search for: rkt

...l.cn.energy at CN.ENERGY -mapuser ldapmail at CN.ENERGY -pass "superpasswd" -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out c:\mail.keytab etc... for all imap/srv-mail.cn.energy pop/srv-mail.cn.energy smtp/srv-mail.cn.energy host/srv-mail.cn.energy On Linux server: ktutils ktutils: rkt /root/Keytab/imap.keytab ktutils: rkt /root/Keytab/smtp.keytab ktutils: rkt /root/Keytab/pop.keytab ktutils: rkt /root/Keytab/host.keytab ktutils: wrt /etc/krb5.keytab ktutils: q kinit -V -k -t /etc/krb5.keytab host/srv-mail.cn.energy at CN.ENERGY Authenticated to Kerberos v5 KRB5_KTNAME=/etc/krb...

Hai, ? Im working on my dhcp server + dns setup with samba4.? ? i've exported the?keytabs ? samba-tool domain exportkeytab?/home/krb5.keytab.samba4 ? when i read the contents of this keytab ? ktutil rkt /home/krb5.keytab.samba4 list ?? 1??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ?? 2??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ?? 3??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ?? 4??? 1??????? Administrator at INTERNAL.DOMAIN.TLD ?? 5??? 1??????? Administrator at INTERNAL.DOMAIN.TLD ?? 6??...

...tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 11/01/19 10:12:50 11/01/19 20:12:50 DNS/dc4.samdom.example.com at SAMDOM.EXAMPLE.COM renew until 12/01/19 10:12:50, Etype (skey, tkt): arcfour-hmac, arcfour-hmac And running 'ktutil' produces this: root at dc4:~# ktutil ktutil: rkt /etc/dhcpduser.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 1 dhcpduser at SAMDOM.EXAMPLE.COM 2 1 dhcpduser at SAMDOM.EXAMPLE.COM 3 1 dhcpduser at SAMDOM.EXAMPLE.COM 4...

...api ticket was not accepted" For debuging I use Kerbtray. The Tickets I get are: MY.FQDN.COM |-- cifs/dc1.my.fqdn.com |-- cifs/files.my.fqdn.com |-- krbtgt/MY.FQDN.COM |-- krbtgt/MY.FQDN.COM |-- LDAP/dc1.my.fqdn.com/my.fqdn.com There is *no* imap ticket. root at dovecot:~# ktutil ktutil: rkt /etc/dovecot/dovecot.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 2 imap/dovecot.my.fqdn.com at MY.FQDN.COM 2 2 imap/dovecot.my.fqdn.com at MY.FQDN.COM 3 2 imap/dovecot.my.fqdn.com at MY.FQDN.COM ktutil: q...

...fsuser' a uidNumber and gidNumber > > Next on the client: > > Extract and merge a keytab: > cd /etc > ktutil > ktutil: add_entry -password -p cifsuser at EXAMPLE.COM -k 1 -e arcfour-hmac > Password for cifsuser at EXAMPLE.COM: > ktutil: wkt cifs.keytab > ktutil: rkt krb5.keytab > ktutil: rkt cifs.keytab > ktutil: wkt krb5.keytab > ktutil: quit > > Restarted samba & winbind to make sure that everything was correct. > > Now I had the keytab, I tried to mount my homedir: > > mount -t cifs //<MEMBER_SERVER_HOSTNAME>/<SHAR...

...he wiki: > > samba-tool user create --random-password http-dc01 > samba-tool spn add HTTP/dc01.home.lan http-dc01 > samba-tool domain exportkeytab /etc/httpd.keytab > --principal=HTTP/dc01.example.com at EXAMPLE.COM > > Then examine the keytab: > > ktutil > ktutil: rkt /etc/httpd.keytab > ktutil: l > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 1 HTTP/dc01.example.com at EXAMPLE.COM > 2 1 HTTP/dc01.example.com at EXAMPLE.COM > 3 1 HTTP/dc01.example.com at EXAMPLE.COM > ktutil:...

