similar to: Samba4 and keytabs

Displaying 20 results from an estimated 2000 matches similar to: "Samba4 and keytabs"

2013 Apr 29
3
ktpass.sh error / How to generate a keytab for a new service (apache) with SAMBA4?
Hi, I was trying to get a new keytab in samba4 for my apache service. So I tried the following command: sh ktpass.sh --out /etc/apache.keytab --princ HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN --pass VerySecure123 --enc des-cbc-md5 I get the following error: Unable to find kvno for principal HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN Am I doing something wron or shouldn't I be
2014 Jan 21
1
Generating keytabs for other hosts
Hi guys am looking for some guidance on how I can generate some keytab files from a samba 4 DC I been following a tutorial that states some bits on the windows side such as creating an spn C:\Users\Administrator>setspn -A host/test.sondrel.com at SONDREL.COM Test Registering ServicePrincipalNames for CN=Test,OU=Machines,DC=sondrel,DC=com host/envy.sondrel.com at SONDREL.COM Updated
2004 Mar 16
3
samba 3, ADS, kerberos, keytab problem - Additional pre-authentication required
Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the
2001 Dec 30
1
Extracting the trust account password (for use with Win2k's ktpass)?
Hello, all: My Samba server is a member of a Windows 2000 AD domain. Authentication to the Samba server is, of course, by encrypted NTLM hashes. Authentication to the host itself, which runs Red Hat Linux 7.1, is by NIS (the AD domain controller is running Server for NIS). I want to remove NIS (or at least the passwords from NIS). To accomplish this, I wish to use pam_krb5 to authenticate users
2017 Jan 20
3
how to run ktpass with a Samba AD DC?
I was trying to get authentication via kerberos working but I'm having trouble trying to run ktpass as in step 6 here http://robertan.com/home/2015/01/14/kerberos-auth-with-apachephp/ ktpass -princ HTTP/contoso.com at CONTOSO.COM -mapuser CONTOSO\<USERNAME> -crypto all -ptype KRB5_NT_PRINCIPAL -pass <PASSWORD> -out webpage.HTTP.keytab I'm not sure of the
2016 Sep 16
2
Exporting keytab for SPN failure
Am 16.09.2016 um 22:49 schrieb Rowland Penny via samba: > On Fri, 16 Sep 2016 22:43:42 +0200 > Achim Gottinger via samba <samba at lists.samba.org> wrote: > >> >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via
2016 Sep 16
6
Exporting keytab for SPN failure
Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >> >> >> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>> On Wed, 14 Sep 2016 16:23:27 -0500 >>> Michael A Weber via samba <samba at lists.samba.org> wrote: >>> >>>>> On Sep 14, 2016, at 2:00 PM, Achim
2016 Sep 16
1
Exporting keytab for SPN failure
Am 16.09.2016 um 22:54 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/16/16 1:43 PM: >> >> >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>>>> On Wed,
2016 Sep 15
3
Exporting keytab for SPN failure
Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: > On Wed, 14 Sep 2016 16:23:27 -0500 > Michael A Weber via samba <samba at lists.samba.org> wrote: > >>> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> >>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 20:33 schrieb Michael A Weber: >>>>>
2016 Sep 14
2
Exporting keytab for SPN failure
> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 20:33 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz <mailto:achim at ag-web.biz>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 19:53 schrieb Michael A Weber:
2003 Dec 11
1
kerberos with W2K server
Hello, The problem: With the command: net ads join my_linux_box my samba 3.0.1rc1 works fine with a W2k kerberos server But i prefer use the ktpass command on w2k server (and our m$ guru). The problem seems to be that samba dont use /etc/krb5.keytab. The quick read of source and some mail in the archives gives me the beleive that it use a memory keytab (and secrets.tdb ?). I m not sure. Could
2007 Jan 02
1
Getting host keys with samba
I have samba working find against our windows 2000/3 network under solaris 9/10. Users can attach to samba using the Kerberos credentials on their windows XP PCs. I would now like to kerberise the unix applications. Statring with the supplied Sun rlogind, telnetd, etc. As I understand things I now need to have a host key on the end systems. Will samba's net ads keytab create do
2007 Feb 05
1
kerberos/Samba integration questions
I'm trying to integrate Samba with my kerberos configuration on Solaris 10 (with Samba 3.0.23d) and I have one basic issue - probably I don't understand something. Hopefully one of you experts can help. We have an AD based organization but we do a lot of Unix work on Solaris 10 and AIX 5.3 - I have about 75 *nix servers of various flavors. There's a lot of value in SSO
2016 Jun 27
3
Looking for GSSAPI config [was: Looking for NTLM config example]
Hi, On 27-06-2016 08:58, Mark Foley wrote: > So, I'm apparently lacking in the kerberos stuff. Here's the problem -- Samba4 uses Heimdal > Kerberos and when I provisioned my domain apparently none of these needed kerberos files were > set up. I can, however, kerberos authenticate from domain workstations both WIN7 and Linux. You don't need any Samba4 stuff, to get it
2016 Sep 16
2
Exporting keytab for SPN failure
On Fri, 16 Sep 2016 13:00:52 -0700 Robert Moulton via samba <samba at lists.samba.org> wrote: > Achim Gottinger via samba wrote on 9/15/16 1:20 AM: > > > > > > Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: > >> On Wed, 14 Sep 2016 16:23:27 -0500 > >> Michael A Weber via samba <samba at lists.samba.org> wrote: > >> >
2005 Jun 13
2
Can't maintain a connection to the Server 2003 ADS on a subdomain
Hello to every Samba expert out there, We've been having a hard time figuring out a particular problem with Samba. After joining the Server 2003 ADS, which is on a different subnet - just going through a router, the membership would drop all of a sudden. Everything works great when the Samba server is on the same subnet as the Server 2003 ADS. I have posted some details on forums, here is a
2011 Aug 29
4
Kerberos GSSAPI - proper item name in keytab
Hello, ALL. I am trying to organize a transparent single sign-on concept for my Active Directory users into Dovecot via IMAP. On the user's desktop I use Thunderbird 6.0 as a mail client (MUA), Windows XP as an operating system. Domain is controlled by Windows 2008 Server SP2 with Active Directory. I have installed on my Mail server Debian GNU/Linux 6.0.2 (Squeeze) and Dovecot 2.0.13 from
2016 Sep 16
2
Exporting keytab for SPN failure
Am 16.09.2016 um 23:00 schrieb Robert Moulton via samba: > Rowland Penny via samba wrote on 9/16/16 1:43 PM: >> On Fri, 16 Sep 2016 13:00:52 -0700 >> Robert Moulton via samba <samba at lists.samba.org> wrote: >> >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny
2018 Aug 07
2
Failed to modify SPNs
Hi Rowland, On Tue, 7 Aug 2018 09:46:24 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > > Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: > > spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] > > account[db1$] hostname[(null)] nbname[mydom] ntds[(null)] > > forest[mydom.lan] domain[mydom.lan] > > > > At
2016 Sep 16
2
Exporting keytab for SPN failure
Am 17.09.2016 um 00:29 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/16/16 3:05 PM: >> >> >> Am 16.09.2016 um 23:00 schrieb Robert Moulton via samba: >>> Rowland Penny via samba wrote on 9/16/16 1:43 PM: >>>> On Fri, 16 Sep 2016 13:00:52 -0700 >>>> Robert Moulton via samba <samba at lists.samba.org> wrote: