search for: mit_kdc

...ed to completed the requested operation. (5103)" The Mac has a local IP address of 192.168.0.107, and its hostname is set to potterbook. On the Mac, no log entries at all occur to indicate what this might be. On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log: "Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.0.107: NEEDED_PREAUTH: Administrator at POTTERNET.LAN for krbtgt/POTTERNET.LAN at POTTERNET.LAN, Additional pre-authentication required Jul 27 23:53:09 pathfinder krb5kdc[6597](info): AS_REQ (4 etypes...

...gt; > > The Mac has a local IP address of 192.168.0.107, and its hostname is set to potterbook. > > > > On the Mac, no log entries at all occur to indicate what this might be. > > > > On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log: > > Did you build Samba with MIT Kerberos support or use package so built? > If not, then perhaps you have the wrong KDC started, just start Samba > and it will handle the rest. > > If that isn't it, try re-building the AD DC without MIT Kerberos, we > have some rep...

...kerberos,kpasswd,ldap,ldaps,ntp} 183 firewall-cmd --permanent --add-port={135/tcp,137-138/udp,139/tcp,3268-3269/tcp,49152-65535/tcp} 184 firewall-cmd --reload Then now the port open are that[1] The system is a Fedora 30 Server with default samba out of the box. Then yes, it's a krb5kdc (mit_kdc). I hope this is not a problem for this ml, otherwise let me know where I can post my question. I have look into mit_kdc.log and I have see this recurred lament, (that I don't know what it means and whether it is important or not): set 02 11:54:36 s-addc.studiomosca.net krb5kdc[6764](info): p...

...; 184 firewall-cmd --reload > > Then now the port open are that[1] The ports seem okay, but try turning the firewall off, if it starts working, then you know where to look ;-) > > The system is a Fedora 30 Server with default samba out of the box. > Then yes, it's a krb5kdc (mit_kdc). I hope this is not a problem for > this ml, otherwise let me know where I can post my question. Well, it isn't a problem for this mailing list, but it could be a problem for you. Using MIT with a Samba AD DC is still experimental, you should not run it in production. There are numerous...

...google and only found 2 threads with people experiencing the same problem. Both were dead ends. The only wierd thing I found was after enabling kerberos logging on the windows machines. All show an 0x1A error, KDC_ERR_SERVER_NOMATCH saying EVIDENCE_TICKET_MISSMATCH. This error also appears on the mit_kdc.log file on the DC. Googling that error shows nothing, just a few 1 setentence descriptions that don´t really help. Please guys, you are my only hope at this point. I can provide all config files, log files (both windows and linux), and even the wireshark record i took.

...ocal/samba/lib/krb5/plugins/kdb ROOTRUDI.DE = { db_library = samba } rootrudi.de = { db_library = samba } ROOTRUDI = { db_library = samba } [logging] kdc = FILE:/usr/local/samba/var/mit_kdc.log admin_server = FILE:/usr/local/samba/var/mit_kadmin.log ------------------------------------------------- # vim /etc/krb5.conf ------------------------------------------------- [libdefaults] default_realm = ROOTRUDI.DE dns_lookup_realm = false dns_lookup_kdc...

...Kerberos. We also use Zimbra with Kerberos auth, but Zimbra's LDAP is only internal to itself. I see various things on the wiki that say "We need MIT Kerberos support cleaned up for a 4.0 release" https://wiki.samba.org/index.php/MIT_Build https://wiki.samba.org/index.php/Samba4/MIT_KDC And the "How to build a domain controller" doc, effectively says "it's not *required* to build an alternate KDC. It says other LDAP implementations aren't supported. It does NOT say other KDC's are not supported. I see people asking on this list if it's possible...

...operation. (5103)" > > The Mac has a local IP address of 192.168.0.107, and its hostname is set to potterbook. > > On the Mac, no log entries at all occur to indicate what this might be. > > On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log: Did you build Samba with MIT Kerberos support or use package so built? If not, then perhaps you have the wrong KDC started, just start Samba and it will handle the rest. If that isn't it, try re-building the AD DC without MIT Kerberos, we have some reports of issues in this area, and it...

