Displaying 5 results from an estimated 5 matches for "rcache_def".
2017 Nov 08
2
Samba 4.7 DC with BIND9_DLZ and MIT Kerberos fails at DNS Update
...| grep HAVE_LIBKADM5SRV_MIT
> HAVE_LIBKADM5SRV_MIT
>
> # samba_dnsupdate --verbose --all-names
This command does not work correctly because MIT Kerberos has a replay cache
to circumvent attacks.
This command does replay attacks :-)
http://web.mit.edu/kerberos/krb5-devel/doc/basic/rcache_def.html
It is not the right command to verify that dynamic dns updates are working!
> ...
> update failed: REFUSED
> Failed nsupdate: 2
> update(nsupdate): SRV
> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdom.example.com
> DC3.samdom.example.com 389
> Calling ns...
2017 Nov 08
0
Samba 4.7 DC with BIND9_DLZ and MIT Kerberos fails at DNS Update
...AVE_LIBKADM5SRV_MIT
>>
>> # samba_dnsupdate --verbose --all-names
> This command does not work correctly because MIT Kerberos has a replay cache
> to circumvent attacks.
>
> This command does replay attacks :-)
>
>
> http://web.mit.edu/kerberos/krb5-devel/doc/basic/rcache_def.html
>
> It is not the right command to verify that dynamic dns updates are working!
>
>> ...
>> update failed: REFUSED
>> Failed nsupdate: 2
>> update(nsupdate): SRV
>> _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.samdom.example.com
>> DC3.s...
2017 Dec 04
2
Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed
...ble the replay cache on the server side ...
>
> Question: howto I can "disable the replay cache" ?
>
> Thanks
>
First and foremost, I do not use MIT kerberos, so I am not sure if this
will work, but I found this webpage:
https://web.mit.edu/kerberos/krb5-1.12/doc/basic/rcache_def.html
Where it says that if you set the enviromental variable KRB5RCACHETYPE
to 'none' it will not be used i.e. 'export KRB5RCACHETYPE=none'
Rowland
2017 Dec 04
2
Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed
On Mon, 04 Dec 2017 16:31:16 +0100
Dario Lesca via samba <samba at lists.samba.org> wrote:
> Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
> scritto:
> > The samba command
> >
> > samba_dnsupdate --verbose --all-names --fail-immediately
> >
> > not work
>
> I have add '-d 9' to dlz section
>
> dlz
2017 Nov 07
2
Samba 4.7 DC with BIND9_DLZ and MIT Kerberos fails at DNS Update
Dear all,
a month ago I have filed bug #13066 about Samba 4.7 DC using BIND9_DLZ
as DNS backend failing to run samba_dnsupdate using MIT Kerberos. The
logs show a kerberos error "Request is a replay". Logs attached here:
https://bugzilla.samba.org/show_bug.cgi?id=13066.
Since I have not received any feedback on the bug report, I am trying
this channel if someone has any idea how to fix