search for: krb5_config

Displaying 20 results from an estimated 20 matches for "krb5_config".

Did you mean: krb4_config
2007 Sep 07
0
Use tcp while fetching kerberos tickets
...e are running samba version 3.0.25a and Heimdal 0.6.3 for kerberos. With 3.0.25a version of Samba, we observe that if we are attempting to join our primary domain in ADS mode and the Active Directory happens to be the closest DC, samba creates its own local private krb5 conf file and overrides the KRB5_CONFIG environment variable [create_local_private_krb5_conf_for_domain() is invoked from function ads_dc_name() in file libsmb/namequery_dc.c] Is there a specific reason for creating a custom krb5 conf file instead of using the default krb5 conf or the conf file specified in the environment variable KRB5...
2005 Aug 27
1
Samba works!: Samba, Kerberos, Win2K Active Directory authentication
...be made with ftp o scp, depending of the unix server) 4.2. Register the key in your unixmachine: /home1/kerberos5/sbin/ktutil ktutil: rkt /etc/krb5/unixmachine.keytab ktutil: wkt /etc/krb5/krb5.keytab ktutil: q 5. Configure some env vars:: KRB5_CONFIG=/etc/krb5/krb5.conf KRB5_KDC_PROFILE=/var/kerberos/krb5kdc/kdc.conf DEFAULT_KEYTAB_NAME=/etc/krb5/krb5.keytab LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local: \ /usr/local/include:/usr/local/lib:/usr/lib/iconv export KRB5_CONFIG KRBR_KDC_PROFILE LD_LIBRARY_PATH \ DEFAULT_KEYTAB_NAME 6. Genera...
2016 Jun 07
2
ldapsearch & GSSAPI => Server not found in Kerberos database
Hi all, I've got on AD DC using Samba 4.4.3 on Centos7 which accept Kerberos connections (kinit is working), which accept ldapsearch with credentials but which refuse ldapsearch with GSSAPI. The issue does not seem to be coming from the client as I discovered this issue writing a script to test all 22 DC, and all 21 others DC are working well from that client. The error: SASL/GSSAPI
2015 Oct 15
2
ldapsearch against Samba4 AD questions
Hi all, I'd like to perform some ldapsearch against my AD domain. And I'd like to be able to perform these ldapsearch using GSSAPI to avoid usage of password in scripts. DC are using default configuration file: ---------------------------------------- # Global parameters [global] workgroup = SAMBA.DOMAIN realm = SAMBA.DOMAIN.TLD netbios name = M707 server
2015 Oct 15
0
ldapsearch against Samba4 AD questions
...haviour. To test each DC we just have to replace ldap://SAMBA.DOMAIN.TLD by ldap://DC1.SAMBA.DOMAIN.TLD, then ldap://DC2.SAMBA.DOMAIN.TLD... To test Kerberos we need to use a dedicated Kerberos configuration file (by default it's /eetc/krb5.conf). To do that we have to set environment variable KRB5_CONFIG: export KRB5_CONFIG=/path/to/krb5.DC1.conf And in /path/to/krb5.DC1.conf: ---------------------------------------- [libdefaults] default_realm = SAMBA.DOMAIN.TLD rdns_lookup_realm = false rdns_lookup_kdc = false dns_lookup_realm = false dns_lookup_kdc = fals...
2015 Oct 15
2
ldapsearch against Samba4 AD questions
...we just have to replace ldap://SAMBA.DOMAIN.TLD > by ldap://DC1.SAMBA.DOMAIN.TLD, then ldap://DC2.SAMBA.DOMAIN.TLD... > > To test Kerberos we need to use a dedicated Kerberos configuration file > (by default it's /eetc/krb5.conf). To do that we have to set environment > variable KRB5_CONFIG: > export KRB5_CONFIG=/path/to/krb5.DC1.conf > > And in /path/to/krb5.DC1.conf: > ---------------------------------------- > [libdefaults] > default_realm = SAMBA.DOMAIN.TLD > rdns_lookup_realm = false > rdns_lookup_kdc = false > dns_lookup...
2016 Jun 07
0
ldapsearch & GSSAPI => Server not found in Kerberos database
...sting following a working kinit) from any host but it works when launched from the non-working-server kinit -k -t administrator.keytab administrator ldapsearch -Y GSSAPI -b 'dc=ad,dc=domain,dc=tld' -h dc106 sAMAccountName=administrator dn -d256 - kinit works from any tested host (exporting KRB5_CONFIG variable to point to a krb5.conf forcing usage of my non-working-server) with config containing: [libdefaults] default_realm = AD.DOMAIN.TLD [realms] AD.DOMAIN.TLD = { kdc = 10.11.12.13 } 2016-06-07 15:29 GMT+02:00 mathias dufresne <infractory at gmail.com>...
2016 Jun 28
2
Looking for GSSAPI config [was: Looking for NTLM config example]
...;> dns_lookup_kdc = true > >> krb4_config = /etc/krb.conf > >> krb4_realms = /etc/krb.realms > > Here, you have krb4_*. Do you mean that? My config file is krb5.conf. Should I rather have: > > You can remove the krb4_ stuff > > > krb5_config = /etc/krb5.conf > > > > Also, I have no /etc/krb*.realms file. Do I need this? If so, what should be in there? > You don't necessarely require that. > > >> kdc_timesync = 1 > >> ccache_type = 4 > >> forwardable = true >...
