search for: krb4_get_tickets

....133.84.25 default_domain = MEUDOMINIO.COM } MEUDOMINIO.COM = { kdc = 10.133.84.25 admin_server = 10.133.84.25:88 } [domain_realm] .meudominio.com = .MEUDOMINIO.COM meudominio.com = MEUDOMINIO.COM [login] krb4_convert = true krb4_get_tickets = true The below is my /etc/nsswitch.conf in a Member Server: passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files...

...= yes [realms] MYDOMAIN.COM = { kdc = my.domain.com admin_server = my.domain.com default_domain = MYDOMAIN.COM } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [login] krb4_convert = true krb4_get_tickets = false| /etc/nsswitch.conf | passwd: compat winbind group: compat winbind shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns wins networks: files protocols: db files services: db files ethers...

...hing = something-else } } fcc-mit-ticketflags = true [realms] MYDOMAIN.NET = { kdc = cofil01.mydomain.net:88 default_domain = mydomain.net } [domain_realm] .mydomain.net = MYDOMAIN.NET mydomain.net = MYDOMAIN.NET [login] krb4_convert = true krb4_get_tickets = false ==================================================== The server side krb5.conf contains this: ==================================================== [libdefaults] default_realm = MYDOMAIN.NET dns_lookup_realm = false dns_lookup_kdc = true =========================================...

...ue krb4_convert = false [appdefaults] pam = { debug = true ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = true afs_cells = draffc3.draf.fc hosts = draffc3.draf.fc max_timeout = 30 timeout_shift = 2 initial_timeout = 1 } [login] krb4_convert = false krb4_get_tickets = false Any idea about my misconfiguration in Kerberos, everyone ? Please, just answer me for that and I'll let you breath ! Thanks for reading Bertram _________________________________________________________________ Trouvez l'?me soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551

.../krb.realms dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EMPRESA.COM = { kdc = DC1.EMPRESA.COM admin_server = DC1.EMPRESA.COM } [domain_realm] .empresa.com = EMPRESA.COM empresa.com = EMPRESA.COM [login] krb4_convert = true krb4_get_tickets = false */etc/resolv.conf* nameserver 192.168.40.1 search empresa.com */etc/hosts*127.0.0.1 localhost 127.0.1.1 cliente-ad192.empresa.com cliente-ad192 192.168.40.2 cliente-ad192.empresa.com cliente-ad192 192.168.40.1 dc1.empresa.comdc1 */etc/nsswitch.conf* passwd:compat gr...

...---------------------------------------- [realms] LOCAL.COM = { kdc = DC1.LOCAL.COM admin_server = DC1.LOCAL.COM default_domain = LOCAL.COM } [domain_realm] .local.com = LOCAL.COM local.com = LOCAL.COM [login] krb4_convert = true krb4_get_tickets = false ---------------------------------------------------------- smbd -V Version 4.5.8-Debian winbindd -V Version 4.5.8-Debian Do you have any suggestions about this? Thanks in advance! Best regards, Dmitriy

...= { something = something-else } } fcc-mit-ticketflags = true [realms] DOMAIN.LOCAL = { kdc = kdc.domain.local admin_server = kdc.domain.local default_domain = domain.local } [domain_realm] .domain.local = DOMAIN.LOCAL domain.local = DOMAIN.LOCAL [login] krb4_convert = true krb4_get_tickets = false smb.conf: [global] workgroup = DOMAIN realm = DOMAIN.LOCAL password server = kdc.domain.local winbind use default domain = yes disable netbios = yes log level = 3 preferred master = no local master = no domain master = no security = ads ser...

...services: db files ethers: db files rpc: db files netgroup: nis krb5.conf [realms] DOMANNAME = { kdc = ADSSERVER } DOMAINSHORTNAME = { kdc = ADSSERVER } [login] krb4_convert = true krb4_get_tickets = true All these files are identical on both machines and both machines are identical in time. ANY SUGGESTIONS...

...= host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] TEST.TEST.LOC = { kdc = dc.ad.test.loc kdc = dc1.ad.test.loc kdc = dc2.ad.test.loc kdc = dc3.ad.test.loc admin_server = dc.test.loc } [domain_realm] .test.loc = AD.TEST.LOC [login] krb4_convert = true krb4_get_tickets = false [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON ******************************************************************** libpam.winbind and libnss.winbind are installed. Name resolution works (as before...): host -...

