similar to: cross-realm Kerberos trust with a third Windows domain

Hi All, I'm struggling since weeks to get samba winbind and a kerberized nfs mount running. We have a Netapp SAN exporting the nfs share with sec=krb5 and a Linux Client Ubuntu 10.04 Server trying to access the exported share. Accessing the share without krb5 (sec=sys) works fine. The linux machine is joined to an Windows 2008R2 domain and user/group lookups login via ssh etc. work fine. I

Hello I know that inter-domain trust is not supported in Samba, but is it possible to create an inter-realm trust on Kerberos level? I have a kerberized service in realm X (Samba 4.0 as DC) and I want to allow users from realm Y (also Samba 4.0, but different domain) to access it using SPNEGO GSSAPI. If it is possible, how can I accomplish this? Regards

Hi, I've been working on some systems trying to get kerberized nfsv4 and kerberized web services going on 7. Kerberized nfsv4 was working with 7.0, but with the 7.1 release it stopped working, the key difference between the two setups is that gssproxy wasn't being used with 7.0, but seems to be key with 7.1. The problem I am encountering with Kerberized NFSv4 is that the directory will

Hi, I've posted this one also to comp.protocols.smb, but the list seems to be more hacky :-) I have M$ Win2K PDC with Kerberos authentication system. PDC Win2K--------------SAMBA-3.020-------------LINUX Kerberos5 It was somewhere told (Samba 3.0 prealpha guide to Kerberos authentication)that this should work. I'm using RedHat 7.2 with latest patches (obtained via net from redhat site).

Hi All, I'm having a bit of difficulty getting a CentOS 5.5 Kerberized NFSv4 server working. This server is configured as a Winbind client to a Windows 2003 Active Directory. I've successfully bound it to AD and I am able to authenticate. I've successfully created a NFSv4 entry in /etc/exports to export the /exports directory and I can successfully mount a non-Kerberized NFSv4

Ok, now its clear to me. We need to set UMICH_SCHEMA in idmap.conf Read : http://linux.die.net/man/5/idmapd.conf Working on it now. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle > Verzonden: vrijdag 9 oktober 2015 13:34 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] kerberos

I'm trying to setup Samba in ADS security mode so I can run winbind for NSS and Kerberos for user authentication, chiefly for shell accounts for developers. These hosts will not provide any file or printer services, at least in the near-term. My hosts are CentOS 3 (a free RHEL3 clone) and my ADS servers are Windows 2000 (not 2003), in hybid mode. I am using stock RPMs for both Kerberos and

Erik Laxdal wrote: > Hi, > > I've been working on some systems trying to get kerberized nfsv4 and > kerberized web services going on 7. Kerberized nfsv4 was working with > 7.0, but with the 7.1 release it stopped working, the key difference > between the two setups is that gssproxy wasn't being used with 7.0, but > seems to be key with 7.1. > > The problem I am

Hai, Nope.. To much again ;-) This is one step to much: step2: # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba.dom.corp at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba$@DOM.CORP And why are you adding @REALM .. Do it exactly as shown below. Because

Luis, ok I'v removed everything, step 1: KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P klist -ke /etc/krb5.keytab2|grep 7|sort 7 cifs/FS-A at DOM.CORP (aes128-cts-hmac-sha1-96) 7 cifs/FS-A at DOM.CORP (aes256-cts-hmac-sha1-96) 7 cifs/FS-A at DOM.CORP (arcfour-hmac) 7 cifs/FS-A at DOM.CORP (des-cbc-crc) 7 cifs/FS-A at DOM.CORP (des-cbc-md5) 7

Hi, Sorry for this necrobump.... But I'm still can't use my local root user to browse content of my NFSv4/Krb5 share...... (others permission are checked when root use this share) So a lot of questions appeared during my tests : - Must i have same idmap.conf on both client and server ? - Why rpc.idmapd only use 'nsswitch' method even if 'static' is

Luis, my typos, I'v to mask the output sorry (compliance) # su - testuser $ smbclient --option='client min protocol=NT1' -U testuser //oldsamba/testuser -c 'ls' Unable to initialize messaging context Enter DOM\testuser's password: session setup failed: NT_STATUS_LOGON_FAILURE [2019/11/05 15:50:50.009481, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)

Hello. I'm having difficulty running kerberized samba on my Linux box in my Windows ADS domain. Specifically, smbclient -k //server/share fails with a "session setup failed: NT_STATUS_LOGON_FAILURE" error message. I ran smbd with -d 3 debugging verbosity, and the following came out on stdout/stderr. I marked the interesting lines with ***'s: # smbd -i -d 3

samba-tool computer remove oldsamba Il giorno mar 5 nov 2019 alle ore 17:04 L.P.H. van Belle <belle at bazuin.nl> ha scritto: > Hai, > > Well that great you found it. > > Ah.. so you removed the entry from the DNS or ADDB? > Can you tell what you exactly did, that might help the next person with a > problem like this. > > And not many list messages today.. ;-)

Hai, Here you go.. But all my settings are scripted. https://github.com/thctlo/samba4 found here. Read the script : samba-with-nfsv4.sh Start it like ./ samba-with-nfsv4.sh (client or server) Its tested and works on debian jessie. I contains the nfs server settings and client settings. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at

I have made a bit of progress since I compiled krb5-1.2.6. ./configure --with-cc=gcc --without-krb4 --disable-dns-for-kdc It would be nice if there was an option to just compile client stuff. The resolv library problem went away. I don't know if that was a change to krb5 or to cygwin. Bison problems also went away. Still need to add #include <errno.h> to

On 2015-08-06 18:55, Roel van Meer wrote: > Hi everyone, > > I'm testing with a Samba4 AD network, and I have some problems with > DNS on the second DC, with which I could use a bit of your help. > > I have an AD with two DC's, both Samba 4.2.3. On the first DC, > samba_dnsupdate works fine. With stock 4.2.3 I get the error > > "TSIG error with

check the rights on : /var/lib/samba/private/dns.keytab 640 root:bind /var/lib/samba/private/dns 750 root:bind /var/lib/samba/private/sam.ldb.d 750 root:bind Greetz, Louis >-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roel van Meer >Verzonden: donderdag 6 augustus 2015 8:55 >Aan: samba at lists.samba.org >Onderwerp: [Samba] 2nd

Hello, friends. Before change Active Directory Server mode to "native mode" user authentification dont' work. In native ADS mode i need use kerberos. OS: RHEL 4 (x86) Samba: 3.0.10-1.4E Kerberos: 1.3.4-9 Domain controller: Win 2003 ADS in native mode # more /etc/samba/smb.conf [global] workgroup = DOMAIN server string = FTP Server netbios name = SRVFTP log file =

Hi everyone, I'm testing with a Samba4 AD network, and I have some problems with DNS on the second DC, with which I could use a bit of your help. I have an AD with two DC's, both Samba 4.2.3. On the first DC, samba_dnsupdate works fine. With stock 4.2.3 I get the error "TSIG error with server: tsig verify failure" but the DNS updates succeed anyway, and after applying