similar to: OpenSSH/Heimdal/MIT KDC problem/question

steve wrote: > > My only remaining question is that to open port 22 on the file server, > I've had to open all the other ports otherwise I could not kinit or > anything else. Could you/is there a list of ports which need to be > open for a S3 fileserver which is also a nfs server to be able to > communicate to the rest of the LAN without all ports being opened? > >

I cooked this up while trying to figure out why thunderbird on Windows w/ SSPI was not working, but it turned out thunderbird does not use it, so I haven't been able to test it yet. I'm presenting it for discussion only, unless someone else can try it :) Modern versions of MIT kerberos support GSS-SPNEGO natively, but are only willing to negotiate for kerberos tickets and not NTLM

Hi Rowland, Thanks for your explanation. We have set up Samba to authenticate users against an external MIT Kerberos server and usernames match those in Unix password files. The setup was almost exactly like the Ubuntu help page: https://help.ubuntu.com/community/Samba/Kerberos#MIT_Kerberos There are others who have also set up Samba this way:

A few more questions and comments... related to this topic If Kerberos is the back-end to LDAP.. there is no need to synchronize or store a password in the LDAP tree.. just the principal for the user in the userpassword attribute: userpassword = {kerberos}name@domain in the smb.conf file do I need stuff like this? Unix password sync = yes passwd program =

Hello all, I am trying to understand how SAMBA finds nearest Domain Controller when configured to use Active Directory for AuthN. There are some great articles and wikis about how to configure SAMBA against AD, but couldn't find much on what I was looking for. For example 1. Does Samba have built in dc locator functionality like windows clients ? 2. What is the default authN it uses, NTLM

I'm trying to understand what is definitive about samba 4.x as an AD DC. First, does samba need to have heimdal or mit kerb installed? Following the how to at https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO I don't see that it does. After getting samba to work in its plain defaults, I then proceeded to configure it to use bind9 as shown in the bind howto -

Jonathan Higgins wrote: > > A few more questions and comments... related to this topic > > If Kerberos is the back-end to LDAP.. there is no need to synchronize or store a >password in the LDAP tree.. just the principal for the user in the userpassword >attribute: userpassword = {kerberos}name@domain That is correct. I did not mean sync between Kerberos and LDAP, I mean sync

Could somebody please confirm that they are actually using 8.1-R with heimdal as a KDC successfully? A little confirmation would help me greatly. Thanks, Jason C. Wells

On Wed, Nov 21, 2001 at 01:41:42PM -0500, John Hawkinson wrote: > auth-krb5.c > auth1.c > compat.c > comapt.h > servconf.c > session.c > session.h > sshconnect1.c > sshd_config why do you need to touch these files? for MIT K5? or for adding back the told ticket passing behaviour? i have no string opinion about whether the AFS/Kerb tickets should be passed

Is something special required for KerbV auth to work? I've enabled: KerberosAuthentication yes on some test boxes and it doesn't work. I do a kinit, and then ssh and it asks for a password. If you don't provide one, you don't get in.

I've setup samba to use ldap. I've propogated the directory. I've setup the kerberos realm. I can authen to samba & browse shares via uid/passw held in ldap. I cannot seem to get samba to accept kerb authen instead of uid/passw. Help...... Thanks. Read the #$@^(!*&$!* manual, and about 200 webpages. Scanning news groups, recompiling..... Grrrrr!

I'm very interesting in attempting to get the control over my windows machines that AD offers, without actually have AD. I know samba 3 can be a AD member server.. Are there any other projects that integrate samba, ldap, kerberos to make a active directory like system? Note that I said AD like. My goals include 1) single sign on through kerb 2) access control through ldap groups 3)

Hi list, Just in order to avoid loosing my time, I would be happy to know any success stories about configuring a Win2k3 as a Samba 3 client, just as any others MS client ( WinNT pro, Win2k pro, WinXP pro ). If so, is there any tuning on the Win2k3 client and the server ( Samba 3 PDC + ldapsam, but no kerb ) ? I'm expecting mistakes with users sharing their roaming profiles between Win2k

Hi, I have resent this, as I have had no replies so far. I'm gonna have to be putting a good argument to my ICT team against going to 2003 in 2003 server mode ( I think thats what they call the highest mode for 2003 server) to keep samba at our school. I like what windows 2003 has to offer, but do not want to lock samba out forever. I know samba will work at lower mode. And

Hi there. I'm looking for a way to temporarily change password for some users. I have a samba4 install in DC mode (running samba 4.8.3), everything is working fine. I'm now migrating an email system which will use samba4 auth (Zimbra, but doesn't matter here). I'd like to set a temp password, so I can migrate imap trees with imapsync or similar, then, when everything is done,

I have a Samba server configured as PDC for ~100 computers. It's version 3.0.24 running on Debian Etch (distribution package). I want to write a tool for user logon/logoff tracking. Because parsing log files is hard job (windows frequently disconnets or connects during user session or etc.) I decide to use smbstatus output which seem to be reliable. So I run smbstatus binary every 10

Situation: Running a simple UDP client/server program where the client on one domU on one computer sends echo packets to another domU on another computer, server sends echoes back. They do this on a specified port (will use any port between 5000-6000). This program works on non-Xen machines in various environments, Linux and Solaris. Program just hangs on the domUs. I believe I need help with

I have a toshiba multifunction device that can save to an smb share. For years its been saving to an windows server. I'm trying to move it to samba 4.x. My samba 4 is running an samba AD DC on a machine called vc1. The samba 4 file services is running on a system called srv1. I've made the share on the srv1 smb.conf and have been able to connect to it using the smbclient tool. I've

Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: Hi, Mathias and all thank you for your answer. > Hi all, > > SPN = servicePrincipalName > > A simple search returning all servicePrincipalName declared in your AD: > ldbsearch -H $sam serviceprincipalname=* serviceprincipalname > For me: ldbsearch -H /var/lib/samba/private/sam.ldb serviceprincipalname=*

Dear All, Would like some know the answer on the above question. What is the different between compiling using internal heimdal library vs mit-krb5. I'm on gentoo and thus like other distro having issue on the system-wide mit-krb and removing it is not that convenient (But still possible) I've try to compile samba 4.1.2 with internal heimdal library to work as a Domain controller But