Displaying 20 results from an estimated 20 matches for "vdmpp1".
Did you mean:
vdmpp2
2018 Oct 23
2
Again NFSv4 and Kerberos at the 'samba way'...
...#39;nfs-kernel-server' on server, 'nfs-common' on client.
Ok, this is easy.
b) AFAI've understood i need to create a 'principal', type 'NFS', for
server and client, and store the key in ''local keytab''. Debian wiki
suggest:
addpriv -randkey NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT
ktadd NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT
but in 'samba' lingo the same operation can be obtained with (run in
the client and server, with appropiate data):
net -U gaio ads keytab add NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT -k
done that, effective...
2018 Oct 24
5
Again NFSv4 and Kerberos at the 'samba way'...
...on client.
> Ok, this is easy.
>
Yes, that is easy...
>
> b) AFAI've understood i need to create a 'principal', type 'NFS', for
> server and client, and store the key in ''local keytab''. Debian wiki
> suggest:
> addpriv -randkey NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT
> ktadd NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT
>
> but in 'samba' lingo the same operation can be obtained with (run in
> the client and server, with appropiate data):
>
> net -U gaio ads keytab add
> NFS/vdmpp1.ad.fvg.lnf.it at AD...
2018 Oct 25
0
Again NFSv4 and Kerberos at the 'samba way'...
...nable
> "Trust this computer for delegation to any service (kerberos only)
> > I have set this on both NFS server and NFS client, thats
> more because of the use of my servers.
>
> OK. Done. The same can be achived with:
>
> samba-tool delegation for-any-service vdmpp1$ on
Great, saves me searching, i'll add the to my scripts. Thanks ;-)
I still need todo more with samba-tool and drop the windows ADUC.
>
> > And obligated in smb.conf for this setup.
> > kerberos method = secrets and keytab
> OK.
> > dedicated keytab file...
2018 Oct 26
3
Again NFSv4 and Kerberos at the 'samba way'...
...; Verzonden: vrijdag 26 oktober 2018 11:23
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
>
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > > root at vdcsv1:~# samba-tool spn list vdmpp1$
> > Hmm,
> > > nfs/vdmpp1.ad.fvg.lnf.it << correct
> > And these are wrong.
> > > nfs/vdmpp1.ad.fvg.lnf.it/vdmpp1
> > > nfs/vdmpp1.ad.fvg.lnf.it/vdmpp1.ad.fvg.lnf.it
> > Remove these 2.
>
> Removed, both on server and client. Bu...
2018 Oct 31
12
Again NFSv4 and Kerberos at the 'samba way'...
...nd for the client systemctl enable nfs-client
After the setup, all other servers start if needed based on the settings in
/etc/default/nfs-common and/or /etc/default/nfs-kernel-server
>
>
> 2) doing some mounts on the same host, with verbose output, i get:
>
> Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: Success getting
> keytab entry for 'nfs/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT'
> Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: WARNING:
> Preauthentication failed while getting initial ticket for
> principal 'nfs/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT' using...
2018 Nov 28
2
Different LDAP query in different DC...
...there on the one DC it doesn't work on, then it must be
> something on that DC. is there a firewall or apparmor/selinux in the
> way ?
No. Anyway, note that query return correctly 'result: 0 Success',
simply return no data.
Another query to the same DC return data. eg:
root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep ^rfc822MailMember
Enter LDAP Password:
root at vdmpp1:~#
root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it...
2018 Oct 31
0
Again NFSv4 and Kerberos at the 'samba way'...
...GUI ACL utilities for the NFSv4 client
And see this service file output : systemctl cat nfs-server.service
>
> >
> >
> > >
> > >
> > > 2) doing some mounts on the same host, with verbose output, i get:
> > >
> > > Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: Success getting
> > > keytab entry for 'nfs/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT'
> > > Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: WARNING:
> > > Preauthentication failed while getting initial ticket for
> > > principal 'nfs/vdmpp1.ad...
2018 Oct 29
0
Again NFSv4 and Kerberos at the 'samba way'...
...n via samba
> Verzonden: maandag 29 oktober 2018 17:33
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
>
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > > samba-tool spn add nfs/vdmpp1.ad.fvg.lnf.it vdmpp1$
> > > strange.
> > Yes, it is, what is the DC's samba version? Same as the members?
>
> No. DS are still on 4.5.
Hm, ok, i would preffer 4.8, but it should work also.
I think the wrong spn is coming from the 4.5 line, but not 100% sure.
>
>...
2018 Nov 28
0
Different LDAP query in different DC...
.... is there a firewall or apparmor/selinux in the
> > way ?
>
> No. Anyway, note that query return correctly 'result: 0 Success',
> simply return no data.
That just means the search retuned without error
> Another query to the same DC return data. eg:
>
> root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D
> CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b
> DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep
> ^rfc822MailMember Enter LDAP Password: root at vdmpp1:~# root at vdmpp1:~#
> ldapsearch -H ldap://vdcpp1...
2018 Nov 28
2
Different LDAP query in different DC...
> Why?!
Sorry but... someone can point me in the right direction? Really i
don't know how to look for that problem...
I summarize:
a) an LDAP lookup for some data works in ALL DC past one
b) in that non-working DC, a direct query against the sam.ldb reveal
that data are here (so, seems to me an ACL problem)
c) checking sync status between DCs reveal no sync troubles.
Where i can
2017 Dec 06
2
[Curiosity] 'netbios aliases' works in AD mode?