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at

...t; >>> Extract and merge a keytab: >>> cd /etc >>> ktutil >>> ktutil: add_entry -password -p cifsuser at EXAMPLE.COM -k 1 -e >>> arcfour-hmac >>> Password for cifsuser at EXAMPLE.COM: >>> ktutil: wkt cifs.keytab >>> ktutil: rkt krb5.keytab >>> ktutil: rkt cifs.keytab >>> ktutil: wkt krb5.keytab >>> ktutil: quit >>> >>> Restarted samba & winbind to make sure that everything was correct. >>> >>> Now I had the keytab, I tried to mount my homedir: >>&...

...11/01/19 10:12:50  11/01/19 20:12:50  DNS/dc4.samdom.example.com at SAMDOM.EXAMPLE.COM >>     renew until 12/01/19 10:12:50, Etype (skey, tkt): arcfour-hmac, arcfour-hmac >> >> And running 'ktutil' produces this: >> >> root at dc4:~# ktutil >> ktutil:  rkt /etc/dhcpduser.keytab >> ktutil:  l >> slot KVNO Principal >> ---- ---- --------------------------------------------------------------------- >>    1    1            dhcpduser at SAMDOM.EXAMPLE.COM >>    2    1            dhcpduser at SAMDOM.EXAMPLE.COM >>    3 ...

Am 22.01.2015 um 12:28 schrieb Rowland Penny: > On 22/01/15 10:53, Norbert Heinzelmann wrote: >> Hello, >> >> I have the problem that the ACLs are ignored when I mount a share via >> cifs. I have an AD with Samba 4.1.6 Ubuntu 14.04 (but I also tried it >> with Gentoo and samba 4.1.14). So I joined a member server like the >> wiki describes. Everything

I am trying to run Gimpel's PC-Lint under Wine, and am running into trouble. It is a simple DOS text-mode program, nothing fancy, no graphics, uses stdin, stdout, and stderr. It is invoked thus: In the batch file LIN.BAT: wine Lint-nt +v -i"C:\Lint" "C:\Lint\std.lnt" File std.lnt is a list of optional parameters to Lint-nt that contains this: lnt\au-sm.lnt gnu.lnt

...-cts-hmac-sha1-96 > 11/01/19 10:12:50  11/01/19 20:12:50  DNS/dc4.samdom.example.com at SAMDOM.EXAMPLE.COM >     renew until 12/01/19 10:12:50, Etype (skey, tkt): arcfour-hmac, arcfour-hmac > > And running 'ktutil' produces this: > > root at dc4:~# ktutil > ktutil:  rkt /etc/dhcpduser.keytab > ktutil:  l > slot KVNO Principal > ---- ---- --------------------------------------------------------------------- >    1    1            dhcpduser at SAMDOM.EXAMPLE.COM >    2    1            dhcpduser at SAMDOM.EXAMPLE.COM >    3    1            dhcpduser...

...l reading that DES is not secure enough and that AES-256 (I think I read this during TLS enablement) is what should be used. >> >> Mike > You can use ktutil to add the aes keys manual. You can not use an random password for the user account with this. > > #ktutil > ktutil: rkt [keytabfile] > ktutil: addent -password -p HTTP/intranet.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD <mailto:domain2.domain1.tld at domain2.domain1.tld> -k 1 -e aes256-cts-hmac-sha1-96 > ktutil: [enter the password used for web-intranet-macmini] > ktutil: wkt [keytabfile] > ktutil:...

