search for: kpasswd5

I noticed that kpasswd5 (port 464) isn't showing up on subnets where IPv6 is not allowed. So I cannot do any joins for these Linux boxes. Is there a Global switch I can use for samba to just startup and listen on IPV4 only? It seems inconsistent as all the other services don't seem to be affected by this switch...

Well, if I eliminate the ipv6.disable-1 from the kernel command line everything works fine. So I don't think it is a samba config issue per se, unless of course I need something specific for kpasswd5 port 464, but in any case. This AD server is a Fedora 41 box running root at ad:~# uname -ra Linux ad.example.com 6.11.10-300.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Nov 23 00:51:20 UTC 2024 x86_64 GNU/Linux Here is the join command: realm join --automatic-id-mapping=no ad.example.com Here is t...

On Fri, 10 Jan 2025 15:07:34 -0700 Gregory Carter <gjcarter2 at gmail.com> wrote: > Well, if I eliminate the ipv6.disable-1 from the kernel command line > everything works fine. So I don't think it is a samba config issue > per se, unless of course I need something specific for kpasswd5 port > 464, but in any case. > > This AD server is a Fedora 41 box running I take it you are aware that the Fedora Samba packages are classed as experimental because they use MIT kerberos ? > > root at ad:~# uname -ra > Linux ad.example.com 6.11.10-300.fc41.x86_64 #1 SMP PREEM...

...as using: > bind interfaces only = yes > interfaces = 127.0.0.1 192.168.1.40 Mainly due to the fact that I plan on adding more ethernet interfaces later to the mail server, and I wanted to insure the configuration was explicit on what interfaces to run SAMBA AD on. However, kpasswd5 port will not bind to 192.168.1.40 in this configuration, only to 127.0.0.1 hence it won't show up in the config. So I removed the above statements from the config file and that seemed to fix the problem. Looking more closely at the syntax, maybe I need a subnet after the second IP address to...

...interfaces only = yes >> interfaces = 127.0.0.1 192.168.1.40 > >Mainly due to the fact that I plan on adding more ethernet interfaces later >to the mail server, and I wanted to insure the configuration was explicit >on what interfaces to run SAMBA AD on. > >However, kpasswd5 port will not bind to 192.168.1.40 in this configuration, >only to 127.0.0.1 hence it won't show up in the config. > >So I removed the above statements from the config file and that seemed to >fix the problem. > >Looking more closely at the syntax, maybe I need a subnet after...

...[211374]: adcli: joining domain > office.company.com failed: Couldn't set password for computer > account: SMBMEM41$: Cannot contact any KDC for requested realm > > according to > https://access.redhat.com/solutions/3697241 > it is necessary to open ports 464/tpc, ?464/udp ?(kpasswd5) > > but samba AD is listening on IPv6 localhost only > > sudo ss -tulpn | grep ':464\|:88' > udp UNCONN 0 0 0.0.0.0:88 0.0.0.0:* > users:(("krb5kdc",pid=217785,fd=16)) udp UNCONN 0 0 > [::1]:464 [::]:* > u...

...n > > office.company.com failed: Couldn't set password for computer > > account: SMBMEM41$: Cannot contact any KDC for requested realm > > > > according to > > https://access.redhat.com/solutions/3697241 > > it is necessary to open ports 464/tpc, ?464/udp ?(kpasswd5) > > > > but samba AD is listening on IPv6 localhost only > > > > sudo ss -tulpn | grep ':464\|:88' > > udp?? UNCONN 0????? 0????????????? 0.0.0.0:88???????? 0.0.0.0:* > > users:(("krb5kdc",pid=217785,fd=16)) udp?? UNCONN 0????? 0 > > ??...

...okup_realm = false dns_lookup_kdc = true nmap localhost shows: PORT STATE SERVICE 25/tcp open smtp 53/tcp open domain 88/tcp open kerberos-sec 111/tcp open rpcbind 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 631/tcp open ipp 636/tcp open ldapssl 1024/tcp open kdm 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl I am not an expert in Kerberos and I have no idea of what can be wrong, or what can I have done wrong. Workstations cannot join domain; I get a "User unknown / Password no...

