Displaying 16 results from an estimated 16 matches for "krb5_server".
2013 Apr 14
1
sssd getent problem with Samba 4.0
...c/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = default
[nss]
[pam]
[domain/default]
access_provider = simple
#simple_allow_users = myuser
enumerate = false
cache_credentials = True
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
krb5_realm = HH3.SITE
krb5_server = hh16.hh3.site
krb5_kpasswd = hh16.hh3.site
ldap_uri = ldap://hh16.hh3.site/
ldap_search_base = dc=hh3,dc=site
ldap_tls_cacertdir = /usr/local/samba/private/tls
ldap_id_use_start_tls = False
ldap_default_bind_dn = cn=lynn2,cn=Users,dc=hh3,dc=site
ldap_default_authtok = xx
ldap_default_authtok_type...
2014 Jul 23
1
sssd problems after dc1 is no longer online
...eferrals = false
ldap_force_upper_case_realm = true
# on large directories, you may want to disable enumeration for
performance reasons
# enumerate = true
auth_provider = krb5
chpass_provider = krb5
ldap_sasl_mech = gssapi
ldap_sasl_authid = EPO$@SAMBA.COMPANY.COM
krb5_realm = SAMBA.COMPANY.COM
#krb5_server = dc2.samba.company.com, dc3.samba.company.com
krb5_server = x.y.143.15, x.y.143.16
#krb5_kpasswd = dc2.samba.company.com, dc3.samba.company.com
krb5_kpasswd = x.y.143.15, x.y.143.16
ldap_krb5_keytab = /etc/krb5.sssd.keytab
ldap_krb5_init_creds = true
ldap_uri = ldap://x.y.143.15, ldap://x.y.143.1...
2015 Jan 07
1
Password Must Change using SSSD in Samba 4.1.10
...= 0
[domain/EXAMPLE]
entry_cache_timeout = 600
entry_cache_group_timeout = 600
min_id = 1000
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_schema = rfc2307bis
ldap_uri = ldap://smbad.intra.example.com:390/
ldap_search_base = dc=intra,dc=example,dc=com
cache_credentials = true
krb5_server = smbad.intra.example.com:8880
krb5_realm= INTRA.EXAMPLE.COM
ldap_default_bind_dn = cn=admin,dc=intra,dc=example,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = 6pNEn7Eo3zmz9MxciGLx
4. I have also tried to achieve above thing using command line tool
"pdbedit" but wit...
2019 Oct 16
3
Can't setup kerberos auth for samba4 server?
...c/krb5.keytab.
/etc/sssd/sssd.conf is set to:
[sssd]
services = nss, pam, autofs
domains = ADA.DE <http://ada.de/>
debug_level = 0x0270
[domain/ADA.DE <http://ada.de/>]
enumerate = true
cache_credentials = True
krb5_realm = ADA.DE <http://ada.de/>
ldap_search_base = dc=ada,dc=de
krb5_server = ad01.ada.de, ad02.ada.de
id_provider = ad
auth_provider = ad
ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/cacerts
debug_level = 0x0270
[nss]
homedir_substring = /home
debug_level = 0x0270
[pam]
debug_level = 0x0270...
2013 Oct 01
1
Should I forget sssd ?
...djiido.nc
> ad_server = serveur.radiodjiido.nc
> ad_domain = radiodjiido.nc
> ldap_schema = ad
> id_provider = ad
> access_provider = simple
> enumerate = true
> cache_credentials = true
> auth_provider = krb5
> chpass_provider = krb5
> krb5_realm = RADIODJIIDO.NC
> krb5_server = serveur.radiodjiido.nc
> krb5_kpasswd = serveur.radiodjiido.nc
> #next line only lists users with uidNumber/gidNumber entered via ldbedit
> ldap_id_mapping = false
> ldap_referrals = false
> ldap_uri = ldap://serveur.radiodjiido.nc
> ldap_search_base = dc=radiodjiido,dc=nc
>...
2015 Jan 07
0
Password Must Change using SSSD in Samba 4.1.10
...= 0
[domain/EXAMPLE]
entry_cache_timeout = 600
entry_cache_group_timeout = 600
min_id = 1000
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_schema = rfc2307bis
ldap_uri = ldap://smbad.intra.example.com:390/
ldap_search_base = dc=intra,dc=example,dc=com
cache_credentials = true
krb5_server = smbad.intra.example.com:8880
krb5_realm= INTRA.EXAMPLE.COM <http://intra.example.com/>
ldap_default_bind_dn = cn=admin,dc=intra,dc=example,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = 6pNEn7Eo3zmz9MxciGLx
4. I have also tried to achieve above thing using command li...
2014 Jul 28
0
[sssd] Not seeing Secondary Groups
...earch_base = DC=EXAMPLE,DC=COM?subtree?&(objectclass=group)(gidnumber=*)
ldap_group_objectsid = objectSid
ldap_group_member = member
ldap_group_object_class = group
ldap_group_uuid = objectGUID
ldap_group_nesting_level = 0
krb5_auth_timeout = 5
krb5_renew_interval = 60
krb5_realm = EXAMPLE.COM
krb5_server = ad.example.com
ldap_krb5_init_creds = true
/etc/nsswitch
passwd: files sss
shadow: files sss
group: files sss
initgroups: files sss
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc:...
