similar to: AD SAMBA Kerberos participation with other AD Kerberised services

As Samba 3.x does not work with the Kerberos included with Solaris (it has no headers) I have to remove it and replace it with MIT kerberos. Does anyone know if Solaris kerberised services will still work normally (without modification) such as kerberised NFS? I briefly tested this and couldn't het it to work, but if someone has a definative answer it might save me a lot of trouble, thanks

Turned out the whole install was broken when not using winbind, don't know why!?! Uninstalled Samba 3.0.1, re-compiled from scratch Samba 3.0.2a and everything works as expected :-) >> Further to this problem I have found it impossible to get any syntax to succesfully mount a Samba 3.0.2 share with Kerberos authentication using the BSD "mount_smbfs" (on Mac OS X), where

Can anyone tell me if I can configure Samba 3.x to rely only on Kerberos authentication (in an AD domain)? Ideally I'd like to use local UNIX accounts, not winbind, and negate the need for me to add an entry to passdb, then the account must exist in AD and locally on each Samba member server for authentication to work. If there is any info held in passdb, other than the NTLM coded password,

This was blocked with both good and bad log output due to the size limit on attachments so I've removed the log from the successfull authentication. I think its pretty obvious whats going on from the failed log, thanks Andy. -----Original Message----- From: ww m-pubsyssamba Sent: 06 May 2004 10:32 To: 'Jeremy Allison'; 'samba@lists.samba.org' Subject: RE: [Samba] Kerberos

Hi List, I'm having an issue between Samba and OS X with regards to Kerberos authentication to a Samba AD member server. I'm using local UNIX accounts and entries in the passdb instead of Windind on the samba server, ie create account by adding to /etc/passwd then smbpasswd -a username. From an OS X client system if I obtain a ticket for user "UserA" like kinit

You need for the apache keytab something like Alias /webmail /usr/share/webmail # <Directory /usr/share/ webmail > AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbServiceName HTTP KrbAuthRealms EXAMPLE.COM Krb5KeyTab /etc/httpd/conf/keytab require valid-user </Directory> chmod 400 /etc/httpd/conf/keytab chown

If not done, add the server to the AD. Add the host and nfs to the COMPUTERNAME($) account. And use winbind to refresh the keytab. Stop samba, remove the keytab, create the new with the new SPN's in it, start samba. And Use the second keytab for apache with only http as upn in it. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at

On Sun, 2017-04-16 at 19:06 -0600, S P Arif Sahari Wibowo via samba wrote: > On 2017-04-13, 01:58, Andrew Bartlett via samba wrote: > > On Wed, 2017-04-12 at 19:17 -0600, S P Arif Sahari Wibowo via samba > > wrote: > > > Do you know any example Samba configuration that  > > > authenticate to plain - non-AD, e.g. MIT KDC - Kerberos  > > > server? > >

Hi list, I'm trying to compile samba 3.0.1 rc1 with --enable-dmalloc switch because I have been asked to provide more information on a winbindd panic on a Solaris server. However the configure fails with the error shown below, config.status: creating include/config.h Note: The dmalloc debug library will be included. To turn it on use ./configure: command substitution: line 3: syntax error:

* stephane.purnelle@corman.be nulis: > > > > > What's means, can I have some problem with this configuration ? > Or it's just a speed problem ? > Samba will get 2 value for same id and problem will appear soon or later. Any reason why using 2 ldapsam backend? ## Speaking for myself, It's not good to have a single point of failure in ## your authentication

Hi all, I have several UNIX servers I'd like to configure Samba on but am having trouble working out the best way to achieve consistent user and group permission across the file systems on several file servers. Basically I need to integrate the Samba server into our MS AD domain, using Kerberos for authentication which all works fine. My problem is achieving consistent permissioning with AD

Hi All, I have a concern with the behaviour of winbindd on startup in a multi-domain environment, in my case a 6 domain AD forest + trusts to 3 NT 4 domains. I've tested startup of winbindd in a 2 domain development environment and found if a trusted domain is not contactable it takes five minutes to timeout before winbindd becomes active (/tmp/.winbindd/pipe is created). If I assume this

Hi List, I'm having trouble understanding the behaviour of ACL support in Samba 3.0.3pre1 running on Solaris. Here are my problems the unix standard attributes for other seem to map to Everyone when viewing a share from a Windows client, however assigning rwx to other/Everyone does not grant access to folders for users connceted to the share, why not? I cannot work out how to change the

Hi list, I'm having difficulty joining new Samba 3.0.x machines to our production domain. I'm trying to join using net ads join -U Administrator but it just hangs. It does create a computer object in the AD though, if you Control C the hung net join and try and start winbind, winbind complains with this error "ads_connect from domain DOMAIN failed: Cannot read password" I

I also need to get centralised mapping configured if I am to deploy Samba, although we're planning to deploy an LDAP server also so this isn't an additional overhead for me. Two comments, to avoid the additional overhead of implementing a seperate LDAP infrastructure could future versions of Samba support storing the idmap mapping date in Active Directory? When using idmap = ldap in the

ok I know this isn't realy a samba issue but I'm trying to gather some debug info on winbindd for the samba development guys, but I can't compile gdb 5.x or 6.0 on my solaris 9 box! Every other compile problem I've come across I've resolved by searching through google but not this time. If anyone can help I'd realy appreciate it, problem is (using gcc 3.3.2) gcc -g -O2

Hi all, anyone able to point out why I'm not able to get samba 3.0.0 to update my LDAP server with any idmap data? I'm using SunOne DS 5.2 LDAP server and the following entries in my smb.conf file, ldap admin dn = "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" ldap ssl = off ; ldap suffix = "dc=testlan,dc=bbc,dc=co,dc=uk" ** have tried with this

Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the

Ah ok, you are using "public_html" from a default setup. Now i understand what you exact want. If you have the apache keytab created. Create a cron job and run : kinit -t /path/to/keytab as the www user. Dont forget het disable the password change in the AD user for the "apache Service user" account. You probely also need to export some kerberos variables like :

It's ok So, if I create a httpuser and an httpgroup in my AD and use these at owner and group for my apache2 daemon, this one could access to userdirs (while permissions granting it) ? But I need to cron 'kinit' to keep valid ticket... ? My local root user always can't access to the share, but my other problem seems to be resolved. Thanks Le 02/08/2016 à 16:37, Rowland