similar to: MIT KDC for Samba authentication?

Hi, We've been testing Samba 3 for some time now, and we had absolutely no problems connecting it to Windows 2000 KDC, etc... Now, we're trying to push it further and have it authenticate against a non-windows KDC, and I have to admit that I am nowhere near to it. I've seen a few discussions in this list regarding exactly this issue, but I still don't get it ;-)) I have my

Hi, I have been reading through the docs for Samba 3, and there is a lot of talk about how samba 3 can function in an AD domain as a member server and accept kerberos service tickets issued by an MS KDC. (net ads join, etc...) I have a slightly different twist on a similar situation. I have an MIT kerberos realm set up and my Windows2000 PCs get tickets from this realm on login just

After setting up Samba 3 I noticed the Windows 2000 box was requesting a ticket from the KDC for HOST/<NETBIOS NAME>@MYREALM.COM when it tried to connect to the Samba server. I presume that W2K is sending the ticket it is granted along to the Samba server. If that presumption is correct, is it possible to make Samba authenticate the user with the Kerberos ticket they present? If so, how

Hi, I'm running OpenSSH 3.8 & 3.9, compiled against Heimdal 0.6.3 for it's GSSAPI & AFS integration. A couple weeks ago, we upgraded our MIT KDC from (ugh) Kerberos 5 1.0.6 to the lastest and greatest 1.3.5. However, it seems that as part of the upgrade, our GSSAPI credentials passing in OpenSSH stopped working. Actually, didn't completely stop... You can still do a

I have a Samba 3 server running as my domain controller and want to configure it to authenticate user passwords off a MIT KDC server that is already up and running. I have the KDC client software installed on the Samba box and it will authenticate users using it's tools. I have been looking for some sort of a how-to but I have not found anything that works or explains much very well. Most

Hi All- Please pardon my repost of my usenet article in this list. Previously, I asked if Samba 3.0 could be an Active Directory Domain Controller (ADDC). I have the feeling that the answer is no. If so, then I have this other question: Can I use Samba as an NT4 PDC for making a Windows NT4 domain that would host several M$ Windows XPP client computers as domain clients/members, but have

Hi, I have a large client who has an MIT Kerberos realm set up. According to MS guidelines, they have also set up a one way trust between their AD domain and their MIT realm so that their users could continue using their MIT kerberos login and password to access kerberized services on their network. Essentially, users log into their PCs using their MIT names/passwords but can access

Hi, On 27-06-2016 08:58, Mark Foley wrote: > So, I'm apparently lacking in the kerberos stuff. Here's the problem -- Samba4 uses Heimdal > Kerberos and when I provisioned my domain apparently none of these needed kerberos files were > set up. I can, however, kerberos authenticate from domain workstations both WIN7 and Linux. You don't need any Samba4 stuff, to get it

Is there a mechanism migrate/import user principal information from an MIT KDC into a Samba4 internal KDC? We currently run our Active Directory users with Account Mappings that utilize a cross-realm trust between our MIT KDC (where user principals are maintained) and the Active Directory domain, as documented at *http://tinyurl.com/bx9znca* This works fine for our Windows clients, but it

Hello, i installed a SAMBA 4.7.4 AD Server on Ubuntu 18.04 (BETA). SAMBA4 was compiled from source. For MIT Keberos i also installed libkrb5-dev and krb5-kdc and compiled with the "--with-system-mitkrb5" option. The installation runs pretty good (some dependencies problem, solved manually). But now im not able to test kerberos: # kinit administrator --> kinit: Cannot find KDC

Version 4.0.0alpha18-GIT-957ec28 After starting samba -i -d3, wbinfo -i someuser gives this: ldb_wrap open of secrets.ldb using SPNEGO Selected protocol [8][NT LANMAN 1.0] Cannot reach a KDC we require to contact cifs/hh3.site at SITE : kinit for HH3$@SITE failed (Cannot contact any KDC for requested realm) SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS ldb_wrap open of

Hi all, I have just downloaded and tested with the Samba3.0 Alpha21 Release. I want to try to create the server account in the active directory, however, when I logged in to the KDC by "/usr/kerberos/bin/kinit administrator@xxx.com", but error returned as "KDC has no support for encryptions type while getting the initial credentials" , then I can't go on for creating the

Hello, I am having a problem getting my server to join our realm as a domain member server. I have read through google, yahoo, and this list, but I cannot find the answer yet. When I run: net join ads -Uadministrator and try to login it gives the following error: kerberos_kinit_password Administrator@MYREALM.COM failed: Cannot resolve network address for KDC in requested realm

hi, all, I'm using MIT-krb5 and it seems it's not quite stable. Everything seemed fine and krb5, samba daemon started as well unless I tried to use "ad\xxx" to login a windows7 machine. Here is part coredump log, :Sep 25 15:08:54 pdc.ad.pthl.hk samba[2579]: /usr/sbin/krb5kdc: krb5k= dc: starting... :Sep 25 15:11:56 pdc.ad.pthl.hk samba[2579]: /usr/sbin/krb5kdc:

Hello, I'm using samba as active directory with heidmal kerberos. I would like to switch to MIT kerberos as this is the implementation my distrib has chosen. I've made my kdc.conf according to these instructions: https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC But I can't authenticate it seems all my password are expired. kinit administrator at

Folks: We use an old AFS cell with Kerberos 4. Our use of Kerberos 4 is fairly limited; we have never needed to implement rcmd host principals for most of our systems. Indeed, given that Kerberos 4 strips off the domain name portion of a hostname when determining the rcmd instance, we would not be able to do this, since we do have duplicate hostnames in multiple subdomains. For AFS

Hi, This is just curiosity. We are monitoring failed logons, and there seem to be three types: - LDAP,simple bind/TLS (obious, failed ldap logons) and these two: - SamLogon,network - Kerberos KDC,ENC-TS Pre-authentication Could someone explain what (the difference between) these two types is? Google doesn't really seem to help. MJ

Does the built-in Samba 4.5 Heimdal KDC use a principal database, or is everything Kerberos stored in LDAP? I am trying to add a service/host alias via 'kadmin.heimdal -l' but a database 'dump' results in 'hdp_open: opening /var/lib/heimdal-kdc/heimdal: No such file or directory'. I know just enough Kerberos to be dangerous, so some background on what I am trying to

I'm trying to install Samba. I need to put some files on Samba server accessed from Windows clients and authenticated through our Win2k Active Directory Server. I'm following instructions from "Chapter 13_ Identity Mapping (IDMAP).htm", but at the moment I cannot connect. I've follow many directions from too much sites over Internet, and there are a lot of instructions, buy I

Hello Samba Community, I would like to seek advice as my Samba AD tends to consume high memory usage caused by KDC service. This issue will always come back within a couple of days after I restart samba-ad-dc service. It does not help by increasing memory. >From message log: kernel: Out of memory: Kill process 14527 (samba) score 873 or sacrifice child Identified pid 14527 belongs to