search for: sm18

Hi Rowland, Thank you for effort My output as you requested: ## Samba DC d at us-smdc3:~$ wbinfo --online-status BUILTIN : active connection SVITLA3 : active connection APEX : active connection ## Linux Client d at uc-sm18:~$ wbinfo --online-status BUILTIN : online UC-SM18 : online SVITLA3 : online APEX : online # UC-SM18 is a Linux member of SVITLA3. You decided to demonstrate too difficult case. I only want to prove that I can ssh to UC-SM18 at SVITLA3.ROOM with trusted account from trusted APEX.CORP domain using...

...main user in the > same right manner. > Trusted authentication works but it is routed according to the default > backend. SSH session is created. > > # trusting user - authentication successful > > Kerberos: TGS-REQ test01 at SVITLA3.ROOM from ipv4:10.0.0.12:50510 for > UC-SM18$@SVITLA3.ROOM > Kerberos: TGS-REQ authtime: 2020-07-17T16:47:35 starttime: > 2020-07-17T16:47:35 endtime: 2020-07-18T02:47:35 renew till: unset > > # trusted user - cross-realm authentication successful > > Kerberos: TGS-REQ jake at APEX.CORP from ipv4:10.0.0.12:52437 for > U...

On 16/07/2020 22:13, Yakov Revyakin wrote: > Thank you! I have food for tomorrow. Now I only want to voice some of > my considerations. > > Imagine that a domain had no trusts. At this time a PC became a member > of this domain. > After some time DC made trust with another domain. In this case > existing members don't consider?any extra configuration like adding >

...Yakov Revyakin wrote: > Hi Rowland, > Thank you for effort > > My output as you requested: > ## Samba DC > d at us-smdc3:~$ wbinfo --online-status > BUILTIN : active connection > SVITLA3 : active connection > APEX : active connection > > ## Linux Client > d at uc-sm18:~$ wbinfo --online-status > BUILTIN : online > UC-SM18 : online > SVITLA3 : online > APEX : online > > # UC-SM18 is a Linux member of SVITLA3. > > You decided to demonstrate too difficult case. I only want to prove > that I can ssh to UC-SM18 at SVITLA3.ROOM with trusted...

...you for effort > > > > My output as you requested: > > ## Samba DC > > d at us-smdc3:~$ wbinfo --online-status > > BUILTIN : active connection > > SVITLA3 : active connection > > APEX : active connection > > > > ## Linux Client > > d at uc-sm18:~$ wbinfo --online-status > > BUILTIN : online > > UC-SM18 : online > > SVITLA3 : online > > APEX : online > > > > # UC-SM18 is a Linux member of SVITLA3. > > > > You decided to demonstrate too difficult case. I only want to prove > > that I can...

On a DOMAIN Linux member in log.wb_DOMAIN I can see the error message "krb5_kt_start_seq_get failed (Permission denied)" during any attempt of user authentication. In result a user is authenticated successfully. But what does this message mean? My krb5.keytab has permissions 600 by default. If I change its permissions to 644 the error message goes.

...amens > Yakov Revyakin via samba > Verzonden: donderdag 23 juli 2020 11:20 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] krb5_kt_start_seq_get failed > (Permission denied) > > Ubuntu 18.04 LTS > > root is owner > > In case of 644 > d at uc-sm18:~$ sudo ls -la /etc/krb5.keytab > -rw-r--r-- 1 root root 1122 Jul 17 13:16 /etc/krb5.keytab > > [global] > workgroup = SVITLA3 > security = ADS > realm = SVITLA3.ROOM > > winbind refresh tickets = Yes > vfs objects = acl_xattr > map acl inherit = Ye...