similar to: "security = server" vs "security = domain" + samba auth problems

Hi all, I have, what I think is a relatively simple samba/kerberos problem that I am not seeing the obvious side to. I'll explain the scenario. I have an OpenLDAP KDC or Directory Master. For the purposes of this conversation, it is the authentication server, and the bit that grants/ hands out all the ticket information. I have a Solaris 10 system running the default Sun shipped Samba

I think I've found out why MacOS 10.5.x (Leopard) clients are unable to connect to Samba shares when authenticating with Kerberos. Basically, the Leopard Macs insert a few extra bytes (Padding and reqFlags, according to wireshark) into the security blob within the Session Setup AndX Request packet, bytes whose start tag is 0xa1, in a spot where Samba's parser expects 0xa2. The critical

Hi, The problem the other way around: IceS -> IceCast -> ShoutCast -> KiSS (the KiSS then decodes the mp3 to a RAW SPDIF stream, which is received by my sourround receiver). But the constallation is somewhat overkill and slightly unstable, so I would prefer just IceS -> IceCast -> KiSS But that does not work at all for unknown reasons (since shoutcast can do this, and the

Hi All, anyone else found that adding a Samba server to an AD domain appears to be incompatible with using an AD Kerberos realm to provide other Kerberised services such as NFS from the same UNIX host? Problem I have is that when you join an AD domain thorough Samba 3.x net command this creates a computer account in the AD to which the administrator does not know the account password. If you

Hi all, using samba 2.2.5; security=server connecting as user1 (user logged in on PC) works (12:28:55), disconnecting and connecting as another user2 (not the user logged in on PC) works too (12:30:22), but disconnecting and connecting again as user1 (user logged in on PC) fails (12:34:29) as well as user2 (12:38:19). It seems it works only once and never again after one time logged in as user2 ?

ZFS also does some fun things here if you want to build an SSD & spinning disk array - http://zfsonlinux.org/ On 11 January 2017 at 11:56, J Martin Rushton < martinrushton56 at btinternet.com> wrote: > Hmm, don't you just love changing terminology! I've been using HSM > systems at work since '99. BTW, DMAPI is the Data Management API which > was a common(ish)

HSM also stands for "Hardware security module" Maybe lvmcache would be interesting for you? HSM is more popularly known as "tiering". Cheers, Andrew On 11 January 2017 at 11:15, J Martin Rushton < martinrushton56 at btinternet.com> wrote: > I think there may be some confusion here. By HSM I was referring to > Hierarchical Storage Management, whereby there are

Hmm, don't you just love changing terminology! I've been using HSM systems at work since '99. BTW, DMAPI is the Data Management API which was a common(ish) extension used by amongst others SGI and IBM. Back to lvmcache. It looks interesting. I'd earlier dismissed LVM since it is block orientated, not file orientated. Probably because my mental image is of files migrating to

Greetings: I've just attempted to upgrade from openssh-2.1.1p1 to openssh-2.1.1p3 and I'm having problems with the server component. My system runs RedHat Linux 6.2 (x86 version) with all currently released updates applied. The sshd daemon is being spawned by xinetd with the -i option and worked fine with the p1 level release. Now, when a remote client attempts to connect to the daemon,

Andrew, I have a software which need the following package but I can't find it in Internet. Could you advice me where I can download it? samba-3.0.10-1.4E6.HSM.2.i386 samba-common-3.0.10-1.3E.6.HSM.2 samba-client-3.0.10-1.4E.6.HSM.2 Thanks, Isaac Chan

Hello, OpenSSH supports PKCS#11 on the client side, but that does not extend to the server side. I would like to bring PKCS#11 support to sshd. I am working on embedded Linux systems with integrated HSM. The sshd host key is stored on the HSM. To have sshd using that key, we rely on the following chain: sshd -> OpenSSL -> OpenSSL Engine -> HSM Having PKCS#11 support in sshd, would

Ah ok, you are using "public_html" from a default setup. Now i understand what you exact want. If you have the apache keytab created. Create a cron job and run : kinit -t /path/to/keytab as the www user. Dont forget het disable the password change in the AD user for the "apache Service user" account. You probely also need to export some kerberos variables like :

Some HSM's such as Safenet Network HSM do not allow searching for keys unauthenticated. To support such devices provide a mechanism for users to provide a pin code that is always used to automatically log in to the HSM when using PKCS11. The pin code is read from a file specified by the environment variable SSH_PKCS11_PINFILE if it is set. Tested against Safenet Network HSM. ---

On 11/16/16, 8:55 AM, "openssh-unix-dev on behalf of Juha-Matti Tapio" <openssh-unix-dev-bounces+uri=ll.mit.edu at mindrot.org on behalf of jmtapio at ssh.com> wrote: On Wed, Nov 16, 2016 at 12:54:44PM +0000, Blumenthal, Uri - 0553 - MITLL wrote: > I find this approach very bad in general. > > PKCS#11 standard says that *private* keys should not be

As Samba 3.x does not work with the Kerberos included with Solaris (it has no headers) I have to remove it and replace it with MIT kerberos. Does anyone know if Solaris kerberised services will still work normally (without modification) such as kerberised NFS? I briefly tested this and couldn't het it to work, but if someone has a definative answer it might save me a lot of trouble, thanks

Last year the samba servers for our Georgia Tech computer clusters were crashing about once a day running samba 2.0.7. Upgrading to 2.2.5 was disastrous - the Windows machines in the cluster started giving chronic bad-password errors. Since daily crashes seemed an easier problem to fix, we dug in and fixed the 2.0.9 source code. (Our patch is attached, for those interested in running 2.0.9

I find this approach very bad in general.? PKCS#11 standard says that *private* keys should not be accessible without authentication. *Public* keys and certificates of course can and should be accessible with no authentication. SoftHSM misinterpreted this originally (older pkcs11 documents were less clear :), but they rectified this mistake. We should not repeat it.?

I said I had several questions to start threads on.... What about ZFS and various HSM solutions? Do any of them already work with ZFS? Are any going to? It seems like HSM solutions that access things at a file level would have little trouble integrating with ZFS. But ones that work at a block level would have a harder time. On that same thread, what about support for DMAPI within ZFS?

Hi - I was wondering if any of you may be able to point me in the right direction. I am in the process of designing a fairly large fileserver solution in an MS Active directory environment. I have setup and tested ctdb samba, however, after several discussions with a couple of my colleagues, i am now considering a more vanilla flavour of samba. The key features the solution requires are: •

Hi. I'm looking for a tutorial/how-to for a HSM (Hierarchical /Storage/ Management). keeping old messages for a user in a cheap storage and recent messages in a faster one. I see on dovecot2 wiki an alternative for hsm as "Alternate storage", but I don't now if it's a good solution for me. The expected result is a faster imap/pop access for new messages on a