Displaying 17 results from an estimated 17 matches for "u1customer".
Did you mean:
customer
2018 Jun 30
2
DM 3.6.25 -> 4.x
On Sat, 30 Jun 2018 21:02:57 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
> additional:
>
> the krb5.conf from the former admin, I assume it could or should be
> boiled down:
> # cat /etc/krb5.conf
The standard one for Samba is just this:
[libdefaults]
default_realm = CUSTOMER.INTRA
dns_lookup_realm = false
2018 Jun 30
2
DM 3.6.25 -> 4.x
additional note:
# kinit sgw
Password for sgw at customer.INTRA:
# smbclient \\\\u1customer\\IT -U sgw -k
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for cifs/u1customer failed
(next[(null)]): NT_STATUS_INVALID_PARAMETER
SPNEGO: Could not find a suitable mechtype in NEG_TOKEN_INIT
session setup failed: NT_STATUS_INVALID_PARAMETER
(krb5.conf already reduced to minimum, btw)
Does that point...
2018 Jun 30
0
DM 3.6.25 -> 4.x
...n I "pull" these infos somehow?
btw after above changes:
[2018/06/30 23:17:31.605837, 1]
../source3/librpc/crypto/gse.c:649(gse_get_server_auth_token)
gss_accept_sec_context failed with [Unspecified GSS failure. Minor
code may provide more information: Request ticket server
cifs/U1customer.customer.intra at customer.INTRA not found in keytab
(ticket kvno 277)]
(same as before)
# net ads keytab list
Vno Type Principal
2 DES cbc mode with CRC-32
host/u1customer.customer.intra at customer.INTRA
2 DES cbc mode with CRC-32...
2018 Jul 01
2
DM 3.6.25 -> 4.x
Am 01.07.2018 um 11:04 schrieb Rowland Penny via samba:
> Do you have access to the Windows DC ?
> If so, can you check if the computer (u1customer) has the required cifs
> SPN, if it doesn't exist, it will need to be added.
I can talk to the windows-admin tmrw.
> Once you are sure it does exist, you can use 'net ads keytab add
> <principal>' to add it to /etc/krb5.keytab
>
> One of the problems I am trying...
2018 Jul 02
2
DM 3.6.25 -> 4.x
...Weichinger via samba" <samba at lists.samba.org> wrote:
> >> The message re-appeared though:
> >>
> >> gss_accept_sec_context failed with [Unspecified GSS failure. Minor
> >> code may provide more information: Request ticket server
> >> cifs/U1customer.customer.intra at customer.INTRA kvno 277 not found in
> >> keytab; keytab is likely out of date]
> >
> > One question I don't remember asking, just where is that message
> > appearing ? and is it the exact message (complete with headers,
> > times etc.
> &g...
2018 Jul 02
2
DM 3.6.25 -> 4.x
...ated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
Both
>
> Restart services? Reload/SIGHUP only?
Try a reload first.
>
> -
>
> additional issue/question:
>
> the Server itself is called "samba" and has an netbios alias
> "u1customer"
>
> The GPOs all point at "u1customer" ... do we have to specifically
> announce/register that 2nd name in ADS somehow?
I think you will have to create a CNAME record in DNS.
Rowland
2018 Jul 02
2
DM 3.6.25 -> 4.x
...ba" <samba at lists.samba.org> wrote:
> Am 2018-07-01 um 15:56 schrieb Stefan G. Weichinger via samba:
> > Am 01.07.2018 um 11:04 schrieb Rowland Penny via samba:
> >
> >> Do you have access to the Windows DC ?
> >> If so, can you check if the computer (u1customer) has the required
> >> cifs SPN, if it doesn't exist, it will need to be added.
> >
> > I can talk to the windows-admin tmrw.
> >
> >> Once you are sure it does exist, you can use 'net ads keytab add
> >> <principal>' to add it to /et...
2018 Jul 06
2
DM 3.6.25 -> 4.x
Am 02.07.2018 um 12:23 schrieb Stefan G. Weichinger via samba:
> Am 2018-07-02 um 12:14 schrieb Rowland Penny via samba:
>
>>> I remove only the 1st line or both?
>>>
>>> dedicated keytab file = /etc/krb5.keytab
>>> kerberos method = secrets and keytab
>>
>> Both
>
> done
>
>>> Restart services? Reload/SIGHUP only?
