Displaying 20 results from an estimated 9000 matches similar to: "AD SAMBA Kerberos participation with other AD Kerberised services"
2003 Dec 03
1
MIT Kerberos with Solaris
As Samba 3.x does not work with the Kerberos included with Solaris (it has no headers) I have to remove it and replace it with MIT kerberos. Does anyone know if Solaris kerberised services will still work normally (without modification) such as kerberised NFS? I briefly tested this and couldn't het it to work, but if someone has a definative answer it might save me a lot of trouble,
thanks
2004 Mar 16
0
ADS Kerberos Authentication without winbind problem-*SOLVED*
Turned out the whole install was broken when not using winbind, don't know why!?!
Uninstalled Samba 3.0.1, re-compiled from scratch Samba 3.0.2a and everything works
as expected :-)
>> Further to this problem I have found it impossible to get any syntax to succesfully mount a Samba 3.0.2 share
with Kerberos authentication using the BSD "mount_smbfs" (on Mac OS X), where
2004 Mar 22
2
Kerberos auth without NTLM
Can anyone tell me if I can configure Samba 3.x to rely only on Kerberos authentication (in an AD domain)?
Ideally I'd like to use local UNIX accounts, not winbind, and negate the need for me to add an entry to passdb, then the
account must exist in AD and locally on each Samba member server for authentication to work.
If there is any info held in passdb, other than the NTLM coded password,
2004 May 06
1
FW: Kerberos case sensitive with Mac OS X on Samba 3.0.x
This was blocked with both good and bad log output due to the size limit on attachments
so I've removed the log from the successfull authentication. I think its pretty obvious
whats going on from the failed log,
thanks Andy.
-----Original Message-----
From: ww m-pubsyssamba
Sent: 06 May 2004 10:32
To: 'Jeremy Allison'; 'samba@lists.samba.org'
Subject: RE: [Samba] Kerberos
2004 May 05
2
Kerberos case sensitive with Mac OS X on Samba 3.0.x
Hi List,
I'm having an issue between Samba and OS X with regards to Kerberos authentication to a Samba AD member server.
I'm using local UNIX accounts and entries in the passdb instead of Windind on the samba server, ie create account by adding
to /etc/passwd then smbpasswd -a username. From an OS X client system if I obtain a ticket for user "UserA" like
kinit
2016 Aug 03
4
FW: kerberos nfs4's principals and root access
You need for the apache keytab something like
Alias /webmail /usr/share/webmail
#
<Directory /usr/share/ webmail >
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbServiceName HTTP
KrbAuthRealms EXAMPLE.COM
Krb5KeyTab /etc/httpd/conf/keytab
require valid-user
</Directory>
chmod 400 /etc/httpd/conf/keytab
chown
2016 Aug 03
1
FW: kerberos nfs4's principals and root access
If not done, add the server to the AD.
Add the host and nfs to the COMPUTERNAME($) account.
And use winbind to refresh the keytab.
Stop samba,
remove the keytab, create the new with the new SPN's in it,
start samba.
And Use the second keytab for apache with only http as upn in it.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at
2017 Apr 17
2
Samba authentication using non-AD Kerberos?
On Sun, 2017-04-16 at 19:06 -0600, S P Arif Sahari Wibowo via samba
wrote:
> On 2017-04-13, 01:58, Andrew Bartlett via samba wrote:
> > On Wed, 2017-04-12 at 19:17 -0600, S P Arif Sahari Wibowo via samba
> > wrote:
> > > Do you know any example Samba configuration that
> > > authenticate to plain - non-AD, e.g. MIT KDC - Kerberos
> > > server?
> >
2003 Dec 12
3
configure error with --enable-dmalloc
Hi list,
I'm trying to compile samba 3.0.1 rc1 with --enable-dmalloc switch because I have been asked to provide more information on a winbindd panic on a Solaris server. However the configure fails with the error shown below,
config.status: creating include/config.h
Note: The dmalloc debug library will be included. To turn it on use
./configure: command substitution: line 3: syntax error:
2004 Mar 02
0
RE: Réf. : Re: using a master ldapserver and a slave ldap server for one samba server
* stephane.purnelle@corman.be nulis:
>
>
>
>
> What's means, can I have some problem with this configuration ?
> Or it's just a speed problem ?
