search for: proxiable

...ict allocate = yes acl allow execute always = True username map = /etc/samba/usermap.txt [libdefaults] default_realm = DOMAIN clockskew = 300 ticket_lifetime = 3d renew_lifetime = 7d forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true [realms] DOMAIN = { default_domain = DOMAIN auth_to_local = RULE:[1:$1@$0](^.*@DOMAIN$)s/@DOMAIN/@domain/ } [domain_realm] .kerberos.server = DOMAIN...

...eviously joined ok) wbinfo --sequence shows: GATEWAY : 1 BUILTIN : 1 TEST : DISCONNECTED Configuration files are: -------------krb5.conf------------------------------- [libdefaults] default_realm = TEST.COM dns_lookup_realm = false dns_lookup_kdc = false kdc_timesync = 1 forwardable = true proxiable = true [realms] CIKAUTXO.ES ={ kdc = PDC admin_server = PDC default_domain = TEST } [domain_realm] .test.com = TEST.COM test.com = TEST.COM -------------krb5.conf------------------------------- PDC address is included in /etc/hosts -------------nsswitch.conf---------------------------...

...rp.XXX.com freeradius 192.168.127.131 whiskey.windows.corp.XXX.com whiskey 192.168.112.4 wine..windows.corp.XXX.com wine /etc/krb5.conf [libdefaults] default_realm = WINDOWS.CORP.XXX.COM krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] WINDOWS.CORP.XXX.COM = { kdc = whiskey.windows.corp.XXX.com:88 kdc = wine.windows.corp.XXX.com:88 admin_server = whiskey.windows.cor...

...efaults] default_realm = ELLISONSLEGAL.COM clockskew = 300 [domain_realm] .ELLNET = ELLISONSLEGAL.COM [realms] ELLISONSLEGAL.COM = { kdc = 10.0.0.31 default_domain = ELLNET kpasswd_server = 10.0.0.31 } [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } Thanks -----Original Message----- From: Penny Willisson Sent: 11 April 2005 14:43 To: 'Gordon Hopper'; 'ernesto.pereirinha@atminformatica.pt' Cc: Dimitri Yioulos; samba@lists.samba.org Subject: RE: [Samba] net ads join fa...

....DE default_domain = TQG admin_server = TQ-DC-1.TQ-NET.DE } [domain_realm] .tq-net.DE = TQ-NET.DE [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = true retain_after_close = true minimum_uid = 0 try_first_pass = true debug = false } krb5.conf kerberos works fine. _____________________________________________________________________ Der WEB.DE SmartSurfer hilft bis zu...

...default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = CH.DOMAIN.INTERN # default_tgs_enctypes = des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des-cbc-crc des-cbc-md5 forwardable = true proxiable = true dns_lookup_realm = false dns_lookup_kdc = false [realms] CH.DOMAIN.INTERN = { kdc = wsvch01.ch.domain.intern:88 default_domain = ch.domain.intern } [domain_realm] .ch.domain.intern = CH.DOMAIN.INTERN ch.domain.intern = CH.DOMAIN.INTERN [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appd...

...MBA4.LOCAL's Password: kinit: converting creds: Invalid argument I'm using heimdal-clients (0.6.3) and samba4 svn r22508. My krb5.conf test configuration: [libdefaults] default_realm = SAMBA4.LOCAL kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] SAMBA4.LOCAL = { kdc = base.samba4.local admin_server = base.samba4.local } If I start samba with "-i -d 2" I got this log: ... Kerberos: AS-REQ stefan@SAMBA4.LOCAL from 10.201.20.1 for krbtgt/SAMBA4.LOCAL@SAMBA4.LOCAL Kerberos: No preauth found, retur...

...================================================================== [libdefaults] default_realm = WIN-NET.DOMAIN.COM.BR # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] WIN-NET.DOMAIN.COM.BR = { kdc = server.domain.com.br kdc = server1.domain.com.br default_domain = domain...

....COM default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc permitted_enctypes = des3-hmac-sha1 des-cbc-crc dns_lookup_realm = false dns_lookup_kdc = false kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 forwardable = true proxiable = true [realms] HQ.ARKONNETWORKS.COM = { kdc = dc2.hq.arkonnetworks.com:88 admin_server = dc2.hq.arkonnetworks.com:749 default_domain = hq.arkonnetworks.com } [domain_realm] .hq.arkonnetworks.com = HQ.ARKONNETWORKS.COM [kdc] profile = /etc/kerberos/krb5kdc/kdc.conf [pam] deb...

