similar to: Kerberos requirements for Samba and AD Membership

Displaying 20 results from an estimated 6000 matches similar to: "Kerberos requirements for Samba and AD Membership"

2010 Feb 11
2
ads_sasl_spnego_krb5_bind failed: Program lacks support for encryption type [SEC=UNCLASSIFIED]
Hi all, According to this bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977 This particular error is actually a bug in the samba code. Does anyone know if there are patches that fix this ? Adding "allow_weak_crypto = true" to /etc/krb5.conf does not solve this for me :( Has anyone got a working solution for this ? -Alex IMPORTANT: This email remains the
2004 Oct 14
2
Samba ADS -- works with XP Pro, but not 2000 Pro
I am using Samba with Active Directory. I have successfully joined my Samba server to the domain D1 ( net ads join -U username@D2.DOMAIN.COM ). I am able to succesfully connect from Windows XP clients ( with no password ), but not from Windows 2000 ( even when specifying a password ). With w2k, I always get "Failed to verify incoming ticket!". I think it has something to do with
2019 Nov 05
5
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Ok, you did to much as far i can tell. You want to see this: i'll show my output, then i is better to see what i mean. this is where you start with. klist -ke |sort ( default member ) ---- -------------------------------------------------------------------------- 3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96) 3 host/HOSTNAME1 at REALM.DOMAIN.TLD
2019 Nov 05
7
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Ok, Your keytab looks ok now. oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp. fs-a.dom.corp has address 10.0.0.2 i would have expected here. oldsamba.dom.corp is an alias for fs-a.dom.corp. fs-a.dom.corp has address 10.0.0.2 Or was that a typo? I assuming a typo.. About your setup from the script outpout. Change this one. /etc/hosts 10.0.0.2 fs-a.dom.corp fs-a oldsamba #
2005 Apr 16
1
Problems with ADS membership in win2k domain
I'm having problems with ADS membership for samba. I had a "mostly" working version with RHES v2.1, krb5 v1.2, samba v3.0.5. I knew to get to a fully functioning version I would need krb5 v1.3 or later. So finally I had an opertunity to junk RH's crufty krb5 and build from scratch with: RHES v2.1 MIT krb5 v1.4 samba v3.0.13 This works fine on another server. Now to the
2017 Nov 09
3
Slow Kerberos Authentication
Hai, You may need to add the the following in krb5.conf [libdefaults] allow_weak_crypto = true ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes128-cts-hmac-sha1-96
2019 Feb 26
2
gpo not applied a boot computer
THANK YOU FOR YOUR REPLY THE RESULT : KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/samba4 at FSS.LAN (des-cbc-crc) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc) 1 SAMBA4$@FSS.LAN (des-cbc-crc) 1 HOST/samba4 at FSS.LAN (des-cbc-md5) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5) 1 SAMBA4$@FSS.LAN (des-cbc-md5) 1
2019 Oct 29
4
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hi, the problem seems to be related to this bug: https://bugzilla.samba.org/show_bug.cgi?id=6750 I try therefore to set machine password timeout = 0 Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba < samba at lists.samba.org> ha scritto: > On 29/10/2019 10:04, banda bassotti wrote: > > I had already done it: > > > > # samba-tool spn list
2004 May 12
2
Failed to verify ticket ?
Hi ! My problem is that : [2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/05/12 16:07:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/05/12 16:07:59, 0]
2016 Jan 07
1
Authentication to Secondary Domain Controller initially fails when PDC is offline
Ok .. maybe if seen something, dont know for sure, so Rowland, what do you think about below. Post the result of : klist -e -k /etc/krb5.keytab i see in your logs. AS key obtained for encrypted timestamp: aes256-cts/000A In my setup, i dont have aes256-cts available in my keytab, do you? You can try adding this, to krb5.conf. ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac
2017 Nov 10
2
Slow Kerberos Authentication
No, no idee, but really, upgrade to samba, best option, in my opinion. If thats not possible, it happens.. A timeout option can be set in krb5.conf for example : kdc_timeout = 5000 You have these for krb5.conf to try out also. the complete list. des-hmac-sha1 DES with HMAC/sha1 (weak) aes256-cts-hmac-sha1-96 aes256-cts AES-256 CTS mode with 96-bit SHA-1 HMAC
2018 Jun 08
2
samba4+squid3+ntlm
Hello: I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well. smb.conf workgroup = MYDOMINIO security = ads netbios name = srv-proxy server string = Servidor Proxy de
2015 Aug 13
4
winbind_krb5_locator usage
Hello, I have different Sites in my domain and want the different members to use the respective domain controller of their site. I can't get this to work right. I have a member that is in site B but executing "net ads info" outputs the DC of site A as active. I read about enabling "winbind_krb5_locator", but it is already located in
2004 Feb 11
6
Unable to join ADS domain
I've installed Samba 3.0.2 (from the source) on a SuSE 8.2 system with MIT Kerberos 1.3.1 (I uninstalled the Heimdal code) and the OpenLDAP 2.1.27 development libraries installed on it. I want to make this system a domain member of a Win2K native-mode ADS domain but can't get "net ads join" to work. I've run "kinit myid@MYDOMAIN.COM" and I get at ticket, but when
2004 Jul 29
2
2003 KDC and Samba
We have serveral RHEL 3.0 Update 2 servers running Samba. These have been working flawlessly for several months.. Recently, the base upgraded all the Windows 2000 servers to Windows 2003.. NOTE: we don't have admin rights to the Domain Controllers.. (wish we did..) Previous to the Domain (and kdc) controllers to 2003 we had no issues joining a new Samba Sever to the ADS.. Using the same
2009 Mar 11
1
Samba PDC - Kerberised CIFS access
Hi All, I have machine M1 hosting Samba PDC. It stores only user information. I have machine M2 acting as KDC server. I have machine M3 hosting CIFS shares and it joins into the domain hosted by PDC M1. I have machine M4 used as CIFS client. On M2, I have added users and cifs/host service principals for M3. Also added service principal in keytab file. I have added all the user and service
2019 Feb 05
2
Unable to join to a SAMBA4 domain
Hi folks I'm using samba 4.8.3 in CentOS client and samba 4.9.3 from Van Belle repos on server I cannot join to the domain as net ads join -k -d 1 libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'TINY-FISHWIFE' domain_name : *
2017 Feb 01
2
gpupdate - Failed to find DC1 in keytab
Can someone help me with samba4 with internal dns. Something strange showing in log.smbd when computers are doing gpupdate (becouse of this error computers cant apply gpo) log.smbd on DC1: [2017/01/13 13:49:16.075361, 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find
2019 Feb 26
5
gpo not applied a boot computer
Hello everyone since now a certain time I pull my hair and do not understand the source of my problem. after a samba 3 pdc migration to samba 4.8.5 AD, when a windows client starts the gpo computer is not applied to the boot. in the windows logs there are 1058 GPO errors and server side samba here are the logs: GSS server Update (krb5) (1) Update failed: Miscellaneous failure (see text): Failed
2004 Dec 07
1
Kerberos Error
Hi, I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on LM10.0. A similar summary to what I'm seeing could be found here. http://lists.samba.org/archive/samba/2004-July/090210.html My relevant config info could be found below. May I ask how could I solve this in LM10.0? What packages do I need to update? The problem does not arise with NT. It happens to only W2K, XP,