similar to: 3.0.25: non-Kerberos authentication fails when security=ads?

Displaying 20 results from an estimated 2000 matches similar to: "3.0.25: non-Kerberos authentication fails when security=ads?"

2001 Oct 18
1
sshd fails to close open file descriptors when forking
I don't like to be the bearer of bad news, but... In light of the big "ssh hangs on logout" thread (wherein the true culprit was identified as being programs that don't close inherited file descriptors), I find it somewhat ironic that one of those "broken daemon" programs that doesn't close its open fds is sshd. :( http://bugzilla.mindrot.org/show_bug.cgi?id=3
2005 Feb 07
1
treat output of sshrc as environment assignment lines?
Currently, ~/.ssh/environment can set static environment variables, and ~/.ssh/rc can run initialization routines. But there is no way for sshrc to propagate changes to the environment to the user's shell or command. There is, however, a possible way to do this. If the PermitUserEnvironment option is set, sshd could treat the stdout of sshrc as additional assignment lines of the form
2011 Feb 01
1
Setting up a guest share
Can anyone assist with the following problem I am trying to set up a share on a domain controlled by SAMBA that anyone can access, particularly if they are not part of the domain the machine Samba is running on is joined to or are in another domain. I cannot access this share from a Windows 2008 R2 DC. The samba share is as follows. > [adreg] > comment = registration files
2009 Jul 12
13
pv_ops kernel and nvidia binary driver
Just wondering what it will take to get the nvidia binary driver working on a pv_ops kernel. It makes it difficult to debug without the source to the nvidia driver, but I think it should be possible to get it to work without changing the binary driver. If the dom0 kernel had access to all the resources that a bare metal kernel did, then it should work right? I''m using Jeremy''s
2009 Jul 12
13
pv_ops kernel and nvidia binary driver
Just wondering what it will take to get the nvidia binary driver working on a pv_ops kernel. It makes it difficult to debug without the source to the nvidia driver, but I think it should be possible to get it to work without changing the binary driver. If the dom0 kernel had access to all the resources that a bare metal kernel did, then it should work right? I''m using Jeremy''s
2009 Jul 19
3
Opensolaris domU unable to get dhcp lease
I''m running a ubuntu 9.04 64 bit dom0 with kernel 2.6.29.6 and xen 3.4.0. My eth0 is bridged to br0 and to my guest VMs. The dom0 is running a dhcp server on br0 which is able to provide leases to physical machines on eth0, and also to a windows xp domU which is bridged to br0. However my open solaris 2009.6 domU is unable to obtain a dhcp lease. On the opensolaris side I can see this:
2009 Jul 09
6
2.6.30.1 dom0 Xen patches
I''ve been trying for several days to get a xen dom0 booting as described on Boris Derzhavets blog. I have been able to boot Jeremy Fitzhardinge''s pv_ops kernel under xen, but my X server wouldn''t start so I''ve been trying to get Andrew Lyon''s rebased opensuse patches to work. I have asked for help in the freenode ##xen channel but they
2011 Aug 09
1
Ldapsam Editposix & idmap help required
Hi, I am more or less following this tutorial Ldapsam Editposix = http://wiki.samba.org/index.php/Ldapsam_Editposix but can't quite get my domain to work. I think the issue is with the idmap part of the smb.conf but can't quite figure out what's wrong with it or what the correct format should be. My SMB.CONF file.... #interfaces = lo0 em0 127.0.0.1 bind interfaces only = no
2007 Apr 03
1
Winbind 3.0.25-pre2 problems with sid2uid
Hi, I have tested winbind in samba-3.0.25-pre2 and encountered some problems. We have a working config with Linux samba-3.0.23d and W2k3 AD R2 rfc2307bis, but when I switch to 3.0.25 it stopped working. I am not quite familiar with the new configuration directives for idmap, but the old config did not work either with 3.0.25, so I tried to use the new ones. Is there apparent errors in my config
2006 Jul 14
0
Authenticate users through an AD trust
I've recently connected a Samba server to our domain (ourdomain.dom) and configured it to send authentication requests to AD. I can successfully authenticate ourdomain.com users from the Samba server. ourdomain.com has a trust with a sister company (theirdomain.com). With this trust we can assign NTFS permissions to users within theirdomain.com to, for example, file servers on ourdomain.com.
