similar to: AD + Double Hop + Kerberos Delegation

Hi All, I have setup samba as Active Directory Domain Controller as per the steps mentioned in wiki page https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller I have also setup squid proxy with kerberos auth on other machine as per the steps mentioned on squid wiki page. However I couldn't find any documentation to do a KCD setup. Here are things I

I made some progress with the issue, but didn't solve it completely It's basically a kind of bug (i'm not sure if it's on kerberos side or samba, I think samba is the culprit here (?). Microsoft uses kind of weird SPN for Hyper-V. Weird as there are "spaces" in the string - which is kind of unique as far as SPN's go, usually SPN form a complete string. So I kind

I'm most likely going to make the hop from FC to CentOS in the next several months, and wonder whether I should wait for CentOS 5. Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} Oppose globalization and One World Governments like the UN. This message made from 100% recycled bits. You have found the bank of Larn. I can explain it for you, but I can't

On 8/18/2015 10:46 AM, Alessio Cecchi wrote: > Hi, > > in this tipical setup (Dovecot/Director thate share Maildir via NFS) on > your NFS Server you have (about) 90% of read operations and only 10% of > write operations. > > If you see detailed stats for NFS operations you have 40-50% of GETATTR, > this means that NFS/Dovecot clients are caching data (mainly dovecot >

Hi, Can someone point out what I am doing wrong here? Background: I'm trying to make keycloak (saml) authenticate using kerberos, and I'm getting "client not found in kerberos database". Below are the steps I have taken. I'm using a domain member servers machine account (server$) to add the SPN, since keycloak is running on that member server. (for the record: the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a problem accessing a CUPS/Samba shared printer on a Windows XP x64 Professional system (WinNT5.2 kernel). It seems from my searching that this is a problem affecting only 64-bit Windows clients, but perhaps not all 64-bit Windows clients. See also: https://bugs.launchpad.net/fedora/+bug/482836

hello, We've just migrated our samba PDC v3.4.5 (FreeBSD) to samba v4.1.17 (Debian wheezy) with samba4 classic upgrade. Most of the stations works fine. When I try to register a Windows 2012 as a member into the new Samba AD, Windows 2012 says it cannot authenticate the user used for registering the new host into the domain. Of course, this user have admin privileges into the AD target

Hai Louis, On 21-11-2016 14:33, L.P.H. van Belle via samba wrote: > I think you missing your ptr record in the reverse zone. > Or you missing the Krb5KeyTab variable in the apache setup. > > Test : > dig keycloak.company.com ( results in A ip. ) > dig -x ip_adres Correct, I had no reverse. But reading that page, I also discovered something else: <QUOTE> We next need

Hi, i have a server with samba 4.1.5 and i want to authenticate my mail server against samba via Kerberos. The protocols envolved are pop and imap, as you know, then i created two users: imap and pop: samba-tool user add pop --random-password samba-tool user imap pop --random-password and later i created two Service Principal Names for these users: samba-tool spn add pop/mailserver.domain.cu at

Hi, I'm trying to get an IMAP server to authenticate using Kerberos rather than storing and sending passwords all over the place. I've tried to do this following the instructions for setting up Apache SSO (https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign-On) but am unable to export the keytab. Searching through the list it looks like a few others have experienced the

Hello, I have now spent 30 hours trying to get this working, so it's time to get some professinoal help. :) In a nutshell, I would like to have a sambda AD PDC that authenticates both Windows and Debian. On Linux, I would like to use SSSD. I have followed the steps on the wiki: - https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO -

> To: samba at lists.samba.org > From: Rowland penny <rpenny at samba.org> > Date: Mon, 4 Jul 2016 21:43:46 +0100 > Subject: Re: [Samba] How to GSSAPI/Kerberos authenticate with Dovecot > [formerly Where is krb5.keytab or equivalent?] > > On 04/07/16 21:21, Mark Foley wrote: > >> To: samba at lists.samba.org > >> From: Achim Gottinger <achim at

Hi, while trying to use Samba4 as KDC for secure NFS (once again) I found something I suspect to be an error: In order for NFS (with krb5) to work it requires a nfs/... principal, so I created one using samba-tool: samba-tool user add nfs-user samba-tool spn add nfs/atom.mydomain.org nfs-user samba-tool domain exportkeytab /etc/krb5.keytab -principal=nfs/atom.mydomain.org After setting up NFS,

Hi guys, I have a Netgear ReadyNas that has Samba v3.4.5 installed on it. I'm having trouble accessing some tdb files and I'm wondering whether the app tdbtool can be installed on its own as it seems that Netgear have pulled it out. I have windows domain users who get denied access for no reason and the events aren't being caught my the standard logs. Plus Netgear force the smb.conf

Hi, Just out of curiosity what is in nfsv4 delegation that you think would give a benefit on your configuration? If I read back the thread you seem to have dovecot configured with director ring in front of the backends. In that case Dovecot already manages storage in a way that only one of the backends is accessing each users data at a time. So I can?t see anything but problems form enabling

> To: samba at lists.samba.org > From: Achim Gottinger <achim at ag-web.biz> > Date: Mon, 4 Jul 2016 09:29:02 +0200 > Subject: Re: [Samba] How to GSSAPI/Kerberos authenticate with Dovecot > > Am 04.07.2016 um 01:34 schrieb Mark Foley: > > After a nearly 2-year struggle to get Dovecot to do either NTLM or GSSAPI authentication with > > Samba4 AD/DC, I believe

On 14/04/2023 17:48, Daniel Lakeland via samba wrote: > On 4/14/23 09:16, Rowland Penny via samba wrote: >> >> >> This intrigued me, so I went and tried this and you need three computers: >> >> A samba AD DC (perhaps a computer just running a KDC, but I didn't try >> this) >> A Samba Unix domain member running as a fileserver >> A Samba

Good morning Marco and others. > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: dinsdag 23 oktober 2018 18:58 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > > Sorry, i come back to this topic in a different thread,

After a nearly 2-year struggle to get Dovecot to do either NTLM or GSSAPI authentication with Samba4 AD/DC, I believe I've finally got it! Infinite thanks to Achim Gottinger for his patience in working this through with me. Although my purpose was for Dovecot to authenticate mail clients, the configuration settings needed were on the Samba side. I hope these instructions can eventually make

On 4/14/23 19:20, Rowland Penny via samba wrote: > > > On 14/04/2023 17:48, Daniel Lakeland via samba wrote: >> On 4/14/23 09:16, Rowland Penny via samba wrote: >>> >>> >>> This intrigued me, so I went and tried this and you need three >>> computers: >>> >>> A samba AD DC (perhaps a computer just running a KDC, but I