2016 Feb 02
3
Mac OS X and ACL's
...# access_provider = ldap # ldap_access_order = expire # ldap_account_expire_policy = ad # Enumeration is discouraged for performance reasons. # enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = dc01$@AUTH.DOMAIN.COM krb5_realm = AUTH.DOMAIN.COM krb5_server = dc01.auth.domain.com krb5_kpasswd = dc01.auth.domain.com ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_shell = loginShell ldap_group_object_class...
2014 Feb 18
0
sssd + samba4 not working (yet)
...ema = rfc2307bis
id_provider = ldap
access_provider = simple
# on large directories, you may want to disable enumeration for performance
reasons
enumerate = true
auth_provider = krb5
chpass_provider = krb5
ldap_sasl_mech = gssapi
ldap_sasl_authid = bubba3-one$@EARTH.LOCAL
krb5_realm = EARTH.LOCAL
krb5_server = bubba3-one.earth.local
krb5_kpasswd = bubba3-one.earth.local
ldap_krb5_keytab = /etc/krb5.sssd.keytab
ldap_krb5_init_creds = true
ldap_referrals = false
ldap_uri = ldap://bubba3-one.earth.local
ldap_search_base = dc=earth,dc=local
dyndns_update=false
ldap_id_mapping=false
ldap_user_object_cla...
2012 Aug 29
2
replication error?
Samba4 beta6. CentOS 6.3.
I have a CentOS client, using sssd, bound to a samba4 domain. The sssd
configuration uses GSSAPI to bind to the directory. In both scenarios
below, kerberos is fine, DNS is fine, I can use ldapsearch and bind to the
directory with GSSAPI just fine, etc.
If I have just one DC, everything works perfectly well for weeks on end.
If I have two or more DC's,
2019 Oct 16
0
Can't setup kerberos auth for samba4 server?
...sd]
> services = nss, pam, autofs
> domains = ADA.DE <http://ada.de/>
> debug_level = 0x0270
>
> [domain/ADA.DE <http://ada.de/>]
> enumerate = true
> cache_credentials = True
> krb5_realm = ADA.DE <http://ada.de/>
> ldap_search_base = dc=ada,dc=de
> krb5_server = ad01.ada.de, ad02.ada.de
> id_provider = ad
> auth_provider = ad
> ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/
> ldap_id_use_start_tls = True
> ldap_tls_cacertdir = /etc/openldap/cacerts
> debug_level = 0x0270
>
> [nss]
> homedir_substring = /home
>...
2013 Oct 17
1
Authenticating sudo with ipa.
...vider = ipa
ipa_server = _srv_, 192-168-0-100.local
dns_discovery_domain = 192-168-0-100.local
sudo_provider = ldap
ldap_uri = ldap://192-168-0-100.local
ldap_sudo_search_base = ou=sudoers,dc=local
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/192-168-0-100.local at LOCAL
ldap_sasl_realm = local
krb5_server = 192-168-0-100.local
[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2
domains = 192-168-0-100.local
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
## /etc/nsswitch.conf on client
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used service...
2016 Feb 02
0
Mac OS X and ACL's
...# access_provider = ldap # ldap_access_order = expire # ldap_account_expire_policy = ad # Enumeration is discouraged for performance reasons. # enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = dc01$@AUTH.DOMAIN.COM krb5_realm = AUTH.DOMAIN.COM krb5_server = dc01.auth.domain.com krb5_kpasswd = dc01.auth.domain.com ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_shell = loginShell ldap_group_object_class...
2019 Oct 16
2
Can't setup kerberos auth for samba4 server?
...t; domains = ADA.DE <http://ada.de/>
> > debug_level = 0x0270
> >
> > [domain/ADA.DE <http://ada.de/>]
> > enumerate = true
> > cache_credentials = True
> > krb5_realm = ADA.DE <http://ada.de/>
> > ldap_search_base = dc=ada,dc=de
> > krb5_server = ad01.ada.de, ad02.ada.de
> > id_provider = ad
> > auth_provider = ad
> > ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/
> > ldap_id_use_start_tls = True
> > ldap_tls_cacertdir = /etc/openldap/cacerts
> > debug_level = 0x0270
> >
> > [ns...
2016 Feb 02
2
Mac OS X and ACL's
...# access_provider = ldap # ldap_access_order = expire # ldap_account_expire_policy = ad # Enumeration is discouraged for performance reasons. # enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = dc01$@AUTH.DOMAIN.COM krb5_realm = AUTH.DOMAIN.COM krb5_server = dc01.auth.domain.com krb5_kpasswd = dc01.auth.domain.com ldap_krb5_keytab = /etc/krb5.sssd.keytab ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_user_shell = loginShell ldap_group_object_class...
2015 May 08
4
ldap host attribute is ignored
>> But instead i get
>> centos: sshd[7929]: pam_unix(sshd:session): session opened for user
>> <username>
>
> "pam_unix" should be an indication that <username> appears in the local
> unix password files. Make sure that it doesn't.
Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow
>
> What do /etc/pam.d/sshd and