Displaying 20 results from an estimated 23 matches for "wrfile".
2009 Jul 29
3
yum update broke ovirt
I did a yum update on my management server and now the ovirt gui is no
longer accessable. Is it supposed to just work or do I need to do
something after the yum update?
Justin.
2009 Feb 16
1
samba-3.2.8 - KRB5_KT_UNKNOWN_TYPE;
...= /etc/v5srvtab
then the function smb_krb5_open_keytab() returns KRB5_KT_UNKNOWN_TYPE.
If smb_krb5_open_keytab with a filename "/etc/v5srvtab" it would work
fine, however if the "default" keytab is used the expectation is that it
must have a prefix "FILE:" or "WRFILE:".
Is this the correct logic? It appears that the loop
while (next_token_talloc(mem_ctx, &tmp, &kt_str, ",")) {
Should have the test
if (tmp[0] == '/')
found_valid_name = True;
Glenn
kerberos_keytab.c
ads_keytab_add_entry()
ret = smb_krb5_op...
2011 Apr 17
1
KDC and samba4
...mp/test.keytab
added interface ip=192.168.1.11 nmask=255.255.255.0
added interface ip=127.0.0.1 nmask=255.0.0.0
added interface ip=192.168.1.11 nmask=255.255.255.0
added interface ip=127.0.0.1 nmask=255.0.0.0
ldb_wrap open of secrets.ldb
root at morannon:~# klist -k -t /tmp/test.keytab
Keytab name: WRFILE:/tmp/test.keytab
KVNO Timestamp Principal
---- -----------------
--------------------------------------------------------
1 04/16/11 20:04:19 dumareja at DUMARESQ.LOCAL
1 04/16/11 20:04:19 dumareja at DUMARESQ.LOCAL
1 04/16/11 20:04:19 dumareja at DUMARESQ.LOCAL
2 04/16/11...
2012 Feb 13
1
Samba winbind and nfsv4 krb5
...k fine.
I have read many articles about using winbind to aquire the Kerberos tickets on login.
What I have done so far is join the linux machine to our AD:
net ads join -U Administrator
After this my krb5.keytab file is filled with the following:
root at ubuntu100432:~# klist -kte
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
2 02/13/12 09:34:59 host/ubuntu100432.a.space.corp at A.SPACE.CORP (DES cbc mode with CRC-32)
2 02/13/12 09:34:59 host/ubuntu100432.a.space.corp at A.SPACE.CORP (D...
2012 Feb 10
1
latest Samba 4 does not look in keytab
...ntry:
mount -t nfs4 foo bar --o sec=krb5
Kerberos: AS-REQ nfs/hh3.hh3.site at HH3.SITE from ipv4:192.168.1.3:53213
for krbtgt/HH3.SITE at HH3.SITE
Kerberos: UNKNOWN -- nfs/hh3.hh3.site at HH3.SITE: no such entry found in hdb
The nfs entry is in the keytab:
klist -ke /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 nfs/hh3.hh3.site at HH3.SITE (des-cbc-crc)
1 nfs/hh3.hh3.site at HH3.SITE (des-cbc-md5)
1 nfs/hh3.hh3.site at HH3.SITE (arcfour-hmac)
How do I tell this new version to loo...
2008 Jun 03
1
missing dependencies when compiling samba/ctdb rpm on sles 10.1 (don't have all features required for Active Directory support)
I appear to be missing some libs on suse 10.1 when running:
rpmbuild --rebuild samba-3.0.25-ctdb.16.src.rpm
<cut lots of output>
checking for WRFILE: keytab support... no
checking for krb5_princ_realm returns krb5_realm or krb5_data... no
checking for krb5_addresses type... no
checking whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal... yes
configure: WARNING: krb5_mk_req_extended not found in -lkrb5
configure: WARNING: no CREATE_KEY_FU...
2010 Aug 20
0
samba and kerberos tickets
...r
authentication (with help from the list, thanks!). I've setup smb.conf
such that doing 'net ads join -Uadministrator' populates
my /etc/krb5.keytab (see configuration files below).
klist shows me a nice set of principals from /etc/krb5.keytab
klist -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
2 host/ubuntu.sonytel.be at EDEN.SONYTEL.BE
2 host/ubuntu.sonytel.be at EDEN.SONYTEL.BE
2 host/ubuntu.sonytel.be at EDEN.SONYTEL.BE
2 host/ubuntu at EDEN.SONYTEL.BE
2 host/...
