search for: mayweg

...krb.conf was as long and ugly as the smb.conf, already cut most of it, but your 3 line example configuration did not work fully. With the following getting kerberos tickets and the domain join are still working. Thanks for the ongoing support! My krb5.conf: [libdefaults] default_realm = INTRANET.MAYWEG.NET dns_lookup_realm = false dns_lookup_kdc = true [realms] INTRANET.MAYWEG.NET = { kdc = 192.168.11.250 admin_server = 192.168.11.250 default_domain = INTRANET.MAYWEG.NET } [domain_realm] .intranet.mayweg.net = INTRANET.MAYWEG.NET intranet.mayweg.net = INTRANET.MAYWEG.NET On 20 March 2015...

...cation Winbind NT/Active Directory authentication LDAP Authentication GNOME Keyring Daemon - Login keyring management ConsoleKit Session Management > > Rowland > > Thanks for the ongoing support! >> >> My krb5.conf: >> [libdefaults] >> default_realm = INTRANET.MAYWEG.NET <http://INTRANET.MAYWEG.NET> >> dns_lookup_realm = false >> dns_lookup_kdc = true >> >> [realms] >> INTRANET.MAYWEG.NET <http://INTRANET.MAYWEG.NET> = { >> kdc = 192.168.11.250 >> admin_server = 192.168.11.250 >> default_domain = INT...

...z 19-Mar-2015 08:05:26.396 Registering DLZ_dlopen driver 19-Mar-2015 08:05:26.396 Registering SDLZ driver 'dlopen' 19-Mar-2015 08:05:26.396 Registering DLZ driver 'dlopen' 19-Mar-2015 08:05:26.405 Loading SDLZ driver. 19-Mar-2015 08:05:26.646 samba_dlz: started for DN DC=intranet,DC=mayweg,DC=net 19-Mar-2015 08:05:26.646 SDLZ driver loaded successfully. 19-Mar-2015 08:05:26.646 DLZ driver loaded successfully. 19-Mar-2015 08:05:26.646 samba_dlz: starting configure 19-Mar-2015 08:05:26.647 samba_dlz: configured writeable zone '11.168.192.in-addr.arpa' 19-Mar-2015 08:05:26.647 s...

...r the user accounts I could always go back to the old and ugly smb.conf ;) Will try to add/exchange some lines to create a working minimal configuration. I added the rather simple hosts and resolv.conf files of server13 as well. The new smb.conf: [global] netbios name = server13 workgroup = MAYWEG.NET security = ADS realm = INTRANET.MAYWEG.NET dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config MAYWEG.NET:backend = ad idmap config MAYWEG.NET:schema_mode = rfc2307 i...

...the answers Peter and Rowland and sorry to everybody for the spam...switched to another e-mail address and hope my messages will arrive only once from now on. As I wrote in my first mail, Kerberos does work. I can successfully request and list a ticket on the AC DC. kinit administrator at INTRANET.MAYWEG.NET Password for administrator at INTRANET.MAYWEG.NET: klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at INTRANET.MAYWEG.NET Valid starting Expires Service principal 19.03.2015 10:05:48 19.03.2015 20:05:48 krbtgt/ INTRANET.MAYWEG.NET at INTRANET.MAYWEG...

...z 19-Mar-2015 08:05:26.396 Registering DLZ_dlopen driver 19-Mar-2015 08:05:26.396 Registering SDLZ driver 'dlopen' 19-Mar-2015 08:05:26.396 Registering DLZ driver 'dlopen' 19-Mar-2015 08:05:26.405 Loading SDLZ driver. 19-Mar-2015 08:05:26.646 samba_dlz: started for DN DC=intranet,DC=mayweg,DC=net 19-Mar-2015 08:05:26.646 SDLZ driver loaded successfully. 19-Mar-2015 08:05:26.646 DLZ driver loaded successfully. 19-Mar-2015 08:05:26.646 samba_dlz: starting configure 19-Mar-2015 08:05:26.647 samba_dlz: configured writeable zone '11.168.192.in-addr.arpa' 19-Mar-2015 08:05:26.647 s...

...ossible auth methods. - windows machines can join the domain and communicate fine with the ad dc. Samba Version 3.6.6. Following the configs of the domain member to be (wheezy), they worked for a fresh wheezy install for the same domain: *smb.conf:* [global] netbios name = WheezyTest workgroup = MAYWEG.NET security = ADS realm = INTRANET.MAYWEG.NET dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config MAYWEG.NET:backend = ad idmap config MAYWEG.NET:schema_mode = rfc2307 idmap config MAYWEG.NET:rang...

...ys, thanks again for the quick answers. First, the smb.conf on the linux fileserver. It is quite long, as I took the old file (working version from samba3 configuration) and only made adjustments, like adding the realm. /etc/samba/smb.conf: [global] ### Browsing/Identification ### workgroup = MAYWEG.NET realm = INTRANET.MAYWEG.NET netbios name = server13 smb ports = 139, 445 hosts allow = 127. 192.168.11. interfaces = eth0 lo server string = SAMBA Fileserver wins support = no wins server = 192.168.11.250 name resolve order = host wins lmhosts bcast idmap uid...

...r! Actually I did get kinit and samba_dnsupdate working, though I am unsure how. I tried some changes to krb5.conf in the [realms] and [domain_realm] sections, als well as setting dns_lookup_realm = false to true, but reverted it all back to the initial file: [libdefaults] default_realm = INTRANET.MAYWEG.NET dns_lookup_realm = false dns_lookup_kdc = true After a reboot, both kinit and samba_dnsupdate worked on the host machine. Shares can be accessed, RSAT tools are working. From the linux fileserver nslookup and ping work for hostnames of domainmembers, dig command does not get an answer. The win...

