Displaying 20 results from an estimated 3805 matches for "keytabs".
Did you mean:
keytab
2018 Dec 17
1
NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
Hai guys,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: maandag 17 december 2018 16:08
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
>
> On Mon, 17 Dec 2018 15:38:02 +0100
> "L.P.H. van Belle via samba"
2018 Dec 26
3
Generating keytab on a read-only file system
>
> dedicated keytab file = /tmp/krb5.keytab
>
> For which programs do you use the keytab?
I already tried that. But still tries to write at /etc. It seems this
parameter used when you have a keytab already.
__
Taner Tas
2016 Mar 31
5
NFSv4 / Krb / wildcard in keytab
Hi,
I'm trying to use wildcard in keytab because i don't want join every
computer, client for service NFS krb5.
I add a spn like this
# samba-tool spn add host/* nfs
(I create user nfs before)
# samba-tool spn list nfs
nfs
User CN=nfs,CN=Users,DC=if,DC=ujf-grenoble,DC=fr has the following
servicePrincipalName:
host/*
I export keytab :
#samba-tool domain exportkeytab
2017 Mar 16
2
Joining Samba4 to Win 2008 AD domain breaks other kerberos functions
On Thu, 16 Mar 2017 14:48:01 -0400
Gaiseric Vandal via samba <samba at lists.samba.org> wrote:
> Samba expects the keytab file as /etc/krb5.keytab.
>
> Solaris 11 looks for a keytab file in /etc/krb5/krb5.keytab
>
> When samba joins the domain it (probably) updates the machine
> password and then updates its krb5.keytab file. When connecting
> via ssh, the
2017 Mar 30
0
Samba and keytab file creation
I am working on trying to set up Solaris 11 and Linux clients as Samba domain members with a Win 2008 AD domain controller/directory server. I am also trying to configure Kerberos for unix level authentication.
I am unclear if Samba can create a keytab file or only use a previously created on.
With solaris, there is "kclient" command that creates the machine account on the
2019 Apr 29
2
missing enctypes in exported keytab
Dear all,
this is using debian stretch and Louis' 4.8.11 packages. I am trying to
export a keytab, and even for a UPN, samba does not export the AES keys.
What could be the mistake?
root at dc2:~# net ads enctypes list dns-dc2
'dns-dc2' uses "msDS-SupportedEncryptionTypes": 31 (0x0000001f)
[X] 0x00000001 DES-CBC-CRC
[X] 0x00000002 DES-CBC-MD5
[X] 0x00000004 RC4-HMAC
[X]
2018 Dec 17
0
NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
Hm,,
Good question Marco, now after re-reading it, i understand what you trying to say.
How i did read it and understand it.
dedicated keytab file (G)
Specifies the absolute path to the kerberos keytab file when `kerberos method` is set to "dedicated keytab".
When the kerberos method is in "dedicated keytab" mode, dedicated keytab file must be set to specify the
2015 Oct 26
3
self compiled samba domain member, jessie, pam config
Hi,
I have the keytab file, it just seems that:
"technically "secrets and keytab" means that samba uses both the
internal secrets and system keytab file for keytab storage. secrets is
in memory (so this works even if changing uid). keytab on the other hand
is only opened when needed."
So I have the keytab, I just needed to chmod g+r for it to be readable
after
2016 Jun 27
3
Where is krb5.keytab or equivalent?
I am running Samba 4.1.23 as an AD/DC. It has been running file for more than 1 1/2 years as a
AD/DC for mostly Windows workstations.
I'm trying to setup Dovecot with gssapi authentication. The config needs the location of the service
keys located in the keytab file. The default location it looks for is:
/etc/krb5.keytab
There is no such file there, nor is there a so-named file on the AD/DC
2014 Dec 31
4
Fwd: Re: Samba4 and sssd, keytab file expires?
Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto:
>>> OK, you can get winbind to update your keytab, you need to alter your
>>> smb.conf slightly. You need to change 'kerberos method = secrets
>>> only'
>>> to either 'kerberos method = secrets and keytab' or 'kerberos method
>>> =
>>> system keytab' and add the line
2018 Dec 18
1
Advantage of 'kerberos method = secrets and keytab' over 'kerberos method = system keytab'
A question regarding the “kerberos method” configuration option in smb.conf:
Are there any practical differences between using ’secrets and keytab’ and ’system keytab’?