On Wed, 2017-12-06 at 11:19 +0100, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
> In chel di` si favelave...
>
> > > We haved used it on a domain member server, yes.
> > > Only one thing: when you have a compteraccount memberserver$ in your AD,
> > > you cannot use "memberserver" as an alias on another machine)
> >
>
2018 Jun 06
2
Samba, AD, 'short' name resolving...
Sorry, i'm getting a bit confused about my new Samba/AD domain, related
to the 'short' name resolving.
I was clearly (ab)used to Samba/NT, where WINS make, on LAN, ''flat''
resolving very simple.
I'm moving now from my old NT domains to my new AD domain, and to
prevent massive change i've decided to keep name resolution and DHCP
address assigment out of the
2017 Dec 07
0
[Curiosity] 'netbios aliases' works in AD mode?
...qualfied aliases as the client will ask for a ticket for exactly the
> name stated, not the FQDN as this avoids in-secure DNS being an attack
> point.
Mmmhhh... i try to do an example.
Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it'
in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in
LAN 2.
If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2
'pp.lnf.it', i cannot alias 'file' on both because the ticket get asked
for 'vdmsv1.ad.fvg.lnf.it' and 'vdmpp1.ad.fvg.lnf.it'....
2018 Nov 06
0
Again NFSv4 and Kerberos at the 'samba way'...
...it.
>
> Only a note: i've restarted the nfs server, but seems that
> /etc/default/nfs-common
> and /etc/default/nfs-kernel-server are ignored, /usr/sbin/rpc.svcgssd
> and /usr/sbin/rpc.gssd get started without option setted in
> /etc/default/nfs-* files:
>
> root at vdmpp1:~# ps aux | grep [g]ssd
> root 736 0.0 0.0 37012 3224 ? Ss nov05
> 0:00 /usr/sbin/rpc.svcgssd
> root 738 0.0 0.0 111044 3468 ? Ss nov05
> 0:00 /usr/sbin/rpc.gssd
> root at vdmpp1:~# grep GSSDOPTS /etc/default/nfs-*
> /etc/default/nfs-...
2018 Jun 13
3
NSS and group enumeration in CUPS...
I was used (in SambaNT/OpenLDAP) to put on CUPS configuration the
statement (/etc/cups/cups-files.conf):
SystemGroup printops
and add to 'printops' group some users that can manage cups.
Now i'm in AD mode. I'm in 'printops' group:
root at vdmpp1:~# id gaio
uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain users),11001(sir),10999(unixadm),10998(printops),5001(BUILTIN\users),5000(BUILTIN\administrators)
but still if i access the cups web interface, i can login but
administration/management tasks are 'access denied'.
Prob...
2017 Dec 07
2
[Curiosity] 'netbios aliases' works in AD mode?
...ask for a ticket for exactly the
> > name stated, not the FQDN as this avoids in-secure DNS being an attack
> > point.
>
> Mmmhhh... i try to do an example.
>
> Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it'
> in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in
> LAN 2.
>
> If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2
> 'pp.lnf.it', i cannot alias 'file' on both because the ticket get asked
> for 'vdmsv1.ad.fvg.lnf.it' and 'v...
2018 Jun 13
0
NSS and group enumeration in CUPS...
...T/OpenLDAP) to put on CUPS configuration the
> statement (/etc/cups/cups-files.conf):
>
> SystemGroup printops
>
> and add to 'printops' group some users that can manage cups.
>
>
> Now i'm in AD mode. I'm in 'printops' group:
>
> root at vdmpp1:~# id gaio
> uid=10000(gaio) gid=10513(domain users)
> gruppi=10513(domain
> users),11001(sir),10999(unixadm),10998(printops),5001(BUILTIN\
> users),5000(BUILTIN\administrators)
>
> but still if i access the cups web interface, i can login but
> administration/management ta...
2018 Jun 08
4
Samba, AD, 'short' name resolving...
...n a bit... DNS works in this way, as expected.
Touble arise in windows client accessing server aliases; I'm used to
define some aliases for servers (so i use \\FILEPP\).
I define aliases with:
a) cname in AD DNS, and work:
root at vdmtms1:~# host filepp
filepp.ad.fvg.lnf.it is an alias for vdmpp1.ad.fvg.lnf.it.
vdmpp1.ad.fvg.lnf.it has address 10.27.1.22
b) 'netbios aliases' in smb.conf:
netbios aliases = CUPSPP FILEPP HOMEPP
c) SPN aliases:
samba-tool spn add HOST/filepp.ad.fvg.lnf.it vdmpp1$
samba-tool spn add HOST/FILEPP vdmpp1$
but still windows client cannot acc...
2023 Aug 29
1
GlusterFS, move files, Samba ACL...
On Tue, 29 Aug 2023 15:44:35 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> >> In samba the share is:
> > I wish people wouldn't do this, if you are going to post a share,
> > please post the global section as well.
>
> Sorry.
>
> # Global parameters
>
2018 Nov 06
1
Again NFSv4 and Kerberos at the 'samba way'...
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> Im not really sure here.
Seems that nfs-config crate the file correctly:
root at vdmpp1:/srv# cat /run/sysconfig/nfs-utils
PIPEFS_MOUNTPOINT=/run/rpc_pipefs
RPCNFSDARGS=" 8"
RPCMOUNTDARGS="--manage-gids"
STATDARGS=""
RPCSVCGSSDARGS="-vvvvv -n"
but the nfs(s) systemd unit file misses the 'EnvironmentFile='
directive:
https://www....