search for: ktadd

...sing principal using "samba-tool spn" solve problems like these? According to https://help.ubuntu.com/community/SingleSignOn , you add a host to the kerberos realm by doing these two commands on the kerberos server: kadmin: addprinc -randkey host/client.example.com @ EXAMPLE.COM kadmin: ktadd -k ~/client.keytab host/client.example.com @ EXAMPLE.COM I am guessing that "kadmin: ktadd -k ~/client.keytab host/client.example.com@ EXAMPLE.COM" is the equivalent of "samba-tool domain exportkeytab ~/client.keytab --principal=host/client.example.com" but what is the equivale...

...le.exists?(@keytab_filename) # TODO replace with Kr5Auth when it supports admin actions - puts "Writing keytab file: #{@keytab_filename}" unless defined?(TESTING) - kadmin_local('addprinc -randkey ' + libvirt_princ) - kadmin_local('ktadd -k ' + @keytab_filename + ' ' + libvirt_princ) - kadmin_local('addprinc -randkey ' + qpidd_princ) - kadmin_local('ktadd -k ' + @keytab_filename + ' ' + qpidd_princ) + krb5conf = File.new("/etc/krb5.conf", "r") +...

...tuple, [0] is fqdn, [2] is ip address +server_fqdn = socket.gethostbyaddr(socket.gethostname())[0] + +rsyslog_princ = 'rsyslog/' + server_fqdn + '@' + default_realm +outname = '/etc/krb5.keytab' + +kadmin_local('addprinc -randkey ' + rsyslog_princ) +kadmin_local('ktadd -k ' + outname + ' ' + rsyslog_princ) + +os.chmod(outname, 0644) diff --git a/src/host-browser/host-browser.rb b/src/host-browser/host-browser.rb index d77b321..576b0f6 100755 --- a/src/host-browser/host-browser.rb +++ b/src/host-browser/host-browser.rb @@ -83,6 +83,7 @@ class HostBrows...

Hi list, Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? I set up Kerberos and NFS but get several erros "Warning: rpc.gssd appears not to be running. mount.nfs4: Permission denied" Is this an CentOS oder an config problem? Greetings Sebastian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type:

...dd_principal -randkey ldap/${INSTANCE}.${fully-qualified-domain}" Then, export that key to a keytab file. If you've deployed other services which also authenticate users using Kerberos on the same system, it's recommended that you give each one its own keytab file. kadmin -q "ktadd -k /etc/dirsrv/slapd-${INSTANCE}/${INSTANCE}.keytab ldap/${INSTANCE}.${fully-qualified-domain}" ------------ My kerberos integration has beend done. net join, net testjoin, kinit does work. My problem at the moment is the kadmin command for add and export the upn. I get always the follo...

...$ sudo mount -t nfs4 -o sec=krb5 ndgonline.net:/NDG /NDG/ mount.nfs4: access denied by server while mounting ndgonline.net:/NDG And I cannot find any log entries relating to the kerberos KDC or on the nfs server - two different machines. I have set up all the principals in the KDC and used kadmin/ktadd to load into the client and the server /etc/krb5.keytab as per the above url. How and where do I get logging to occur so I can find out the missing piece in my kerberos setup? Any help or directions appreciated. TIA -------------- next part -------------- A non-text attachment was scrubbed......

Hi, What is/will be the support for Kerberos TGT tickets in Samba 3.0 ? I am trying to find a way to authenticate users on both Windows and unix stations against the same KDC (MIT) and it would help if Samba was able to grant access based on TGT tickets delivered to the windows client and then deliver accounting information to the stations. I am afraid this follow no standart protocol, but i

...time (synced using a local NTP server) 3) Created a service principle for nfs.example.net by performing the following commands on the nfs.example.net machine: - (Performed on NFS server) a. kadmin (Logged in as an admin principle) b. addprinc -randkey nfs/nfs.example.net c. ktadd -e des-cbc-crc:normal nfs/nfs.example.net d. quit e. kinit nfs/nfs.example.net -k -t /etc/krb5.keytab f. klist to verify 4) Edited /etc/idmapd.conf with the following changes: - (Performed on NFS server) a. changed Nobody-{User,Group} to nfsnobody b. changed Do...

...9bc in process_smb (inbuf=0xb7aa6008 "", outbuf=0xb7a85008 "") at smbd/process.c:1099 #64 0x080d16f8 in smbd_process () at smbd/process.c:1561 #65 0x08246e5a in main (argc=4, argv=0xbffffdb4) at smbd/server.c:910 I have created an entry in /etc/krb5.keytab[2] with kadmin; 'ktadd daisy$'. `ktlist -k -e` shows "daisy$@LOCALDOMAIN (ArcFour with HMAC/md5)" and some more, but if I'm right Samba/Windows use arc4:hhmac encryption? After spending saturday, sunday and monday looking around the net for an answer I turn to you guys, I feel pretty lost :) Running s...

...in ticket using kinit for an account validated by a keytab .. then run >kadmin.local -q 'cpw -pw $password $username' to synchronize with Kerberos Easier (not yet more secure though) way is creating a separate Kerberos principal with permissions for password change, saving the key (with ktadd -k "file") in separate keytab and using the key with kadmin -k -t /path/keytab -p "principal_name". Then "cpw user@DOMAIN" will change password for the user. The cpw command can be passed to kadmin via expect script or via STDIN (less secure though). > > this...

...'nfs-common' on client. Ok, this is easy. b) AFAI've understood i need to create a 'principal', type 'NFS', for server and client, and store the key in ''local keytab''. Debian wiki suggest: addpriv -randkey NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT ktadd NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT but in 'samba' lingo the same operation can be obtained with (run in the client and server, with appropiate data): net -U gaio ads keytab add NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT -k done that, effectively the file /etc/krb5.keytab on server...

Hi Is there any way to re-export an nfs mounted directory? I am having three servers runnning on centos4.5 and i am trying to implement nfs share in an below manner [bcoz there is no alternative way for me to setup nfs share] HOST A--->>>EXPORTS /prod/data ------->>>HOST B HOST B ---->>MOUNTED ------>>> /prod/data-----UNDER---/PROD1 [working fine] HOST B

...s, that is easy... > > b) AFAI've understood i need to create a 'principal', type 'NFS', for > server and client, and store the key in ''local keytab''. Debian wiki > suggest: > addpriv -randkey NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT > ktadd NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT > > but in 'samba' lingo the same operation can be obtained with (run in > the client and server, with appropiate data): > > net -U gaio ads keytab add > NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT -k > > done that, effect...