similar to: Kerberos5 ticket renewal & 'net ads join' w/o authentication

Ok .. maybe if seen something, dont know for sure, so Rowland, what do you think about below. Post the result of : klist -e -k /etc/krb5.keytab i see in your logs. AS key obtained for encrypted timestamp: aes256-cts/000A In my setup, i dont have aes256-cts available in my keytab, do you? You can try adding this, to krb5.conf. ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac

Am 29.04.2019 um 19:21 schrieb Rowland Penny via samba: > On Mon, 29 Apr 2019 19:02:44 +0200 > Christian via samba <samba at lists.samba.org> wrote: > >>>>> Thats a strange one.. >>>>> >>>>>> This is correct: 'dns-dc2' uses "msDS-SupportedEncryptionTypes": >>>>>> 31 (0x0000001f)

On Mon, 2019-04-29 at 18:56 +0100, Rowland Penny via samba wrote: >  > That shouldn't make any difference, the 2003 level only used the > three > enctypes you have now, this is on one of my DC's: > >  root at dc4:~# samba-tool domain level show > Domain and forest function level for domain > 'DC=samdom,DC=example,DC=com' > > Forest function level:

Am 16.09.2016 um 23:00 schrieb Robert Moulton via samba: > Rowland Penny via samba wrote on 9/16/16 1:43 PM: >> On Fri, 16 Sep 2016 13:00:52 -0700 >> Robert Moulton via samba <samba at lists.samba.org> wrote: >> >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny

Ok, you did to much as far i can tell. You want to see this: i'll show my output, then i is better to see what i mean. this is where you start with. klist -ke |sort ( default member ) ---- -------------------------------------------------------------------------- 3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96) 3 host/HOSTNAME1 at REALM.DOMAIN.TLD

Am 17.09.2016 um 00:29 schrieb Robert Moulton via samba: > Achim Gottinger via samba wrote on 9/16/16 3:05 PM: >> >> >> Am 16.09.2016 um 23:00 schrieb Robert Moulton via samba: >>> Rowland Penny via samba wrote on 9/16/16 1:43 PM: >>>> On Fri, 16 Sep 2016 13:00:52 -0700 >>>> Robert Moulton via samba <samba at lists.samba.org> wrote:

On Fri, 16 Sep 2016 13:00:52 -0700 Robert Moulton via samba <samba at lists.samba.org> wrote: > Achim Gottinger via samba wrote on 9/15/16 1:20 AM: > > > > > > Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: > >> On Wed, 14 Sep 2016 16:23:27 -0500 > >> Michael A Weber via samba <samba at lists.samba.org> wrote: > >> >

Achim Gottinger via samba wrote on 9/16/16 4:14 PM: > > > Am 17.09.2016 um 00:54 schrieb Achim Gottinger via samba: >> >> >> Am 17.09.2016 um 00:29 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/16/16 3:05 PM: >>>> >>>> >>>> Am 16.09.2016 um 23:00 schrieb Robert Moulton via samba:

Hi, the problem seems to be related to this bug: https://bugzilla.samba.org/show_bug.cgi?id=6750 I try therefore to set machine password timeout = 0 Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba < samba at lists.samba.org> ha scritto: > On 29/10/2019 10:04, banda bassotti wrote: > > I had already done it: > > > > # samba-tool spn list

Ok, Your keytab looks ok now. oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp. fs-a.dom.corp has address 10.0.0.2 i would have expected here. oldsamba.dom.corp is an alias for fs-a.dom.corp. fs-a.dom.corp has address 10.0.0.2 Or was that a typo? I assuming a typo.. About your setup from the script outpout. Change this one. /etc/hosts 10.0.0.2 fs-a.dom.corp fs-a oldsamba #

Am 17.09.2016 um 02:19 schrieb Achim Gottinger via samba: > > > Am 17.09.2016 um 01:23 schrieb Robert Moulton: >> Achim Gottinger via samba wrote on 9/16/16 4:14 PM: >>> >>> >>> Am 17.09.2016 um 00:54 schrieb Achim Gottinger via samba: >>>> >>>> >>>> Am 17.09.2016 um 00:29 schrieb Robert Moulton via samba:

THANK YOU FOR YOUR REPLY THE RESULT : KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/samba4 at FSS.LAN (des-cbc-crc) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc) 1 SAMBA4$@FSS.LAN (des-cbc-crc) 1 HOST/samba4 at FSS.LAN (des-cbc-md5) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5) 1 SAMBA4$@FSS.LAN (des-cbc-md5) 1

On Fri, Sep 16, 2016 at 6:08 PM, Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > Am 17.09.2016 um 02:36 schrieb Achim Gottinger via samba: >> >> >> >> Am 17.09.2016 um 02:19 schrieb Achim Gottinger via samba: >>> >>> >>> >>> Am 17.09.2016 um 01:23 schrieb Robert Moulton: >>>> >>>>

Good Morning, We have a network of Solaris 10 machines authenticating and doing name lookups via a Windows 2008 (SP2) domain using the Solaris ldap client and self/gssapi credentials. Each machine has a machine account that is prepared via a script with the following attributes: userAccountControl: 4263936 (WORKSTATION_TRUST_ACCOUNT | DONT_EXPIRE_PASSWORD | DONT_REQ_PREAUTH)

hi, ? i have recently installed a samba 4 in a DC role. The distribution is a debian jessie/sid, the version of samba is 4.1.7. The server is globally working but there is some litle trouble. on the server itself, i can do a kinit without probleme but if i try a kpasswsd, i obtain the following ? root at station:/var/log/samba# kinit Password for administrator at TOTO.FR: root at

No, no idee, but really, upgrade to samba, best option, in my opinion. If thats not possible, it happens.. A timeout option can be set in krb5.conf for example : kdc_timeout = 5000 You have these for krb5.conf to try out also. the complete list. des-hmac-sha1 DES with HMAC/sha1 (weak) aes256-cts-hmac-sha1-96 aes256-cts AES-256 CTS mode with 96-bit SHA-1 HMAC

Am 17.09.2016 um 04:53 schrieb Achim Gottinger via samba: > > > Am 17.09.2016 um 03:24 schrieb r moulton via samba: >> On Fri, Sep 16, 2016 at 6:08 PM, Achim Gottinger via samba >> <samba at lists.samba.org> wrote: >>> >>> Am 17.09.2016 um 02:36 schrieb Achim Gottinger via samba: >>>> >>>> >>>> Am 17.09.2016 um 02:19

Hello everyone since now a certain time I pull my hair and do not understand the source of my problem. after a samba 3 pdc migration to samba 4.8.5 AD, when a windows client starts the gpo computer is not applied to the boot. in the windows logs there are 1058 GPO errors and server side samba here are the logs: GSS server Update (krb5) (1) Update failed: Miscellaneous failure (see text): Failed

Can someone help me with samba4 with internal dns. Something strange showing in log.smbd when computers are doing gpupdate (becouse of this error computers cant apply gpo) log.smbd on DC1: [2017/01/13 13:49:16.075361, 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find

On 18.07.2016 22:48, Achim Gottinger wrote: > > > Am 18.07.2016 um 11:45 schrieb Norbert Hanke: >> On 18.07.2016 01:52, Achim Gottinger wrote: >>> >>> >>> Am 18.07.2016 um 01:02 schrieb Norbert Hanke: >>>> Hello, >>>> >>>> I'm trying to join a samba 4 DC to an already existing samba 4 DC, >>>> both with