...he DC: samba-tool user add cifsuser Gave 'cifsuser' a uidNumber and gidNumber Next on the client: Extract and merge a keytab: cd /etc ktutil ktutil: add_entry -password -p cifsuser at EXAMPLE.COM -k 1 -e arcfour-hmac Password for cifsuser at EXAMPLE.COM: ktutil: wkt cifs.keytab ktutil: rkt krb5.keytab ktutil: rkt cifs.keytab ktutil: wkt krb5.keytab ktutil: quit Restarted samba & winbind to make sure that everything was correct. Now I had the keytab, I tried to mount my homedir: mount -t cifs //<MEMBER_SERVER_HOSTNAME>/<SHARE_NAME> /mnt -o sec=krb5,username=cifs...

...on Centos 7). I can't figure out how to extract keytab with password/keys. I follow precisely the instructions at https://wiki.samba.org/index.php/Keytab_Extraction But it seems like I only get slot, kvno and principal, can't find a way to get passwords or keys. Any idea someone ? ktutil: rkt decode.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 1 Administrator at WONDERLAND.INFRA 2 1 Administrator at WONDERLAND.INFRA 3 1 Administrator at WONDERLAND.INFRA 4 1...

...c4.samdom.example.com at SAMDOM.EXAMPLE.COM > >>     renew until 12/01/19 10:12:50, Etype (skey, tkt): > >>arcfour-hmac, arcfour-hmac > >> > >> And running 'ktutil' produces this: > >> > >> root at dc4:~# ktutil > >> ktutil:  rkt /etc/dhcpduser.keytab > >> ktutil:  l > >> slot KVNO Principal > >> ---- ---- > >> --------------------------------------------------------------------- > >>    1    1            dhcpduser at SAMDOM.EXAMPLE.COM > >>    2    1            dhcpduse...

Hi Patrick, thanks for the pointers. I tried today, and while it was easy to start my first container, I am not really happy with LXD, exactly for the reason St?phane gives in https://stgraber.org/2016/03/11/lxd-2-0-introduction-to-lxd-112/ "How does LXD relate to Docker/Rkt?"... what I really like about docker and docker-compose is, that it encourages to separate code from data and configuration, whereas with LXD you end up with the usual mix in your file system - unless you really care (see also https://cloud.google.com/blog/products/gcp/7-best-practices-operati...

...;> Next on the client: >> >> Extract and merge a keytab: >> cd /etc >> ktutil >> ktutil: add_entry -password -p cifsuser at EXAMPLE.COM -k 1 -e >> arcfour-hmac >> Password for cifsuser at EXAMPLE.COM: >> ktutil: wkt cifs.keytab >> ktutil: rkt krb5.keytab >> ktutil: rkt cifs.keytab >> ktutil: wkt krb5.keytab >> ktutil: quit >> >> Restarted samba & winbind to make sure that everything was correct. >> >> Now I had the keytab, I tried to mount my homedir: >> >> mount -t cifs //&lt...

.../cloned server? I dont know but thats not correct. I suggest, cleanup the DS with FSMO roles. Then remove a failty server and re-add it as a new installed DC. ( the good DS with FSMO) First backup: /var/lib/samba/private/secrets.keytab Remove the incorrect entries from keytab file with ktutil rkt /var/lib/samba/private/secrets.keytab list -e -t Check if dates here are related to other work you/someone did? Now you can remove the failty one from the domain and re-add it (with provisioning) Backup and cleanup /etc/samba/smb.conf (rename) /var/cache/samba ( remove all files from folder...

...SNAME\$" samba-tool spn add host/hostname.dom.tld at REALM "NETBIOSNAME\$" < i dont use this one, imo only when you use muliple REALMS. samba-tool domain exportkeytab --principal=nfs/hostname.dom.tld ~/nfs-hostname.keytab Copy ~/nfs-hostname.keytab to the correct server. ktutil rkt /etc/krb5.keytab rkt ~/nfs-hostname.keytab list ... Aka check it. wkt /etc/krb5.keytab.NEW stop samba/winbind cp /etc/krb5.keytab{,.backup} cp /etc/krb5.keytab.NEW /etc/krb5.keytab Start samba/winbind Give it a try Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mai...