2010 Oct 16
1
gssapi problems (postfix sasl through dovecot, dovecot imap working fine)
...provide more information
dovecot: auth: gssapi(?,CLIENT_IP): While processing incoming data:
Invalid message type
postfix/smtpd[6197]: warning: CLIENT_FQDN[CLIENT_IP]: SASL GSSAPI
authentication failed:
dovecot: auth: Debug: client out: FAIL#0111
# klist -k /etc/dovecot/krb5.keytab
Keytab name: WRFILE:/etc/dovecot/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
2 imap/MAILSERVER_FQDN at DOMAIN_REALM
2 smtp/MAILSERVER_FQDN at DOMAIN_REALM
The client is Thunderbird.
Any help would be greatly appreciated. I have made sure that the f...
2010 Jun 28
2
SASL GSSAPI error "Key table entry not found"
My server and client are running Ubuntu Lucid, libvirt-bin
0.7.5-5ubuntu27, qemu-kvm-0.12.3+noroms-0ubuntu9 and I'm using
virt-viewer-0.0.3-6ubuntu7.xul19 or virt-manager-0.8.2-2ubuntu8 to
connect. I configured SASL2 to use GSSAPI for libvirt following the
instructions in the libvirt docs, created a keytab with
libvirt/my.fully.qualified.domain at MY-REALM.COM (has a dash fwiw) and
pointed
2005 Jan 14
0
Resolution to problem using 'net ads keytab' commands on RHEL3
...EL3 machines, among other problems I've run into trying to
use winbind with ADS security mode. I found a bug in RH's Bugzilla describing
the problem and managed to decipher a work-around.
The resolution is to add to your /etc/krb5.conf the following:
[libdefaults]
default_keytab_name = WRFILE:/etc/krb5.keytab
For reference, here is the bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137613
Wil
--
Wil Cooley wcooley@nakedape.cc
Naked Ape Consulting http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solution...
2008 Apr 23
1
(no subject)
Hello Samba,
We are using Samba/CIFS hp-ux server connecting to Windows ADS and try
to create keytab file using
net ads create keytab -u Administrator ,but it is unable to create
keytab file in the /etc/directory.
Please see the attached output file for your reference.
Appreciate your help!!
Sudheer Radhakrishnan / Capgemini
North America P&C / East Business Unit
Unix
2010 Jan 21
0
domain join & kinit woes
...9;s password:
Using short domain name -- AALTO
Joined 'NEXUS6' to realm 'org.aalto.fi'
[2010/01/21 10:49:35, 0] libads/kerberos.c:332(ads_kinit_password)
kerberos_kinit_password NEXUS6$@ORG.AALTO.FI failed: Client not found in Kerberos database
nexus6 etc # klist -k
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 host/nexus6.org.aalto.fi at ORG.AALTO.FI
2 host/nexus6.org.aalto.fi at ORG.AALTO.FI
2 host/nexus6.org.aalto.fi at ORG.AALTO.FI
2 host/nexus6 at ORG.AALTO.FI
2 host/n...
2004 Jan 05
1
Samba requesting nonexistent keytab type?
...rify.c and doing some debugging, I found
exactly where the problem is occuring (I think). The krb5_kt_resolve
immediately before is returning KRB5_KT_UNKNOWN_TYPE. Doing some looking
at the source for MIT krb5, and a bit of reading, it looks like there
are two key table types defined: FILE and WRFILE. Specifically, in
lib/krb5/keytab/ktbase.c:krb5_kt_resolve(112), it cycles through a list
of registered key table types, and MEMORY is definitely not one of them.
It has no associated krb5_kt_ops struct, at least not one that I can
locate.
However, this definition _does_ exist in Heimdal Kerbe...
2012 Aug 10
1
samba4+sssd+centos6
...l domain exportkeytab client.keytab --princ=host/client at REALM
and this also works. The client.keytab is transferred to the client and
installed as /etc/krb5.keytab with the proper ownership and permissions.
* On the client, verify the keytab:
# klist -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
--------------------------------------------------------------------------
1 host/<client>@<REALM>
1 host/<client>@<REALM>
1 host/<client>@<REALM>
* On the client, change the three ldap_default_ lines to:
lda...
