similar to: Add options to /var/run/samba/smb_krb5/krb5.conf_DOMAIN?

Hi, We hava a bunch of machines that needs to have the ability to look up users and groups (like with libnss_winbind) but we need to have the Kerberos and PAM stuff. We really don't want to join them to the AD. Are there any way to use one server as a proxy for name and group lookups? [dumb-node] --> [master-node-with-winbind] --> [AD] Best regards Emil Assarsson Sony Ericsson

Hello list, I've upgraded from Samba 3.0.14a to 3.0.27a (Samba is a domain member of a W2k3 native AD) and I see that in the /var/lib/samba/smb_krb5 directory a krb5.conf file is created. Is this krb5.conf file extracted from my original /etc/krb5.conf? Or is this file created from the "password server =" entry in my smb.conf file? My original /etc/krb5.conf contains the DC's in

Hi all ! I have some problems browsing a samba share from a Canon ImageRunner printer. It tries to write to a share located on a samba server, configured to authenticate users against a windows 2003 Active directory. Samba version 3.2.6 is running on opensuse 11.1. After a lot of search, I tought that maybe it did not support the encryption type requested by my Samba server, so I checked my

All, I am running Solaris 10 and Samba 3.6.6. We use intelligent DNS and have more than 10 ADs. In /etc/krb5/krb5.conf I configure kdc and admin_server to point to the IDNS server so any one of our functioning ADs can be used dynamically. I've noticed that /var/samba/locks/smb_krb5/krb5.conf.DOM get created when net ads join is run. I've also noticed that the kdc is set to an IP address

Hi all, I'm trying to get pam_winbind to create ticket cache on login if the AD is available. Please note that this is an Ubuntu Lucid system. When trace this with wireshark it receives a TGT ticket for the user. The current solution is to use pam_krb5 before attempting winbind. That gives me a ticket cache. The main problem is that if the user enters the wrong password it does two login

Hi All, I'm unable to do lookups on groups that have a longer name than 30 characters. Is this a known problem and does it help to upgrade? Are there any workaround for this? Best regards Emil Assarsson Sony Ericsson Mobile Communications AB "The information in this email, and attachment(s) thereto, is strictly confidential and may be legally privileged. It is intended solely for the

Hi all, I have some problems with dynamic DNS updating. Samba 3.4.7 Windows 2003 sp2 # net ads dns register -P DNS Update failed! With debug ( -d9 ) I get this: ------ [2010/10/26 09:28:44, 3] libads/sasl.c:780(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2010/10/26 09:28:44, 3] libads/sasl.c:789(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server

I found a strange folder smb_krb5 in my samba lock directory. Inside, there is something that looks like a Kerberos Configuration, but the content is different from my /etc/krb5.conf (A) Does Samba correctly use my /etc/krb5.conf as before in version 3.023? (B) What is the smb_krb5-folder good for, where does it come from? (C) Can it be deleted safely or does it have to be backed up together with

While playing with large number of DCs in a domain, which does not fit in UDP DNS packet, I found another interesting issue. winbindd generates a temporary krb5.conf for each realm it uses, and stores it in /run/samba/smb_krb5/krb5.conf.$REALM. Here's a typical such config in fully-automatic mode: libdefaults] default_realm = RGS.RU default_etypes = aes256-cts-hmac-sha1-96

Hi, Is there any way to stop Samba regenerating the krb5.conf.[WORKGROUP] file under /var/lib/samba/smb_krb5 every time? It appears to completely ignore /etc/krb5.conf, is this expected? Kernel: Linux localhost 2.6.16.60-0.37_f594963d-smp #1 SMP Mon Mar 23 13:39:48 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux smbd -V: Version 3.0.32-0.8-2045-SUSE-CODE10 Thanks, Alex

i am in a mixed win2000 and win2003 R1 ActiveDirectory environment. Have always had ntlmv2 server and client required. LM and NTLM have always been rejected. That is how it has been for 10 years. Mounting from CentOS 5 to the windows servers has not been an issue for years. However, using ADS credentials for Linux workstation logons has always been a issue. If using ADS credentials to logon

I just added a window server 2008 r2 to be a backup DC for our samba 4.4.5 AD/DC but I am getting an error when trying to manually sync samba to the windows server. I used the link on the wiki site to make the initial sync, which worked great § <https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_ DC_to_a_Samba_AD> Joining a Windows Server 2008 / 2008 R2 DC to a

I have a Win2k3 server and am trying to manage a Samba4 box (name:UBUNTUSERVER, running Ubuntu 12.04.3 + Samba 4.0.10) as a backup. All seemed well, but after a problem with replication (result 1306 WERR_REVISION_MISMATCH), I couldn't even demote the samba4 DC. So I deleted from SERVERW2K3, deleted /usr/local/samba and re-compiled everything. Also ran make quicktest, all seems OK. Now, this

> >On Thu, Dec 10, 2009 at 9:21 AM, <aplist at netcourrier.com> wrote: > > Hi, > > > > > > I have raised this question on the kerberos mailing list, but have been > told that Samba has it's own behavior regarding SRV lookups. > > > > My configuration uses the following : > > ?dns_lookup_realm = false > > ?dns_lookup_kdc = false

I have a couple of Samba4 AD DCs replicating with Windows Server 2008 DCs. This has been sort of finicky, but I've managed to get it to work (mostly) for several weeks. However, I'm now having an issue where one of my Samba4 DCs will not replicate from any of the other DCs (Windows or Samba) in the domain (Error is WERR_BAD_NET_RESP). Replication output is below. If anyone has ideas of

On 10/03/15 19:01, Roman Dilken wrote: > On 10.03.2015 19:25, Rowland Penny wrote: > >> Hi, what are you trying to join to? >> >> Remove this line 'idmap_ldp:use rfc2307 = yes' >> >> one) it should be 'idmap_ldb:use rfc2307 = yes' two) it is only >> used on a DC. >> >> How are you trying to do the join ? >> >>

I'm unable to have samba4 join an existing AD domain as either an RODC (preferrable) or merely a DC. AD domain is Win2k3, but we recently added a pair of Win2k8 DCs to it. Domain functional level is Win2k3. ### Adding samba4 as an RODC ### # samba-tool domain join -d5 my.domain RODC -U'adminuser at MY.DOMAIN' --server=nysv-vmdc3.my.domain INFO: Current debug levels: all: 5 tdb:

Having lots of problems with a restored from backup installation of Samba 4.1.9 on FreeBsd cannot use windows tools to assign permissions to shares, and now when a problem creating a Gpo. with log level 10 this is the output: root at BSD:/home # samba-tool gpo create testgpo INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10

Hi, i've got a problem joining a domain with samba 4.1.17 on freebsd. Everytime I try it, the join fails with a core dump. Debugging it, it seems that it is stuck on authentication. Kerberos works, I get credentials, but if I try to join the domain, it fails. The problem seems to be somwhere in this debug-output: 1. net ads join: Doing spnego session setup (blob length=96) got

Hi, Many of these syncing problems were solved in Samba 4.7 (and probably a few more in 4.8). There were a number of unresolved locking issues that we uncovered as well as some inconsistencies with Windows replication. I would try join a DC with one of the latest Samba versions and see if your problems persist. Cheers, Garming On 21/06/18 21:35, Chris Lewis via samba wrote: > Hello, >