Displaying 20 results from an estimated 2000 matches similar to: "Winbind fails to refresh Kerberos tickets (3.0.25b - Fedora Core 5) - 2nd Try"
2008 Jan 20
1
winbind forced password change requires interactive shell
We've discovered that although Winbind supports password changes when the
account password is expired, this only works with *interactive* shells.
This is a major problem for us. Use case 1: SSH tunnels:
$ ssh user2@localhost -N -L 4711:localhost:22
user2@localhost's password:
<trying to use the tunnel>
channel 2: open failed: administratively prohibited: open failed
As you can
2009 Jun 24
0
winbind authentication mystery
Greetings,
I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind
authentication against a Windows 2003 server.
I've run kinit and net join successfully, and can wbinfo -u, -g, and -t
successfully, as well as getent passwd and getent group successfully. I
can even use passwd to change domain user passwords.
However, when I try to log in via gdm, ssh, or even su, I do not
2009 Dec 31
0
winbind authentication mystery
Hi Chris,
Were you able to solve this.
Regards,
David.
Greetings,
I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind
authentication against a Windows 2003 server.
I've run kinit and net join successfully, and can wbinfo -u, -g, and -t
successfully, as well as getent passwd and getent group successfully. I
can even use passwd to change domain user passwords.
However,
2018 Jul 24
0
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van
> Belle via samba
> Sent: 24 July 2018 09:41
> To: samba at lists.samba.org
> Subject: Re: [Samba] Failed to establish your Kerberos Ticket cache due time
> differences with the domain controller
>
> I did re-read the whole thread again.
>
> Im running out
2020 Jul 29
1
kerberos ticket on login problem
On 7/28/2020 4:11 PM, Jason Keltz wrote:
>
> On 7/28/2020 3:59 PM, Jason Keltz via samba wrote:
>> I'm experimenting with smb + winbind.
>>
>> My host is joined to AD and I can login to my host fine using my AD
>> credentials via SSH.?? The only issue is that I don't get a Kerberos
>> ticket generated.
>>
>> In
2009 Mar 13
1
PAM_WINBIND problem with sambaPwdMustChange
Hi People!
I use pam_winbind for authentication in my computer workstation using
Debian Lenny 5.0, Stable Version.
I configure my user with this option "sambaPwdMustChange: 0", and I
logon in GDM without asking to change password. Who knows what can be?
I use Samba PDC with Heimdal Kerberos, but, I configure PAM with only
pam_winbind for tests...
Client versions:
ii
2010 Mar 28
1
[PLUG] Ongoing saga with Samba and AD
Ben Love had this to say:
> * Mike Leone wrote on [2010-03-27 22:02:38 -0400]:
>> I tried to log on as "DACRIB+administrator" at the physical console. I
>> was prompted twice for my password (dunno if that's because my password
>> has a "!" in it or not). Then it starts to login. I see the motd. I see
>> it say that it was trying to create a
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
2014 Jan 02
2
pam_winbind fails to authenticate domain users on my debian wheezy domain member servers
Dear list members,
I am running a small active directory domain for my home network.
Everything is working as expected, except for the authentication of active
directory users on my machines running debian wheezy.
Here is my setup:
1) Active Directory Domain Controller is running on a raspberrypi
(raspbian) with samba compiled from source (v4-1-stable from git repository)
2) WIndows 7 machines
1999 Dec 28
0
Patches to report rsaref build and to call pam_setcred
I've attached two patches. The first just changes the output of "ssh -V"
to print that it was built against rsaref if libRSAglue (which is built
as part of openssl only when it is built against rsaref) is present at
build-time. The second adds appropriate calls to pam_setcred() in sshd.
Without them, our systems can't access AFS because the PAM modules only
get tokens at a
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2001 Sep 05
2
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>Neither the Sun PAM documentation nor the Linux-PAM documentation
>describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail.
I would agree it is vague, but then that is also a problem with the XSSO
document (http://www.opengroup.org/onlinepubs/008329799/)
>Could we please have a clarification on the semantics of
>PAM_CRED_ESTABLISH vs. the semantics of
2020 Jul 01
0
help whith linux client on domain
Hello we have Samba Version 4.3.11, we are trying to logon linux desktop
clients on domain, we easy can join the client on the domain with net rpc
join -S 10.11.37.3 -U xxxxx it is satisfactory. We don't have kinit server.
Later we install libpam-winbind, winbind ,libnss-winbind and samba on the
client side.
Edit nsswitch.conf -->
passwd: compat winbind
2008 Jan 02
0
winbind initialization: GetDC got invalid response type 21
Hi all,
I'm running Samba 3.0.28 on CentOS 5.1 as a PDC. I'm having problems
with winbind taking a long to initialize or reconnect to the domain.
For example, starting winbind and then checking the trust secret takes
~30 seconds:
# time /usr/local/samba/bin/wbinfo -t
checking the trust secret via RPC calls succeeded
real 0m34.055s
user 0m0.008s
sys 0m0.019s
In the logs
2020 Jul 02
0
(no subject)
On 02/07/2020 20:32, jmpatagonia via samba wrote:
> Ok, know from desktop logon apparently the user logon right, look user
> 'policia\gafranchello' granted access on the trace below, but still tel me
> "Invalid password please try again"
>
> Jul 2 16:15:03 samba-cliente polkitd(authority=local): Unregistered
> Authentication Agent for unix-session:c6 (system
2009 Mar 30
1
RPC fault code DCERPC_FAULT_OP_RNG_ERROR
I'm testing out a new Samba setup to hopefully replace my aging Win2k
domain. I've got some of it working:
- My PDC (shadow) seems to be working on the CASA domain with an LDAP
backend.
- nss_ldap and pam_ldap are working on shadow
- I can run wbinfo -u and get the user info from LDAP on shadow.
- I can run wbinfo -a username%password and authenticate a user on shadow.
I can run
2011 Sep 20
0
kinit succeeded but ads_sasl_spnego_krb5_bind failed
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }Hi,
I've seen many people complain about this error message by Googling
around, but I've never found a satisfactory explanation as to the
cause and resolution. I'm hoping someone on the list will be able to
point me in the right direction?
I'm attempting to get a RHEL 5.5 client configured to use winbind
auth
2009 Nov 23
1
Samba 3.0.33/3.2.15 AD joined slow initial connect with LDAP backend
I'm hoping someone can help me with the following. I currently have 2
Samba fileservers version 3.0.23d joined to our corporate Active
Directory. Clients currently are Windows XP. I'm asked to prepare to
migrate XP to Windows 7. From testing it looks like Samba 3.0.23d is not
compatible with Windows 7. Therefor I started testing with the latest
RHEL5 version 3.0.33-3.1e.el5 on RHEL5.
2007 Jun 28
2
3.0.25a && rfc2307
I'm receiving the errors listed below. It also seems unable to map the root
user uid 0 with this filter. That's not that big of a deal.
Wbinfo -u and -g return output but getent passwd does not. This is Ubuntu 7
using debian packages.
[2007/06/28 13:27:59, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user DOMAIN\chapman
[2007/06/28 13:27:59, 5]
2007 May 01
1
Problem with Samba-3.0.25rc3 & idmap_ldap (winbind dumps core)
In an effort to improve my lot, I'm trying to move to a ldap backend
for idmap synchronization when I deploy the new 3.0.25 version on my
systems. In preparation for this, I've set up some test systems --
where I'm having some problems that I think others may be
encountering (according to a few comments I've seen recently).
In a nutshell, I believe I have set up my ldap