similar to: Kerberos Keytab Code Update in 3.0.23

I have samba+ads working fine *HOWEVER* when I run net ads keytab create it fails. Using -d 10 the debug output says it cannot write to the file. This is truly bizarre as I am running this as root! e.g. # /usr/local/opt/samba/samba-3.0.24/bin/net ads keytab create ; echo $? 183 And /usr/local/opt/samba/samba-3.0.24/bin/net -d 10 ads keytab create ; echo $? Gives [..snip..] ads_get_kvno:

The net ads joins the host to the AD, but cant get the proper kerberos tix. Manually generating the kerberos keytab from AD dont work. Any suggestions? root@host /#head -1 /etc/release Solaris 10 10/08 s10s_u6wos_07b SPARC root@host /usr/sfw/sbin#./smbd -V Version 3.0.28 root@host /#for PKG in `pkginfo -x | grep -i samba | awk '{print $1}'`; do VER=`pkginfo -l ${PKG} | grep PSTAMP`;

Hi All, I am getting Kerberos "enc type" problem that I can't explain: [2005/06/11 11:41:29, 1, pid=29355] libads/kerberos_verify.c:ads_keytab_verify_ticket(61) ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (No such file or directory) [2005/06/11 11:41:29, 3, pid=29355] libads/kerberos_verify.c:ads_secrets_verify_ticket(193) ads_secrets_verify_ticket: enc type [16]

Hai Mourik-Jan, This looks all good. Only one thing in the config, you can remove : winbind nss info = rfc2307 Since your alread set ( for 4.6.x) : idmap config INTECH:unix_nss_info = yes Can you check the content of the keytab? klist -ke /etc/krb5.keytab post ( if needed anonymized ) the content you see. run : net ads keytab list -UAdministrator And did you by accident run : net ads

I am trying to add a (CentOS4.4) Samba-3.0.23d server to a AD Win2K3 domain and the following error occurs # /usr/kerberos/bin/kinit administrator@SUBDOM.DOMAIN # net join Using short domain name -- SUBDOM Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for

Hi, I have some Ubuntu LTS servers running openssh server authenticating to external openldap. I installed a new Ubuntu LTS server with Samba4 to create a domain and is working very well. I managed to make a pfsense firewall authenticate users in this Samba4 ldap. How to make openssh in Ubuntu authenticate users in Samba4 ldap?

Hello, I'm trying to authenticate all our linux machines to our ADS domain. As of now, I'm still in the process of setting up all the individual components before pushing the setup out. I've made quite a bit of progress, but I've hit a hitch when trying to add the machine's service principals (the 'host' primary specifically) to its keytab. I've searched, but I

Hello. I recompiled from the samba.org 3.0.7 SRPMs and it worked like a charm. I think the problem may have been that I was using RHEL3's 3.0.6 samba RPMs which depended on their own krb5-libs, and I used kerberos rpms that don't use e2fsprogs's libcom_err. Anyone privilaged enough to be using RHEL3 to integrate their linux machines into ADS may want to rebuild anything depending on

When "use kerberos keytab = yes" in smb.conf is set with samba-3.2.8 and the environment variable KRB5_KTNAME is not set with the value using prefix "FILE:" or the default_keytab in /etc/krb5.conf is set without the prefix i.e. default_keytab_name = /etc/v5srvtab then the function smb_krb5_open_keytab() returns KRB5_KT_UNKNOWN_TYPE. If smb_krb5_open_keytab with a

Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert

Hi Jeremy, Jerry and samba experts, This is Suresh from EMC . I am having difficulty in creating and adding a Kerberos principal using samba's net utility. This server is configured as a Winbind client to a Windows 2003 Active Directory. I've successfully bound it to AD and I am able to authenticate. If I log into this host I am properly issued a Kerberos ticket from AD so it would

I'm tracking a compiling issue with 2.2.8a on AIX 5.2-ML01 with IBM C for AIX 6.0 and i'm having an issue with lib/snprintf.c The first thing i noticed is that "includes.h" is not included which is in many other places, but I'm sure there are reaasons. The other thing is there is a check at the beginning for HAVE_SNPRINTF, HAVE_VSNPRINTF and HAVE_C99_VSNPRINTF to include

Small respin of the patches that I posted a few days ago. The main difference is the reordering of the series to make it do the group and grouplist manipulation first, and then the patch that makes it grab the KRB5CCNAME from the initiating process. I think the code is sound, my main question is whether we really need the command-line switch for this. Should this just be the default mode of

Dear all. I would like to propose a possible way to make mget and mput behave more or less the same way, rather that just changing documentation. Please, bear in mind this is a poor attempt coming from a person with no C skills at all, so other than testing that only filtered files are transferred, I have not gone further. Hope at least to have been able not to corrupt any pointer, but I'm

When using Samba 3.0.23b (slightly old, I know) on CentOS 4.4, smbstatus -B fails with a segmentation fault. smbstatus works, and tdbdump is able to dump brlock.tdb and locking.tdb without any errors (which is not what I expected). Here's the backtrace (non-ASCII characters replaced with 'X'): #0 0x0017fa2c in memcpy () from /lib/tls/libc.so.6 #1 0x0029b19f in tdb_write

Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop

I finally found it, thanks to a clue from https://wiki.archlinux.org/index.php/Active_Directory_Integration This works: kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$' These don't work: kinit -k -t /etc/krb5.keytab kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net kinit -k -t /etc/krb5.keytab host/wrn-radtest That is: the keytab contains three different principals: root

My apologies if this isn't the correct posting address -- I didn't see an obvious "report problems here" on the website. Some of the code modifications introduced between 2.2.7 and 2.2.8 don't appear to agree with Solaris, using Sun's CC, with the LDAP support code. Note that I'm linking against the Solaris-bundled LDAP package (SUNWlldap). |% env

Chad reported that he was seeing a regression in cifs-utils-6.6. Prior to that, cifs.upcall was able to find credcaches in non-default FILE: locations, but with the rework of that code, that ability was lost. Unfortunately, the krb5 library design doesn't really take into account the fact that we might need to find a credcache in a process that isn't descended from the session. When the

Dear Andrew. You are right, I should have taken a deeper look into the standard output during compilation. I did just assume source4 was the one for Samba4. Anyway, besides the source confusion (really, even if I had found the right one, following the code would have been out of my reach), I don't seem to find how that is related with the documentation issue, or the mput/mask/recurse