search for: vdmpp1

...#39;nfs-kernel-server' on server, 'nfs-common' on client. Ok, this is easy. b) AFAI've understood i need to create a 'principal', type 'NFS', for server and client, and store the key in ''local keytab''. Debian wiki suggest: addpriv -randkey NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT ktadd NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT but in 'samba' lingo the same operation can be obtained with (run in the client and server, with appropiate data): net -U gaio ads keytab add NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT -k done that, effective...

...on client. > Ok, this is easy. > Yes, that is easy... > > b) AFAI've understood i need to create a 'principal', type 'NFS', for > server and client, and store the key in ''local keytab''. Debian wiki > suggest: > addpriv -randkey NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT > ktadd NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT > > but in 'samba' lingo the same operation can be obtained with (run in > the client and server, with appropiate data): > > net -U gaio ads keytab add > NFS/vdmpp1.ad.fvg.lnf.it at AD...

...nable > "Trust this computer for delegation to any service (kerberos only) > > I have set this on both NFS server and NFS client, thats > more because of the use of my servers. > > OK. Done. The same can be achived with: > > samba-tool delegation for-any-service vdmpp1$ on Great, saves me searching, i'll add the to my scripts. Thanks ;-) I still need todo more with samba-tool and drop the windows ADUC. > > > And obligated in smb.conf for this setup. > > kerberos method = secrets and keytab > OK. > > dedicated keytab file...

...; Verzonden: vrijdag 26 oktober 2018 11:23 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > > root at vdcsv1:~# samba-tool spn list vdmpp1$ > > Hmm, > > > nfs/vdmpp1.ad.fvg.lnf.it << correct > > And these are wrong. > > > nfs/vdmpp1.ad.fvg.lnf.it/vdmpp1 > > > nfs/vdmpp1.ad.fvg.lnf.it/vdmpp1.ad.fvg.lnf.it > > Remove these 2. > > Removed, both on server and client. Bu...

...nd for the client systemctl enable nfs-client After the setup, all other servers start if needed based on the settings in /etc/default/nfs-common and/or /etc/default/nfs-kernel-server > > > 2) doing some mounts on the same host, with verbose output, i get: > > Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: Success getting > keytab entry for 'nfs/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT' > Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: WARNING: > Preauthentication failed while getting initial ticket for > principal 'nfs/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT' using...

...there on the one DC it doesn't work on, then it must be > something on that DC. is there a firewall or apparmor/selinux in the > way ? No. Anyway, note that query return correctly 'result: 0 Success', simply return no data. Another query to the same DC return data. eg: root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep ^rfc822MailMember Enter LDAP Password: root at vdmpp1:~# root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it...

...GUI ACL utilities for the NFSv4 client And see this service file output : systemctl cat nfs-server.service > > > > > > > > > > > > > > 2) doing some mounts on the same host, with verbose output, i get: > > > > > > Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: Success getting > > > keytab entry for 'nfs/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT' > > > Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: WARNING: > > > Preauthentication failed while getting initial ticket for > > > principal 'nfs/vdmpp1.ad...

...n via samba > Verzonden: maandag 29 oktober 2018 17:33 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > > samba-tool spn add nfs/vdmpp1.ad.fvg.lnf.it vdmpp1$ > > > strange. > > Yes, it is, what is the DC's samba version? Same as the members? > > No. DS are still on 4.5. Hm, ok, i would preffer 4.8, but it should work also. I think the wrong spn is coming from the 4.5 line, but not 100% sure. > >...

.... is there a firewall or apparmor/selinux in the > > way ? > > No. Anyway, note that query return correctly 'result: 0 Success', > simply return no data. That just means the search retuned without error > Another query to the same DC return data. eg: > > root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D > CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b > DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep > ^rfc822MailMember Enter LDAP Password: root at vdmpp1:~# root at vdmpp1:~# > ldapsearch -H ldap://vdcpp1...

