Displaying 20 results from an estimated 40000 matches similar to: "samba + kerberos"
2016 Aug 02
2
FW: kerberos nfs4's principals and root access
** I truncate my initial mail below for size reason **
I've tried your tips but nothing better.... AD users can still accessing
share (ouf !!), but local users not more.
I can't find where it blocks....
Thanks for your help Louis,
Greetz,
Bruno
Le 02/08/2016 à 15:33, L.P.H. van Belle a écrit :
>
> You keep 2 ranges.
>
> One for the “local (linux) users”
>
>
2015 Oct 09
0
kerberos nfs4's principals and root access
Hai,
I had it the other way around. Only root acces.
I have scripted my setup and tested on debian.
Look here
https://secure.bazuin.nl/scripts/these_are_experimental_scripts/
setup-nfsv4-kerberos.sh
If you get the file, setup-nfsv4-kerberos.sh and compair it to your setup.
If you can read the bash script maybe you see something you missed.
When i write as "root" its root and
2015 Oct 09
0
kerberos nfs4's principals and root access
Ok, now its clear to me.
We need to set UMICH_SCHEMA in idmap.conf
Read : http://linux.die.net/man/5/idmapd.conf
Working on it now.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
> Verzonden: vrijdag 9 oktober 2015 13:34
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] kerberos
2007 Feb 20
2
SAMBA Kerberos misunderstanding
I suspect I might be grossly misunderstanding kerberos and AD here, but I
cant seem to grok the following.
net ads join integrates my linux samba server (named foundry) into an AD
domain and all works fine. The samba server is using the kerberos keytab.
root@foundry:~ # kinit -k -t /etc/krb5.keytab foundry$
root@foundry:~ # kinit -k -t /etc/krb5.keytab host/foundry.example.local
kinit(v5):
2016 Nov 21
0
kerberos | client not found
Hai Mourik-Jan,
I think you missing your ptr record in the reverse zone.
Or you missing the Krb5KeyTab variable in the apache setup.
Test :
dig keycloak.company.com ( results in A ip. )
dig -x ip_adres
https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at
2024 Feb 28
1
Samba, Kerberos, Autofs: Shares get disconnected
Hi Rowland,
I tried that. As follows:
[root at machinename mnt]# kinit -k MACHINENAME$
[root at machinename mnt]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: MACHINENAME$@CAMPUS
Valid starting Expires Service principal
02/28/2024 11:50:55 02/28/2024 21:50:55 krbtgt/CAMPUS at CAMPUS
renew until 02/29/2024 11:50:55
[root at machinename mnt]# mount -t cifs
2024 Feb 12
1
Samba, Kerberos, Autofs: Shares get disconnected
Dear Rowland
of course, if the network is unreachable, this is also a problem for
autofs. However, when a CIFS share is in the fstab and the network is
unreachable, you cannot boot, as it waits forever to mount all your fstab
entries, whereas with autofs, you can still boot, as there is nothing
really mounted yet.
I show you below my configurations of the server and client machines.
On the
2015 Oct 09
1
kerberos nfs4's principals and root access
Thanks you very much Louis !
I have tried your setup and I can't mount the share neither from the
server itself or the client.
On /var/log/syslog I have :
rpc.gssd : ERROR : no credentials found for connecting to server myserver
This is because the machine principal is not present in the keytab :
$ klist -k
1 nfs/myclient.samdom.com at SAMDOM.COM
1 nfs/myclient.samdom.com at SAMDOM.COM
1
2016 Aug 01
0
kerberos nfs4's principals and root access
Hi,
Sorry for this necrobump.... But I'm still can't use my local root
user to browse content of my NFSv4/Krb5 share...... (others permission
are checked when root use this share)
So a lot of questions appeared during my tests :
- Must i have same idmap.conf on both client and server ?
- Why rpc.idmapd only use 'nsswitch' method even if 'static' is
2016 Nov 21
2
kerberos | client not found
Hi,
Can someone point out what I am doing wrong here?
Background: I'm trying to make keycloak (saml) authenticate using
kerberos, and I'm getting "client not found in kerberos database". Below
are the steps I have taken.