Timo Altun schrieb am 19.03.2015 10:30: > As I wrote in my first mail, Kerberos does work. I can successfully request > and list a ticket on the AC DC. OK, then next things, which come to my mind are: is the keytab, you set in named.conf.options readable for the user, under which bind is run. Then, is the /etc/bind/namedb writable for bind. And in the end, it might be a screwed up

...d joined the domain. Started the services again and winbind could start as well. Thanks! Fyi, the smb.conf on AD (got a bit of a strange naming convention for workgroup/realm, but this way windows machines do not notice the change from NT4 domain to AD): # Global parameters [global] workgroup = MAYWEG.NET realm = INTRANET.MAYWEG.NET netbios name = SERVER06 interfaces = lo, eth0 bind interfaces only = Yes server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes [netlogon] path...

.... First, the smb.conf on the linux > fileserver. It is quite long, as I took the old file (working version from > samba3 configuration) and only made adjustments, like adding the realm. > > /etc/samba/smb.conf: > [global] > ### Browsing/Identification ### > > workgroup = MAYWEG.NET > realm = INTRANET.MAYWEG.NET > netbios name = server13 > smb ports = 139, 445 > hosts allow = 127. 192.168.11. > interfaces = eth0 lo > server string = SAMBA Fileserver > wins support = no > wins server = 192.168.11.250 > name reso...

Try change your resolv.conf from : >nameserver 127.0.0.1 >domain intranet.mayweg.net to nameserver 192.168.11.250 search intranet.mayweg.net >The only thing I was unsure about, was which hostname to enter >for Kerberos >Server and Kerberos admin server when asked during the >installation of the >packages.. Try these defealt settings for kerberos.. You didn...

...for > dynamic DNS > Apr 11 18:53:42 server06 named[4141]: sizing zone task pool based on 5 > zones > Apr 11 18:53:42 server06 named[4141]: Loading 'AD DNS Zone' using > driver dlopen > Apr 11 18:53:42 server06 named[4141]: samba_dlz: started for DN > DC=intranet,DC=mayweg,DC=net > Apr 11 18:53:42 server06 named[4141]: samba_dlz: starting configure > Apr 11 18:53:42 server06 named[4141]: samba_dlz: configured writeable > zone '111.168.192.in-addr.arpa' > Apr 11 18:53:42 server06 named[4141]: samba_dlz: configured writeable > zone 'intrane...

...I am unsure how. I tried >some changes to >> krb5.conf in the [realms] and [domain_realm] sections, als well as >> setting dns_lookup_realm = false to true, but reverted it >all back to the >> initial file: >> >> [libdefaults] >> default_realm = INTRANET.MAYWEG.NET >> dns_lookup_realm = false >> dns_lookup_kdc = true >> >> After a reboot, both kinit and samba_dnsupdate worked on the >host machine. >> Shares can be accessed, RSAT tools are working. From the >linux fileserver >> nslookup and ping work for hostname...

...r06 named[4141]: generating session key for dynamic DNS Apr 11 18:53:42 server06 named[4141]: sizing zone task pool based on 5 zones Apr 11 18:53:42 server06 named[4141]: Loading 'AD DNS Zone' using driver dlopen Apr 11 18:53:42 server06 named[4141]: samba_dlz: started for DN DC=intranet,DC=mayweg,DC=net Apr 11 18:53:42 server06 named[4141]: samba_dlz: starting configure Apr 11 18:53:42 server06 named[4141]: samba_dlz: configured writeable zone '111.168.192.in-addr.arpa' Apr 11 18:53:42 server06 named[4141]: samba_dlz: configured writeable zone ' intranet.mayweg.net' Apr 11 1...

...orks. Maybe I still have some errors or missing parameters in my configs on the AD DC? As always, any hints where this problem might originate from are highly appreciated! Next I'll probably try to purge all samba from the AD DC and try again. Greetings, Timo *smb.conf* [global] workgroup = MAYWEG.NET realm = INTRANET.MAYWEG.NET netbios name = SERVER06 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/intranet.mayweg.net/scri...

...in the domain and communicate fine with the ad dc. > Samba Version 3.6.6. > Following the configs of the domain member to be (wheezy), they worked for > a fresh wheezy install for the same domain: > > > *smb.conf:* > [global] > > netbios name = WheezyTest > workgroup = MAYWEG.NET > security = ADS > realm = INTRANET.MAYWEG.NET > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > idmap config *:backend = tdb > idmap config *:range = 2000-9999 > idmap config MAYWEG.NET:backend = ad > idmap config MAYWEG.NET:schema...

...ain KB and > the AD DC discussed on the list. But I don't recall. Maybe somebody on the > list can refresh our collecive memory. > > Other places would most certainly be somewhere or all over the registry. > One other (bad) idea is to rename the NetBIOS-name of the domain to > MAYWEG.NET. And I don't know how the AD DC would handle this change, or > if it can. > > Out of ideas for the moment... > > /Davor > > Greetings, >> Timu?in >> >> >> >> On 19 May 2015 at 18:13, Davor Vusir <davortvusir at gmail.com <mailto: &gt...

...the join. > >> >> One of my priorities during domain provision (during >classicupgrade in >> fact), was to not have to manually join the windows clients >to the new >> domain. This works with this configuration. The old NT-4 Domain also >> had that dot in MAYWEG.NET <http://MAYWEG.NET>. This is also what I >> was referring to when I said, the windows clients do not >"notice" the >> change. I knew that there's no "automatic" going back to the >old NT-4 >> domain, once they've seen the new AD DC...