similar to: klist versus kadmin

Sorry my bad I forgot to reply all. Begin forwarded message: > From: Mike Gallamore <mike@mpi-cbg.de> > Date: November 7, 2008 12:35:20 PM GMT+01:00 > To: "degbert degbert" <degbert42@gmail.com> > Subject: Re: [Samba] AD howtos: LDAP needed? > > My understanding is AD was/is MS's implementation of LDAP. http://en.wikipedia.org/wiki/Active_directory

Hello, With grub I can use "e" to edit the kernel options before booting. Can I do this with pxelinux.0? I have a lot of kickstart files, and now I have inherited a lot of hardware which requires a serial console and text install. Instead of doubling the number of kickstart files, it would be nice if I could append "text serial=XXX" to the kernel options for a particular

Hello, Sorry for two messages, but I thought it would make more sense to use one message per question. Why do so many (but not all) AD howtos mention LDAP? Without configuring LDAP I can use getent passwd or getent group to see the users in the AD. Is there a benefit to also editing nsswitch to query LDAP? Degbert.

Hello, Everything looks like it is working fine. I get no errors, I can use kinit, net ads join works, wbinfo and co. work perfectly. The AD sees the computer added, the dns and reverse dns entries are created. Login via ssh even works with the AD users (but not with SSO). To make that work, I need a keytab, but when I run kadmin, I get the error: "client not found in kerberos database

Author: willf Repository: /hg/zfs-crypto/gate Revision: efc14bf5fbfc26ff040aab6292cb3b1d7b6334aa Log message: 6403208 kadmin.local -q ''cpw -randkey <princ>'' not using all supported enctypes Files: update: usr/src/cmd/krb5/kadmin/cli/kadmin.c

This completes the server side daemons ipa support --- installer/modules/ovirt/manifests/ovirt.pp | 5 ++++ src/host-browser/host-browser.rb | 29 +++++++++++++++++++++------ 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp index 2e91e69..d3d01d6 100644 ---

Hi, i would like to use on Centos 5 Microsoft kerberos tickets for authentication for some applications. LDAP FDS for example. For that I have to add some spn to Active Directory. And afterwards to export this to local keytab. --------- kadmin -q "add_principal -randkey ldap/${INSTANCE}.${fully-qualified-domain}" Then, export that key to a keytab file. If you've deployed

I am having two problems when testing the samba4 installation this problem is when running smbclient //localhost/netlogon -Uadministrator% -c 'ls' sienicdc1:/home/eduardo # smbclient //localhost/netlogon -Uadministrator% -c 'ls' Anonymous login successful Domain=[SIENIC] OS=[Unix] Server=[Samba 4.0.8] tree connect failed: NT_STATUS_ACCESS_DENIED and this one is when running

Hi, I'm a newbie with Samba but believe me prior to posting to the list I have read almost everything out there and still don't get my issue solved. I have also re-installed Samba but still no luck. I have Samba 3.0.21b installed and had it working for a day. I've installed it using security = ads with winbind and everything was smooth except when I started configuring PAM so

Greetings, Long-time but very occasional samba user here with a new challenge (well for me at least). The basics are that on the domain join, the computer account gets created but throws the dns error which based on my searching seems non-fatal. wbinfo -t gives me a succeeded, wbinfo -a klm.com\\me --ntlmv2 works fine but yet the net ads testjoin fails. Logs on the domain controller show

I myself have dovecot running and auth is against a samba4 dc running on the same host. Perhaps it can help you to let samba do the authentification. Greetings Daniel EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 Email: mueller at tropenklinik.de www.tropenklinik.de

Hello Kevin, We have a  Samba/Windows20008R2 domain that's been running a few years now. Here are the details: * clients auth with SSSD (ldap, kerberos, ldap_schema=rfc2307bis) * idmap * samba on clients/server for joining domain We have scripts that automatically create users with UnixHomeDir, UID and GUID numbers within AD. I don't know about using WInbind...  I dropped that

> ... you don't get the /etc/krb5.keytab by default on a DC, you will need > to create it: > > samba-tool domain exportkeytab /etc/krb5.keytab Excellent! Thank you. I've done that now, but I have more issues more appropriate to a reply to mathias' message following. --Mark -----Original Message----- > To: samba at lists.samba.org > From: Rowland penny <rpenny

Hi Louis, Thanks for the reply. Upon checking the URL you sent, I'm not finding which stanzas you're referring to as being samba3 - my smb.conf looks remarkably similar to the sample I see there. Could you perhaps be more specific? Thanks, --Schuyler On Tue, Nov 17, 2015 at 11:23 AM L.P.H. van Belle <belle at bazuin.nl> wrote: > Your using a samba3 config on a samba 4. >

On Sun, 3 Mar 2019 13:14:35 +0000 (UTC) Billy Bob <billysbobs at yahoo.com> wrote: > > > > > > The 'Nooooo, don't do that is: > > > > > Don't change the UPN > > > > > > > > Why not? It's a recommended best practice to choose a subdomain > > > > of your primary domain (e.g. "ad.example.com"), and

Hai   After my squid group adventure, i have a remaining question here.   The problem was as followed. ( and this probely dont applie to squid kerberos helpers only. )   samba-tool setup for squid i used, was as followed.   samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password samba-tool user setexpiry

> > > The 'Nooooo, don't do that is: > > > Don't change the UPN > > > > Why not? It's a recommended best practice to choose a subdomain of > > your primary domain (e.g. "ad.example.com"), and then add alternate > > UPN suffix which allows user logons to match their email addresses. > > > > In fact, this page on the

no thats not it samba-tool does not set upn but msktutil does set the upn. So an option for samba-tool to set upn would be nice... Greetz Louis > Op 28 dec. 2016 om 18:38 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven: > > On Wed, 28 Dec 2016 17:05:39 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

Thanks Luc, First, can I just use the small /etc/krb5.conf suggested in Samba AD docs or do I need something more substantial on the server & client for Kerberos NFS to work? [libdefaults]         default_realm = SUBDOMAIN.DOMAIN.COM         dns_lookup_realm = false         dns_lookup_kdc = true I understand a /etc/krb5.keytab file has to be created on both server & client. Most

Hi Rowland, Apologies for the tardy reply, I mistakenly set the mailing list to digest... Thanks for the suggestion, I'll ask the AD guys about this but I have a feeling it is an unlikely solution as Office 365 & Skype for Business apparently relies on the UPN. Unfortunately the local domain is a result of following Microsoft's "Best Practice" in the early 2000's which