search for: somerealm

...I read about supposed issues with secure updates, but : a) secure updates for forward lookup zone work fine b) reverse updates were working fine prior to update (more on this later on) my DC smb.conf (2nd dc has the same, just name is DC2): [global]         netbios name = DC1         realm = SOMEREALM.COM         workgroup = SOMEREALM         server role = active directory domain controller         idmap_ldb:use rfc2307 = yes         load printers = no         printing = bsd         printcap name = /dev/null         disable spoolss = yes         allow dns updates = secure         serve...

...: > > a) secure updates for forward lookup zone work fine > > b) reverse updates were working fine prior to update (more on this > later on) > > my DC smb.conf (2nd dc has the same, just name is DC2): > > [global] >         netbios name = DC1 >         realm = SOMEREALM.COM >         workgroup = SOMEREALM >         server role = active directory domain controller >         idmap_ldb:use rfc2307 = yes >         load printers = no >         printing = bsd >         printcap name = /dev/null >         disable spoolss = yes > >     ...

...a/swat --with-configdir=/opt/VEGA/etc/samba --with-pri vatedir=/opt/VEGA/etc/samba/private I'm using the following smb.conf under Solaris 8 and 10. It's 100% identical. But under Solaris 10 I can only see the primary group of a user. [global] netbios name = pegasus realm = SOMEREALM workgroup = SOMEWORKGROUP security = ADS encrypt passwords = yes password server = ad1 ad2 os level = 20 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap backend = ad idmap config SOMEREALM:schema_mode = sfu w...

...My question is, what settings should I try or would be expected to work for a Samba server that is connected to an MIT Krb5 Realm and has users in an LDAP directory and does not have any kind of Active Directory anything? Especially settings for the following: Right now I have: ?? workgroup = SOMEREALM.REALM log level = 3 #security = user #this doesn't work either security = ads realm = SOMEREALM.REALM kerberos method = system keytab server signing = mandatory client signing = mandatory smb encrypt = mandatory server min protocol = SMB2 strict locking = no dns proxy = no ... server rol...

...ould I try or would be expected to > work for a Samba server that is connected to an MIT Krb5 Realm and has > users in an LDAP directory and does not have any kind of Active > Directory anything? Especially settings for the following: > > Right now I have: > > ?? workgroup = SOMEREALM.REALM > > log level = 3 > > #security = user #this doesn't work either > security = ads > realm = SOMEREALM.REALM > kerberos method = system keytab > > server signing = mandatory > client signing = mandatory > smb encrypt = mandatory > > server min protoco...

...is quite correct to say that the REALM isn't the same as a > DNS domain, there is a correlation between them. The REALM must be the > DNS domain in uppercase, so this: > > SAMBA_PRINCIPAL=dehydrated-service at YOUR.DOMAIN No, you can have your.primayDNSdomain.tld and have REALM = SOMEREALM.TLD Its not obligated to have REALM the same as the DnsDomain. Its also not obligated to have the realm uppercased, but in my opinion, that should be obligated because programs expect often REALM not realm. And becarefull with : SAMBA_PRINCIPAL=dehydrated-service@"$(echo "$(hostname -...

...output of testparm looks like this: Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = DOMAIN realm = SOMEREALM.UCLA.EDU ADS server = nnn.nnn.nnn.nnn server string = myhostname security = ADS password server = nnn.nnn.nnn.nnn log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = nnn.nnn.nn...

...gt; > DNS domain, there is a correlation between them. The REALM must be > > > the DNS domain in uppercase, so this: > > > > > > SAMBA_PRINCIPAL=dehydrated-service at YOUR.DOMAIN > > > > No, you can have your.primayDNSdomain.tld and have REALM = > > SOMEREALM.TLD Its not obligated to have REALM the same as the > > DnsDomain. > > We are talking a Samba AD DC here and this means the realm must be the > same as the forest dns domain. As Samba AD doesn't (yet) support > subdomains, the domain will be the same as the forest domain. &g...

Am 10.01.19 um 14:09 schrieb Rowland Penny via samba: > You don't ;-) > You do what the script should have done (I feel version 0.8.10 will > soon make an appearance), export the cache to use <export > KRB5CCNAME="/tmp/dhcp-dyndns.cc"> and then use '$KRB5CCNAME' wherever > '/tmp/dhcp-dyndns.cc' appears, except for: > [...] Yes, that worked.

Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I noticed that there is a bit of functionality missing from OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using GSS authentication. Yes, ~/.k5login can be used to grant access to an account for applications that support Kerberos, as does OpenSSH with those GSS patches, but .k5login does not and cannot provide

....k*login as it applies to any authentication mechanism where a name is associated with the ssh client and it supports name patterns and all the normal authorized_keys entry options we're used to. Now you can have entries like these in your authorized_keys files: ssh-ext-named:krb5 someuser at SOMEREALM deny-access ssh-ext-named:krb5 joe/superroot at SOMEREALM ssh-ext-name-pat:krb5 */superroot at SOMERALM command=/local/bin/inventory ssh-name-pat:krb5 inventory/*.mydomain at MYREALM ... Double quotes can be used when key names contain whitespace and '\' can be used inside double-quotes to...