similar to: Samba (v.3) LDAP passwd sync

A few more questions and comments... related to this topic If Kerberos is the back-end to LDAP.. there is no need to synchronize or store a password in the LDAP tree.. just the principal for the user in the userpassword attribute: userpassword = {kerberos}name@domain in the smb.conf file do I need stuff like this? Unix password sync = yes passwd program =

Jonathan Higgins wrote: > > A few more questions and comments... related to this topic > > If Kerberos is the back-end to LDAP.. there is no need to synchronize or store a >password in the LDAP tree.. just the principal for the user in the userpassword >attribute: userpassword = {kerberos}name@domain That is correct. I did not mean sync between Kerberos and LDAP, I mean sync

From: Feizhou > You assume too much and you are not clear enough in what > you post. You didn't even know what a KDC was, so my assumptions were pretty easy to make. You keep saying "Samba, Samba, Samba" over and over like Samba does it all. It does _not_. > Geez....I've been trying to get whether you are saying there was a way > to do the whole ADS DC thing

Hello, I maintain a network of numerous Linux workstations, several Apples, and a few Windows machines. The Apples and Windows XP machines already grab shared data via Samba and the remaining data is exported to the Linux machines via NFS. I am in the process of migrating the existing authentication system from XYZ123 to Kerberos and going to place user data---with the exception of passwords

TB --- 2013-11-25 17:30:12 - tinderbox 2.20 running on freebsd-legacy2.sentex.ca TB --- 2013-11-25 17:30:12 - FreeBSD freebsd-legacy2.sentex.ca 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 TB --- 2013-11-25 17:30:12 - starting RELENG_8 tinderbox run for i386/i386 TB --- 2013-11-25 17:30:12 -

icecast@xiph.org wrote: > Hello, this is the mailing list anti-spam filter at Xiph.Org. > We need you to confirm your e-mail message with the subject of > "(no subject)". > > Please send a message to the following address, or simply use your > mailer's "Reply" feature. > > icecast+confirm+1053014484.2633.87372b@xiph.org > > Rather than

Maybe its.. authconfig --enablewinbindkrb5 --update Requirements to achieve this: - A valid /etc/krb5.conf - A valid system keytab /etc/krb5.keytab - A valid /etc/samba/smb.conf -> will be modified by authconfig ( found on internet worked in centos7 ) But better read.. https://sssd.io/docs/users/pam_krb5_migration.html Greetz, Louis > -----Oorspronkelijk bericht----- >

Ugh. With MAKE_KERBEROS5=yes, on a recent STABLE, I get the following trying to use Kerberized telnet: # telnet -l test big.x.kientzle.com Trying 66.166.149.54... Connected to big.x.kientzle.com. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/big.x.kientzle.com@X.KIENTZLE.COM)... ] Bus error (core dumped) Fortunately, it's pretty easy to track down: (gdb) up #2

Hi everybody. I''d like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two **extremely critical security fixes** so please update **IMMEDIATELY**. You can read about the security fixes by following these links: * [CVE-2013-0155](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b75585bae4326af2) *

Hi everybody. I''d like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two **extremely critical security fixes** so please update **IMMEDIATELY**. You can read about the security fixes by following these links: * [CVE-2013-0155](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b75585bae4326af2) *

I have FreeBSD-6.1 and it appears the default installation has a full complement of Kerberos5. But, /usr/src/kerberos5/README states: This subtree is world-exportable, as it does not contain any cryptographic code. At the time of writing, it did not even contain source code, only Makefiles and headers. Please maintain this "exportable" status quo. Thanks!

Greetings, Still no progress trying to get Samba 3.5.6 built on Solaris 10, using gcc 3.4.6. Maybe fresh eyes will see something? Been having issues building samba since 3.4.9 (and anything greater than 3.2.15 on Solaris 9 where samba will build, but winbind will not work properly for user authentication.) techops$ make Using CFLAGS = -I/opt/local/kerberos5/include -O -I.

Hello all, I'm not able to get Kerberos5 authenticarion work together with PrivSep. According to strace, it seems that the kerberos authentication stage is performed by the user process in chrooted enviroment. The problem is that Kerberos authentication must be done by root. Is anybody working on a fix? (or am I missing something in configuration?) Thanks for any advice. -- Dan

http://bugzilla.mindrot.org/show_bug.cgi?id=1078 Summary: passing --without-kerberos5 still checks for some kerberos support Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo:

I've been installing OpenSSH 2.9p2 onto several RedHat Linux machines, after compiling in the GSSAPI/Kerberos5 patch from here: http://www.sxw.org.uk/computing/patches/openssh.html I've been using ssh both to let users in via passwords and Kerberos tickets, and both have been working fine... except for one irritating machine, which (for no good reason I can see) fails when using kerberos

Hi everyone! I've googled alot for this, and found *some* people with similar questions, but there was no answer if this is a bug in samba, a misconfiguration, or what? I have a win2000 active directory Server (wurzel.baum.local), a samba 2.2.3a on debian stable/woody (stamm.baum.local), security = user, a samba 3.0.1 on debian testing/Sarge (blatt1.baum.local) and a windowsxp machine joined

Hi all, I have a debian linux lenny 5.0 server with samba (version 3.2.5-4lenny14) on it. I want to create a cifs share which uses Active Directory authentication. In all howto's i read that i need kerberos5 to do this, so I installed krb5-user, krb5-config and libkrb53. I edited /etc/krb5.conf to my domain etc. Everything works like it should. BUT i noticed a file in

Hello, I am currently trying to install Samba w/ ADS support on a series of Solaris 9 & 10 machines. I have tried compiling samba3, but some reason it will not compile with ADS support. I have compiled MIT krb5 and openldap previous to compiling Samba. I compiled openldap and installed it into /usr/local/openldap. Kerberos was compiled and installed into /usr/local/kerberos5. When

I''m trying to use a partial from within Markaby. I haven''t been able to figure out how to access a parameter passed into the partial. Here''s the code I''m using: h1 "Create a new note" if @note render :partial => ''form/errors'', :record => @note end ... (that snippet, as well as the partial is stolen shamelessly from Restolog

Hello freebsd-security! What is the best way to authenticate remote ssh users transparantly without typing the kinit and kdestroy commands? Using pam_krb5 works satisfactorily for local logins but makes it crooked for remote ssh ones. The comp.protocols.kerberos and comp.security.ssh newsgroups and the pam-krb5-users maillist confirm this assertion. As far as I understood that using kerberized