search for: myrealm

...t can provide authentication for both unix logins and samba. The kutil command in Windows makes it pretty much impossible to create a krb5.keytab file with multiple service principals. What service principal is Samba using ? Assuming my machine is "client1" in the realm "MYREALM" I would expect the principal to be "CLIENT1$@MYREALM." If I set "kerberos method = keytab" while samba try to create a keytab ? I appreciate any advice Thanks root at client1:/etc/krb5# klist -ke Keytab name: FILE:/etc/krb5/k...

...s. So far so good. Now I come to setting up the file server. I've configured the machine as a domain member and I get to here: https://wiki.samba.org/index.php/Samba/Domain_Member#Testing_the_winbind_user.2Fgroup_mapping My smb.conf contains the following under [global]: > workgroup = MYREALM > security = ADS > realm = MYREALM.MYDOMAIN > > idmap config *:backend = tdb > idmap config *:range = 70001-80000 > idmap config MYREALM:backend = ad > idmap config MYREALM:schema_mode = rfc2307 > idmap config MYREALM:range = 500-40000 > template...

...n for both unix logins and samba. The kutil > command in Windows makes it pretty much impossible to create a > krb5.keytab file with multiple service principals. > > > What service principal is Samba using ? Assuming my machine is > "client1" in the realm "MYREALM" I would expect the principal to be > "CLIENT1$@MYREALM." > > > If I set "kerberos method = keytab" while samba try to create a keytab ? > > > I appreciate any advice > > > Thanks > > > > > > > > > > > > &...

...lution yet for smb.conf with 'security=ads' ----------------------- Notes from 3rd Problem: ----------------------- ### BEGIN /etc/smaba/smb.conf ### #======================= Global Settings ===================================== [global] server string = Samba Server workgroup = MYREALM realm = MYREALM.MY.MYDOMAIN.COM security = ADS map to guest = Bad User password server = * socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = no local master = no domain master = no os level = 33 wins server = 128.32.68.75 128.32.67.118 ld...

...sing samba as AD member or standalone. So still looking at this. So this is the state currently: kerberos setup (krb5.conf and keytab) is working in the server, I can do kinit properly. But setting of Samba still not working. Here is what I have in /etc/smb.conf: [global] workgroup = MYREALM server string = UATest Samba Server Version %v netbios name = myserver log file = /var/log/samba/log.%m max log size = 50 security = ads realm = MYREALM.CA password server = mykerberos.myrealm.ca kerberos method = system keytab...

...log message "Failed to verify incoming ticket!" suggests this is some kind of kerberos error. Samba is linked to heimdal 0.6.3 and I've no problems getting tickets from the DCs. My krb5.conf looks like this (with some private bits removed) [libdefaults] default_realm = MYREALM.COM default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 [realms] MYREALM.COM= { kdc = tcp/10.0.0.239 default_domain = myrealm.com } [domain_realm] .myrealm.com = MYREALM.COM...

...server to join our realm as a domain > member server. I have read through google, yahoo, and this list, but I > cannot find the answer yet. > > When I run: net join ads -Uadministrator and try to login it gives the > following error: > > kerberos_kinit_password Administrator@MYREALM.COM failed: Cannot > resolve network address for KDC in requested realm > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) > ads_connect: Cannot resolve network address for KDC in requested > realm > > The details of my setup are: > > aix 5.2.0.7 > libiconv-...

...bit on the top of the share, but when I create inside new directories didn’t have SGID bits.   Here is my smb.conf :   [global] use sendfile = no gpfs:getrealfilename = no smb ports = 445 139 dos charset = 850 unix charset = UTF-8 interfaces = eth0 bind interfaces only = true workgroup = MYREALM passdb backend = tdbsam os level = 2 time server = yes unix extensions = yes encrypt passwords = yes log level = 0 acls:10 max protocol = SMB2 posix locking = no load printers = no name resolve order = wins host lmhosts bcast security = ADS password server = MyPasswordServer realm = MY...

...having a problem getting my server to join our realm as a domain member server. I have read through google, yahoo, and this list, but I cannot find the answer yet. When I run: net join ads -Uadministrator and try to login it gives the following error: kerberos_kinit_password Administrator@MYREALM.COM failed: Cannot resolve network address for KDC in requested realm [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm The details of my setup are: aix 5.2.0.7 libiconv-1.9.1 autoconf-2.59 libiodbc-3.52.4 bison...

On 2017-04-13, 01:58, Andrew Bartlett via samba wrote: > On Wed, 2017-04-12 at 19:17 -0600, S P Arif Sahari Wibowo via > samba wrote: >> Do you know any example Samba configuration that authenticate >> to plain - non-AD, e.g. MIT KDC - Kerberos server? > > This a normal and fully supported configuration. It maps to > normal unix users. Thanks! is it mean that the OS

...: Authentication for user [HOSTNAME$] -> > [HOSTNAME$] FAILED with error NT_STATUS_NO_SUCH_USER > It looks fairly obvious to me, the Samba machine doesn't know the user trying to connect. > > All these windows clients are domain clients of our local windows > domain "MYREALM.UNI-KOBLENZ.DE" served by a real windows domain > server. From a users point of view everything works fine allthough > things could still speed up if the load was lower. > > The really strange thing about this problem is that it occured first > about 2 weeks ago, but in this ti...

