search for: krb5_ktname

On 05/11/2019 12:17, banda bassotti via samba wrote: > Luis, ok I'v removed everything, step 1: > > KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P I have said this once already, but, I will try again ;-) You are creating a keytab, which may or may not be called /etc/krb5.keytab2 > step2: > # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD > cifs/oldsamba.dom.corp at DOM.CORP &g...

...ple.com *How to Setup bind 9.7.3 as dns server Instead of windows dns server?* ================================> try this: create dns and named files with provision command copy dns and named files to joind samba config bind and set KEYTAB_FILE="/usr/local/samba/private/dns.keytab" KRB5_KTNAME="/usr/local/samba/private/dns.keytab" export KEYTAB_FILE export KRB5_KTNAME ... ... ... and all other thing (need for setting on single samba 4 dc) run samba_dnsupdate dns_tkey_negotiategss: TKEY is unacceptable Failed update of 1 entries *some times see this error in syslog:* Dec 14...

...method = secrets and keytab dedicated keytab file = /etc/krb5.keytab # renew the kerberos ticket winbind refresh tickets = yes ON THIS MEMBER... ( you dont run : samba-tool spn list ..... ) You run : net ads keytab cp /etc/krb5.keytab{,.backup} kinit Administrator KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P Verify this keytab. klist -ke /etc/krb5.keytab2 You want to see : host/NETBIOSNAME at DOM.CORP ( x5 ) host/fqdn.hostname.dom.tld at DOM.CORP ( x5 ) NETBIOSNAME$@DOM.CORP ( x5 ) This you see these.. Then run this to add the...

Hai, Nope.. To much again ;-) This is one step to much: step2: # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba.dom.corp at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba$@DOM.CORP And why are you adding @REALM .. Do it exactly as shown bel...

...n: banda bassotti [mailto:bandabasotti at gmail.com] Verzonden: dinsdag 5 november 2019 14:49 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab systemctl stop nmbd smbd winbind rm -f /etc/krb5.keyatb* KRB5_KTNAME=FILE:/etc/krb5.keytab net ads keytab CREATE -P net ads keytab create cifs/$(hostname -f) klist -ke /etc/krb5.keytab | sort ---- -------------------------------------------------------------------------- 7 cifs/FS-A at DOM.CORP (aes128-cts-hmac-sha1-96) 7 cifs/FS-A at DOM.CORP (aes256-c...

...er 2019 14:49 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] Failed to find cifs/fs-share at dom.corp > (kvno 109) in keytab > > > systemctl stop nmbd smbd winbind > rm -f /etc/krb5.keyatb* > KRB5_KTNAME=FILE:/etc/krb5.keytab net ads keytab CREATE -P > net ads keytab create cifs/$(hostname -f) > klist -ke /etc/krb5.keytab | sort > > ---- > -------------------------------------------------------------------------- > 7 cifs/FS-A at DOM.CORP (aes128...

...rs for Intranet stuff and we'd like to have SSO working. For this, we use Apache (HTTPD) plus mod_auth_kerb (requires a keytab file). So, since we're already joining the machines to the domain with Samba, we thought it would be smart to just generate the keytab files with net ads. export KRB5_KTNAME=FILE:/etc/www.keytab net ads keytab create -Udomain-admin (requires a password, so this can't be scripted and run in cron) net ads keytab add HTTP -Udomain-admin (requires a password, so this can't be scripted and run in cron) unset KRB5_KTNAME chown apache /etc/www.keytab service httpd r...

...CC: samba at lists.samba.org >>> Onderwerp: Re: [Samba] Failed to find cifs/fs-share at dom.corp >>> (kvno 109) in keytab >>> >>> >>> systemctl stop nmbd smbd winbind >>> rm -f /etc/krb5.keyatb* >>> KRB5_KTNAME=FILE:/etc/krb5.keytab net ads keytab CREATE -P >>> net ads keytab create cifs/$(hostname -f) >>> klist -ke /etc/krb5.keytab | sort >>> >>> ---- >>> -------------------------------------------------------------------------- >&gt...

Hi list, i noticed that when doing imap gssapi authentication with kerberos, dovecot (here 2.1.7) always searches /etc/krb5.keytab although i have auth_krb5_keytab = /etc/mail3.krb5.keytab in my etc/dovecot/dovecot.conf and doveconf -n also show this setting. If i combine the keytabs in krb5.keytab it works. Is there another location where i should put my configuration regarding gssapi/kerberos ?

...ADS # kerberos method = secrets and keytab dedicated keytab file = /etc/krb5.keytab # renew the kerberos ticket winbind refresh tickets = yes ON THIS MEMBER... ( you dont run : samba-tool spn list ..... ) You run : net ads keytab cp /etc/krb5.keytab{,.backup} kinit Administrator KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P Verify this keytab. klist -ke /etc/krb5.keytab2 You want to see : host/NETBIOSNAME at DOM.CORP ( x5 ) host/fqdn.hostname.dom.tld at DOM.CORP ( x5 ) NETBIOSNAME$@DOM.CORP ( x5 ) This you see these.. Then run this to add the cifs keytab. KRB5...

