similar to: Kerberos requirements for Samba and AD Membership

Hi all, According to this bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977 This particular error is actually a bug in the samba code. Does anyone know if there are patches that fix this ? Adding "allow_weak_crypto = true" to /etc/krb5.conf does not solve this for me :( Has anyone got a working solution for this ? -Alex IMPORTANT: This email remains the

I am using Samba with Active Directory. I have successfully joined my Samba server to the domain D1 ( net ads join -U username@D2.DOMAIN.COM ). I am able to succesfully connect from Windows XP clients ( with no password ), but not from Windows 2000 ( even when specifying a password ). With w2k, I always get "Failed to verify incoming ticket!". I think it has something to do with

Ok, you did to much as far i can tell. You want to see this: i'll show my output, then i is better to see what i mean. this is where you start with. klist -ke |sort ( default member ) ---- -------------------------------------------------------------------------- 3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96) 3 host/HOSTNAME1 at REALM.DOMAIN.TLD

Ok, Your keytab looks ok now. oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp. fs-a.dom.corp has address 10.0.0.2 i would have expected here. oldsamba.dom.corp is an alias for fs-a.dom.corp. fs-a.dom.corp has address 10.0.0.2 Or was that a typo? I assuming a typo.. About your setup from the script outpout. Change this one. /etc/hosts 10.0.0.2 fs-a.dom.corp fs-a oldsamba #

I'm having problems with ADS membership for samba. I had a "mostly" working version with RHES v2.1, krb5 v1.2, samba v3.0.5. I knew to get to a fully functioning version I would need krb5 v1.3 or later. So finally I had an opertunity to junk RH's crufty krb5 and build from scratch with: RHES v2.1 MIT krb5 v1.4 samba v3.0.13 This works fine on another server. Now to the

Hai, You may need to add the the following in krb5.conf [libdefaults] allow_weak_crypto = true ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes128-cts-hmac-sha1-96

THANK YOU FOR YOUR REPLY THE RESULT : KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/samba4 at FSS.LAN (des-cbc-crc) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc) 1 SAMBA4$@FSS.LAN (des-cbc-crc) 1 HOST/samba4 at FSS.LAN (des-cbc-md5) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5) 1 SAMBA4$@FSS.LAN (des-cbc-md5) 1

Hi, the problem seems to be related to this bug: https://bugzilla.samba.org/show_bug.cgi?id=6750 I try therefore to set machine password timeout = 0 Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba < samba at lists.samba.org> ha scritto: > On 29/10/2019 10:04, banda bassotti wrote: > > I had already done it: > > > > # samba-tool spn list

Hi ! My problem is that : [2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/05/12 16:07:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/05/12 16:07:59, 0]

Ok .. maybe if seen something, dont know for sure, so Rowland, what do you think about below. Post the result of : klist -e -k /etc/krb5.keytab i see in your logs. AS key obtained for encrypted timestamp: aes256-cts/000A In my setup, i dont have aes256-cts available in my keytab, do you? You can try adding this, to krb5.conf. ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac

No, no idee, but really, upgrade to samba, best option, in my opinion. If thats not possible, it happens.. A timeout option can be set in krb5.conf for example : kdc_timeout = 5000 You have these for krb5.conf to try out also. the complete list. des-hmac-sha1 DES with HMAC/sha1 (weak) aes256-cts-hmac-sha1-96 aes256-cts AES-256 CTS mode with 96-bit SHA-1 HMAC

Hello: I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well. smb.conf workgroup = MYDOMINIO security = ads netbios name = srv-proxy server string = Servidor Proxy de

Hello, I have different Sites in my domain and want the different members to use the respective domain controller of their site. I can't get this to work right. I have a member that is in site B but executing "net ads info" outputs the DC of site A as active. I read about enabling "winbind_krb5_locator", but it is already located in

I've installed Samba 3.0.2 (from the source) on a SuSE 8.2 system with MIT Kerberos 1.3.1 (I uninstalled the Heimdal code) and the OpenLDAP 2.1.27 development libraries installed on it. I want to make this system a domain member of a Win2K native-mode ADS domain but can't get "net ads join" to work. I've run "kinit myid@MYDOMAIN.COM" and I get at ticket, but when

We have serveral RHEL 3.0 Update 2 servers running Samba. These have been working flawlessly for several months.. Recently, the base upgraded all the Windows 2000 servers to Windows 2003.. NOTE: we don't have admin rights to the Domain Controllers.. (wish we did..) Previous to the Domain (and kdc) controllers to 2003 we had no issues joining a new Samba Sever to the ADS.. Using the same

Hi All, I have machine M1 hosting Samba PDC. It stores only user information. I have machine M2 acting as KDC server. I have machine M3 hosting CIFS shares and it joins into the domain hosted by PDC M1. I have machine M4 used as CIFS client. On M2, I have added users and cifs/host service principals for M3. Also added service principal in keytab file. I have added all the user and service

Hi folks I'm using samba 4.8.3 in CentOS client and samba 4.9.3 from Van Belle repos on server I cannot join to the domain as net ads join -k -d 1 libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'TINY-FISHWIFE' domain_name : *

Can someone help me with samba4 with internal dns. Something strange showing in log.smbd when computers are doing gpupdate (becouse of this error computers cant apply gpo) log.smbd on DC1: [2017/01/13 13:49:16.075361, 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find

Hello everyone since now a certain time I pull my hair and do not understand the source of my problem. after a samba 3 pdc migration to samba 4.8.5 AD, when a windows client starts the gpo computer is not applied to the boot. in the windows logs there are 1058 GPO errors and server side samba here are the logs: GSS server Update (krb5) (1) Update failed: Miscellaneous failure (see text): Failed

Hi, I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on LM10.0. A similar summary to what I'm seeing could be found here. http://lists.samba.org/archive/samba/2004-July/090210.html My relevant config info could be found below. May I ask how could I solve this in LM10.0? What packages do I need to update? The problem does not arise with NT. It happens to only W2K, XP,