similar to: Samba + Windows 2008 + Solaris + Native nss_ldap/gssapi - Possible?

Ok, you did to much as far i can tell. You want to see this: i'll show my output, then i is better to see what i mean. this is where you start with. klist -ke |sort ( default member ) ---- -------------------------------------------------------------------------- 3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96) 3 host/HOSTNAME1 at REALM.DOMAIN.TLD

Ok, Your keytab looks ok now. oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp. fs-a.dom.corp has address 10.0.0.2 i would have expected here. oldsamba.dom.corp is an alias for fs-a.dom.corp. fs-a.dom.corp has address 10.0.0.2 Or was that a typo? I assuming a typo.. About your setup from the script outpout. Change this one. /etc/hosts 10.0.0.2 fs-a.dom.corp fs-a oldsamba #

Hi, the problem seems to be related to this bug: https://bugzilla.samba.org/show_bug.cgi?id=6750 I try therefore to set machine password timeout = 0 Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba < samba at lists.samba.org> ha scritto: > On 29/10/2019 10:04, banda bassotti wrote: > > I had already done it: > > > > # samba-tool spn list

THANK YOU FOR YOUR REPLY THE RESULT : KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/samba4 at FSS.LAN (des-cbc-crc) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc) 1 SAMBA4$@FSS.LAN (des-cbc-crc) 1 HOST/samba4 at FSS.LAN (des-cbc-md5) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5) 1 SAMBA4$@FSS.LAN (des-cbc-md5) 1

Can someone help me with samba4 with internal dns. Something strange showing in log.smbd when computers are doing gpupdate (becouse of this error computers cant apply gpo) log.smbd on DC1: [2017/01/13 13:49:16.075361, 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find

Hello everyone since now a certain time I pull my hair and do not understand the source of my problem. after a samba 3 pdc migration to samba 4.8.5 AD, when a windows client starts the gpo computer is not applied to the boot. in the windows logs there are 1058 GPO errors and server side samba here are the logs: GSS server Update (krb5) (1) Update failed: Miscellaneous failure (see text): Failed

am getting this error in smbd.log when user try to open Share from Windows box: gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/mymember.my.domain.tld at MY.DOMAIN.TLD(kvno 58) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE I have made a research here in google and here in mail

I have a Windows 2008 domain (one Win 2008 DC, one Win 2012 R2 DC.) I am trying to join a Solaris 11 machine to the domain for both Samba and other services. For "unix" logins and ssh, Solaris 11 is configured to use LDAP for user and group lookup and kerberos for authentication. The "kclient -T ms_ad" command joins the Solaris machine to the AD domain. It even

what is the output of "kvno dc.domain.net.pl"? There seems to be mismatch kvno of the secrets keytab, and what is client expecting (kvno 2). Kvno increments by 1 for every password change. Was there by any chance password change for the dc$ account and keytab was not recreated? If You made some upgrades, maybe during process You for example rejoined the domain (that would set new

Hi, I suggest you post this to samba at list.samba.org that more for these questions. Try this setting in resolv.conf search domain.net.pl nameserver 10.1.10.11 # IP of DC itself. #nameserver # and extra nameserver that has access to the DC dns info. (a second dc maybe) nameserver 8.8.8.8 # IP of forwarder in SMB.conf as backup for internet access. # and max 3 nameservers in

Try verifying kvno from the client that gives the error message. That kvno = 2 for dc$ must've come from somewhere. You can also double check e.g. via ADUC ldap attributes of the dc$: lastpwdset and kvno. If  kvno is definately 1 that means that client connecting has some error, if it's 2, than it means that dc has outdated keytab. And if it's the former, than I really am not sure

On Fri, 3 Feb 2017 16:00:45 +0100 Łukasz Sellmann via samba <samba at lists.samba.org> wrote: > any ideas ? please i got stuck and have no ideas what else i can do > > > pozdrawiam > > Łukasz Sellmann > > 2017-02-01 17:50 GMT+01:00 Łukasz Sellmann <bravo.galaxy at gmail.com>: > > > Can someone help me with samba4 with internal dns. Something

OK, for now it seem to work. Server: dovecot.my.fqdn.com Security: STARTTLS Auth: Kerberos/GSSAPI Possible Problems: - Keytabfile (samba-tool delegation show dovecot\$) ? - IP as Servername - SSL/TLS Port 993 ? Maybe someone can complete the wiki with thunderbird settings? P.S. Roland kinit -V5 DOVECOTUSER at MY.FQDN.COM did also work I use the samba wiki, dont know why only export 3

hello, today the following problem occurred: [2019/10/08 09: 57: 23.568282, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token) gss_accept_sec_context failed with [Miscellaneous failure (see text): Failed to find cifs/fs-share at dom.corp (kvno 109) in keytab MEMORY: cifs_srv_keytab (arcfour-hmac-md5)] in my smb.conf I have the lines: kerberos method = dedicated keytab

Hello Samba team ! I'am in a very delicate situation. After an upgrade to debian Stretch my DRS stopped working. I have three DCs (fichdc, fichds01, fichds02), all Debian Stretch, all with the same problem. Everything seems to be fine except DRS. -> File shares works -> DNS (with bind9 DLZ) works -> "kinit administrator" works -> "kinit -k FICHDC$" works ->

On 18.07.2016 22:48, Achim Gottinger wrote: > > > Am 18.07.2016 um 11:45 schrieb Norbert Hanke: >> On 18.07.2016 01:52, Achim Gottinger wrote: >>> >>> >>> Am 18.07.2016 um 01:02 schrieb Norbert Hanke: >>>> Hello, >>>> >>>> I'm trying to join a samba 4 DC to an already existing samba 4 DC, >>>> both with

Today's episode of "why is AD break", brought to you by: > [2017/09/05 10:17:06.015617, 3] ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not registered with our KDC: Miscellaneous failure (see text): Server (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > [2017/09/05 10:17:06.015717, 0]

Am 29.04.2019 um 19:21 schrieb Rowland Penny via samba: > On Mon, 29 Apr 2019 19:02:44 +0200 > Christian via samba <samba at lists.samba.org> wrote: > >>>>> Thats a strange one.. >>>>> >>>>>> This is correct: 'dns-dc2' uses "msDS-SupportedEncryptionTypes": >>>>>> 31 (0x0000001f)

Thank you, Louis, for your reply. By simply asking me to provide outputs of the aforementioned files, I found the cause of my first problem (auth failing). It was my /etc/hosts file on dc1. All of them should look like this, and indeed DC2 and DC3's *did* look like this: # cat /etc/hosts > 127.0.0.1 ? ? ? localhost.samdom.mycompany.net ?localhost > 192.168.3.201

Hai, And Omg... Your right, its my fault. :-/ I didnt say to you, you needed make the changes, to change what Rowland showed. Im really sorry.. ;-) when im in austria i'll buy you a beer. Or if you want teach you snowboarding.. I have an other guy in austria that cant ski/board. Im going to teach him also. .. So funny a dutch guy teaching to austria guys.. :-) And how is it running