I’ve been running Samba servers using both methods for a long time and both seems to work more or less fine, but since we’re having this “login hickup at 10 hour service ticket expiration problem” I’m trying to find out if this
2016 Mar 31
3
NFSv4 / Krb / wildcard in keytab
Le 31/03/2016 11:44, Rowland penny a écrit :
> On 31/03/16 10:04, Service Informatique IF wrote:
>> Hi,
>>
>> I'm trying to use wildcard in keytab because i don't want join every
>> computer, client for service NFS krb5.
>>
>> I add a spn like this
>>
>> # samba-tool spn add host/* nfs
>>
>> (I create user nfs before)
>>
2017 Feb 26
3
net ads keytab add has no visible effects
Hi!
I think I ran into the same Problem.
What I tried so far:
1)
* Adopt SPNs on the DC with samba-tool spn
* Create keytab on Member with net ads keytab create
* Result:
** klist and net ads keytab list on Member match
** samba-tool spn list on DC doesn't
2)
* Clear SPNs from Member via net ads keytab flush
* Result:
** net ads keytab list on Member is empty
** samba-tool spn list on DC
2011 Sep 15
3
puppet and kerberos keytabs
Hi,
we use kerberos with keytabs on our clients. We do *not* trust root on
the clients! One client should never have access to any other client''s
keytab. This is my proposed solution to get the keytabs to the clients,
any comments welcome!
1. Use file to get /root/.ssh/authorized_keys
2. Use exported resource to let the...
2018 Dec 17
6
NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
All,
using Samba as an AD (2k12) domain member in Stretch
(2:4.5.12+dfsg-2+deb9u4) with tdb as default and rid as domain backend.
No overlapping. Everything works fine. Setup was done as in the wiki
[1].
If you're connecting from a Windows 10 client and do not add
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
to
2018 Dec 27
2
Generating keytab on a read-only file system
> First, I suggest read :
> https://wiki.samba.org/index.php/Keytab_Extraction
I did.
> Second, it his for
> a member or AD-DC? Thats because of the location of the keytab and
> the ad-dc creates its own keytab file. Thirth, are any other services
> going to use it? Last, root must be able to write the keytab file.
>
They're members. The intent is to auto join clients
2018 Dec 27
0
Generating keytab on a read-only file system
Hai,
First, I suggest read : https://wiki.samba.org/index.php/Keytab_Extraction
Second, it his for a member or AD-DC?
Thats because of the location of the keytab and the ad-dc creates its own keytab file.
Thirth, are any other services going to use it?
Last, root must be able to write the keytab file.
If you place the keytab in an other non-default location like :
With : dedicated keytab
2016 Jun 27
2
Where is krb5.keytab or equivalent?
You can specify which principal you want in your keytab with samba-tool,
check the manual.
You can check which principal is in your keytab using klist: klist -k or
klist -ke /path/to/keytab
2016-06-27 9:09 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 27/06/16 04:27, Mark Foley wrote:
>
>> I am running Samba 4.1.23 as an AD/DC. It has been running file for more
>>
2016 Mar 07
2
keytab-lilo: update to support kbd 2.0.3 format
On 29.12.2015 22:51, poma wrote:
> On 29.12.2015 22:20, Ady via Syslinux wrote:
>>
>>> On 27.12.2015 23:57, Jernej Simon?i? via Syslinux wrote:
>>>> On Sunday, December 27, 2015, 23:34:11, Ady via Syslinux wrote:
>>>>
>>>>> How this change would affect users with older versions of kbd /
>>>>> loadkeys / or in older OSes? I
2015 Mar 05
2
creating Kerberos host principals for multiple hostnames, multihomed server
Hi!
I maintain Linux servers that are members of a Samba4 Domain.
User authentication / login via ssh works fine with Kerberos.
But: only via one hostname.
Those machines need a working Kerberos login via multiple hostnames
(each hostname has its own IP address and DNS is set up correctly.)
"net ads keytab list" of course gives me the main hostname that was in
use when joining the