Hi, I have saw many tutorials to ingress Ubuntu 14 in the Samba4 domain, but none worked properly. I put the Ubuntu workstation in the Domain, but when I try to login, appear the following messenge: "your password will be expire in 42 days " and does not permit the authentication. How can I configure correctly Ubuntu 14 workstation to authenticate in the Samba 4 domain? Thanks

...rver = sun.admin.sjc default_domain = admin.sjc } [domain_realm] .admin.sjc = ADMIN.SJC [kdc] profile = /etc/kerberos/krb5kdc/kdc.conf [pam] debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false [login] krb4_convert = false krb4_get_tickets = false Anyway the users cannot auth through out proxy because of this. Can anyone help. I have to get this fixed by the morning before staff arrive. Thanks Chris

....FS.UML.EDU } STUDENT.UML.EDU = { kdc = STDC1.STUDENT.UML.EDU kdc = STDC2.STUDENT.UML.EDU } [domain_realm] .umlfs01.fs.uml.edu = FS.UML.EDU umlfs01.fs.uml.edu = FS.UML.EDU [login] krb4_convert = true krb4_get_tickets = false -- Asst. Prof. Joel M. Therrien Ph: 978-934-3324 Fax: 978-934-3027 Joel_Therrien at uml.edu Dept. of Electrical& Computer Engineering U. Massachusetts-Lowell 1 University Ave Lowell, MA 01854

...749 } [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } [domain_realm] .windows.corp.XXX.com = WINDOWS.CORP.XXX.COM windows.corp.XXX.com = WINDOWS.CORP.XXX.COM [login] krb4_convert = true krb4_get_tickets = false On Mon, Nov 30, 2015 at 2:43 PM, Rowland Penny <rowlandpenny241155 at gmail.com > wrote: > On 30/11/15 20:30, Jonathan S. Fisher wrote: > >> Same results with that command. And the same DNS query occurred >> >> On Mon, Nov 30, 2015 at 2:20 PM, Rowland Penny...

...= false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } [login] krb4_convert = true krb4_get_tickets = true *winbind* (logs) 2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain CAR CAR.BE.TEST.COM.LOCAL S-0-0 [2004/06/07 13:38:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/06/07 13:38:57, 1] nssw...

...T.EDU ??????? .whoi.edu = ATHENA.MIT.EDU ??????? whoi.edu = ATHENA.MIT.EDU ??????? .stanford.edu = stanford.edu ??????? .slac.stanford.edu = SLAC.STANFORD.EDU ??????? .toronto.edu = UTORONTO.CA ??????? .utoronto.ca = UTORONTO.CA ??????? .toto.fr= TOTO.FR [login] ??????? krb4_convert = true ??????? krb4_get_tickets = false ? the tcp dump for a failed attempt of kpasswd give the folllowing : ? client -> station Kerberos AS-REQ MSG Type : AS-REQ(10) Server Name(principal): kadmin/changepw Encryption type rc4-hmac ? station-> client BER Error : Empty choice was found ... ? and the log on the ser...

On 03/06/15 21:29, ivenhov wrote: > I reproduced error WERR_DEFAULT_JOIN_REQUIRED in two scenarios: > - user account that is used to join machine to domain is not part of Domain > Admin group. > - OU path for computer (specified in createcomputer) is invalid > > In both of those cases I'm getting detailed error messages: 'insufficient > access' and 'invalid

...something = something-else } } fcc-mit-ticketflags = true [realms] RADIODJIIDO.NC = { kdc = serveur admin_server = serveur } [domain_realm] .radiodjiido.nc = RADIODJIIDO.NC radiodjiido.nc = RADIODJIIDO.NC [login] krb4_convert = true krb4_get_tickets = false syslog shows : -> Oct 26 11:09:36 serveur nslcd[2978]: [0f8fca] <passwd="radiodjiido\administrator"> failed to bind to LDAP server ldap://serveur.radiodjiido.nc: Local error Oct 26 11:09:36 serveur nslcd[2978]: [0f8fca] <passwd="radiodjiido\administrator"...

...ault_domain = your.domain.name auth_to_local_names = { Administrator = root } } [domain_realm] your.domain.name = YOUR.REALM # this is not a mistake .your.domain.name = YOUR.REALM [login] krb4_convert = true krb4_get_tickets = false Note that some windows environments require additional configuration to get this working. 4. Forward/reverse DNS. For your *server* this is *absolutely* must. It has to match for your clients and your server. So if your server name is mail.example.org, and it has IP 10.0.2.3, then 10.0.2...

....edu = ATHENA.MIT.EDU > whoi.edu = ATHENA.MIT.EDU > .stanford.edu = stanford.edu > .slac.stanford.edu = SLAC.STANFORD.EDU > .toronto.edu = UTORONTO.CA > .utoronto.ca = UTORONTO.CA > > [login] > krb4_convert = true > krb4_get_tickets = false > > Regarding the nsswitch.conf I am a bit clueless. I use sssd, and therefore nearly all the lines got an sss as second entry. Maybe winbind would be the correct one for You. But this should be examined _after_ Kerberos is working OK. At least we now know, that Kerberos couldn&...

...plain = { something = something-else } } [realms] GSTAZIONI.IT = { kdc = 192.168.5.1:88 kdc = 192.168.0.1:88 } [domain_realm] .gstazioni.it = GSTAZIONI.IT gstazioni.it = GSTAZIONI.IT [login] krb4_convert = true krb4_get_tickets = true which thing cause this problem ? how to solve ? another problem is that I can list users and group with the net ads users command, but not with wbinfo, why ? Thank in advance, Best regards. Federico