> Why?! Sorry but... someone can point me in the right direction? Really i don't know how to look for that problem... I summarize: a) an LDAP lookup for some data works in ALL DC past one b) in that non-working DC, a direct query against the sam.ldb reveal that data are here (so, seems to me an ACL problem) c) checking sync status between DCs reveal no sync troubles. Where i can

On Wed, 2017-12-06 at 11:19 +0100, Marco Gaiarin via samba wrote: > Mandi! Andrew Bartlett via samba > In chel di` si favelave... > > > > We haved used it on a domain member server, yes. > > > Only one thing: when you have a compteraccount memberserver$ in your AD, > > > you cannot use "memberserver" as an alias on another machine) > > >

Sorry, i'm getting a bit confused about my new Samba/AD domain, related to the 'short' name resolving. I was clearly (ab)used to Samba/NT, where WINS make, on LAN, ''flat'' resolving very simple. I'm moving now from my old NT domains to my new AD domain, and to prevent massive change i've decided to keep name resolution and DHCP address assigment out of the

...qualfied aliases as the client will ask for a ticket for exactly the > name stated, not the FQDN as this avoids in-secure DNS being an attack > point. Mmmhhh... i try to do an example. Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it' in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in LAN 2. If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2 'pp.lnf.it', i cannot alias 'file' on both because the ticket get asked for 'vdmsv1.ad.fvg.lnf.it' and 'vdmpp1.ad.fvg.lnf.it'....

...it. > > Only a note: i've restarted the nfs server, but seems that > /etc/default/nfs-common > and /etc/default/nfs-kernel-server are ignored, /usr/sbin/rpc.svcgssd > and /usr/sbin/rpc.gssd get started without option setted in > /etc/default/nfs-* files: > > root at vdmpp1:~# ps aux | grep [g]ssd > root 736 0.0 0.0 37012 3224 ? Ss nov05 > 0:00 /usr/sbin/rpc.svcgssd > root 738 0.0 0.0 111044 3468 ? Ss nov05 > 0:00 /usr/sbin/rpc.gssd > root at vdmpp1:~# grep GSSDOPTS /etc/default/nfs-* > /etc/default/nfs-...

I was used (in SambaNT/OpenLDAP) to put on CUPS configuration the statement (/etc/cups/cups-files.conf): SystemGroup printops and add to 'printops' group some users that can manage cups. Now i'm in AD mode. I'm in 'printops' group: root at vdmpp1:~# id gaio uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain users),11001(sir),10999(unixadm),10998(printops),5001(BUILTIN\users),5000(BUILTIN\administrators) but still if i access the cups web interface, i can login but administration/management tasks are 'access denied'. Prob...

...ask for a ticket for exactly the > > name stated, not the FQDN as this avoids in-secure DNS being an attack > > point. > > Mmmhhh... i try to do an example. > > Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it' > in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in > LAN 2. > > If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2 > 'pp.lnf.it', i cannot alias 'file' on both because the ticket get asked > for 'vdmsv1.ad.fvg.lnf.it' and 'v...

...T/OpenLDAP) to put on CUPS configuration the > statement (/etc/cups/cups-files.conf): > > SystemGroup printops > > and add to 'printops' group some users that can manage cups. > > > Now i'm in AD mode. I'm in 'printops' group: > > root at vdmpp1:~# id gaio > uid=10000(gaio) gid=10513(domain users) > gruppi=10513(domain > users),11001(sir),10999(unixadm),10998(printops),5001(BUILTIN\ > users),5000(BUILTIN\administrators) > > but still if i access the cups web interface, i can login but > administration/management ta...

...n a bit... DNS works in this way, as expected. Touble arise in windows client accessing server aliases; I'm used to define some aliases for servers (so i use \\FILEPP\). I define aliases with: a) cname in AD DNS, and work: root at vdmtms1:~# host filepp filepp.ad.fvg.lnf.it is an alias for vdmpp1.ad.fvg.lnf.it. vdmpp1.ad.fvg.lnf.it has address 10.27.1.22 b) 'netbios aliases' in smb.conf: netbios aliases = CUPSPP FILEPP HOMEPP c) SPN aliases: samba-tool spn add HOST/filepp.ad.fvg.lnf.it vdmpp1$ samba-tool spn add HOST/FILEPP vdmpp1$ but still windows client cannot acc...

On Tue, 29 Aug 2023 15:44:35 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > >> In samba the share is: > > I wish people wouldn't do this, if you are going to post a share, > > please post the global section as well. > > Sorry. > > # Global parameters >

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > Im not really sure here. Seems that nfs-config crate the file correctly: root at vdmpp1:/srv# cat /run/sysconfig/nfs-utils PIPEFS_MOUNTPOINT=/run/rpc_pipefs RPCNFSDARGS=" 8" RPCMOUNTDARGS="--manage-gids" STATDARGS="" RPCSVCGSSDARGS="-vvvvv -n" but the nfs(s) systemd unit file misses the 'EnvironmentFile=' directive: https://www....