search for: master_kdc

...> Yes, check the documentation of krb5.conf. Ahem, 'apt-get install krb5-doc' misses. ;-) > In summary you will need to > disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set > you admin and kdc hostnames there, something like: How can i determine kdc and master_kdc values? All DC server are KDC and the FSMO role are master_kdc? -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.ga...

In my old Samba/NT/OpenLDAP domains i was used to setup, on some specific hosts/VM, a simple authentication scheme, so i simply create locally (eg 'adduser') some users, and then i setupped only PAM part of ldap. Seems to me now, on Samba/AD, to use Kerberos. And seems also TOO easy! I've simply installed 'libpam-krb5', reply to the debconfig question wit the AD/Kerberos

..._realm = HQ.KONTRAST > dns_lookup_realm = false > dns_lookup_kdc = true > ticket_lifetime = 1d > renew_lifetime = 5d > > [realms] > HQ.KONTRAST = { > kdc = vl0227.hq.kontrast > kdc = vl0230.hq.kontrast > kdc = pl0231.hq.kontrast > master_kdc = vl0227.hq.kontrast > admin_server = vl0227.hq.kontrast > } > > [domain_realm] > .hq.kontrast = HQ.KONTRAST > hq.kontrast = HQ.KONTRAST > > [logging] > kdc = SYSLOG:INFO:DAEMON > admin_server = FILE:/var/log/kadmind.log > > > So what...

...rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] RDOMAIN.PRV = { default_domain = RDOMAIN.PRV master_kdc = dc02.rdomain.prv admin_server = dc02.rdomain.prv kdc = aurad.rdomain.prv kdc = addc01.rdomain.prv kdc = addc02.rdomain.prv kdc = addc03.rdomain.prv #kdc = addc04.rdomain.prv kdc = addc0...

...e = 120 and Master krb5.conf looks [libdefaults] default_realm = HQ.KONTRAST dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 1d renew_lifetime = 5d [realms] HQ.KONTRAST = { kdc = vl0227.hq.kontrast kdc = vl0230.hq.kontrast kdc = pl0231.hq.kontrast master_kdc = vl0227.hq.kontrast admin_server = vl0227.hq.kontrast } [domain_realm] .hq.kontrast = HQ.KONTRAST hq.kontrast = HQ.KONTRAST [logging] kdc = SYSLOG:INFO:DAEMON admin_server = FILE:/var/log/kadmind.log So what i saw was GPOs are default empty. i need for winbind configure...

...tc/krb5.conf i've set: [libdefaults] default_realm = AD.AC.CONCORDIA-PORDENONE.IT dns_lookup_realm = false dns_lookup_kdc = false kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] AD.AC.CONCORDIA-PORDENONE.IT = { kdc = kdc.ad.ac.concordia-pordenone.it master_kdc = kdc.ad.ac.concordia-pordenone.it admin_server = kdc.ad.ac.concordia-pordenone.it default_domain = ad.ac.concordia-pordenone.it } clearly, 'kdc.ad.ac.concordia-pordenone.it' is in /etc/hosts: root at vfwacpn1:~# grep kdc /etc/hosts 10.172.1.8 vdcacpn1.ac.concordia-pordenone.it kdc...

...ibdefaults] default_realm = EU.ACME.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] EU.ACME.COM = { kdc = amsterdam-dc02.eu.acme.com kdc = amsterdam-dc01.eu.acme.com admin_server = amsterdam-dc02.eu.acme.com master_kdc = amsterdam-dc02.eu.acme.com default_domain = eu.acme.com } [domain_realm] eu.acme.com = EU.ACME.COM .eu.acme.com = EU.ACME.COM .acme.com = EU.ACME.COM acme.com = EU.ACME.COM [kdc] profile = /etc/kdc.conf smb.conf [global] workgroup = ACME password server = 10...

...ATE.DOM dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = yes udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] PRIVATE.AAA.PRIVATE.DOM = { kdc = swir.private.aaa.private.dom:88 master_kdc = swir.private.aaa.private.dom:88 admin_server = swir.private.aaa.private.dom:749 default_domain = private.aaa.private.dom pkinit_anchors = FILE:/etc/ipa/ca.crt } AAA.PRIVATE.DOM = { kdc = win-srv.aaa.private.dom:88 domain_server = wins-rv1.aaa.private.dom:749 admin_server = win...