2005 Feb 16
0
Samba 3.0.11 as Domain member with ADS W2K
I've been following the forums on this subject. I am still having problems implimenting this at my site. I am trying to replace a Novell 5 file server doing single server signon(workstation manager) with a linux/samba server and a W2K ADS server. I tried this with slackware 10.0, samba 3.0.10, MIT krb5 v 3.1 5, openldap-2.1.22 and got it pretty close (could login wihtout password) but had
2005 Feb 11
0
Can't map group domain share from ADS
I've set up the following and can open a home share for me (sylveg). I've created a group on W2KADS and on OURSAMBALINUX called oadmin and added me as a member in both. I created a samba share called o_drive (see smb.conf below) w/ the linux dir /home/o_drive and valid users = %D+oadmnin. The /home dir is: drwxr-xr-x 2 root root 4096 2004-09-03 15:16 ftp/ drwx------ 2 root root
2005 Jan 21
0
Cisco 7960 can't make/receive calls
I've got three 7960s running v6 SIP firmware. My Asterisk setup has worked fine with grandstream devices, and basically, we're just upgrading to use nicer phones. Whilst I can make/receive calls from the 7960 to/from gossiptel). When I try to place a call, I get the following Jan 21 11:09:23 NOTICE[19688]: chan_sip.c:7271 handle_request: Failed to authenticate user "30"
2019 Mar 28
0
configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
>>>> Set >>>> >>>> ssl_client_ca_file=/path/to/cacert.pem to validate the certificate >>> >>> Can this be the Lets Encrypt cert that we already have? In other words we have: >>> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem >>> ssl_key = </etc/pki/dovecot/private/dovecot.pem >>> >>> Can those be
2005 Feb 17
0
W2k ADS Samba 3.0.11 and krb5
Am still having problems getting Samba/W2K ADS to work w/MIT-KRB5. Fresh install of following: Slackware 10.1 Openldap 2.2.23 MIT krb5 1.4 Samba 3.0.11 (with clitar patch) Following "http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member" I get to: kinit administrator@OURORG.OURDOMAIN.ORG (comes back to prompt after password, no error. klist -e gives:
2016 Aug 23
7
virtual users, mailer daemon send mails to non existant recipient and dovecot store it
Hello, Sometime when we receive a spam or virus that is detected as it, mailer daemon send a reply to the sender to inform that the message is a spam or content viruses. The problem is that the sender of the spam as something like voicemail at ourdomain.fr ( the user voicemail doesn't exist in our database ) And sometimes dovecot create the directory and store the reply 's mail...
2011 Mar 24
0
Need urgent help. trust relationship problem during authentication
We have an urgent problem that we've been spending hours on to no avail. We have a RHEL 5.2 server that is running Samba 3.2.8 and was set up for domain authentication against our PDC. It was running fine until I decided to try and change it to "ads" authentication. I then realized that we needed to keep it on "domain" because of the version of Clearcase we have on the
2011 Mar 24
0
RESOLVED: Need urgent help. trust relationship problem during authentication
I am not sure if this first post made it to the list, but I wanted to post the resolution, which was very simple and something I had documented but buried and I had forgotten about it. All these problems went away when I joined the domain using Samba's version of "net", not Redhat's. If you use Redhat's version, it looks like it joins the domain but it really doesn't
2015 Mar 24
1
Debugging Samba 4 AD Setup
Hi Louis, answers are inline ... On 03/24/2015 03:48 PM, L.P.H. van Belle wrote: > Realm is advices to use UPPERCASE.. not obligated. ( but very advices yes ) I changed the config to uppercase and rebooted, no change in the logfiles. > > check the following outputs and post them back in the list ( if needed anonymized ) > > hostname -i 192.168.1.235 > hostname -s the-ad-hostname
2024 Apr 15
1
Status of LDAPS port 636 with Winbind idmap backend ad in 2024?
Dear Samba community, We run two Samba server in a CTDB cluster in a small group withing a bigger company. We use Winbind to authenicate and authorize against a company-wide active directory (using `security = ads` and `idmap config OURDOMAIN : backend = ad`, resp., among others). So, if I understand this correctly authentication is done via Kerberos and authorization via LDAP. Unfortunately (but