Displaying 20 results from an estimated 2000 matches similar to: "OpenSSH/Heimdal/MIT KDC problem/question"
2012 Aug 19
0
Samba4: The mit list insist that file server and DC must be one and the same
steve wrote:
>
> My only remaining question is that to open port 22 on the file server,
> I've had to open all the other ports otherwise I could not kinit or
> anything else. Could you/is there a list of ports which need to be
> open for a S3 fileserver which is also a nfs server to be able to
> communicate to the rest of the LAN without all ports being opened?
>
>
2008 Aug 12
5
[PATCH] Support GSS-SPNEGO natively
I cooked this up while trying to figure out why thunderbird on Windows
w/ SSPI was not working, but it turned out thunderbird does not use
it, so I haven't been able to test it yet. I'm presenting it for
discussion only, unless someone else can try it :)
Modern versions of MIT kerberos support GSS-SPNEGO natively, but are
only willing to negotiate for kerberos tickets and not NTLM
2018 Jun 26
1
4.5 -> 4.8 samba fails to start
Hi Rowland,
Thanks for your explanation.
We have set up Samba to authenticate users against an external MIT
Kerberos server and usernames match those in Unix password files.
The setup was almost exactly like the Ubuntu help page:
https://help.ubuntu.com/community/Samba/Kerberos#MIT_Kerberos
There are others who have also set up Samba this way:
2002 Nov 01
0
Re: Samba PDC and Kerberos(MIT or SEAM in Uinx, without microsoft ADS)
A few more questions and comments... related to this topic
If Kerberos is the back-end to LDAP.. there is no need to synchronize or store a password in the LDAP tree.. just the principal for the user in the userpassword attribute: userpassword = {kerberos}name@domain
in the smb.conf file do I need stuff like this?
Unix password sync = yes
passwd program =
2012 May 09
2
AD and SAMBA
Hello all,
I am trying to understand how SAMBA finds nearest Domain Controller when
configured to use Active Directory for AuthN.
There are some great articles and wikis about how to configure SAMBA
against AD, but couldn't find much on what I was looking for.
For example
1. Does Samba have built in dc locator functionality like windows
clients ?
2. What is the default authN it uses, NTLM
2014 Mar 27
0
does samba need heimdal or something else
I'm trying to understand what is definitive about samba 4.x as an AD DC.
First, does samba need to have heimdal or mit kerb installed? Following the
how to at
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
I don't see that it does.
After getting samba to work in its plain defaults, I then proceeded to
configure it to use bind9 as shown in the bind howto -
2002 Nov 01
0
Re: Samba PDC and Kerberos(MIT or SEAM in Uinx,without microsoft ADS)
Jonathan Higgins wrote:
>
> A few more questions and comments... related to this topic
>
> If Kerberos is the back-end to LDAP.. there is no need to synchronize or store a >password in the LDAP tree.. just the principal for the user in the userpassword >attribute: userpassword = {kerberos}name@domain
That is correct. I did not mean sync between Kerberos and LDAP, I mean
sync
2010 Sep 09
1
8.1 Heimdal KDC
Could somebody please confirm that they are actually using 8.1-R with
heimdal as a KDC successfully? A little confirmation would help me greatly.
Thanks,
Jason C. Wells
2001 Nov 22
1
1.2.26-compat Kerberos support
On Wed, Nov 21, 2001 at 01:41:42PM -0500, John Hawkinson wrote:
> auth-krb5.c
> auth1.c
> compat.c
> comapt.h
> servconf.c
> session.c
> session.h
> sshconnect1.c
> sshd_config
why do you need to touch these files? for MIT K5? or
for adding back the told ticket passing behaviour?
i have no string opinion about whether the AFS/Kerb tickets
should be passed
2003 May 16
2
OpenSSH and KerbV
Is something special required for KerbV auth to work? I've enabled:
KerberosAuthentication yes
on some test boxes and it doesn't work. I do a kinit, and then ssh
and it asks for a password. If you don't provide one, you don't get
in.
2003 Oct 09
1
Samba3 ADS without Microsoft?
I've setup samba to use ldap.
I've propogated the directory.