...ac has a local IP address of 192.168.0.107, and its hostname is set to potterbook. > > > > > > On the Mac, no log entries at all occur to indicate what this might be. > > > > > > On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log: > > > > Did you build Samba with MIT Kerberos support or use package so built? > > If not, then perhaps you have the wrong KDC started, just start Samba > > and it will handle the rest. > > > > If that isn't it, try re-building the AD DC without MIT K...

...E = { > db_library = samba > } > > rootrudi.de = { > db_library = samba > } > > ROOTRUDI = { > db_library = samba > } > >[logging] > kdc = FILE:/usr/local/samba/var/mit_kdc.log > admin_server = FILE:/usr/local/samba/var/mit_kadmin.log >------------------------------------------------- > ># vim /etc/krb5.conf >------------------------------------------------- >[libdefaults] > default_realm = ROOTRUDI.DE > dns_lookup_realm...

...dress of 192.168.0.107, and its hostname is set to potterbook. > > > > > > > > On the Mac, no log entries at all occur to indicate what this might be. > > > > > > > > On the Linux machine, the only logs that seem to get written are in /var/log/samba/mit_kdc.log: > > > > > > Did you build Samba with MIT Kerberos support or use package so built? > > > If not, then perhaps you have the wrong KDC started, just start Samba > > > and it will handle the rest. > > > > > > If that isn't it, try re-bu...

On Wednesday, 12 September 2018 18:13:16 CEST Andrew Bartlett wrote: > On Wed, 2018-09-12 at 17:16 +0200, Karel Lang AFD via samba wrote: > > Hello, > > if anybody would kindly have anything to advice, please, please - do > > > > :-) > > > > SETUP: > > Fedora 28 + Samba 4.8.5 AD (testing environment consisting of 1 > > Samba > > server

I have do a classicupdate from a NT4 style domain to Samba DC 4.10.7 BIND_DLZ without (apparently) problem All seem work fine, access to PC work, join or re-join a PC to domain work, access from a Linux samba member server to Win7 PC work, access from Win7 to samba member server work. But I cannot access from a PC with win7 to another PC with win7. If I try to access from win7-0 to win7-1 via

The client can not access the Windows Share after authorization on samba DC samba_dc_server: samba 4.7.6 krb5-libs 1.15.2-7 windows client: windows7 windows_file_server: windows server 2008 /var/log/samba/mit_kdc.log мар 22 15:43:49 samba_dc_server krb5kdc[17891](info): commencing operation мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 10.2.1.12: NEEDED_PREAUTH: vas.lah at example.ru for krbtgt/example .ru at example.ru, Additional pre-authentication required...

...e/long --gid-number=1903 --uid-number=8888 --must-change-at-next-login I see in logs: %m.log [2018/09/12 16:30:26.284142, 1] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) /usr/sbin/krb5kdc: sam_account_ok: Account for user 'long at AUFEERDESIGN' password must change!. mit_kdc.log Sep 12 16:31:14 ad01 krb5kdc[3180](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 192.168.181.181: UNKNOWN_REASON: long at AUFEERDESIGN for kadmin/changepw at AUFEERDESIGN, Password has expired Sep 12 16:31:14 ad01 krb5kdc[3180](info): closing down fd 19 Thank You -- *Karel Lang* *Unix/...

...odule_dir = /usr/lib64/krb5/plugins/kdb MYDOMAIN.COM = { db_library = samba } mydomain.com = { db_library = samba } MYDOMAIN = { db_library = samba } [logging] kdc = FILE:/var/log/samba/mit_kdc.log admin_server = FILE:/var/log/samba/mit_kadmin.log ========== and other info: ========== # samba-tool group listmembers 'Domain Computers' WIN10$ WIN10ENG$ # samba-tool group listmembers 'Domain Users' krbtgt Administrator # samba-tool gpo listall GPO : {6...