Displaying 14 results from an estimated 14 matches for "svitla3".
2020 Jul 13
2
Authentication with trusted credentials
Some more details. Below is what I have during joining Linux (Ubuntu 20.04)
to the SVITLA3 domain. SVITLA3 (Samba) is trusting, APEX (AD) is trusted.
SVITLA3 has *administrator *and *test01 *users, APEX has *administrator *and
*jake *users.
test01 - 20000:20000 (uidNumber:gidNumber)
jake - 10000:10000
You can see some delay in some places - I marked them bold. It looks like
DNS timeouts...
2020 Jul 13
3
Authentication with trusted credentials
...ploads/2019/06/trusts-tutorial.pdf
What I missed? What additional diagnostic can I make? How to make a step
forward?
Samba 4.11
DC:
d@*us-smdc3*:~$ cat /etc/samba/smb.conf
# Global parameters
[global]
dns forwarder = 10.0.1.2 # trusted ad dc
netbios name = US-SMDC3
realm = SVITLA3.ROOM
server role = active directory domain controller
workgroup = SVITLA3
idmap_ldb:use rfc2307 = yes
log level = 1
ldap server require strong auth = no
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/...
2020 Jul 13
0
Authentication with trusted credentials
...e that the problem is in incorrect groups.
Only trusted credentials don't work. Have you any idea what the reason is?
On Mon, 13 Jul 2020 at 19:50, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> Some more details. Below is what I have during joining Linux (Ubuntu
> 20.04) to the SVITLA3 domain. SVITLA3 (Samba) is trusting, APEX (AD) is
> trusted.
> SVITLA3 has *administrator *and *test01 *users, APEX has *administrator *and
> *jake *users.
> test01 - 20000:20000 (uidNumber:gidNumber)
> jake - 10000:10000
>
> You can see some delay in some places - I marked the...
2020 Nov 19
1
Smartcard logon
...art card logon successful.
> I'm trying to connect to W2016 with Hyper-V Console Session. In result I
> have "A null reference pointer was passed to the stub" on my screen.
> Samba log with auth:10 and kerberos:10 shows the following:
>
> Kerberos: AS-REQ administrator\@svitla3.room at SVITLA3.ROOM from ipv4:
> 10.0.0.2:63245 for krbtgt/SVITLA3.ROOM at SVITLA3.ROOM
> Kerberos: Client sent patypes: 150, 128
> Kerberos: Looking for PKINIT pa-data --
> administrator\@svitla3.room at SVITLA3.ROOM
> Kerberos: Looking for ENC-TS pa-data --
> administrator\@svi...
2020 Jul 14
3
Authentication with trusted credentials
Hai,
?
Sorry for the late(r) reply but we all need to sleep also sometimes.? ;-)
note, i saw its fixed, but i'll do comment a bit through your replies.
?
?
mainly because of this part
?
this part.? (Sended: monday 13 juli 2020 18:51)
> net ads join -U administrator at SVITLA3.ROOM
> Enter administrator at SVITLA3.ROOM's password:
> Using short domain name -- SVITLA3
> Joined 'UC-SMLBOX20' to dns domain 'svitla3.room'
> No DNS domain configured for uc-smlbox20. Unable to perform DNS Update.
> DNS update failed: NT_STATUS_INVALID_PA...
2020 Jul 16
0
Authentication with trusted credentials
...Hai,
Sorry for the late(r) reply but we all need to sleep also sometimes. ;-)
note, i saw its fixed, but i'll do comment a bit through your replies.
mainly because of this part
this part. (Sended: monday 13 juli 2020 18:51)
> net ads join -U administrator at SVITLA3.ROOM
> Enter administrator at SVITLA3.ROOM's password:
> Using short domain name -- SVITLA3
> Joined 'UC-SMLBOX20' to dns domain 'svitla3.room'
> No DNS domain configured for uc-smlbox20. Unable to perform DNS Update.
> DNS update failed:...
2020 Jul 16
3
Authentication with trusted credentials
On 16/07/2020 22:13, Yakov Revyakin wrote:
> Thank you! I have food for tomorrow. Now I only want to voice some of
> my considerations.
>
> Imagine that a domain had no trusts. At this time a PC became a member
> of this domain.
