> </EventData> </Event> Corresponding entries in /usr/local/samba/var/log.samba: [2014/11/10 13:56:43.735766, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ wtr30 at MBSW from ipv4:53.253.137.105:62425 for kadmin/changepw at MBSW [2014/11/10 13:56:43.739991, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client sent patypes: 128 [2014/11/10 13:56:...
2015 Oct 19
2
samba-tool and --kerberos
Hi Stefan, Thank you a lot for that, it helped me much. To be a bit more precise, thanks again to your example, to authenticate samba-tool command using --kerberos: syntax is "-k yes" or "--kerberos=yes" or "--kerberos yes" AND -U username must not be present. "-k=yes" is not working. 2015-10-19 11:59 GMT+02:00 Stefan Kania <stefan at kania-online.de>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >...
2013 Sep 06
1
Problem with kerberos and GPO
Hi, I have problem with GPO and dns/kerberos resolution I do a samba -i -d3 to a log file and started on client: gpupdate /force: lpcfg_load: refreshing parameters from /srv/samba/etc/smb.conf params.c:pm_process() - Processing configuration file "/srv/samba/etc/smb.conf" samba version 4.1.0rc2 started. Copyright Andrew Tridgell...
2017 Apr 27
2
Samba AD DC authenticated by external Kerberos (~ Re: Samba authentication using non-AD Kerberos?)
On 2017-04-27, 07:13, Gaiseric Vandal via samba wrote: > A Samba AD directory server (domain controller) is its own > kerberos server. I don't see how you could configure it to use > another KDC. I don't know Kerberos much, so I am wondering can something like this "delegated"? > Depending on how may computers in your environment, it may be > easier to have the non-AD Kerberos clients use to...
2006 Oct 27
2
Freebsd 6.1 and Kerberos in rc.conf
Hi people. Im reading the samba manual to join my freebsd box with to an win2k3 AD Domain, i install samba from ports with support for AD, already check that my samba program has been build with support for kerberos, ldap and all the stuff the manual recommended, now about kerberos, we have some stuff in /etc/rc.conf # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO). kerberos5_server="/usr/libexec/kdc" # pa...
2015 Jul 01
3
strange: 20 characters max in samAccountName
...interface eth0 ip=10.156.248.217 bcast=10.156.255.255 netmask=255.255.240.0 [2015/07/01 16:36:32.935297, 4] ../source4/dsdb/repl/drepl_notify.c:463(dreplsrv_notify_schedule) dreplsrv_notify_schedule(5) scheduled for: Wed Jul 1 16:36:38 2015 CEST [2015/07/01 16:36:36.569356, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ abcdef.abcdefg-abcdef at AD.DOMAIN from ipv4: 10.156.248.234:54408 for krbtgt/AD.DOMAIN at AD.DOMAIN [2015/07/01 16:36:36.654528, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client sent pat...