...em41.office.company.com realmd[211374]: adcli: joining domain office.company.com failed: Couldn't set password for computer account: SMBMEM41$: Cannot contact any KDC for requested realm according to https://access.redhat.com/solutions/3697241 it is necessary to open ports 464/tpc, ?464/udp ?(kpasswd5) but samba AD is listening on IPv6 localhost only sudo ss -tulpn | grep ':464\|:88' udp UNCONN 0 0 0.0.0.0:88 0.0.0.0:* users:(("krb5kdc",pid=217785,fd=16))...

...d not seem to work, also group permissions for bind are read only. -------------------------------------------------------------------- nmap -sS -sV -O -T4 -n -v 192.168.1.103 192.168.1.103 80/tcp open http Apache httpd 2.2.14 ((Ubuntu)) 389/tcp open ldap OpenLDAP 2.2.X 464/tcp open kpasswd5? 749/tcp open rpcbind Device type: general purpose Running: Linux 2.6.X OS details: Linux 2.6.17 - 2.6.24 Network Distance: 0 hops TCP Sequence Prediction: Difficulty=198 (Good luck!) IP ID Sequence Generation: All zeros Nmap done: 1 IP address (1 host up) scanned in 33.75 seconds ----------------...

...Z) 123/tcp closed ntp 135/tcp filtered msrpc <---- FILTERED 137/tcp closed netbios-ns 138/tcp closed netbios-dgm 139/tcp open netbios-ssn Samba smbd 4.6.2 389/tcp open ldap (Anonymous bind OK) 445/tcp open netbios-ssn Samba smbd 4.6.2 464/tcp open kpasswd5? 636/tcp open ssl/ldap (Anonymous bind OK) 3268/tcp open ldap (Anonymous bind OK) 3269/tcp open ssl/ldap (Anonymous bind OK) [.................] >From samba i check the integrity and is fine (samba-tool dbcheck --cross-ncs --fix --yes) I dont have firewall, i...

...ldap (172.16.50.9) Host is up (0.035s latency). Not shown: 986 closed tcp ports (reset) PORT ?????STATE SERVICE 22/tcp ???open ?ssh 53/tcp ???open ?domain 88/tcp ???open ?kerberos-sec 135/tcp ??open ?msrpc 139/tcp ??open ?netbios-ssn 389/tcp ??open ?ldap 445/tcp ??open ?microsoft-ds 464/tcp ??open ?kpasswd5 636/tcp ??open ?ldapssl 3268/tcp ?open ?globalcatLDAP 3269/tcp ?open ?globalcatLDAPssl 49152/tcp open ?unknown 49153/tcp open ?unknown 49154/tcp open ?unknown Nmap done: 1 IP address (1 host up) scanned in 3.28 seconds Regards, Felipe El 23/05/2024 a las 9:50, Rowland Penny via samba escribi?:...

Hello !! Yes, I noticed this (and it called me too), but as it has about 10 Dc and with some it is talking the data in it are integral, but for some DCs is generating me this error ..... UPDATE: I updated the DC that has this error for several to version 4.5.4, but problem still persists .... Em 23-01-2017 19:30, Rowland Penny escreveu: > On Mon, 23 Jan 2017 18:59:47 -0200 >

...Nmap scan report for dc (10.10.2.50) Host is up (0.00099s latency). Not shown: 988 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 636/tcp open ldapssl 1024/tcp open kdm 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds My smb.conf: # Global parameters [global] workgroup = EXAMPLE realm = SAMDOM.EXAMPLE.ORG netbios name = DC...

...commonName=AD.office.mydomain.com/organizationName=Samba Administration | Not valid before: 2017-07-04T17:24:08 |_Not valid after: 2019-06-04T17:24:08 |_ssl-date: 2017-07-08T15:11:06+00:00; -3m31s from scanner time. 445/tcp open netbios-ssn Samba smbd 4.6.5 (workgroup: MYDOMAIN) 464/tcp open kpasswd5? 636/tcp open ssl/ldap (Anonymous bind OK) | ssl-cert: Subject: commonName=AD.office.mydomain.com/organizationName=Samba Administration | Not valid before: 2017-07-04T17:24:08 |_Not valid after: 2019-06-04T17:24:08 |_ssl-date: 2017-07-08T15:13:55+00:00; -42s from scanner time. 1024/tcp open...