Displaying 20 results from an estimated 938 matches for "krbtgt".
2014 Jul 09
1
deleted krbtgt user
So I did a very dumb move and deleted the krbtgt user from my working
samba4 installation. Now of course, this broke the installation... trying
to fix things, I recreated the user (and made it member of the
administrator group) which let me start samba4 again but now, whenever I
try to log in a user on a workstation, in the logs it gives me t...
2015 Jul 14
2
krbtgt user not showing aes types
I have found source4/scripting/devel/chgtdcpass for adding the aes types
to machines. I know you have to change the password of normal users.
How do you fix this for krbtgt? Can you just change the password? Is
there a recommended method?
Thank you for any help,
Trever
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists....
2017 Apr 23
1
kerberos got crazy after ubuntu upgrade from 14.04 to 16.04
...throws in auth.log when I try to log in with a
> > win2008 client:
> >
> > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31
> > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135
> > 3})
> > 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV,
> > Client
> > not found in Kerberos database
> > Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15
> > Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> > -135})
> > 192.168.0.139: PROCESS_TGS: authtime 0, <unknown client>...
2017 Apr 23
4
kerberos got crazy after ubuntu upgrade from 14.04 to 16.04
...n
admin_server = pdc.biuro.domain
}
this is what kerberos throws in auth.log when I try to log in with a
win2008 client:
Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31
Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 3})
192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, Client
not found in Kerberos database
Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15
Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24 -135})
192.168.0.139: PROCESS_TGS: authtime 0, <unknown client> for
krbtgt/BIURO.domain at BIURO.domain, Bad encryption ty...
2016 Feb 25
1
Trouble adding a service principal to keytab
...CHE$@SAMBATEST.GEMTALKSYSTEMS.COM
1 Administrator at SAMBATEST.GEMTALKSYSTEMS.COM
1 Administrator at SAMBATEST.GEMTALKSYSTEMS.COM
1 Administrator at SAMBATEST.GEMTALKSYSTEMS.COM
1 Administrator at SAMBATEST.GEMTALKSYSTEMS.COM
1 Administrator at SAMBATEST.GEMTALKSYSTEMS.COM
1 krbtgt at SAMBATEST.GEMTALKSYSTEMS.COM
1 krbtgt at SAMBATEST.GEMTALKSYSTEMS.COM
1 krbtgt at SAMBATEST.GEMTALKSYSTEMS.COM
1 krbtgt at SAMBATEST.GEMTALKSYSTEMS.COM
1 krbtgt at SAMBATEST.GEMTALKSYSTEMS.COM
1 normg at SAMBATEST.GEMTALKSYSTEMS.COM
1 normg at SAMBATEST.GEMTALKSYSTEMS.COM...
2020 Jun 13
2
Samba not providing the right encryption in Kerberos
...to Samba3 and has been gradually updates over the years.
When I check out a ticket I get the following results from klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user at OLDDOMAIN
Valid starting Expires Service principal
06/12/2020 23:25:04 06/13/2020 09:25:04 krbtgt/ OLDDOMAIN at OLDDOMAIN
renew until 06/13/2020 23:25:00, Etype (skey, tkt): aes256-cts-hmac-sha1-96, arcfour-hmac
On a separate newly created domain I get tickets like this:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user at NEWDOMAIN
Valid starting Expires S...
2003 Jun 23
1
Strange UID/GID mapping in Samba-3beta1 and Win2003 server
...server.
Everythings work, wbinfo, getent passwd and so on.
Now to the problem:
When I list the users with getent passwd I get:
Administrator:x:10000:10000:Administrator:/global/mnt1/SAMBA/home/TEST.SE/administrator:/bin/sh
Guest:x:10001:10002:Guest:/global/mnt1/SAMBA/home/TEST.SE/guest:/bin/sh
krbtgt:x:10002:10000:krbtgt:/global/mnt1/SAMBA/home/TEST.SE/krbtgt:/bin/sh
root:x:10003:10000:root:/global/mnt1/SAMBA/home/TEST.SE/root:/bin/sh
patrikg:x:10004:10000:patrik
Gustavsson:/global/mnt1/SAMBA/home/TEST.SE/patrikg:/bin/sh
fmuser:x:10005:10000:fmuser:/global/mnt1/SAMBA/home/TEST.SE/fmuser:/bin/s...
