Displaying 20 results from an estimated 1000 matches similar to: "[PLUG] Ongoing saga with Samba and AD"
2010 May 13
1
Still can't mount Samba shares from other Samba server
I am *still* unable to mount shares from a Ubuntu 10.04 server, using a
Ubuntu 10.04 laptop. I totally re-formatted both my desktop and my
laptop with Ubuntu 10.04 (so that they would be using the same version
of Samba). I am using the exact same smb.conf for the 2 machines (less
the share definitions, which exist only on the desktop, known as
"workhorse"). wbinfo -u, wbinfo -g,
2010 Apr 23
2
Can join AD 2003 domain; can't list shares from other servers
I set up an old laptop with Xubuntu 9.10. I configured Samba as to work
with my Win2003 AD domain that has MS Services for Unix installed.
I can get a Kerberos ticket. I successfully added the laptop to the AD
domain. wbinfo -a shows me all users, domain and local. wbinfo -g shows
me all groups. wbinfo -a user%password returns successfully. "getent
passwd" works as expected - I see
2010 May 02
2
Problems using multiple Samba servers in a Win2003 AD domain
I've been at this for days, and making no headway. It's very
discouraging. I have a Win2003 domain, that has the Services for Unix
extensions installed. I am trying to have multiple Samba servers as
domain members. (in my case, one desktop sharing files, and one laptop,
accessing the shares). And at the moment, it doesn't (fully) work.
Each Samba server can see shares from the other.
2008 Jan 20
1
winbind forced password change requires interactive shell
We've discovered that although Winbind supports password changes when the
account password is expired, this only works with *interactive* shells.
This is a major problem for us. Use case 1: SSH tunnels:
$ ssh user2@localhost -N -L 4711:localhost:22
user2@localhost's password:
<trying to use the tunnel>
channel 2: open failed: administratively prohibited: open failed
As you can
2018 Jul 24
0
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van
> Belle via samba
> Sent: 24 July 2018 09:41
> To: samba at lists.samba.org
> Subject: Re: [Samba] Failed to establish your Kerberos Ticket cache due time
> differences with the domain controller
>
> I did re-read the whole thread again.
>
> Im running out
2009 Jun 24
0
winbind authentication mystery
Greetings,
I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind
authentication against a Windows 2003 server.
I've run kinit and net join successfully, and can wbinfo -u, -g, and -t
successfully, as well as getent passwd and getent group successfully. I
can even use passwd to change domain user passwords.
However, when I try to log in via gdm, ssh, or even su, I do not
2009 Dec 31
0
winbind authentication mystery
Hi Chris,
Were you able to solve this.
Regards,
David.
Greetings,
I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind
authentication against a Windows 2003 server.
I've run kinit and net join successfully, and can wbinfo -u, -g, and -t
successfully, as well as getent passwd and getent group successfully. I
can even use passwd to change domain user passwords.
However,
2010 May 04
2
smbclient -k works; mount -t cifs does not
I am confused (nothing new there ...). I have 2 Ubuntu 9.10 Samba
servers. I am trying to mount a share from the other (i.e., "workhorse"
is trying to mount a share on "dual-booter"). If I specify a smbmount
command with a -k option, I can mount the share:
turgon at workhorse:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: turgon at DACRIB.LOCAL
Valid starting
2010 Apr 24
1
Samba: trust fails - MORE
So I ended up doing a
net ads leave
which removed the machine account from Active directory. Now I am trying
to re-add it, but it seems to still be hanging around in Kerberos ...
root at workhorse:/etc# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at DACRIB.LOCAL
Valid starting Expires Service principal
04/24/10 17:25:50 04/25/10 03:25:55
2007 Aug 14
0
Winbind fails to refresh Kerberos tickets (3.0.25b - Fedora Core 5) - 2nd Try
This is the second attempt at sending this. Apologies for any duplicates.
