similar to: [PLUG] Ongoing saga with Samba and AD

I am *still* unable to mount shares from a Ubuntu 10.04 server, using a Ubuntu 10.04 laptop. I totally re-formatted both my desktop and my laptop with Ubuntu 10.04 (so that they would be using the same version of Samba). I am using the exact same smb.conf for the 2 machines (less the share definitions, which exist only on the desktop, known as "workhorse"). wbinfo -u, wbinfo -g,

I set up an old laptop with Xubuntu 9.10. I configured Samba as to work with my Win2003 AD domain that has MS Services for Unix installed. I can get a Kerberos ticket. I successfully added the laptop to the AD domain. wbinfo -a shows me all users, domain and local. wbinfo -g shows me all groups. wbinfo -a user%password returns successfully. "getent passwd" works as expected - I see

We've discovered that although Winbind supports password changes when the account password is expired, this only works with *interactive* shells. This is a major problem for us. Use case 1: SSH tunnels: $ ssh user2@localhost -N -L 4711:localhost:22 user2@localhost's password: <trying to use the tunnel> channel 2: open failed: administratively prohibited: open failed As you can

I've been at this for days, and making no headway. It's very discouraging. I have a Win2003 domain, that has the Services for Unix extensions installed. I am trying to have multiple Samba servers as domain members. (in my case, one desktop sharing files, and one laptop, accessing the shares). And at the moment, it doesn't (fully) work. Each Samba server can see shares from the other.

> -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. van > Belle via samba > Sent: 24 July 2018 09:41 > To: samba at lists.samba.org > Subject: Re: [Samba] Failed to establish your Kerberos Ticket cache due time > differences with the domain controller > > I did re-read the whole thread again. > > Im running out

Greetings, I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind authentication against a Windows 2003 server. I've run kinit and net join successfully, and can wbinfo -u, -g, and -t successfully, as well as getent passwd and getent group successfully. I can even use passwd to change domain user passwords. However, when I try to log in via gdm, ssh, or even su, I do not

Hi Chris, Were you able to solve this. Regards, David. Greetings, I'm running Fedora 11 (Samba 3.3.2) and am trying to configure winbind authentication against a Windows 2003 server. I've run kinit and net join successfully, and can wbinfo -u, -g, and -t successfully, as well as getent passwd and getent group successfully. I can even use passwd to change domain user passwords. However,

I am confused (nothing new there ...). I have 2 Ubuntu 9.10 Samba servers. I am trying to mount a share from the other (i.e., "workhorse" is trying to mount a share on "dual-booter"). If I specify a smbmount command with a -k option, I can mount the share: turgon at workhorse:~$ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: turgon at DACRIB.LOCAL Valid starting

So I ended up doing a net ads leave which removed the machine account from Active directory. Now I am trying to re-add it, but it seems to still be hanging around in Kerberos ... root at workhorse:/etc# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at DACRIB.LOCAL Valid starting Expires Service principal 04/24/10 17:25:50 04/25/10 03:25:55

This is the second attempt at sending this. Apologies for any duplicates. I've got Winbind up and running to authenticate our users against our AD and to save kerberos tickets. I have used the "winbind refresh tickets = yes" setting expecting this to renew these kerberos tickets before they expire. This does not appear to work. Gnome will pop up a dialog box saying that the

On 7/28/2020 4:11 PM, Jason Keltz wrote: > > On 7/28/2020 3:59 PM, Jason Keltz via samba wrote: >> I'm experimenting with smb + winbind. >> >> My host is joined to AD and I can login to my host fine using my AD >> credentials via SSH.?? The only issue is that I don't get a Kerberos >> ticket generated. >> >> In

Once again, I am trying to add a machine to my Win2003 AD (that has Services for Unix installed). I am using Xubuntu 9.10, and samba 3.4.0. I set up Kerberos, and am getting a ticket. I have successfully joined the domain. # net ads join -U administrator Enter administrator's password: Using short domain name -- DACRIB Joined 'DUAL-BOOTER' to realm 'DaCrib.local' wbinfo -u

Hi People! I use pam_winbind for authentication in my computer workstation using Debian Lenny 5.0, Stable Version. I configure my user with this option "sambaPwdMustChange: 0", and I logon in GDM without asking to change password. Who knows what can be? I use Samba PDC with Heimdal Kerberos, but, I configure PAM with only pam_winbind for tests... Client versions: ii

.... I have a 64-bit CentOS 5.6 VM running on a 64-bit FC-14 host. I was originally using the stock NAT networking on the guest, which could access the host, but nothing else on the network. I eventually found some links on how to setup routed networking on the guest using a specifically setup bridge. I followed the example a bit too closely, bridging my eth0 interface, which is the one I

We'll ignore that the group name for KDE changed, and so, since we had it on the same line as X, neither was installed. However, more of an annoyance: to get nfs working, I had to install: pam-krb5 ncsd then fix /etc/init.d/autofs (when I did a service restart, it told me automount was running, and did not stop it), then after some research, found I had to manually start rpcbind, *then*

>> >Could we please have a clarification on the semantics of >> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS? >> >> My interpretation is: >> >> You call PAM_ESTABLISH_CRED to create them >> You call PAM_REINITIALIZE_CRED to update creds that can expire over time, >> for example a kerberos ticket. Oops. I meant

I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Greetings! I am having a bit of an issue using Ubuntu 9.10 and AD 2003. AD domain = dacrib.local AD server = dim-2300.dacrib.local IP = 10.0.0.60 Samba server = workhorse.dacrib.local IP = 10.0.0.20 I joined the server to AD, and I can see all the domain users and groups when I do a "getent passwd" and "getent group". "wbinfo -u" lists all domain users, and

clients on the domain. But I can not mount shares from the other Samba server; I always get "Permission denied". $ sudo mount -t cifs //workhorse/OldHome /mnt/OldHome -o username=DACRIB+turgon --verbose Password: mount.cifs kernel mount options: unc=//workhorse\OldHome,ver=1,rw,username=DACRIB+turgon,ip=10.0.0.20,pass=******** mount error(13): Permission denied Refer to the