2015 Jun 30
0
Account lockout
...login with a bad password, it
appears that when I press enter after entering a bad password, 2
attempts are made at checking it. The second time I enter a bad
password, the account is locked.
<grep aslate log.samba>
Kerberos: AS-REQ aslate at DOMAIN from ipv4:123.123.123.50:65414 for
krbtgt/DOMAIN at DOMAIN
Kerberos: Looking for PKINIT pa-data -- aslate at DOMAIN
Kerberos: Looking for ENC-TS pa-data -- aslate at DOMAIN
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- aslate at DOMAIN
Kerberos: AS-REQ aslate at DOMAIN from ipv4:123.123.123.50:65415 for
krbtgt/DOMA...
2015 Jan 27
2
Can't get idmap_ad to work with winbind (only idmap_rid)
...ST:schema_mode = rfc2307
idmap config TEST:range = 100000-2000000
winbind nss info = rfc2307
in the AD member server's smb.conf, getent passwd gives me
administrator:*:70000:70017:Administrator:/home/TEST/administrator:/bin/false
test:*:70003:70004:Test User:/home/TEST/test:/bin/false
krbtgt:*:70001:70004:krbtgt:/home/TEST/krbtgt:/bin/false
guest:*:70002:70005:Guest:/home/TEST/guest:/bin/false
So the TEST:range is ignored, *:range is used instead. User Shell, Home
Dir and the UID (102000 for the test user) from the UNIX attributes in
AD are ignored.
When I set
idmap config *:b...
2015 Jul 14
0
krbtgt user not showing aes types
On 14/07/15 15:46, Trever L. Adams wrote:
> I have found source4/scripting/devel/chgtdcpass for adding the aes types
> to machines. I know you have to change the password of normal users.
>
> How do you fix this for krbtgt? Can you just change the password? Is
> there a recommended method?
>
> Thank you for any help,
> Trever
>
>
>
You could try looking here:
https://lists.samba.org/archive/samba-technical/2015-February/105674.html
Rowland
2020 Oct 30
2
Setting up Backup AD DC
On Fri, 2020-10-30 at 15:21 +0100, Norbert Hanke via samba wrote:
> On 29.10.2020 18:27, Tom Diehl via samba wrote:
> >
> > Maybe I am missing something, but what is the secure way to run an
> > automated
> > backup on recent versions of samba? Can samba-tool domain backup be
> > made to use
> > kerberos so I do not need to store an admin password in an
>
2018 Mar 22
0
access is denied to the Windows share folder because of the ticket kerberos
...ndows7
windows_file_server: windows server 2008
/var/log/samba/mit_kdc.log
мар 22 15:43:49 samba_dc_server krb5kdc[17891](info): commencing operation
мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 10.2.1.12: NEEDED_PREAUTH: vas.lah at example.ru for krbtgt/example
.ru at example.ru, Additional pre-authentication required
мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): closing down fd 20
мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 10.2.1.12: ISSUE: authtime 1521715436, etypes {rep=18 tkt=18
ses=18...
2017 Oct 11
2
Opensolaris-ish joins but does not seem to be valid
...KDC_REQ_BODY
Padding: 0
KDCOptions: 00000010 (Renewable OK)
Client Name (Service and Host): root/host.example.com
Name-type: Service and Host (3)
Name: root
Name: host.example.com
Realm: EXAMPLE.COM
Server Name (Principal): krbtgt/EXAMPLE.COM
Name-type: Principal (1)
Name: krbtgt
Name: EXAMPLE.COM
from: 2017-10-11 22:30:52 (UTC)
till: 2017-10-12 08:30:52 (UTC)
Nonce: 1507761052
Encryption Types: aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 r...
2014 Mar 12
1
Strange GID and UID with winbindd + Samba AD DC
...ocal group}
nullmail:x:88:
sqlservermssqlserveradhelperuser$win2k8srv01:x:4294967295:
allowed rodc password replication group:x:4294967295:
enterprise read-only domain controllers:x:4294967295:
sqlserver2005sqlbrowseruser$win2k8srv01:x:4294967295:
denied rodc password replication group:x:4294967295:krbtgt
read-only domain controllers:x:4294967295:
group policy creator owners:x:4294967295:administrator
docs:x:508:user002,user003,
software:x:511:dcmwai
finance:x:1005:dcmwai
mtcusers:x:4294967295:llchai,mtcuser01
ras and ias servers:x:4294967295:
domain controllers:x:4294967295:
enterprise admins:x:429...