Luis, ok I'v removed everything, step 1: KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P klist -ke /etc/krb5.keytab2|grep 7|sort 7 cifs/FS-A at DOM.CORP (aes128-cts-hmac-sha1-96) 7 cifs/FS-A at DOM.CORP (aes256-cts-hmac-sha1-96) 7 cifs/FS-A at DOM.CORP (arcfour-hmac) 7 cifs/FS-A at DOM.CORP (des-cbc-crc) 7 cifs/FS-A at DOM...

Hi, I want to install a dovecot mail server with postfix. And want to be able to use kerberos for authentication. Has someone experience with this. And maybe some links to info. Is there also someone with experience with SoGo? Philip

Hi, the problem seems to be related to this bug: https://bugzilla.samba.org/show_bug.cgi?id=6750 I try therefore to set machine password timeout = 0 Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba < samba at lists.samba.org> ha scritto: > On 29/10/2019 10:04, banda bassotti wrote: > > I had already done it: > > > > # samba-tool spn list

I followed the Howto http://wiki.samba.org/index.php/Samba4/HOWTO Using: -Samba4 alpha15 -Bind9.8.0 When I added an XP PC (192.168.123.244) to my domain I got this in syslog: May 11 12:04:18 samba4 named[10705]: client 192.168.123.244#1061: update 'mydomain.com/IN' denied May 11 12:04:18 samba4 named[10705]: tkey.c:486: ENSURE(result == (((1) << 16) + 28) || result == 0) failed,

...n.tld at REALM ? my keytab contains the spn's as shown above, all in 1 keytab file? ( /etc/krb5.keytab ) and for squid i added also the following : ? I added the proxy user to the winbindd_priv group i did set the keytab file to proxy:proxy? ( 400 ) and i added this in /etc/default/squid3 KRB5_KTNAME=/etc/squid3/private/proxy3-HTTP.keytab export KRB5_KTNAME Which contains only the HTTP spn. ? ? So if anyone has any hint or thing i can test please tell me, that would be nice... google didnt help me, most of the things there are based on squid 3.1 and as of 3.3? ?--helper-protocol=gss-spnego?...

...hate to add new settings to dovecot.conf nowadays since there are already too many. Also then there would be two Kerberos-related settings that simply set environment variables. I'm beginning to think that maybe something more generic is needed, such as: auth default { .. environment { krb5_ktname = .. krb5ccname = ... who_knows_what_else_in_future = .. } } I think LDAP library also can accept settings from environment. Anyone on mailing list have better ideas? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp...

...ew to Samba... I'm working on a Squid project running on RHEL5.3. Samba v 3.4.5-42 x86 and have run into a problem. I use Kerberos authentication on my Squid box. After configuring Squid I joined my RH to my AD domain and then used Samba to generate a Keytab and add an HTTP SPN to it: - export KRB5_KTNAME=FILE:/etc/squid/HTTP.keytab - net ads keytab CREATE - net ads keytab ADD HTTP - unset KRB5_KTNAME All this works perfectly however, at random times in the week my Squid reports that the KVNO is invalid. Users are prompted by an unsatisfiable login prompt I check in AD and notice the number has in...

Hi gents ! I am trying to set-up an S4 server following the wiki instructions on Fedora 14. Everything seems fine until step 10 : kerberos DNS dynamic updates configuration. I seem to have done what is required (set $KEYTAB_FILE & KRB5_KTNAME in /etc/init.d/named, add the tss-gssapi-credential & tss-domain stanzas), however wher starting the named service, it remains stalled.... I am sure this is a well-known issue, however can't find any solution via Google. Can someone give a hint ? Thxs in advance P

When "use kerberos keytab = yes" in smb.conf is set with samba-3.2.8 and the environment variable KRB5_KTNAME is not set with the value using prefix "FILE:" or the default_keytab in /etc/krb5.conf is set without the prefix i.e. default_keytab_name = /etc/v5srvtab then the function smb_krb5_open_keytab() returns KRB5_KT_UNKNOWN_TYPE. If smb_krb5_open_keytab with a filename "/etc/v5srv...

...ktutils ktutils: rkt /root/Keytab/imap.keytab ktutils: rkt /root/Keytab/smtp.keytab ktutils: rkt /root/Keytab/pop.keytab ktutils: rkt /root/Keytab/host.keytab ktutils: wrt /etc/krb5.keytab ktutils: q kinit -V -k -t /etc/krb5.keytab host/srv-mail.cn.energy at CN.ENERGY Authenticated to Kerberos v5 KRB5_KTNAME=/etc/krb5.keytab ; export KRB5_KTNAME TESTING: imtest srv-mail ERROR: Mar 10 08:27:23 srv-mail dovecot: auth(default): auth(?,10.0.0.5): Invalid username: host/srv-mail.cn.energy at CN.ENERGY Mar 10 08:27:23 srv-mail dovecot: auth(default): gssapi(?,10.0.0.5): authn_name: Username contains disal...