> After some time DC made trust with another domain. In this case
> existing members don't consider?any extra configuration like adding
>
2020 Jul 23
1
krb5_kt_start_seq_get failed (Permission denied)
...Re: [Samba] krb5_kt_start_seq_get failed
> (Permission denied)
>
> Ubuntu 18.04 LTS
>
> root is owner
>
> In case of 644
> d at uc-sm18:~$ sudo ls -la /etc/krb5.keytab
> -rw-r--r-- 1 root root 1122 Jul 17 13:16 /etc/krb5.keytab
>
> [global]
> workgroup = SVITLA3
> security = ADS
> realm = SVITLA3.ROOM
>
> winbind refresh tickets = Yes
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>...
2020 Jul 23
3
krb5_kt_start_seq_get failed (Permission denied)
On a DOMAIN Linux member in log.wb_DOMAIN I can see the error message
"krb5_kt_start_seq_get failed (Permission denied)" during any attempt of
user authentication.
In result a user is authenticated successfully. But what does this message
mean?
My krb5.keytab has permissions 600 by default.
If I change its permissions to 644 the error message goes.
2020 Jul 20
3
Authentication with trusted credentials
...and session still works with the trusting
> domain user in the
> same right manner.
> Trusted authentication works but it is routed according to the default
> backend. SSH session is created.
>
> # trusting user - authentication successful
>
> Kerberos: TGS-REQ test01 at SVITLA3.ROOM from ipv4:10.0.0.12:50510 for
> UC-SM18$@SVITLA3.ROOM
> Kerberos: TGS-REQ authtime: 2020-07-17T16:47:35 starttime:
> 2020-07-17T16:47:35 endtime: 2020-07-18T02:47:35 renew till: unset
>
> # trusted user - cross-realm authentication successful
>
> Kerberos: TGS-REQ jake a...
2020 Jul 13
0
Authentication with trusted credentials
...onal diagnostic can I make? How to
> make a step
> forward?
>
> Samba 4.11
>
> DC:
> d@*us-smdc3*:~$ cat /etc/samba/smb.conf
> # Global parameters
> [global]
> dns forwarder = 10.0.1.2 # trusted ad dc
> netbios name = US-SMDC3
> realm = SVITLA3.ROOM
> server role = active directory domain controller
> workgroup = SVITLA3
> idmap_ldb:use rfc2307 = yes
> log level = 1
> ldap server require strong auth = no
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read o...
2020 Jul 21
2
Authentication with trusted credentials
Hi Rowland,
Thank you for effort
My output as you requested:
## Samba DC
d at us-smdc3:~$ wbinfo --online-status
BUILTIN : active connection
SVITLA3 : active connection
APEX : active connection
## Linux Client
d at uc-sm18:~$ wbinfo --online-status
BUILTIN : online
UC-SM18 : online
SVITLA3 : online
APEX : online
# UC-SM18 is a Linux member of SVITLA3.
You decided to demonstrate too difficult case. I only want to prove that I
can ssh to UC-SM...
2020 Jul 21
0
Authentication with trusted credentials
On 21/07/2020 15:38, Yakov Revyakin wrote:
> Hi Rowland,
> Thank you for effort
>
> My output as you requested:
> ## Samba DC
> d at us-smdc3:~$ wbinfo --online-status
> BUILTIN : active connection
> SVITLA3 : active connection
> APEX : active connection
>
> ## Linux Client
> d at uc-sm18:~$ wbinfo --online-status
> BUILTIN : online
> UC-SM18 : online
> SVITLA3 : online
> APEX : online
>
> # UC-SM18 is a Linux member of SVITLA3.
>
> You decided to demonstrate too dif...
2020 Jul 23
1
Authentication with trusted credentials
...at lists.samba.org>
wrote:
> On 21/07/2020 15:38, Yakov Revyakin wrote:
> > Hi Rowland,
> > Thank you for effort
> >
> > My output as you requested:
> > ## Samba DC
> > d at us-smdc3:~$ wbinfo --online-status
> > BUILTIN : active connection
> > SVITLA3 : active connection
> > APEX : active connection
> >
> > ## Linux Client
> > d at uc-sm18:~$ wbinfo --online-status
> > BUILTIN : online
> > UC-SM18 : online
> > SVITLA3 : online
> > APEX : online
> >
> > # UC-SM18 is a Linux member of SVI...