search for: krb5cc_0

...t I am not getting any error. How can a initial ticket granted to one user can be used for another user. Can you give some clarification. I am not an expert hence this doubt. I am using win 2003 AD. [root at 0050568B7DEB samba-4.3.4]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) [root at 0050568B7DEB samba-4.3.4]# kinit nagaraj Password for nagaraj at TEST.LOCAL: [root at 0050568B7DEB samba-4.3.4]# ./bin/smbclient -L ADIR -s /etc/samba/smb.conf -U test123 -k -d 5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_...

...18:18:16 doloresdc cifs.upcall: sec=1 Apr 11 18:18:16 doloresdc cifs.upcall: uid=0 Apr 11 18:18:16 doloresdc cifs.upcall: creduid=0 Apr 11 18:18:16 doloresdc cifs.upcall: user=root Apr 11 18:18:16 doloresdc cifs.upcall: pid=4459 Apr 11 18:18:16 doloresdc cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_0 Apr 11 18:18:16 doloresdc cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_0 is valid ccache Apr 11 18:18:16 doloresdc cifs.upcall: handle_krb5_mech: getting service ticket for doloresdc Apr 11 18:18:16 doloresdc cifs.upcall: handle_krb5_mech: obtained service ticket user steve2, (uid=3000032) goes...

I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,

hi, now after 10 hours my samba has the next crash and need to restart winbind. Here are the list/kinit: # before kinit pl0024:~# klist klist: Credentials cache file '/tmp/krb5cc_0' not found pl0024:~# kinit Administrator Password for Administrator at HQ.KONTRAST: pl0024:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator at HQ.KONTRAST Valid starting Expires Service principal 23.09.2016 07:21:04 23.09.2016 17:21:04 krbtgt/HQ.K...

...erbuser at MYDOMAIN.LOCAL 9 1 kerbuser at MYDOMAIN.LOCAL The machine name is webserver and it resolve successfully the machine name webserver.mydomain.local via DNS. I can successfully kinit with the user : kinit -V -k -t /root/my.keytab kerbuser at MYDOMAIN.LOCAL Using default cache: /tmp/krb5cc_0 Using principal: kerbuser at MYDOMAIN.LOCAL Using keytab: /root/my.keytab Authenticated to Kerberos v5 But using the principal fail : kinit -V -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL Using default cache: /tmp/krb5cc_0 Using principal: HTTP/webserver.MYDOMAIN.LOCAL Using keytab: /ro...

...eb 8 09:51:46 trog cifs.upcall: user=smbadmin at PHYSICS.WISC.EDU Feb 8 09:51:46 trog cifs.upcall: pid=27600 Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: scandir error on directory '/run/user/0': No such file or directory Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_0 Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_0 is valid ccache Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_1494_sM11PG Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: /tmp/krb5cc_1494_sM11PG is owned by 1494, not 0 Feb 8 09:51:46 trog cifs.upcall: ha...

...ected to two Windows 2008 R2 DC's. On the Samba machine, if I run `ldbsearch -H ldaps://*SAMBA-DC-IP* -U administrator` It asks for my password and then works great. I can use any domain user and this works. However, if I instead run: `ldbsearch -H ldaps://10.120.160.12 -k1 --krb5-ccache=/tmp/krb5cc_0` I get this: Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to '...' with backend 'ldaps': (null) Failed to connect to ... - (null) This happens regardless of whether or not the ticket exists at /tmp/krb5cc_0 (I can run kinit to create...

...ntrast.de>> wrote: > >> hi, >> >> now after 10 hours my samba has the next crash and need to restart >> winbind. >> >> Here are the list/kinit: >> >> # before kinit >> pl0024:~# klist >> klist: Credentials cache file '/tmp/krb5cc_0' not found >> pl0024:~# kinit Administrator >> Password for Administrator at HQ.KONTRAST: >> pl0024:~# klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: Administrator at HQ.KONTRAST >> >> Valid starting Expires Service...

...rror. How can a initial ticket granted to > one user can be used for another user. Can you give some clarification. I > am not an expert hence this doubt. I am using win 2003 AD. > > [root at 0050568B7DEB samba-4.3.4]# klist > klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) > > [root at 0050568B7DEB samba-4.3.4]# kinit nagaraj > Password for nagaraj at TEST.LOCAL: > > [root at 0050568B7DEB samba-4.3.4]# ./bin/smbclient -L ADIR -s > /etc/samba/smb.conf -U test123 -k -d 5 > INFO: Current debug levels: > all: 5 > tdb: 5 > printdrive...

...> [root at machinename mnt]# kinit -k MACHINENAME$ Fairly sure I have said this already, but if I haven't, I will say it now: Do not use kinit to get the machines kerberos ticket, winbind has already acquired one for you. > [root at machinename mnt]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: MACHINENAME$@CAMPUS > > Valid starting Expires Service principal > 02/28/2024 11:50:55 02/28/2024 21:50:55 krbtgt/CAMPUS at CAMPUS > renew until 02/29/2024 11:50:55 > [root at machinename mnt]# mount -t cifs //server/share /mnt/test >...

...ee post "[Samba] Samba 3.0.0 RC1: Unable to find a suitable server")! Once again the process of the "successful join" to my ADS realm with the missing Kerberos credentials: ***** SNIP **** [root@samba30srv samba]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@samba30srv samba]# kinit Administrator@SAMBA30.TEST Password for Administrator@SAMBA30.TEST: [root@samba30srv samba]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator@SAMBA30.TEST Valid starting...

