Displaying 18 results from an estimated 18 matches for "revyakin".
2020 Jul 16
3
Authentication with trusted credentials
On 16/07/2020 22:13, Yakov Revyakin wrote:
> Thank you! I have food for tomorrow. Now I only want to voice some of
> my considerations.
>
> Imagine that a domain had no trusts. At this time a PC became a member
> of this domain.
> After some time DC made trust with another domain. In this case
> existing membe...
2020 Jul 23
3
krb5_kt_start_seq_get failed (Permission denied)
On a DOMAIN Linux member in log.wb_DOMAIN I can see the error message
"krb5_kt_start_seq_get failed (Permission denied)" during any attempt of
user authentication.
In result a user is authenticated successfully. But what does this message
mean?
My krb5.keytab has permissions 600 by default.
If I change its permissions to 644 the error message goes.
2020 Jul 23
1
krb5_kt_start_seq_get failed (Permission denied)
...he user homdirs it can validateon $HOME/.k5login
Above fixed it for me.
I only cant tell based on the config if this applies to you.
Its a simple thing to try.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Yakov Revyakin via samba
> Verzonden: donderdag 23 juli 2020 11:20
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] krb5_kt_start_seq_get failed
> (Permission denied)
>
> Ubuntu 18.04 LTS
>
> root is owner
>
> In case of 644
> d at uc-sm18:~$ sudo ls -la /etc/k...
2020 Jul 20
3
Authentication with trusted credentials
...id jake
getent passwd jake
Any improvement?
> if you have set: APEX:backend = ad
Yes, and did you assign an UID/GID after you changed RID to AD backend?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Yakov Revyakin via samba
> Verzonden: vrijdag 17 juli 2020 20:38
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] Authentication with trusted credentials
>
> So,
> Point #1:
> Samba DC before trust. Linux member joined domain. SSH
> authentication works
> for a domain...
2020 Jul 21
2
Authentication with trusted credentials
...suitable server for domain APEX
domain controller is not responding: NT_STATUS_UNSUCCESSFUL
APEX couldn't get domain's sid
On Tue, 21 Jul 2020 at 13:40, Rowland penny via samba <samba at lists.samba.org>
wrote:
> On 20/07/2020 12:09, Yakov Revyakin wrote:
> > OK, trying to define the environment more clearly.
> >
> OK, I 'think' I know what is going on here, haven't got a fix though :-(
>
> Can you run this command on the Linux DC's and a Linux client:
>
> wbinfo --online-status
>
> On DC's...
2020 Jul 23
1
Authentication with trusted credentials
...going trust works in the case of Windows clients?
What is the actual status for outgoing trust support?
PS: I sent the same questions to Stephan with hope to get answers
On Tue, 21 Jul 2020 at 17:54, Rowland penny via samba <samba at lists.samba.org>
wrote:
> On 21/07/2020 15:38, Yakov Revyakin wrote:
> > Hi Rowland,
> > Thank you for effort
> >
> > My output as you requested:
> > ## Samba DC
> > d at us-smdc3:~$ wbinfo --online-status
> > BUILTIN : active connection
> > SVITLA3 : active connection
> > APEX : active connection
> >...
2020 Jul 13
2
Authentication with trusted credentials
...ect-debug-info.sh
>
> Anonimize where needed.
> Dont set the attachments to the list, that will be stripped off.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Yakov Revyakin via samba
> > Verzonden: maandag 13 juli 2020 16:04
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] Authentication with trusted credentials
> >
> > Hi friends,
> > I have a one way outgoing trust between SAMBA trusting domain and AD
> > trusted dom...
2020 Jul 13
0
Authentication with trusted credentials
Louis, could you take a look on my case again?
I am not sure that the problem is in incorrect groups.
Only trusted credentials don't work. Have you any idea what the reason is?
On Mon, 13 Jul 2020 at 19:50, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> Some more details. Below is what I have during joining Linux (Ubuntu
> 20.04) to the SVITLA3 domain. SVITLA3 (Samba) is trusting, APEX (AD) is
> trusted.
> SVITLA3 has *administrator *and *test01 *users, APEX has *administrator *and
> *jake *u...
2020 Jul 13
3
Authentication with trusted credentials
Hi friends,
I have a one way outgoing trust between SAMBA trusting domain and AD
trusted domain.
