similar to: failed to create kerberos keytab with samba-3.2.0 [solved (sort of)]

Hi, I have a couple of old samba 3.0.30 installations. I enabled the "use kerberos keytab" option in the smb.conf file to aquire a tgt automatically when a user logs in. This works fine on 3.0.30 installs. On newer samba versions I recognized that the option has been phased out and replaced by a newer option called "kerberos method" the man page is not really clear about what

Dear All, I have compiled 3.0.30/3.2.0 on a Solaris 10 Generic_127111-09. Samba 3.0.25a was a package from http://www.sunfreeware.com/indexsparc10.html The samba share works fine with Windows XP client on all versions. I have tried to test the password expiry feature using the command below: pdbedit -P "maximum password age" -C 300 If I now try on log on the samba logs quite

I'm building samba-3.2.0 on a Solaris 10 x64 box using the Sun Studio cc compiler. I'm running into a problem. I have a workaround. Let me know if I should post a bug report. A. The problem: $ ./configure --prefix=/usr/local/samba-3.2.0 --with-ads --with-pam --with-acl-support --with-shared-modules=idmap_ad --enable-socket-wrapper --enable-nss-wrapper

Dear All, Yesterday I downloaded the latest Samba release 3.2.0 and tried to compile it against blastwave.org packages, as I always do. But it fails with error: "/usr/include/sys/termios.h", line 38: warning: macro redefined: CTRL "./librpc/gen_ndr/srvsvc.h", line 232: warning: enumerator value overflows INT_M AX (2147483647) "./librpc/gen_ndr/srvsvc.h", line 235:

Dear All, Yesterday I downloaded the latest Samba release 3.2.0 and tried to compile it against blastwave.org packages, as I always do. But it fails with error: "/usr/include/sys/termios.h", line 38: warning: macro redefined: CTRL "./librpc/gen_ndr/srvsvc.h", line 232: warning: enumerator value overflows INT_M AX (2147483647) "./librpc/gen_ndr/srvsvc.h", line 235:

Hi, I'm still unable to compile samba 3.2.0 under Solaris 8. After removing the "bin/libtalloc.so.1" and "bin/libtdb.so.1" I get another error: "./librpc/gen_ndr/srvsvc.h", line 242: warning: enumerator value overflows INT_MAX (2147483647) "./librpc/gen_ndr/wkssvc.h", line 10: warning: useless declaration "./librpc/gen_ndr/samr.h", line 633:

I set up 4 Sun X4540 servers running Solaris 10 and Samba v3.0.33. A couple weeks back, one of the 4 stopped authenticating Windows AD requests. I've tried removed it an adding it back to the domain, but still no luck. The global config on the 4 servers is the same, only the shares are different. When I first installed Samba on this server (and everything was working), I didn't have to

A question regarding the “kerberos method” configuration option in smb.conf: Are there any practical differences between using ’secrets and keytab’ and ’system keytab’? I’ve been running Samba servers using both methods for a long time and both seems to work more or less fine, but since we’re having this “login hickup at 10 hour service ticket expiration problem” I’m trying to find out if this

Hello. I recompiled from the samba.org 3.0.7 SRPMs and it worked like a charm. I think the problem may have been that I was using RHEL3's 3.0.6 samba RPMs which depended on their own krb5-libs, and I used kerberos rpms that don't use e2fsprogs's libcom_err. Anyone privilaged enough to be using RHEL3 to integrate their linux machines into ADS may want to rebuild anything depending on

This new operation removes the Kerberos /etc/krb5.keytab file from the guest. Thanks to Christian Heimes and François Cami for the hints. Related to RHBZ#1789592. --- sysprep/Makefile.am | 1 + .../sysprep_operation_kerberos_hostkeytab.ml | 38 +++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 sysprep/sysprep_operation_kerberos_hostkeytab.ml

Hi Andreas, I convinced Rowland to change the wiki like that. You might want to check out the thread "Samba4 and sssd, keytab file expires?". Read it, and You will understand its implications. Even if it works now, it doesn't mean that it will work for long... The first thing I would check is the kerberos setup. I would also check, whether DNS is OK for both forward and

On 13/02/15 10:26, Andreas Hauffe wrote: > Hi Peter, > > thanks for your hints. The point is, that no /etc/krb5.conf was generated automatically when > joining the domain (told in the wiki). Now I generated one manually and now it works. /etc/krb5.conf is never created automatically when you join the domain, /etc/krb5.keytab is, so can you point to where in the wiki it says that the

Am Freitag, 13. Februar 2015, 11:04:26 schrieb Rowland Penny: > On 13/02/15 10:26, Andreas Hauffe wrote: > > Hi Peter, > > > > thanks for your hints. The point is, that no /etc/krb5.conf was generated > > automatically when joining the domain (told in the wiki). Now I generated > > one manually and now it works. > /etc/krb5.conf is never created automatically

On 14/07/16 15:53, Mark Foley wrote: > Yes, they did add it to the dovecot wiki: http://wiki2.dovecot.org/Authentication/Kerberos > > Certainly, check with Marc. I wouldn't advocate doing things against policy (but changing the > policy a bit?) Even though this is about dovecot specifically, in general, one should be able > to authenticate locally, as you mention in your email

On 14/07/16 21:52, Andrew Bartlett wrote: > On Thu, 2016-07-14 at 16:20 +0100, Rowland penny wrote: > >> I don't think the problem is with mentioning 'Dovecot', it is with >> using >> the DC for anything other than authentication. >> >> Reading the Dovecot wiki page, creating the user & SPN on the DC is >> okay, but once you start exporting

start with fixing the overlapping idmap config. that wont help. check again if host.fqdn a and ptr exists in the dns. check resolv.conf make sure your primary domain is listed first. you left and rejoined the domain, so you can try regenerateing your keytab file also. start with that greetz Louis > Op 19 dec. 2016 om 21:04 heeft Brian Candler via samba <samba at lists.samba.org>

On 20/12/2016 14:10, Rowland Penny wrote: >> I can't use rlm_krb5, because I plan to use PEAP+MSCHAP for wifi >> authentication. The krb5 module requires a cleartext password, but >> MSCHAP does not pass a cleartext password. (It is possible to use >> krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a >> cleartext password) > You might want to

Am 20.12.2016 um 14:50 schrieb Brian Candler via samba: > (2) Can "net ads keytab create" be told to extract just a single named > principal? That would simplify things. But I can't see how to. > > As usual... clues gratefully received. samba-tool domain exportkeytab [keytabfile] --principal=[SPN or UPN] In your case samba-tool domain exportkeytab /etc/krb5.keytab

openSUSE 12.1, Samba 3.61 joined to Samba 4 Domain /etc/samba/smb.conf on the Linux client is as follows: workgroup = CACTUS realm = HH3.SITE security = ADS use kerberos keytab = true testparm tells me it is ignoring the 'use kerberos keytab = true' entry. Linux users can logon fine, kinit and getent password work. The Samba 4 logs show that kerberos has authenticated the user. Users

On 15/07/16 00:34, Andrew Bartlett wrote: > On Thu, 2016-07-14 at 22:05 +0100, Rowland penny wrote: >> On 14/07/16 21:52, Andrew Bartlett wrote: >>> >>> Rowland: >>> >>> Running samba-tool domain exportkeytab for a specific user is quite >>> a >>> reasonable thing to do, and is entirely sensible to recommand as >>> part