search for: tc83

Here's the keytab info: ubuntu at kvm7246-vm022:~/samba$ sudo klist -ek /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 1) 12 host/KVM7246-VM022 at TC83.LOCAL (etype 1) 12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 3) 12 host/KVM7246-VM022 at TC83.LOCAL (etype 3) 12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (aes128-cts-hmac-sha1-96) 12 host/KVM7246-VM022 at TC83.LOCAL (...

In case you missed the link in the original email, here's the smb.conf: [global] kerberos method = secrets and keytab logging = systemd realm = TC83.LOCAL security = ADS template homedir = /home/%U@%D template shell = /bin/bash winbind offline logon = Yes winbind refresh tickets = Yes workgroup = TC83 idmap config * : range = 1000000-19999999 idmap config * : backend = autorid [test] path = /srv/test valid users = "@tc83.local\...

Hi all. I?m trying to understand a weird authentication failure: I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest, with a bidirectional forest trust. The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is running a recent build from git master (f38077ea5ee). When I test authentication of users in each domain by running ntlm_auth on the samb...

Your config looks ok, as far i can tell. This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL" As it should spn/hostname.fqdn at REALM nothing wrong with that. But if i understand it right. Your server : kvm7246-vm022.maas.local is in REALM : TC83.LOCAL ( NTDOM:TC83 ) But you get TC84 back?. On the problem server run the following: dig a kvm7246-vm022.maas.local @IP_of_AD-DC Gives an Returned_IP dig -x Returned_IP @IP_of_AD-DC hostname -s hostname -f hostname -I hostname -A cat /etc/resolv.conf route -n|grep default cat /etc/krb5.co...

...served some odd behavior. In my lab tests, it seems like authentication works for users in all trusted forests, but only if NTLMSSP is used. When Kerberos ends up being used, authentication only seems to work for users in the local domain. Here's the test setup: - Two Active Directory forests, tc83.local and tc84.local, with a forest trust between them. - The Linux server is a member of domain tc83.local. - Samba built from git master this afternoon (commit 2669cecc51f) on Ubuntu 19.10. (I first reproduced this on CentOS 7, but wanted to test against latest code before asking this list.) ubu...

...my lab tests, it seems like > authentication works for users in all trusted forests, but only if NTLMSSP > is used. When Kerberos ends up being used, authentication only seems to > work for users in the local domain. > > Here's the test setup: > - Two Active Directory forests, tc83.local and tc84.local, with a forest > trust between them. > - The Linux server is a member of domain tc83.local. > - Samba built from git master this afternoon (commit 2669cecc51f) on Ubuntu > 19.10. (I first reproduced this on CentOS 7, but wanted to test against > latest code befor...

...rote: > Your config looks ok, as far i can tell. > > This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL" > As it should spn/hostname.fqdn at REALM nothing wrong with that. > > But if i understand it right. > > Your server : kvm7246-vm022.maas.local is in REALM : TC83.LOCAL ( > NTDOM:TC83 ) > But you get TC84 back?. > > On the problem server run the following: > > dig a kvm7246-vm022.maas.local @IP_of_AD-DC > Gives an Returned_IP > ubuntu at kvm7246-vm022:~/samba$ host -t srv _ldap._tcp.tc83.local _ldap._tcp.tc83.local has SRV record 0...

Show the servers there smb.conf that might help. And your using autorid.. https://wiki.samba.org/index.php/Idmap_config_autorid Drawbacks: User and group IDs are not equal across Samba domain members. TC84\administrator:*:1100500:1100513::/home/administrator at TC84 TC83\administrator:*:1200500:1200513::/home/administrator at TC83 1200500-1100500 = 100000 idmap config * : rangesize = 100000 The default value is 100000 ! So this looks normal.. But i never used autorid so, im sure if im wrong Someone will correct me ;-) Greetz, Louis > -----Oorspronke...

...tOS > 7.6). When I apply the same basic configuration to a system running samba > 4.9 (CentOS 7.7), I see a very strange behavior: The ID mapping for trusted > domains does not work right. > > Both systems are joined to the domain tc84.local (TC84), which has a > forest trust with TC83, and they have identical smb.conf files. Here's the > idmap related bit: > > # testparm 2>/dev/null </dev/null | grep idmap > idmap config * : range = 1000000-19999999 > idmap config * : backend = autorid > > Here's the samba 4.8 system: > >...