...ned parses the whole smb.conf with all shares and then fails to do the authentication requested by the client, that as far as I know should be done against the windows domain controller but not against the samba server. All these windows clients are domain clients of our local windows domain "MYREALM.UNI-KOBLENZ.DE" served by a real windows domain server. From a users point of view everything works fine allthough things could still speed up if the load was lower. The really strange thing about this problem is that it occured first about 2 weeks ago, but in this time there was no new samba...

...isplays the following error message:"ERROR:failed to setup profiling". The testparm result didn't print any warning or error. System details: CentOS Linux release 7.7.1908 (Core) with kernel 3.10.0-1062.9.1.el7.x86_64 smb.conf [global] ??????? netbios name = DC2 ??????? realm = MYREALM.TLD ??????? server role = active directory domain controller ??????? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate ??????? workgroup = MYREALM ??????? idmap_ldb:use rfc2307 = yes ??????? log level = 4 [netlogon] ??????? path = /var/lib...

...se people don't exactly know how to "make sure: > > $ klist -Kek /etc/dovecot/dovecot.keytab > Keytab name: FILE:/etc/dovecot/dovecot.keytab > KVNO Principal > ---- -------------------------------------------------------------------------- > 1 imap/host.domain.name at MYREALM (des-cbc-crc) (0x232616c2a4fd08f7) > 1 imap/host.domain.name at MYREALM (des-cbc-md5) (0x232616c2a4fd08f7) > 1 imap/host.domain.name at MYREALM (arcfour-hmac) (0x9dae89a221dc374a39f560833 > > --Mark > > -----Original Message----- > From: Mark Foley <mfoley at ohpr...

...h, you used my actual local domain in your example: mail.hprs.local. Not that I care, no one can get to that, but it might be clearer to those of us who uncomprehendingly monkey-type things from wiki's when we don't fully understand. Perhaps something more generic would be clearer: myhost.myrealm, or myhost.mydom.local, or myLocalFDQN -- something like that. Not sure what is best; just don't want to imply that they HAVE TO use mail.hprs.local. > I had a look at the NTLM mechanism, it *should* support SSP and NTLMv2. > I have to set up some kind of test environment to find out why...

...idmap gid = 10000-20000 winbind enum users = yes winbind gid = 10000-20000 os level = 20 winbind enum groups = yes winbind separator = / encrypt passwords = yes server string = User management Server security = ADS realm = MYREALM.COM password server = myadsserver.bcbsnc.com preferred master = no log file = /usr/local/samba/var/log.%m log level = 0 max log size = 50 local master = No dns proxy = No wins server = wins01 wins02 wins proxy = no name...

...result didn't print any warning or error. >> >> System details: >> >> CentOS Linux release 7.7.1908 (Core) with kernel >> 3.10.0-1062.9.1.el7.x86_64 >> >> smb.conf >> >> [global] >> ??????? netbios name = DC2 >> ??????? realm = MYREALM.TLD >> ??????? server role = active directory domain controller >> ??????? server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >> drepl, winbindd, ntp_signd, kcc, dnsupdate >> ??????? workgroup = MYREALM >> ??????? idmap_ldb:use rfc2307 = yes >> ??????? l...

...t to the first LAN again. No reply. So this leads me to believe there's some kind of limit per IP on NAT'ed SIP clients. Can anybody shed some light on this? [200] type = friend username = 200 secret = 200secrets host = dynamic amaflags = default accountcode = myrealm context = incoming realm = myrealm dtmfmode = rfc2833 language = da nat = yes callgroup = 20 pickupgroup = 20 callerid = "SNOM" <200> qualify = 3000 [201] type = friend username = 201 secret = 201secrets host = dynamic amaflags...

...c mode (in /etc/default/sernet-samba). Samba is a member of a Windows server 2003 R2 domain.   Here is my smb.conf :   [global] use sendfile = no gpfs:getrealfilename = no smb ports = 445 139 dos charset = 850 unix charset = UTF-8 interfaces = eth0 bind interfaces only = true workgroup = MYREALM passdb backend = tdbsam os level = 2 time server = yes unix extensions = yes encrypt passwords = yes log level = 0 acls:10 max protocol = SMB2 posix locking = no load printers = no name resolve order = wins host lmhosts bcast security = ADS password server = MyPasswordServer realm = MY...

.../ (salso002 is host name of my samba server), I can see all shares, but when I click on one of them, and write the user and password in login window, Konqueror do not accept user/password pair and show the login windows again. I've tried various ways of writing user name, such as "username@MYREALM", "MYREALM/username", "MYREALM\username", when MYREALM is full name of KDC in Active Directory, but Konqueror answers with messages like "Access denied" or "The file or directory ... does not exist". The same is happen even I try access samba with Konque...