I'm using a domain member servers machine account (server$) to add the
SPN, since keycloak is running on that member server. (for the record:
the
2016 Aug 02
0
kerberos nfs4's principals and root access
Hai,
Here you go..
But all my settings are scripted.
https://github.com/thctlo/samba4
found here.
Read the script : samba-with-nfsv4.sh
Start it like ./ samba-with-nfsv4.sh (client or server)
Its tested and works on debian jessie.
I contains the nfs server settings and client settings.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at
2017 May 10
0
Using smbclient and mount.cifs with SPN in Keytab
Does it work if you test like this.
kinit testuser at EXAMPLE.COM
mount -t cifs -o sec=krb5 //server.example.com/export /mnt/cifs
Have a look here :
https://runops.wordpress.com/2015/03/05/setup-linux-cifs-autofs-automount-using-kerberos-authentication/
I cant tell much about automount, i use it but through systemd for my nfsv4 mounts.
Greetz,
Louis
> -----Oorspronkelijk
2016 Dec 20
0
Problem with keytab: "Client not found in Kerberos database"
Rowland Perry wrote:
> >/imdap config AD : backend = rid /> >/ > /> How did you 'fix' this, on face value, there is nothing wrong with that line.
"imdap" is not "idmap"
(so now you understand why I missed it after staring at it so long :-)
> When you join the domain with 'kerberos method = secrets and keytab',
> you should get a
2018 Oct 10
1
NFSv4, homes, Kerberos...
Thank you for that, i did have a good look at that one.
And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine.
Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled.
And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny
2016 Aug 03
0
FW: kerberos nfs4's principals and root access
Ah ok, you are using "public_html" from a default setup.
Now i understand what you exact want.
If you have the apache keytab created.
Create a cron job and run :
kinit -t /path/to/keytab as the www user.
Dont forget het disable the password change in the AD user for
the "apache Service user" account.
You probely also need to export some kerberos variables like :
2015 Sep 01
0
ldbadd with kerberos ticket => 00002020: Operation unavailable without authentication
On 01/09/15 21:59, Quirin Maier wrote:
> Hi,
>
> I'd like to use ldbadd with kerberos authentication using samba
> 4.2.3-SerNet-Debian-7.jessie, but it seems authentication is not being
> processed. Executing...
>
> kinit Administrator at INTERNAL.DOMAIN.TLD -k -t /etc/admin.keytab
>
> root at dc01:/# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default
2010 Aug 20
0
samba and kerberos tickets
Hi,
I'm running a mixed linux/Windows network with authentication done using
Active Directory. The Linux clients use Samba/Winbind for
authentication (with help from the list, thanks!). I've setup smb.conf
such that doing 'net ads join -Uadministrator' populates
my /etc/krb5.keytab (see configuration files below).
klist shows me a nice set of principals from /etc/krb5.keytab
2015 Oct 09
5
kerberos nfs4's principals and root access
Hello samba team !
I have some NFS4 exports managed by a Samba's Kerberos realm. All the
standard user accesses work fine.
I try now to setup an NFS4 root access to administer the share from
another server (the two host are DC, one PDC and one SDC). But I have
trouble understanding the kerberos/principals layer.
------------
Actually I do
-------------
-> on the server I create an nfs
2011 Mar 10
1
Dove cot+Kerberos
Hi All.
I have a problem with authorization users AD via kerberos in
Dovecot&Postfix.
Windows SRV 2008 Standart - AD
mail server: Gentoo + cyrus-sasl + postfix + dovecot with support
ldap&kerberos.
I am created a 4 keytabs on Windows box.
C:\Users\Admin>ktpass -princ host/srv-mail.cn.energy at CN.ENERGY -mapuser
ldapmail at CN.ENERGY -pass "superpasswd" -crypto RC4-HMAC-NT
2016 Dec 20
4
Problem with keytab: "Client not found in Kerberos database"
I finally found it, thanks to a clue from
https://wiki.archlinux.org/index.php/Active_Directory_Integration
This works:
kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$'
These don't work:
kinit -k -t /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net
kinit -k -t /etc/krb5.keytab host/wrn-radtest
That is: the keytab contains three different principals:
root