...mba expert, and I know there are lots of ways to write a valid, but silly, smb.conf. What, other than the id mapping config, should I change? Here's the config again (with a more appropriate id mapping config), for reference: [global] kerberos method = system keytab logging = systemd realm = TC83.LOCAL security = ADS template homedir = /home/%U@%D template shell = /bin/bash winbind offline logon = Yes winbind refresh tickets = Yes workgroup = TC83 idmap config * : backend = autorid idmap config * : range = 1000000-19999999 [test] path = /srv/test valid users = "@tc83.local\domain user...

...orid.. > > > https://wiki.samba.org/index.php/Idmap_config_autorid > > > > > > Drawbacks: User and group IDs are not equal across Samba > > domain members. > > > > > > TC84\administrator:*:1100500:1100513::/home/administrator at TC84 > > > TC83\administrator:*:1200500:1200513::/home/administrator at TC83 > > > > > > 1200500-1100500 = 100000 > > > > > > idmap config * : rangesize = 100000 > > > The default value is 100000 ! > > > > > > So this looks normal.. But i never used...

...0), Samba isn't > >> doing the authentication. > >> > > What part of my problem description, or which log entries make you think > I > > am using sssd? > > n > > The fact that you do not have lines in smb.conf similar to these: > > idmap config TC83 : backend = rid > idmap config TC83 : range = 100000-1999999 > > The lack of these lines means one of two things, either your smb.conf > isn't set up correctly or you are using sssd and it is usually the > latter ;-) > > Rowland > > > > -- > To unsubscribe fr...

...an the id mapping config, should I change? > > Here's the config again (with a more appropriate id mapping config), for > reference: > > [global] > kerberos method = system keytab I would alter the line above, to 'secrets and keytab' > logging = systemd > realm = TC83.LOCAL > security = ADS > template homedir = /home/%U@%D > template shell = /bin/bash > winbind offline logon = Yes > winbind refresh tickets = Yes > workgroup = TC83 > idmap config * : backend = autorid > idmap config * : range = 1000000-19999999 > > [test] > path =...

I?m trying to understand a weird authentication failure: I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest, with a bidirectional forest trust. The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is running a recent build from git master (f38077ea5ee). When I test authentication of users in each domain by running ntlm_auth on the samb...

...ba.org/mailman/listinfo/samba>sharename" or something like that? bb. Il giorno ven 15 nov 2019 alle ore 18:24 Nathaniel W. Turner via samba < samba at lists.samba.org> ha scritto: > Hi all. I?m trying to understand a weird authentication failure: > > I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest, > with a bidirectional forest trust. > The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is > running a recent build from git master (f38077ea5ee). > > When I test authentication of users in each domain by runni...

Hi Rowland, On Tue, Oct 29, 2019 at 5:37 AM Rowland penny via samba < samba at lists.samba.org> wrote: > > I am sorry but you seem to be asking on the wrong list, you appear to be > using sssd (which isn't supported with Samba from 4.8.0), Samba isn't > doing the authentication. > What part of my problem description, or which log entries make you think I am using

...tps://wiki.samba.org/index.php/Idmap_config_autorid >> > > >> > > Drawbacks: User and group IDs are not equal across Samba >> > domain members. >> > > >> > > TC84\administrator:*:1100500:1100513::/home/administrator at TC84 >> > > TC83\administrator:*:1200500:1200513::/home/administrator at TC83 >> > > >> > > 1200500-1100500 = 100000 >> > > >> > > idmap config * : rangesize = 100000 >> > > The default value is 100000 ! >> > > >> > > So this look...

...> > > And your using autorid.. > > https://wiki.samba.org/index.php/Idmap_config_autorid > > > > Drawbacks: User and group IDs are not equal across Samba > domain members. > > > > TC84\administrator:*:1100500:1100513::/home/administrator at TC84 > > TC83\administrator:*:1200500:1200513::/home/administrator at TC83 > > > > 1200500-1100500 = 100000 > > > > idmap config * : rangesize = 100000 > > The default value is 100000 ! > > > > So this looks normal.. But i never used autorid so, im sure > if im wro...