search for: svitla3

Some more details. Below is what I have during joining Linux (Ubuntu 20.04) to the SVITLA3 domain. SVITLA3 (Samba) is trusting, APEX (AD) is trusted. SVITLA3 has *administrator *and *test01 *users, APEX has *administrator *and *jake *users. test01 - 20000:20000 (uidNumber:gidNumber) jake - 10000:10000 You can see some delay in some places - I marked them bold. It looks like DNS timeouts...

...ploads/2019/06/trusts-tutorial.pdf What I missed? What additional diagnostic can I make? How to make a step forward? Samba 4.11 DC: d@*us-smdc3*:~$ cat /etc/samba/smb.conf # Global parameters [global] dns forwarder = 10.0.1.2 # trusted ad dc netbios name = US-SMDC3 realm = SVITLA3.ROOM server role = active directory domain controller workgroup = SVITLA3 idmap_ldb:use rfc2307 = yes log level = 1 ldap server require strong auth = no [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/...

...e that the problem is in incorrect groups. Only trusted credentials don't work. Have you any idea what the reason is? On Mon, 13 Jul 2020 at 19:50, Yakov Revyakin <yrevyakin at gmail.com> wrote: > Some more details. Below is what I have during joining Linux (Ubuntu > 20.04) to the SVITLA3 domain. SVITLA3 (Samba) is trusting, APEX (AD) is > trusted. > SVITLA3 has *administrator *and *test01 *users, APEX has *administrator *and > *jake *users. > test01 - 20000:20000 (uidNumber:gidNumber) > jake - 10000:10000 > > You can see some delay in some places - I marked the...

...art card logon successful. > I'm trying to connect to W2016 with Hyper-V Console Session. In result I > have "A null reference pointer was passed to the stub" on my screen. > Samba log with auth:10 and kerberos:10 shows the following: > > Kerberos: AS-REQ administrator\@svitla3.room at SVITLA3.ROOM from ipv4: > 10.0.0.2:63245 for krbtgt/SVITLA3.ROOM at SVITLA3.ROOM > Kerberos: Client sent patypes: 150, 128 > Kerberos: Looking for PKINIT pa-data -- > administrator\@svitla3.room at SVITLA3.ROOM > Kerberos: Looking for ENC-TS pa-data -- > administrator\@svi...

Hai, ? Sorry for the late(r) reply but we all need to sleep also sometimes.? ;-) note, i saw its fixed, but i'll do comment a bit through your replies. ? ? mainly because of this part ? this part.? (Sended: monday 13 juli 2020 18:51) > net ads join -U administrator at SVITLA3.ROOM > Enter administrator at SVITLA3.ROOM's password: > Using short domain name -- SVITLA3 > Joined 'UC-SMLBOX20' to dns domain 'svitla3.room' > No DNS domain configured for uc-smlbox20. Unable to perform DNS Update. > DNS update failed: NT_STATUS_INVALID_PA...

...Hai, Sorry for the late(r) reply but we all need to sleep also sometimes. ;-) note, i saw its fixed, but i'll do comment a bit through your replies. mainly because of this part this part. (Sended: monday 13 juli 2020 18:51) > net ads join -U administrator at SVITLA3.ROOM > Enter administrator at SVITLA3.ROOM's password: > Using short domain name -- SVITLA3 > Joined 'UC-SMLBOX20' to dns domain 'svitla3.room' > No DNS domain configured for uc-smlbox20. Unable to perform DNS Update. > DNS update failed:...

On 16/07/2020 22:13, Yakov Revyakin wrote: > Thank you! I have food for tomorrow. Now I only want to voice some of > my considerations. > > Imagine that a domain had no trusts. At this time a PC became a member > of this domain. > After some time DC made trust with another domain. In this case > existing members don't consider?any extra configuration like adding >

...Re: [Samba] krb5_kt_start_seq_get failed > (Permission denied) > > Ubuntu 18.04 LTS > > root is owner > > In case of 644 > d at uc-sm18:~$ sudo ls -la /etc/krb5.keytab > -rw-r--r-- 1 root root 1122 Jul 17 13:16 /etc/krb5.keytab > > [global] > workgroup = SVITLA3 > security = ADS > realm = SVITLA3.ROOM > > winbind refresh tickets = Yes > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab >...

On a DOMAIN Linux member in log.wb_DOMAIN I can see the error message "krb5_kt_start_seq_get failed (Permission denied)" during any attempt of user authentication. In result a user is authenticated successfully. But what does this message mean? My krb5.keytab has permissions 600 by default. If I change its permissions to 644 the error message goes.

...and session still works with the trusting > domain user in the > same right manner. > Trusted authentication works but it is routed according to the default > backend. SSH session is created. > > # trusting user - authentication successful > > Kerberos: TGS-REQ test01 at SVITLA3.ROOM from ipv4:10.0.0.12:50510 for > UC-SM18$@SVITLA3.ROOM > Kerberos: TGS-REQ authtime: 2020-07-17T16:47:35 starttime: > 2020-07-17T16:47:35 endtime: 2020-07-18T02:47:35 renew till: unset > > # trusted user - cross-realm authentication successful > > Kerberos: TGS-REQ jake a...

...onal diagnostic can I make? How to > make a step > forward? > > Samba 4.11 > > DC: > d@*us-smdc3*:~$ cat /etc/samba/smb.conf > # Global parameters > [global] > dns forwarder = 10.0.1.2 # trusted ad dc > netbios name = US-SMDC3 > realm = SVITLA3.ROOM > server role = active directory domain controller > workgroup = SVITLA3 > idmap_ldb:use rfc2307 = yes > log level = 1 > ldap server require strong auth = no > > [sysvol] > path = /var/lib/samba/sysvol > read o...

Hi Rowland, Thank you for effort My output as you requested: ## Samba DC d at us-smdc3:~$ wbinfo --online-status BUILTIN : active connection SVITLA3 : active connection APEX : active connection ## Linux Client d at uc-sm18:~$ wbinfo --online-status BUILTIN : online UC-SM18 : online SVITLA3 : online APEX : online # UC-SM18 is a Linux member of SVITLA3. You decided to demonstrate too difficult case. I only want to prove that I can ssh to UC-SM...

On 21/07/2020 15:38, Yakov Revyakin wrote: > Hi Rowland, > Thank you for effort > > My output as you requested: > ## Samba DC > d at us-smdc3:~$ wbinfo --online-status > BUILTIN : active connection > SVITLA3 : active connection > APEX : active connection > > ## Linux Client > d at uc-sm18:~$ wbinfo --online-status > BUILTIN : online > UC-SM18 : online > SVITLA3 : online > APEX : online > > # UC-SM18 is a Linux member of SVITLA3. > > You decided to demonstrate too dif...

...at lists.samba.org> wrote: > On 21/07/2020 15:38, Yakov Revyakin wrote: > > Hi Rowland, > > Thank you for effort > > > > My output as you requested: > > ## Samba DC > > d at us-smdc3:~$ wbinfo --online-status > > BUILTIN : active connection > > SVITLA3 : active connection > > APEX : active connection > > > > ## Linux Client > > d at uc-sm18:~$ wbinfo --online-status > > BUILTIN : online > > UC-SM18 : online > > SVITLA3 : online > > APEX : online > > > > # UC-SM18 is a Linux member of SVI...