I've setup the kerberos realm.
I can authen to samba & browse shares via uid/passw held in ldap.
I cannot seem to get samba to accept kerb authen instead of uid/passw.
Help......
Thanks.
Read the #$@^(!*&$!* manual, and about 200 webpages. Scanning news groups, recompiling..... Grrrrr!
2005 Feb 21
1
AD function without AD
I'm very interesting in attempting to get the control over my windows
machines that AD offers, without actually have AD.
I know samba 3 can be a AD member server.. Are there any other
projects that integrate samba, ldap, kerberos to make a active
directory like system?
Note that I said AD like. My goals include
1) single sign on through kerb
2) access control through ldap groups
3)
2005 Nov 14
1
Can Windows 2003 server be configured as a samba client ?
Hi list,
Just in order to avoid loosing my time, I would be happy to know any
success stories about configuring a Win2k3 as a Samba 3 client, just as
any others MS client ( WinNT pro, Win2k pro, WinXP pro ).
If so, is there any tuning on the Win2k3 client and the server ( Samba 3
PDC + ldapsam, but no kerb ) ?
I'm expecting mistakes with users sharing their roaming profiles between
Win2k
2005 Jan 01
1
Anyone Pls? Domain function levels, etc
Hi,
I have resent this, as I have had no replies so far.
I'm gonna have to be putting a good argument to my ICT team against going to
2003 in 2003 server mode ( I think thats what they call the highest mode for
2003 server) to keep samba at our school. I like what windows 2003 has to
offer, but do not want to lock samba out forever.
I know samba will work at lower mode. And
2019 Sep 05
2
Set a temporary password on user accounts (samba4)
Hi there.
I'm looking for a way to temporarily change password for some users.
I have a samba4 install in DC mode (running samba 4.8.3), everything is
working fine. I'm now migrating an email system which will use samba4
auth (Zimbra, but doesn't matter here).
I'd like to set a temp password, so I can migrate imap trees with
imapsync or similar, then, when everything is done,
2008 Sep 19
2
smbstatus - switched off computers are sometimes showed
I have a Samba server configured as PDC for ~100 computers. It's version
3.0.24 running on Debian Etch (distribution package).
I want to write a tool for user logon/logoff tracking. Because parsing
log files is hard job (windows frequently disconnets or connects during
user session or etc.) I decide to use smbstatus output which seem to be
reliable.
So I run smbstatus binary every 10
2006 Aug 26
0
FC5 -- Xen 3.0.2 -- iptables with dom0 and domU
Situation:
Running a simple UDP client/server program where the client on one domU on
one computer sends echo packets to another domU on another computer,
server sends echoes back. They do this on a specified port (will use any
port between 5000-6000). This program works on non-Xen machines in
various environments, Linux and Solaris. Program just hangs on the domUs.
I believe I need help with
2016 Jul 31
2
failure to authenticate from a Toshiba MFD
I have a toshiba multifunction device that can save to an smb share.
For years its been saving to an windows server.
I'm trying to move it to samba 4.x.
My samba 4 is running an samba AD DC on a machine called vc1. The samba 4
file services is running on a system called srv1.
I've made the share on the srv1 smb.conf and have been able to connect to
it using the smbclient tool. I've
2016 Mar 13
0
Failed to modify SPNs on error in module acl: Constraint violation during LDB_MODIFY (19)
Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne:
Hi, Mathias and all
thank you for your answer.
> Hi all,
>
> SPN = servicePrincipalName
>
> A simple search returning all servicePrincipalName declared in your AD:
> ldbsearch -H $sam serviceprincipalname=* serviceprincipalname
>
For me:
ldbsearch -H
/var/lib/samba/private/sam.ldb serviceprincipalname=*
2013 Dec 08
1
Question about Kerberos and what is the different if compile with internal heimdal or mit-krb5
Dear All,
Would like some know the answer on the above question.
What is the different between compiling using internal heimdal library vs
mit-krb5.
I'm on gentoo and thus like other distro having issue on the system-wide
mit-krb and removing it is not that convenient (But still possible)
I've try to compile samba 4.1.2 with internal heimdal library to work as a
Domain controller
But