similar to: Extracting the trust account password (for use with Win2k's ktpass)?

Hi, I was trying to get a new keytab in samba4 for my apache service. So I tried the following command: sh ktpass.sh --out /etc/apache.keytab --princ HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN --pass VerySecure123 --enc des-cbc-md5 I get the following error: Unable to find kvno for principal HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN Am I doing something wron or shouldn't I be

I was trying to get authentication via kerberos working but I'm having trouble trying to run ktpass as in step 6 here http://robertan.com/home/2015/01/14/kerberos-auth-with-apachephp/ ktpass -princ HTTP/contoso.com at CONTOSO.COM -mapuser CONTOSO\<USERNAME> -crypto all -ptype KRB5_NT_PRINCIPAL -pass <PASSWORD> -out webpage.HTTP.keytab I'm not sure of the

I'm trying to integrate Samba with my kerberos configuration on Solaris 10 (with Samba 3.0.23d) and I have one basic issue - probably I don't understand something. Hopefully one of you experts can help. We have an AD based organization but we do a lot of Unix work on Solaris 10 and AIX 5.3 - I have about 75 *nix servers of various flavors. There's a lot of value in SSO

Hi, On 27-06-2016 08:58, Mark Foley wrote: > So, I'm apparently lacking in the kerberos stuff. Here's the problem -- Samba4 uses Heimdal > Kerberos and when I provisioned my domain apparently none of these needed kerberos files were > set up. I can, however, kerberos authenticate from domain workstations both WIN7 and Linux. You don't need any Samba4 stuff, to get it

This is using samba-3.0.2a, as downloaded from us2.samba.org today (19th of April), on Debian Linux. I have setup and gotten mostly-working the MySQL PDB for Samba. It queries the database correctly, pulls in the data, etc. However, when I connect as a user, I get: [2004/04/19 15:56:23, 3] libsmb/ntlm_check.c:ntlm_password_check(182) ntlm_password_check: NO NT password stored for user

Hello, The problem: With the command: net ads join my_linux_box my samba 3.0.1rc1 works fine with a W2k kerberos server But i prefer use the ktpass command on w2k server (and our m$ guru). The problem seems to be that samba dont use /etc/krb5.keytab. The quick read of source and some mail in the archives gives me the beleive that it use a memory keytab (and secrets.tdb ?). I m not sure. Could

I have samba working find against our windows 2000/3 network under solaris 9/10. Users can attach to samba using the Kerberos credentials on their windows XP PCs. I would now like to kerberise the unix applications. Statring with the supplied Sun rlogind, telnetd, etc. As I understand things I now need to have a host key on the end systems. Will samba's net ads keytab create do

> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 20:33 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz <mailto:achim at ag-web.biz>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 19:53 schrieb Michael A Weber:

Hi all, I’m looking to add in a kerberos principal on my server for the AD domain. I see there are ways to do this for user(s), but I don’t see how to add a principal for hosts. In general, I’ld like to add something like the following to me 4.3.4 Domain: ktpass -princ afpserver/fqdn at REALM -mapuser mapuser at domain +rndPass -out afpserver.keytab This is for a netatalk server. I’ve never

Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the

Hello, I installed Samba4 according to the HOWTO. The provisioning created a user (dns) and a keytab for DNS updates, but the service principal in the keytab seems to be wrong for me (the domain name instead of ns1.domainname). What would be the correct way of changing / adding service principals associated with a user and re-generating the keytab? I got the dns updates working by adding a

I 've spent the last week troubleshooting a configuration issue regarding samba not being able to connect to other domains beside the domain of which it 's a member server (samba 3.0.14a, krb 1.3.6, w2k). I have some doubts perhaps someone can answer... Suppose this scenario: Samba name : SAMBA Main domain: DOMAINA (domain controller = DCA) Others domains : DOMAINB, DOMAINC (domain

Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: > On Wed, 14 Sep 2016 16:23:27 -0500 > Michael A Weber via samba <samba at lists.samba.org> wrote: > >>> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> >>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 20:33 schrieb Michael A Weber: >>>>>

On 12 April 2015 at 14:34, Rowland Penny <rowlandpenny at googlemail.com> wrote: >> - perhaps use sssd? (which I haven't yet investigated, to be honest) > > You could try sssd, this has a backend like the winbind backend and will > also work on the DC (well it did the last time I tried it, which was some > time ago) . Thanks! I'm looking at

On Fri, 16 Sep 2016 13:00:52 -0700 Robert Moulton via samba <samba at lists.samba.org> wrote: > Achim Gottinger via samba wrote on 9/15/16 1:20 AM: > > > > > > Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: > >> On Wed, 14 Sep 2016 16:23:27 -0500 > >> Michael A Weber via samba <samba at lists.samba.org> wrote: > >> >

Am 16.09.2016 um 22:49 schrieb Rowland Penny via samba: > On Fri, 16 Sep 2016 22:43:42 +0200 > Achim Gottinger via samba <samba at lists.samba.org> wrote: > >> >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via

Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >> >> >> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>> On Wed, 14 Sep 2016 16:23:27 -0500 >>> Michael A Weber via samba <samba at lists.samba.org> wrote: >>> >>>>> On Sep 14, 2016, at 2:00 PM, Achim

Am 16.09.2016 um 22:54 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/16/16 1:43 PM: >> >> >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>>>> On Wed,

Am 16.09.2016 um 23:00 schrieb Robert Moulton via samba: > Rowland Penny via samba wrote on 9/16/16 1:43 PM: >> On Fri, 16 Sep 2016 13:00:52 -0700 >> Robert Moulton via samba <samba at lists.samba.org> wrote: >> >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny

Hi all, I've been working on getting Samba to authenticate via ADS for the past few weeks with some lack of success. I had somewhat of a breakthrough the other day realizing that the problem was related to the kerberos authentication between Samba and the Win 2008 R2 AD server. Trying to fix this I generated a keytab with ktpass which I uploaded to the server. I've been successful to