...omputer at this time because the computer has already accepted the maximum number of connections. In /etc/krb5.conf i've set: [libdefaults] default_realm = AD.AC.CONCORDIA-PORDENONE.IT dns_lookup_realm = false dns_lookup_kdc = false kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] AD.AC.CONCORDIA-PORDENONE.IT = { kdc = kdc.ad.ac.concordia-pordenone.it master_kdc = kdc.ad.ac.concordia-pordenone.it admin_server = kdc.ad.ac.concordia-pordenone.it default_domain = ad.ac.concordia-pordenone.it } clearly, 'kdc.ad.ac.concordia-pordenone.it' is i...

...o authenticate against the running samba4-server. I've created /etc/krb5.conf: [libdefaults] default_realm = ADA.DE <http://ada.de/> dns_lookup_realm = false dns_lookup_kdc = true kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] ADA.DE <http://ada.de/> = { kdc = ad01.ada.de kdc = ad02.ada.de admin_server = ad01.ada.de chpasswd_server = ad01.ada.de default_domain = ada.de...

...your suggested changes, but no joy :( My /etc/krb5.conf: ------SNIP-------- [libdefaults] default_realm = HPRS.LOCAL dns_lookup_realm = false dns_lookup_kdc = true [libdefaults] default_realm = HPRS.LOCAL dns_lookup_kdc = true kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true [realms] HPRS.LOCAL = { default_domain = hprs.local auth_to_local_names = { Administrator = root } } [domain_realm] hprs.local = HPRS.LOCAL # this is not a mistake .hprs.local = HPRS.LOCAL ------PINS----------- you wrote: > You can r...

...5.conf: [Libdefaults] default_realm = DOM.CORP default_etypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des-cbc-md4 des3-hmac-sha1 des3-cbc-sha1 allow_weak_crypto = true dns_lookup_kdc = true dns_lookup_realm = false forwardable = true proxiable = true kdc_timesync = 1 debug = false any help ? :)

...YNE.LOCAL = { kdc = police.wayne.local default_domain = WAYNE.LOCAL kpasswd_server = adserver.wayne.local } [domain_realm] .WAYNE.LOCAL = WAYNE.LOCAL [appdefaults] pam = { ticket_lifetime = 365d renew_lifetime = 365d forwardable = true proxiable = false retain_after_close = true minimum_uid = 0 } ----------/var/log/samba/log.smbd-------- [2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos...

...Cache version: 4 Server: krbtgt/S4DOM.TEST at S4DOM.TEST Client: user09999 at S4DOM.TEST Ticket etype: arcfour-hmac-md5, kvno 1 Session key: aes256-cts-hmac-sha1-96 Ticket length: 1074 Auth time: Aug 19 07:53:10 2015 End time: Aug 19 17:53:04 2015 Ticket flags: enc-pa-rep, pre-authent, initial, proxiable, forwardable Addresses: addressless Is there something like a "domain password/secret" that I need to reset too in order to get aes encryption for everything? If so, how do I do that? I also cross-checked this with our windows AD (same client) and I get an AES only ticket/key: <.....

...com admin_server = 10.10.1.95 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 } Any help is appreciated. -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK

...= DOMAIN.EDU DOMAIN.EDU = DOMAIN.EDU scl.DOMAIN.EDU = DOMAIN.EDU [loggin] default = FILE:/var/log/krb5.log [appdefaults] pam = { ticket_lifetime = 365d renew_lifetime = 365d forwardable = true proxiable = false retain_after_close = true minimum_uid = 0 } The nsswitch.com file: passwd: compat winbind shadow: compat group: compat winbind # passwd: db files nis # shadow: db files nis # group: db files nis hosts: files dns w...

...uthenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults] default_realm = MYDOMAIN.NET krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true dns_fallback = yes default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp }...

...efault = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = W2K3.TEST default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 forwardable = true proxiable = true [realms] W2K3.TEST = { kdc = test-dc.w2k3.test admin_server = test-dc.w2k3.test default_domain = w2k3.test } [domain_realm] .w2k3.test = W2K3.TEST w2k3.test = W2K3.TEST ****End File**** The following packages are installed: samba-3.0.4-1 krb5-libs-1.2.7-14 krb5-workstation-1.2...

...idmap config lnffvg : backend = ad idmap config * : range = 5000-9999 idmap config * : backend = tdb printing = bsd /etc/security/pam_winbind.conf [global] cached_login = yes /etc/krb5.conf [libdefaults] default_realm = AD.FVG.LNF.IT kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: files gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files...