...ing RPMs of MIT Kerberos 5: krb5-workstation-1.2.7-14 pam_krb5-1.60-1 krb5-devel-1.2.7-14 krb5-server-1.2.7-14 krb5-libs-1.2.7-14 Kerberos 5 is working like a charm with my Windows 2003 Server: *** SNIP *** [root@samba30srv source]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@samba30srv source]# kinit Administrator@SAMBA30.TEST Password for Administrator@SAMBA30.TEST: [root@samba30srv source]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator@SAMBA30.TEST Valid starting...

...r cases where services act as clients, like using nss_ldap for unix host accounts, I understand the credentials cache should be initiated by an external program (cron and startup script), at least with the TGT and maybe the TGS for ldap. Since usually kerberosv5 cache is based on the user id ( /tmp/krb5cc_0 for root) there's an option in ldap.conf (krb5_ccname) to set the filename (/etc/.ldapcache in nss_ldap tutorials) for this cache. Is there any way to do this with dovecot-ldap.conf or should I try to use "auth user" default cache filename ? Thanks in advance

...user Could not authenticate user [username] with Kerberos (ccache: FILE)   9 wbinfo --krb5auth='NTDOM\username' Enter NTDOM\username's password: plaintext kerberos password authentication for [NTDOM\username] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0   10 wbinfo --krb5auth='username at REALM' Enter username at REALM's password: plaintext kerberos password authentication for [username at REALM] failed (requesting cctype: FILE) wbcLogonUser(username at REALM): error code was NT_STATUS_LOGON_FAILURE (0xc000006d) error message wa...

...torid The strange is that the kerberos test does not give error root at radius:/usr/local/samba/bin# kinit eduardo Password for eduardo at VIRTUS.CU: Warning: Your password will expire in 44 days on lun 14 mar 2016 16:25:48 CDT root at radius:/usr/local/samba/bin# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: eduardo at VIRTUS.CU Valid starting Expires Service principal 29/01/16 15:50:33 30/01/16 01:50:33 krbtgt/VIRTUS.CU at VIRTUS.CU renew until 30/01/16 15:50:27 root at radius:/usr/local/samba/bin# kinit administrator Password for administrator at VIRTUS.C...

...ki, i've enabled offline logon and then done: ['smbcontrol winbind online' root at vdmsv1:~# wbinfo -K LNFFVG\\gaio Enter LNFFVG\gaio's password: plaintext kerberos password authentication for [LNFFVG\gaio] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 ['smbcontrol winbind offline'] root at vdmsv1:~# wbinfo -K LNFFVG\\gaio Enter LNFFVG\gaio's password: plaintext kerberos password authentication for [LNFFVG\gaio] succeeded (requesting cctype: FILE) user_flgs: NETLOGON_CACHED_ACCOUNT credentials were put in: FILE:/tmp/krb5cc_0 G...

...nd then done: > > ['smbcontrol winbind online' > root at vdmsv1:~# wbinfo -K LNFFVG\\gaio > Enter LNFFVG\gaio's password: > plaintext kerberos password authentication for [LNFFVG\gaio] > succeeded (requesting cctype: FILE) > credentials were put in: FILE:/tmp/krb5cc_0 > > ['smbcontrol winbind offline'] > root at vdmsv1:~# wbinfo -K LNFFVG\\gaio > Enter LNFFVG\gaio's password: > plaintext kerberos password authentication for [LNFFVG\gaio] > succeeded (requesting cctype: FILE) > user_flgs: NETLOGON_CACHED_ACCOUNT > crede...

I would like to set the renewable lifetime to 90 days. What is the best way to set the Kerberos ticket maximum renewable lifetime. ~# smbd --version Version 4.12.2-Ubuntu ~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at MYDOM Valid starting Expires Service principal 07/02/20 18:08:16 07/03/20 04:08:16 krbtgt/MYDOM at MYDOM renew until 07/03/20 18:08:11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

...the wiki page: > https://wiki.samba.org/index.php/PAM_Offline_Authentication Apparently works as expected: root at dane:~# wbinfo -K gaio Enter gaio's password: plaintext kerberos password authentication for [gaio] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 root at dane:~# smbcontrol winbind offline root at dane:~# wbinfo -K gaio Enter gaio's password: plaintext kerberos password authentication for [gaio] succeeded (requesting cctype: FILE) user_flgs: NETLOGON_CACHED_ACCOUNT credentials were put in: FILE:/tmp/krb5cc_0 root at dane:~# ssh g...

...wing content: *dn: cn=Leerkrachten,cn=Users,DC=stp4,DC=stp,DC=internal changetype: modify add: objectClass objectClass: posixGroup - add: gidNumber gidNumber: 30000* It then runs the following command * ldbmodify --url=ldap://samba4-3.stp4.stp.internal --kerberos=yes --krb5-ccache=FILE:/tmp/krb5cc_0 /tmp/group* klist shows the following: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: SAMBA4-3$@STP4.STP.INTERNAL Valid starting Expires Service principal 05/20/13 09:34:48 05/20/13 19:34:48 krbtgt/STP4.STP.INTERNAL at STP4.STP.INTERNAL 05/20/13 10:37:42 05/20/13 19:34:48 l...