>>
2018 Jun 30
0
DM 3.6.25 -> 4.x
...:88
admin_server = DC1.customer.INTRA:464
default_domain = customer.INTRA
}
[domain_realm]
.customer.INTRA = customer.INTRA
customer.INTRA = customer.INTRA
--
[global]
unix charset = iso8859-15
security = ads
realm = customer.INTRA
workgroup = customer
netbios aliases = u1customer
server string = U1customer
winbind cache time = 10
winbind use default domain = yes
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
restrict anonymous = 2
domain master = no
local master =...
2018 Jul 02
0
DM 3.6.25 -> 4.x
...the clients to test now.
So far I see no more ugly "gss ... 277" messages in log.smbd since the
change. Ah, and while I type that ... they return.
>> additional issue/question:
>>
>> the Server itself is called "samba" and has an netbios alias
>> "u1customer"
>>
>> The GPOs all point at "u1customer" ... do we have to specifically
>> announce/register that 2nd name in ADS somehow?
>
> I think you will have to create a CNAME record in DNS.
OK, told the DC-admin to check that.
Yesterday only one of the DCs returne...
2018 Jul 06
0
DM 3.6.25 -> 4.x
...both in their hundreds of
> Hyperlinks they have in their word-docs ... oh my).
Additional info after diffing the 3.6 smb.conf and the current one:
seems as if the order has been turned around, back then they had:
netbios name = U1NORAS
netbios aliases = samba
now we have
netbios aliases = u1customer
netbios name = SAMBA
I took the optimized smb.conf suggested by Rowland back then, I'd have
to check but it seems he turned these 2 around
No offense intended here, just an observation!
On 30.5. Rowland suggested:
Try this smb.conf:
[global]
unix charset = iso8859-15
security =...
2018 May 30
0
DM 3.6.25 -> 4.x
...spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
domain master = no
local master = no
preferred master = no
os level = 0
invalid users = root bin daemon adm sync shutdown halt mail news uucp
obey pam restrictions = yes
#debug level = 5
netbios name = U1CUSTOMER
netbios aliases = samba
server string = U1CUSTOMER
interfaces = 192.168.100.4/24
bind interfaces only = Yes
map to guest = Bad User
name resolve order = wins lmhosts hosts bcast
wins support = Yes
# idmap config * : range =
# idmap config * : backend = tdb
force unknown acl user = Yes
host...
2018 May 30
2
DM 3.6.25 -> 4.x
On Wed, 30 May 2018 15:26:37 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 2018-05-30 um 15:01 schrieb Rowland Penny via samba:
>
> > There are three main winbind backends, but only two are really used
> > on Unix domain members, the 'ad' and the 'rid' backends. Which you
> > use is really down to a simple
2018 May 30
2
DM 3.6.25 -> 4.x
...)
You wont be using swat again, it went away, funnily enough just about
the same time as your old smb.conf was created.
Try this smb.conf:
[global]
unix charset = iso8859-15
security = ads
realm = CUSTOMER.INTRA
workgroup = CUSTOMER
netbios aliases = samba
server string = U1CUSTOMER
winbind cache time = 10
winbind use default domain = yes
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
restrict anonymous = 2
domain master = no
local master = no
preferred master = no
invalid users = root bin daemon adm sync shutdown halt mail news \
uucp
ob...
2018 Jun 30
2
DM 3.6.25 -> 4.x
That domain member server worked fine for about 2 weeks until today.
Somehow the DNS-record didn't work anymore, I did a rejoin and added
some kerberos-related lines to smb.conf
# 2 lines old
winbind cache time = 10
winbind use default domain = yes
# new lines
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
created keytab,
2018 May 30
0
DM 3.6.25 -> 4.x
...just about
> the same time as your old smb.conf was created.
>
> Try this smb.conf:
>
> [global]
> unix charset = iso8859-15
>
> security = ads
> realm = CUSTOMER.INTRA
> workgroup = CUSTOMER
> netbios aliases = samba
> server string = U1CUSTOMER
>
> winbind cache time = 10
> winbind use default domain = yes
> template homedir = /mnt/MSA2040/smb/Homes/%D/%U
>
> restrict anonymous = 2
> domain master = no
> local master = no
> preferred master = no
> invalid users = root bin dae...
2018 Jul 02
0
DM 3.6.25 -> 4.x
...0200
> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>> The message re-appeared though:
>>
>> gss_accept_sec_context failed with [Unspecified GSS failure. Minor
>> code may provide more information: Request ticket server
>> cifs/U1customer.customer.intra at customer.INTRA kvno 277 not found in
>> keytab; keytab is likely out of date]
>
> One question I don't remember asking, just where is that message
> appearing ? and is it the exact message (complete with headers, times
> etc.
>
> What I am trying to g...