>
Samba will get 2 value for same id and problem will appear soon or later.
Any reason why using 2 ldapsam backend?
## Speaking for myself, It's not good to have a single point of failure in
## your authentication
2003 Oct 21
0
Permissions issue sharing data from multiple servers via multiple protocols
Hi all,
I have several UNIX servers I'd like to configure Samba on but am having trouble working out the best way to achieve consistent user and group permission across the file systems on several file servers.
Basically I need to integrate the Samba server into our MS AD domain, using Kerberos for authentication which all works fine. My problem is achieving consistent permissioning with AD
2004 Feb 16
0
Winbindd timeout on unreacheable domains
Hi All,
I have a concern with the behaviour of winbindd on startup in a multi-domain environment, in my case a 6 domain AD forest + trusts to 3 NT 4 domains. I've tested startup of winbindd in a 2 domain development environment and found if a trusted domain is not contactable it takes five minutes to timeout before winbindd becomes active (/tmp/.winbindd/pipe is created).
If I assume this
2004 Apr 29
0
Problems with ACL's on Samba 3.0.3
Hi List,
I'm having trouble understanding the behaviour of ACL support in Samba 3.0.3pre1 running on Solaris. Here are my problems
the unix standard attributes for other seem to map to Everyone when viewing a share from a Windows client, however assigning rwx to other/Everyone does not grant access to folders for users connceted to the share, why not?
I cannot work out how to change the
2004 May 11
0
net ads join hangs
Hi list,
I'm having difficulty joining new Samba 3.0.x machines to our production domain. I'm trying to join using
net ads join -U Administrator
but it just hangs. It does create a computer object in the AD though, if you Control C the hung net join and try
and start winbind, winbind complains with this error "ads_connect from domain DOMAIN failed: Cannot read password"
I
2003 Oct 23
0
Samba 3.0.0 -- ACLs are unusable due to UID/SID mappingweirdness :(
I also need to get centralised mapping configured if I am to deploy Samba, although we're planning to deploy an LDAP server also so this isn't an additional overhead for me.
Two comments, to avoid the additional overhead of implementing a seperate LDAP infrastructure could future versions of Samba support storing the idmap mapping date in Active Directory?
When using idmap = ldap in the
2003 Nov 19
1
gdb compile error
ok I know this isn't realy a samba issue but I'm trying to gather some debug info on winbindd for the samba development guys, but I can't compile gdb 5.x or 6.0 on my solaris 9 box! Every other compile problem I've come across I've resolved by searching through google but not this time. If anyone can help I'd realy appreciate it, problem is (using gcc 3.3.2)
gcc -g -O2
2003 Nov 10
2
LDAP IDMAP not working
Hi all,
anyone able to point out why I'm not able to get samba 3.0.0 to update my LDAP server with any idmap data? I'm using SunOne DS 5.2 LDAP server and the following entries in my smb.conf file,
ldap admin dn = "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot"
ldap ssl = off
; ldap suffix = "dc=testlan,dc=bbc,dc=co,dc=uk" ** have tried with this
2004 Mar 16
3
samba 3, ADS, kerberos, keytab problem - Additional pre-authentication required
Hello List,
I am (unsuccessfully) trying to automatically get a valid kerberos
ticket for my linux box. I have - in a test environment:
- a windows 2000 server with Active directory and DNS properly set up.
- a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67.
- I am able to join the domain and get a valid ticket through kinit, if
I enter the Administrator's password or the
2016 Aug 03
0
FW: kerberos nfs4's principals and root access
Ah ok, you are using "public_html" from a default setup.
Now i understand what you exact want.
If you have the apache keytab created.
Create a cron job and run :
kinit -t /path/to/keytab as the www user.
Dont forget het disable the password change in the AD user for
the "apache Service user" account.
You probely also need to export some kerberos variables like :
2016 Aug 02
3
FW: kerberos nfs4's principals and root access
It's ok
So, if I create a httpuser and an httpgroup in my AD and use these at
owner and group for my apache2 daemon, this one could access to userdirs
(while permissions granting it) ? But I need to cron 'kinit' to keep
valid ticket... ?
My local root user always can't access to the share, but my other
problem seems to be resolved.
Thanks
Le 02/08/2016 à 16:37, Rowland