SSH Authentication of a user belonging to the SAMBA domain works properly
on a Linux computer which is a member of SAMBA domain.
I would like to authenticate a trusted user from the AD domain on the same
Linux computer with SSH. Currently it doesn't work.
I am able to authenticate trusted accounts
2020 Jul 17
0
Authentication with trusted credentials
Rowland,
I only tried sssd looking for the cause of the problem.
I use samba, winbind.
On Fri, 17 Jul 2020 at 00:19, Rowland penny via samba <samba at lists.samba.org>
wrote:
> On 16/07/2020 22:13, Yakov Revyakin wrote:
> > Thank you! I have food for tomorrow. Now I only want to voice some of
> > my considerations.
> >
> > Imagine that a domain had no trusts. At this time a PC became a member
> > of this domain.
> > After some time DC made trust with another domain. In th...
2020 Jul 21
0
Authentication with trusted credentials
On 20/07/2020 12:09, Yakov Revyakin wrote:
> OK, trying to define the environment more clearly.
>
OK, I 'think' I know what is going on here, haven't got a fix though :-(
Can you run this command on the Linux DC's and a Linux client:
wbinfo --online-status
On DC's, I get this:
BUILTIN : active connection...
2020 Jul 21
0
Authentication with trusted credentials
On 21/07/2020 15:38, Yakov Revyakin wrote:
> Hi Rowland,
> Thank you for effort
>
> My output as you requested:
> ## Samba DC
> d at us-smdc3:~$ wbinfo --online-status
> BUILTIN : active connection
> SVITLA3 : active connection
> APEX : active connection
>
> ## Linux Client
> d at uc-sm18:~$ wbinfo...
2020 Jul 14
3
Authentication with trusted credentials
...db
im not a kerberos expert, i leave that to one of the samba devs, but as far i know, if? you have any service that uses upn/spns we need /etc/krb5.keytab
I hope explains it?a bit, of not, maybe Rowland knows more here, or we can ask it @Alexander if you want.
Greetz,
Louis
?
Van: Yakov Revyakin [mailto:yrevyakin at gmail.com]
Verzonden: maandag 13 juli 2020 18:51
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Authentication with trusted credentials
Some more details. Below is what I have during joining Linux (Ubuntu 20.04) to the SVITLA3 domain. SVITLA3 (Sam...
2020 Jul 13
0
Authentication with trusted credentials
...w.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
Anonimize where needed.
Dont set the attachments to the list, that will be stripped off.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Yakov Revyakin via samba
> Verzonden: maandag 13 juli 2020 16:04
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Authentication with trusted credentials
>
> Hi friends,
> I have a one way outgoing trust between SAMBA trusting domain and AD
> trusted domain.
> SSH Authentication of a...
2020 Jul 16
0
Authentication with trusted credentials
...use kerberos auth
UseDNS yes
reboot
And done, i can login with putty, with kerberos SSO from a windows pc.
(after setting putty correctly offcourse).
See if above helps you, at least i think it will and i hope so.
So far,
Greetz,
Louis
________________________________
Van: Yakov Revyakin [mailto:yrevyakin at gmail.com]
Verzonden: donderdag 16 juli 2020 15:51
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Authentication with trusted credentials
In this configuration with a trusted domain I miss something important. Need your help to understand....
2020 Jul 16
2
Authentication with trusted credentials
On 16/07/2020 16:11, L.P.H. van Belle via samba wrote:
> First of all, why does the DOMAIN contains/shows a dot in it.
> ( i think its a wrong setting in sssd, but i dont know sssd )
> I know this is one of your REALMs and not the domain.
>
>
> Now your lines :
> Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth): authentication success; logname= uid=0
2020 Nov 19
1
Smartcard logon
>
> Hi friends,
> I need your help.
>
> I implemented
> https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
>
> https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities
> enabling smart card logon on a Windows Server 2016 as a domain member of
> Samba DC.
>
> Currently I
2020 Jul 16
0
Authentication with trusted credentials
Thank you! I have food for tomorrow. Now I only want to voice some of my
considerations.
Imagine that a domain had no trusts. At this time a PC became a member of
this domain.
After some time DC made trust with another domain. In this case existing
members don't consider any extra configuration like adding knowledge about
new realm, DNS, etc. Existing configuration already provides means of