I've got Winbind up and running to authenticate our users against our AD
and to save kerberos tickets. I have used the "winbind refresh tickets =
yes" setting expecting this to renew these kerberos tickets before they
expire. This does not appear to work. Gnome will pop up a dialog box
saying that the
2020 Jul 29
1
kerberos ticket on login problem
On 7/28/2020 4:11 PM, Jason Keltz wrote:
>
> On 7/28/2020 3:59 PM, Jason Keltz via samba wrote:
>> I'm experimenting with smb + winbind.
>>
>> My host is joined to AD and I can login to my host fine using my AD
>> credentials via SSH.?? The only issue is that I don't get a Kerberos
>> ticket generated.
>>
>> In
2010 Apr 29
1
wbinfo -a fails plaintext auth; passes challenge/response
Once again, I am trying to add a machine to my Win2003 AD (that has
Services for Unix installed). I am using Xubuntu 9.10, and samba 3.4.0.
I set up Kerberos, and am getting a ticket. I have successfully joined
the domain.
# net ads join -U administrator
Enter administrator's password:
Using short domain name -- DACRIB
Joined 'DUAL-BOOTER' to realm 'DaCrib.local'
wbinfo -u
2024 Nov 27
1
pam_winbind Appears to need a Network Connection to Succeed at Offline Authentication
On Wed, 27 Nov 2024 10:19:48 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:
> When I put winbindd in offline mode,
>
> ??? terra ~ # smbcontrol winbindd offline
> ??? terra ~ # smbcontrol winbindd onlinestatus
> ??? PID 20664: global:Offline BUILTIN:Online TERRA:Online
> HOME:Offline
>
> I can successfully log in (with the test
2009 Mar 13
1
PAM_WINBIND problem with sambaPwdMustChange
Hi People!
I use pam_winbind for authentication in my computer workstation using
Debian Lenny 5.0, Stable Version.
I configure my user with this option "sambaPwdMustChange: 0", and I
logon in GDM without asking to change password. Who knows what can be?
I use Samba PDC with Heimdal Kerberos, but, I configure PAM with only
pam_winbind for tests...
Client versions:
ii
2011 Aug 15
0
Ongoing VM saga ....
.... I have a 64-bit CentOS 5.6 VM running on a 64-bit FC-14 host. I was
originally using the stock NAT networking on the guest, which could
access the host, but nothing else on the network. I eventually found
some links on how to setup routed networking on the guest using a
specifically setup bridge. I followed the example a bit too closely,
bridging my eth0 interface, which is the one I
2011 Jul 12
1
CentOS 6: the ongoing saga
We'll ignore that the group name for KDE changed, and so, since we had it
on the same line as X, neither was installed.
However, more of an annoyance: to get nfs working, I had to install:
pam-krb5
ncsd
then fix /etc/init.d/autofs (when I did a service restart, it told me
automount was running, and did not stop it), then after some research,
found I had to manually start rpcbind, *then*
2024 Nov 27
2
pam_winbind Appears to need a Network Connection to Succeed at Offline Authentication
When I put winbindd in offline mode,
??? terra ~ # smbcontrol winbindd offline
??? terra ~ # smbcontrol winbindd onlinestatus
??? PID 20664: global:Offline BUILTIN:Online TERRA:Online HOME:Offline
I can successfully log in (with the test shown in the PAM Offline
Authentication Wiki article):
??? terra ~ # ssh SAMDOM\\jgraham at localhost
??? (SAMDOM\jgraham at localhost) Password:
???
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
1999 Dec 28
0
Patches to report rsaref build and to call pam_setcred
I've attached two patches. The first just changes the output of "ssh -V"
to print that it was built against rsaref if libRSAglue (which is built
as part of openssl only when it is built against rsaref) is present at
build-time. The second adds appropriate calls to pam_setcred() in sshd.
Without them, our systems can't access AFS because the PAM modules only
get tokens at a
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",