Hi, I have a Ubuntu server 12.4.LTS running version 3.6.3 of winbindd. I use the MS AD to authenticate users, this works fine while there is no problems with the AD server. If the AD server reboots the winbind never switches to other AD servers, there are 4 here. I used this to joint the domain: net join -U admin createcomputer="OU=Servers,OU=abc,DC=domain,DC=com I can't find

...putting some info on /etc/hosts?! > Yes, check the documentation of krb5.conf. In summary you will need to disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set you admin and kdc hostnames there, something like: [realms] EXAMPLE.COM = { kdc = kdc.example.com:88 master_kdc = kdc.example.com:88 admin_server = kadmin.example.com:749 default_domain = example.com .... } > > Thanks. >

...ault_realm = HQ.KONTRAST > dns_lookup_realm = false > dns_lookup_kdc = true > ticket_lifetime = 1d > renew_lifetime = 5d > > [realms] > HQ.KONTRAST = { > kdc = vl0227.hq.kontrast > kdc = vl0230.hq.kontrast > kdc = pl0231.hq.kontrast > master_kdc = vl0227.hq.kontrast > admin_server = vl0227.hq.kontrast > } > > [domain_realm] > .hq.kontrast = HQ.KONTRAST > hq.kontrast = HQ.KONTRAST > > [logging] > kdc = SYSLOG:INFO:DAEMON > admin_server = FILE:/var/log/kadmind.log > > > So wh...

Our samba boxes are integrated with our Windows 2003 AD domain, with Windows servers acting as AD domain controllers. Everything is working fine, but in my krb.conf and krb5.conf files on my Linux boxes, I currently only have one Windows server specified as the AD logon server. If that server is down, I suspect that Linux users could not login. How to I specify more than one AD domain controller

Hi, are there any common causes for a windows machines failure to find a samba domain controller? im trying to join a windows 2008 server to a samba[3.4.0] PDC and debug/netsetup says "failed to find a DC in the specified domain". cheers

On 04-03-2024 21:54, Rowland Penny via samba wrote: > On Mon, 4 Mar 2024 14:14:18 +0100 > Marco Gaiarin via samba <samba at lists.samba.org> wrote: > >> Mandi! Kees van Vloten via samba >> In chel di` si favelave... >> >>> Interesting, I tried running it with -d 10, it shows a lot of >>> output. >> The same. My output is a bit more

...tix.org                 kdc = kerberos2.dementix.org                 admin_server = kerberos.dementix.org         }         stanford.edu = {                 kdc = krb5auth1.stanford.edu                 kdc = krb5auth2.stanford.edu                 kdc = krb5auth3.stanford.edu                 master_kdc = krb5auth1.stanford.edu                 admin_server = krb5-admin.stanford.edu                 default_domain = stanford.edu         }         UTORONTO.CA = {                 kdc = kerberos1.utoronto.ca                 kdc = kerberos2.utoronto.ca                 kdc = kerberos3.utoronto.ca...

...-------------------------- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.COM ticket_lifetime = 24h forwardable = yes [realms] MYDOMAIN.COM = { kdc = dc.MYDOMAIN.COM master_kdc = dc.MYDOMAIN.COM admin_server = dc.MYDOMAIN.COM default_domain = MYDOMAIN.COM } [domain_realm] .MYDOMAIN.COM = MYDOMAIN.COM MYDOMAIN.COM = MYDOMAIN.COM

...lm = AD.AC.CONCORDIA-PORDENONE.IT > dns_lookup_realm = false > dns_lookup_kdc = false > kdc_timesync = 1 > ccache_type = 4 > forwardable = true > proxiable = true > > [realms] > AD.AC.CONCORDIA-PORDENONE.IT = { > kdc = kdc.ad.ac.concordia-pordenone.it > master_kdc = kdc.ad.ac.concordia-pordenone.it > admin_server = kdc.ad.ac.concordia-pordenone.it > default_domain = ad.ac.concordia-pordenone.it > } > > clearly, 'kdc.ad.ac.concordia-pordenone.it' is in /etc/hosts: > > root at vfwacpn1:~# grep kdc /etc/hosts > 10.172.1....

...:DAEMON  admin_server = SYSLOG:INFO:DAEMON [libdefaults]  default_realm = EXAMPLE.COM  dns_lookup_realm = false  dns_lookup_kdc = false  ticket_lifetime = 10h  renew_lifetime = 7d  forwardable = true  allow_weak_crypto = true [realms]  EXAMPLE.COM = {    default_domain = example.com    master_kdc= domserver1.example.com    kdc=domserver1.example.com    kdc=domserver2.example.com    admin_server=domserver1.example.com  } [domain_realm]  example.com = EXAMPLE.COM  subnet1.example.com = EXAMPLE.COM  .subnet1.example.com = EXAMPLE.COM  subnet2.example.com = EXAMPLE.COM  .subnet2.examp...

Hi Rowland, I made the change you suggested to auto refresh kerberos. It didn't seem to fix the issue unfortunately, even after a machine restart. Following your line of reasoning that it is a Kerberos issue, I then tried to grab a new kerberos ticket on the server in question which appears to fail though. Perhaps this gives some further insight? pi at fs1:~ $ kinit administrator at

...ent #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = LOCAL dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] LOCAL = { kdc = 192-168-0-100.local:88 master_kdc = 192-168-0-100.local:88 admin_server = 192-168-0-100.local:749 default_domain = 192-168-0-100.local pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .192-168-0-100.local = LOCAL 192-168-0-100.local = LOCAL .local = LOCAL local = LOCAL