similar to: MIT KDC for Samba authentication?

Hi, We've been testing Samba 3 for some time now, and we had absolutely no problems connecting it to Windows 2000 KDC, etc... Now, we're trying to push it further and have it authenticate against a non-windows KDC, and I have to admit that I am nowhere near to it. I've seen a few discussions in this list regarding exactly this issue, but I still don't get it ;-)) I have my

Hi, I have been reading through the docs for Samba 3, and there is a lot of talk about how samba 3 can function in an AD domain as a member server and accept kerberos service tickets issued by an MS KDC. (net ads join, etc...) I have a slightly different twist on a similar situation. I have an MIT kerberos realm set up and my Windows2000 PCs get tickets from this realm on login just

After setting up Samba 3 I noticed the Windows 2000 box was requesting a ticket from the KDC for HOST/<NETBIOS NAME>@MYREALM.COM when it tried to connect to the Samba server. I presume that W2K is sending the ticket it is granted along to the Samba server. If that presumption is correct, is it possible to make Samba authenticate the user with the Kerberos ticket they present? If so, how

Hi, I'm running OpenSSH 3.8 & 3.9, compiled against Heimdal 0.6.3 for it's GSSAPI & AFS integration. A couple weeks ago, we upgraded our MIT KDC from (ugh) Kerberos 5 1.0.6 to the lastest and greatest 1.3.5. However, it seems that as part of the upgrade, our GSSAPI credentials passing in OpenSSH stopped working. Actually, didn't completely stop... You can still do a

I have a Samba 3 server running as my domain controller and want to configure it to authenticate user passwords off a MIT KDC server that is already up and running. I have the KDC client software installed on the Samba box and it will authenticate users using it's tools. I have been looking for some sort of a how-to but I have not found anything that works or explains much very well. Most

Hi All- Please pardon my repost of my usenet article in this list. Previously, I asked if Samba 3.0 could be an Active Directory Domain Controller (ADDC). I have the feeling that the answer is no. If so, then I have this other question: Can I use Samba as an NT4 PDC for making a Windows NT4 domain that would host several M$ Windows XPP client computers as domain clients/members, but have

Hi, I have a large client who has an MIT Kerberos realm set up. According to MS guidelines, they have also set up a one way trust between their AD domain and their MIT realm so that their users could continue using their MIT kerberos login and password to access kerberized services on their network. Essentially, users log into their PCs using their MIT names/passwords but can access

Hi, On 27-06-2016 08:58, Mark Foley wrote: > So, I'm apparently lacking in the kerberos stuff. Here's the problem -- Samba4 uses Heimdal > Kerberos and when I provisioned my domain apparently none of these needed kerberos files were > set up. I can, however, kerberos authenticate from domain workstations both WIN7 and Linux. You don't need any Samba4 stuff, to get it

As Samba 3.x does not work with the Kerberos included with Solaris (it has no headers) I have to remove it and replace it with MIT kerberos. Does anyone know if Solaris kerberised services will still work normally (without modification) such as kerberised NFS? I briefly tested this and couldn't het it to work, but if someone has a definative answer it might save me a lot of trouble, thanks

Is there a mechanism migrate/import user principal information from an MIT KDC into a Samba4 internal KDC? We currently run our Active Directory users with Account Mappings that utilize a cross-realm trust between our MIT KDC (where user principals are maintained) and the Active Directory domain, as documented at *http://tinyurl.com/bx9znca* This works fine for our Windows clients, but it

Hi List, My goal in sending this email is to get some direction on where to start looking to solve my problem. Thank you all in advance for reading through this and providing any guidance! I'm working on moving to new servers, upgrading from CentOS 6.7 to CentOS 7.5. In this move, we are also upgrading from Apache/2.2.15 to Apache/ 2.4.33. Our servers are all sitting behind a load

Hello, i installed a SAMBA 4.7.4 AD Server on Ubuntu 18.04 (BETA). SAMBA4 was compiled from source. For MIT Keberos i also installed libkrb5-dev and krb5-kdc and compiled with the "--with-system-mitkrb5" option. The installation runs pretty good (some dependencies problem, solved manually). But now im not able to test kerberos: # kinit administrator --> kinit: Cannot find KDC

Hello, I'm using samba as active directory with heidmal kerberos. I would like to switch to MIT kerberos as this is the implementation my distrib has chosen. I've made my kdc.conf according to these instructions: https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC But I can't authenticate it seems all my password are expired. kinit administrator at

hi, all, I'm using MIT-krb5 and it seems it's not quite stable. Everything seemed fine and krb5, samba daemon started as well unless I tried to use "ad\xxx" to login a windows7 machine. Here is part coredump log, :Sep 25 15:08:54 pdc.ad.pthl.hk samba[2579]: /usr/sbin/krb5kdc: krb5k= dc: starting... :Sep 25 15:11:56 pdc.ad.pthl.hk samba[2579]: /usr/sbin/krb5kdc:

Hi all, I have just downloaded and tested with the Samba3.0 Alpha21 Release. I want to try to create the server account in the active directory, however, when I logged in to the KDC by "/usr/kerberos/bin/kinit administrator@xxx.com", but error returned as "KDC has no support for encryptions type while getting the initial credentials" , then I can't go on for creating the

Version 4.0.0alpha18-GIT-957ec28 After starting samba -i -d3, wbinfo -i someuser gives this: ldb_wrap open of secrets.ldb using SPNEGO Selected protocol [8][NT LANMAN 1.0] Cannot reach a KDC we require to contact cifs/hh3.site at SITE : kinit for HH3$@SITE failed (Cannot contact any KDC for requested realm) SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS ldb_wrap open of

Hello, I am having a problem getting my server to join our realm as a domain member server. I have read through google, yahoo, and this list, but I cannot find the answer yet. When I run: net join ads -Uadministrator and try to login it gives the following error: kerberos_kinit_password Administrator@MYREALM.COM failed: Cannot resolve network address for KDC in requested realm

Folks: We use an old AFS cell with Kerberos 4. Our use of Kerberos 4 is fairly limited; we have never needed to implement rcmd host principals for most of our systems. Indeed, given that Kerberos 4 strips off the domain name portion of a hostname when determining the rcmd instance, we would not be able to do this, since we do have duplicate hostnames in multiple subdomains. For AFS

Hi, This is just curiosity. We are monitoring failed logons, and there seem to be three types: - LDAP,simple bind/TLS (obious, failed ldap logons) and these two: - SamLogon,network - Kerberos KDC,ENC-TS Pre-authentication Could someone explain what (the difference between) these two types is? Google doesn't really seem to help. MJ

Does the built-in Samba 4.5 Heimdal KDC use a principal database, or is everything Kerberos stored in LDAP? I am trying to add a service/host alias via 'kadmin.heimdal -l' but a database 'dump' results in 'hdp_open: opening /var/lib/heimdal-kdc/heimdal: No such file or directory'. I know just enough Kerberos to be dangerous, so some background on what I am trying to