similar to: newbie question reguarding kerberos tickets

Hello, I have two issues with Kerberos administration using Samba and this results from my lack of familiarity with it. I am hoping someone can point me in the right direction. The first issue is with automatically renewing the Kerberos tickets. The second issue deals with my having to authenticate each time I attempt to join an AD domain. The Samba documentation indicates that I should *not*

Hello I trying to grasp the file permissions on Linux. I have Samba installed and functioning properly... I think I understand perimission in this environment with one exception: I need to add more than one group to a file/folder. With Windows..the security tab would allow any number of Groups and each group could have different permissions. (As well with files and subdirectories). With

Hi Folks, We're in the process of setting up a Samba cluster (Samba+CTDB+etcd), and we (presently) using Winbind. We use AD. We're finding that the domain join (or kerberos ticket renewal) is unreliable. Every day we find Samba/Winbind is no longer joined to the domain. Now, we're in a bit of a learning curve here, and automating everything with Terraform + Ansible. We have yet to

On 10/1/2020 8:34 AM, Rowland penny via samba wrote: > On 01/10/2020 13:30, Jason Keltz via samba wrote: >> On 10/1/2020 8:28 AM, Rowland penny via samba wrote: >> >>> On 01/10/2020 13:17, Jason Keltz via samba wrote: >>>> So why is it that winbind renews the ticket on the original system, >>>> but on the system that I ssh to, it does not.

On Mon, 12 Feb 2024 09:38:01 +0100 "Pluess, Tobias via samba" <samba at lists.samba.org> wrote: > Good day > > please excuse my delayed response. > Thanks for the hint with the machine account. I will try this. > I realised I can also manually refresh Kerberos tickets. > > I have the following: > > $ klist > Valid starting Expires

Am 03.07.20 um 13:05 schrieb Rowland penny via samba: > On 03/07/2020 11:33, Stefan Just via samba wrote: >> We are using tmux, screen and x2go to run long-running jobs on our >> compute servers. $HOME and other data should be mounted via CIFS or >> NFS4. Because such a job can run for more than a week, I would like to >> increase the Kerberos ticket lifetime or better

I would like to set the renewable lifetime to 90 days. What is the best way to set the Kerberos ticket maximum renewable lifetime. ~# smbd --version Version 4.12.2-Ubuntu ~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at MYDOM Valid starting Expires Service principal 07/02/20 18:08:16 07/03/20 04:08:16 krbtgt/MYDOM at MYDOM renew until 07/03/20

I posted the following a month ago but have only managed to get to fixing on this over the holidays.? Rowland mentions that I needed to add my domain info, it?s now included and I still have the same issue. Thanks and Happy New YearOld post begins below with edits Hello ? I have a problem with my Windows 10 drive connections dropping every 24 hours, very briefly.? It's enough to cause me to

Hi there: I'm just setting up a Samba as member of an Active Directory Domain. I followed instructions according to a lof of sites that mentions that we must configure NTP, Kerberos, Winbind, among others. Then mention that I should run kinit + bla bla bla. OK this works fine, but I'm not pretty sure about how Kerberos really works with Samba and when tickets are needed: 1. After a

> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote: > > > On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote: >>>>> On the client, add: >>>>> >>>>> gensec_gssapi:requested_life_time = <int> # seconds >>>>> >>>>> to smb4.conf. E.g. a ticket life time of one hour:

Hi list,I want to make winbind kerberos ticket refresh work but I couldn't do it with configuration below: ------ smb.conf ------security = ADS workgroup = MYDOMAINrealm = MYDOMAIN.ORG log file = /var/log/samba/%m.loglog level = 6enable core files = no idmap config * : backend = tdbidmap config * : range = 3000-7999idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range =

Hallo again, I would like to ask if there exists any possibility to have a Samba mount point with multiuser and with a credentials file or something similar. After a couple weeks testing I just find that my shares get disconnected after one week, which is not acceptable: I have stored some large project files on the Samba share which is opened in some calculation software, and simulations take up

I used this command to provision the domain sudo /usr/bin/samba-tool domain provision --realm test.sg --domain TEST --adminpass Pa$$worD --server-role=dc here below i include my /etc/samba/smb.conf : # Global parameters [global] workgroup = TEST realm = TEST.SG netbios name = 4ecapsvsg6 server role = active directory domain controller dns forwarder =

Good day please excuse my delayed response. Thanks for the hint with the machine account. I will try this. I realised I can also manually refresh Kerberos tickets. I have the following: $ klist Valid starting Expires Service principal 02/12/2024 08:39:44 02/12/2024 18:39:44 krbtgt/CAMPUS renew until 02/13/2024 08:39:40 so this ticket is valid until 12. February 18:39.

Hi all, Eyebeam has a sip-chat function and it would be nice if I would be able to use it. But the problem is that I can't really find information about it. I can just try to send a message and on the Asterisk console a message like this appears: Jun 13 10:05:25 WARNING[6512]: chan_sip.c:7281 receive_message: Received message to <sip:bla@voiphost> from "Bla

Has anyone had experience with MIT Kerberos tickets not valid after server reboot? After server reboot I have to do a 'kinit' to get a new ticket, re-join the AD domain, and restart samba. Then all is fine until I have to reboot the server again.. Same thing again and again. My time is synced, Kerberos tickets are good for 500d.

On 01/10/2020 00:23, Jason Keltz via samba wrote: > > Remy, > > On the domain controller (samba-ad-dc), I have in the config: kdc:user > ticket lifetime = 24 I do not recognise that smb.conf option, could this be another freebsd change that was never sent upstream or, if it was, it was rejected ? > > When I login to the client (which is using pam_winbind module), I have

We are using tmux, screen and x2go to run long-running jobs on our compute servers. $HOME and other data should be mounted via CIFS or NFS4. Because such a job can run for more than a week, I would like to increase the Kerberos ticket lifetime or better the Kerberos ticket maximum renewable lifetime. I found this guide: https://wiki.samba.org/index.php/Samba_KDC_Settings Unfortunately, only

A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 255 bytes Desc: OpenPGP digital signature Url : http://lists.samba.org/archive/samba/attachments/20060525/a6a8d41f/signature.bin

Hi there. I've been using Dovecot for quite some time now but I just started using Let's Encrypt certs. Since LE certs are renewed automatically without user intervention I'm wondering if I will need to restart dovecot after that renewal... Has anybody had any experience with that? Thanks so much for your help! Ignacio -------------- next part -------------- An HTML attachment was