2007 Mar 20
1
Bizzare behaviour of Samba+ADS - help needed
I have samba+ads working fine *HOWEVER* when I run net ads keytab create
it fails.
Using -d 10 the debug output says it cannot write to the file. This is
truly bizarre as I am running this as root!
e.g.
# /usr/local/opt/samba/samba-3.0.24/bin/net ads keytab create ; echo $?
183
And
/usr/local/opt/samba/samba-3.0.24/bin/net -d 10 ads keytab create ; echo
$?
Gives
[..snip..]
ads_get_kvno:
2012 Apr 23
1
Can't authenticate any more, KVNO mismatch? (alpha 17-19)
...l/samba/private/secrets.keytab (arcfour-hmac-md5)
[2012/04/23 01:58:29, 1]
../auth/gensec/spnego.c:574(gensec_spnego_parse_negTokenInit)
SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
Indeed, klist -ke FILE:/usr/local/samba/private/secrets.keytab shows this:
Keytab name: WRFILE:/usr/local/samba/private/secrets.keytab
KVNO Principal
----
--------------------------------------------------------------------------
[...]
1 HOST/vie-srv001 at VENTUM.AT (ArcFour with HMAC/md5)
1 HOST/vie-srv001.ventum.at at VENTUM.AT (ArcFour with HMAC/md5)
1 VIE-SRV001$@VENTUM.AT (...
2012 Jan 08
3
Samba 4 krb5.keytab confusion
Hi
I have Samba 4 installed and working. I recently changed FQDN to dns
name hh3.hh3.site. It works OK and e.g. on a windows 7 box which joined
the domain, users can logon. But I have a mess in the keytab:
klist -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
2 HH3$@HH3.HH1.SITE
2 HH3$@HH3.HH1.SITE
2 HH3$@HH3.HH1.SITE
2 host/HH3 at HH3.HH1.SITE
2 host/HH3 at HH3.HH1.SITE
2 host/HH3 at HH3.HH1.SITE
2 host/hh3.hh3.hh...
2011 Feb 09
0
net ads keytab syntax - encryption types
...b add HTTP -P") only
creates the two des and ArcFour with HMAC/md5 enctypes, no AES enctypes
are listed. The Domain admins can use tools on their side to create
SPNs and keytabs that have AES and we would prefer them over DES/ArcFour
except in special circumstances.:
# klist -ke
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
- ----
- --------------------------------------------------------------------------
5 host/iu-itps-rhel6ad.ads.iu.edu at ADS.IU.EDU (DES cbc mode with CRC-32)
5 host/iu-itps-rhel6ad.ads.iu.edu at ADS.IU.EDU (DES cbc mode with RSA-MD5)
5 host/iu-itps-rhel6ad....
2013 Oct 11
3
Removing a domain controller help needed
...user at EXAMPLE.COM:
# ktutil: wkt dhcpduser.keytab
# ktutil: quit
but next changes in
Using samba AD DC I used
# keytab can be generated using the Samba4 tool:
# samba-tool domain exportkeytab /etc/dhcpd/dhcpduser.keytab
--principal=dhcpduser
and klist -k dhcpduser.keytab -e shows
Keytab name: WRFILE:/etc/dhcp/dhcpduser.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 dhcpduser at SAITEL.LOC (DES cbc mode with CRC-32)
1 dhcpduser at SAITEL.LOC (DES cbc mode with RSA-MD5)
1 dhcpduser at SAITEL.LOC (ArcFour with HMAC/md5)
so it s...
2012 Aug 22
0
Winbind/AD/NFSv4: can't `ls/cd` private directory?
...ut Kerberos.
# net ads join createupn="nfs/nfsserver.example.com at AD.EXAMPLE.COM" createcomputer="OU" -U $BINDUSER%$BINDPASSWD
# kinit -k NFSSERVER$ (and NFSCLIENT$, but we're going to mount -o sec=none as mentioned above)
# net ads keytab add nfs
# klist -ke
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 host/nfsserver.example.com at AD.EXAMPLE.COM (des-cbc-crc)
3 host/nfsserver.example.com at AD.EXAMPLE.COM (des-cbc-md5)
3 host/nfsserver.example.com at AD.EXAMPLE.COM (arcfou...