2013 Feb 05
1
[Announce] Samba 4.0.3 Available for Download
...om ldb_tdb.h. * BUG 9609: ldb: Change ltdb_unpack_data to take an ldb_context. * BUG 9610: dsdb: Make secrets_tdb_sync cope with -H secrets.ldb. o Bj?rn Baumbach <bb at sernet.de> * BUG 9512: wafsamba: Use additional xml catalog file. * BUG 9517: samba_dnsupdate: Set KRB5_CONFIG for nsupdate command. * BUG 9552: smb.conf(5): Update list of available protocols. * BUG 9568: Add dbwrap_tool.1 manual page. * BUG 9569: ntlm_auth(1): Fix format and make examples visible. o Ira Cooper <ira at samba.org> * BUG 9575: Duplicate flags defined in the winbindd...
2013 Feb 05
1
[Announce] Samba 4.0.3 Available for Download
...om ldb_tdb.h. * BUG 9609: ldb: Change ltdb_unpack_data to take an ldb_context. * BUG 9610: dsdb: Make secrets_tdb_sync cope with -H secrets.ldb. o Bj?rn Baumbach <bb at sernet.de> * BUG 9512: wafsamba: Use additional xml catalog file. * BUG 9517: samba_dnsupdate: Set KRB5_CONFIG for nsupdate command. * BUG 9552: smb.conf(5): Update list of available protocols. * BUG 9568: Add dbwrap_tool.1 manual page. * BUG 9569: ntlm_auth(1): Fix format and make examples visible. o Ira Cooper <ira at samba.org> * BUG 9575: Duplicate flags defined in the winbindd...
2016 Jun 15
1
ldapsearch & GSSAPI => Server not found in Kerberos database
...it) from any host but it works when launched from the > non-working-server > kinit -k -t administrator.keytab administrator > ldapsearch -Y GSSAPI -b 'dc=ad,dc=domain,dc=tld' -h dc106 > sAMAccountName=administrator dn -d256 > > - kinit works from any tested host (exporting KRB5_CONFIG variable to > point to a krb5.conf forcing usage of my non-working-server) > with config containing: > [libdefaults] > default_realm = AD.DOMAIN.TLD > > [realms] > AD.DOMAIN.TLD = { > kdc = 10.11.12.13 > } > > > > 2016-06-07 15:...
2016 Jun 29
3
Looking for GSSAPI config [was: Looking for NTLM config example]
...krb4_config = /etc/krb.conf > > > >> krb4_realms = /etc/krb.realms > > > > Here, you have krb4_*. Do you mean that? My config file is krb5.conf. Should I rather have: > > > > > > You can remove the krb4_ stuff > > > > > > > krb5_config = /etc/krb5.conf > > > > > > > > Also, I have no /etc/krb*.realms file. Do I need this? If so, what should be in there? > > > You don't necessarely require that. > > > > > > >> kdc_timesync = 1 > > > >> cc...
2016 Jun 29
2
Looking for GSSAPI config [was: Looking for NTLM config example]
...= /etc/krb.conf >>>>>> krb4_realms = /etc/krb.realms >>>>> Here, you have krb4_*. Do you mean that? My config file is krb5.conf. Should I rather have: >>>> >>>> You can remove the krb4_ stuff >>>> >>>>> krb5_config = /etc/krb5.conf >>>>> >>>>> Also, I have no /etc/krb*.realms file. Do I need this? If so, what should be in there? >>>> You don't necessarely require that. >>>> >>>>>> kdc_timesync = 1 >>>>>>...
2016 Jun 27
4
Looking for GSSAPI config [was: Looking for NTLM config example]
On 27.06.2016 07:31, Mark Foley wrote: > Thanks for the reply. When you say it [NTLM] "should" work, I understand you to be implying > you've not actually tried NTLM yourself, right? I've never gotten a response from someone > saying they have or are actually using it. Your subsequent messages about NTLM v[1|2] may be > the problem, but email clients I've tried
2016 Jun 29
2
Looking for GSSAPI config [was: Looking for NTLM config example]
...> >> krb4_realms = /etc/krb.realms > > > > > Here, you have krb4_*. Do you mean that? My config file is > krb5.conf. Should I rather have: > > > > > > > > You can remove the krb4_ stuff > > > > > > > > > krb5_config = /etc/krb5.conf > > > > > > > > > > Also, I have no /etc/krb*.realms file. Do I need this? If so, what > should be in there? > > > > You don't necessarely require that. > > > > > > > > >> kdc_timesync = 1 >...
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop
2015 Nov 11
10
Authentication to Secondary Domain Controller initially fails when PDC is offline
Hi, I tested the AD (Samba4) domain log-in on Windows 7 clients and Linux member servers with my PDC being offline (plugged the cable). It is not working so well. On Windows it initially takes forever. It works again after rebooting the client, which seems to be the easiest solution (can be performed by the user). On Linux member servers, ssh log-in eventually times out. It works again,
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert
2019 Apr 06
2
selftest, help with a single test
...e "bin/python/samba/netcmd/domain.py", line 689, in run machinepass=machinepass) Join failed NSS_WRAPPER_HOSTS='/home/user/src/samba-git/samba/st/hosts' SOCKET_WRAPPER_DEFAULT_IFACE="23" RESOLV_WRAPPER_HOSTS="/home/user/src/samba-git/samba/st/dns_host_file" KRB5_CONFIG="/home/user/src/samba-git/samba/st/s4member/etc/krb5.conf" KRB5CCNAME="/home/user/src/samba-git/samba/st/s4member/krb5_ccache" RESOLV_CONF="/home/user/src/samba-git/samba/st/dns_hub/rootdnsforwarder/resolv.conf" python3 ./bin/samba-tool domain join --configfile=/home/u...
2019 Apr 01
5
selftest
Thanks for the reply, Besides the problem with source4/lib/messaging/messaging_handlers.c, Good to hear that selftest is actively used, then do I understand it right that 'make test' should succeed? My bigger problem is that it failed with lots of errors. This must be a problem with my build, then, but since this is a fresh tarball I am a bit puzzled. I would appreciate some hint on