2018 Apr 14
3
smbclient kerberos auth fails
...FILE:/var/log/krb5/def.log
* run kinit aaptel at FOO.COM, type pw, ok
* klist output:
Ticket cache: DIR::/run/user/1000/krb5cc/tktEOK9Bs
Default principal: aaptel at FOO.COM
Valid starting Expires Service principal
04/14/2018 13:49:22 04/14/2018 23:49:22 krbtgt/FOO.COM at FOO.COM
renew until 04/15/2018 13:49:21
At this point I think it should work, but I get:
$ smbclient //foo.com/share -k
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/foo.com failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
SPNEGO: Could not find a suitabl...
2014 Aug 27
3
getent group is not working
...rking, these are my configuration files and the output of the commands.
Note: the domain controller has samba installed from source (4.1.11), the member server has the distro packages installed (4.1.0)
blue25:/home/SIENIC/administrator # wbinfo -u
SIENIC\administrator
SIENIC\dns-server01
SIENIC\krbtgt
SIENIC\guest
blue25:/home/SIENIC/administrator # wbinfo -g
SIENIC\allowed rodc password replication group
SIENIC\enterprise read-only domain controllers
SIENIC\denied rodc password replication group
SIENIC\read-only domain controllers
SIENIC\group policy creator owners
SIENIC\ras and ias servers
S...
2015 Mar 10
2
setting up W7 profiles
...11:48, Bob of Donelson Trophy wrote:
>
>
> Okay, so I tried a "Bob thing" and it made no difference. So, no comment
> on that. However, I am learning.
>
> This is 'wbinfo -*' from my DC1:
>
> root at tdc01:~# wbinfo -u
> Administrator
> Guest
> krbtgt
> dns-tdc01
> dns-TDC02
> root at tdc01:~# wbinfo -g
> Enterprise Read-Only Domain Controllers
> Domain Admins
> Domain Users
> Domain Guests
> Domain Computers
> Domain Controllers
> Schema Admins
> Enterprise Admins
> Group Policy Creator Owners
> Read-Only...
2017 Apr 23
0
kerberos got crazy after ubuntu upgrade from 14.04 to 16.04
...:
> this is what kerberos throws in auth.log when I try to log in with a
> win2008 client:
>
> Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31
> Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135
> 3})
> 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV,
> Client
> not found in Kerberos database
> Apr 23 09:17:55 pdc krb5kdc[643]: closing down fd 15
> Apr 23 09:17:56 pdc krb5kdc[643]: TGS_REQ (5 etypes {18 17 23 24
> -135})
> 192.168.0.139: PROCESS_TGS: authtime 0, <unknown client> for
> krbtgt/BIURO.domain...
2017 Apr 23
2
kerberos got crazy after ubuntu upgrade from 14.04 to 16.04
...th = /var/lib/samba/sysvol/biuro.domain/scripts
read only = No
guest ok = yes
The result - the same. logging on a win2008 with user jkadmin gives the
following:
Apr 23 11:37:36 pdc krb5kdc[656]: AS_REQ (6 etypes {18 17 23 24 -135 3})
192.168.0.139: CLIENT_NOT_FOUND: jkadmin at biuro.domain.pl for krbtgt/
biuro.domain.pl at biuro.domain.pl, Client not found in Kerberos database
Apr 23 11:37:36 pdc krb5kdc[656]: closing down fd 15
Apr 23 11:37:36 pdc krb5kdc[656]: DISPATCH: repeated (retransmitted?)
request from 192.168.0.139, resending previous response
Apr 23 11:37:36 pdc krb5kdc[656]: closing dow...
2020 Oct 02
3
Kerberos ticket lifetime
...still have a valid kerberos ticket, it just doesn't seem to have
been refreshed when I expected :-\
Old ticket:
Ticket cache: FILE:/tmp/krb5cc_10000
Default principal: rowland at SAMDOM.EXAMPLE.COM
Valid starting???? Expires??????????? Service principal
01/10/20 15:34:44? 02/10/20 01:34:44
krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM
??? renew until 08/10/20 15:34:44
01/10/20 15:34:44? 02/10/20 01:34:44? CEN8$@SAMDOM.EXAMPLE.COM
??? renew until 08/10/20 15:34:44
New ticket:
Ticket cache: FILE:/tmp/krb5cc_10000
Default principal: rowland at SAMDOM.EXAMPLE.COM
Valid starting???? Expir...