similar to: Samba 4 and GSSAPI kerberos ldap connect

Hi I have Samba 4 installed and working. I recently changed FQDN to dns name hh3.hh3.site. It works OK and e.g. on a windows 7 box which joined the domain, users can logon. But I have a mess in the keytab: klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 HH3$@HH3.HH1.SITE 2

Hi everyone. I have a Linux nsupdate client sending dns update requests via sssd. Just gone from 4.1.2 to 4.1.3. I've done this: http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html After which the forward zone update is working fine: 2014-01-10T12:32:35.376142+01:00 hh16 named[4963]: samba_dlz: starting transaction on zone hh3.site

Hi everyone After almost 2 days up-time with Samba 4, it failed again. This time it simply will not restart. The krb5.conf had got corrupted. I replaced it with this one from /usr/local/samba/private /etc/krb5.conf [libdefaults] default_realm = HH3.SITE dns_lookup_realm = false dns_lookup_kdc = true It starts up OK: samba -i -d 3 lpcfg_load: refreshing parameters from

Hi After upgrading to Version 4.0.0alpha18-GIT-24ed8c5 on Ubuntu 11.10, Samba 4 no longer looks in the keytab for my nfs server entry: mount -t nfs4 foo bar --o sec=krb5 Kerberos: AS-REQ nfs/hh3.hh3.site at HH3.SITE from ipv4:192.168.1.3:53213 for krbtgt/HH3.SITE at HH3.SITE Kerberos: UNKNOWN -- nfs/hh3.hh3.site at HH3.SITE: no such entry found in hdb The nfs entry is in the keytab: klist -ke

cifs-utils-5.6 samba Version 4.0.0rc3 openSUSE 12.2 LAN of XP, w7 and Linux clients under Samba4 DC and s3fs fileserver Hi I am testing the possibility of migrating from nfs to cifs to serve our Linux clients. Currently we mount the samba shares, e.g. the home directory, using nfs. The test setup is that instead of: mount -t nfs hh1:/home2 /home2 -osec=rw,krb5 I changed to: mount -t cifs

Hi I'm trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong

Hi I know that this has been addressed before but I couldn't find a solution. Summary: when attempting to write a dns record using nsupdate, nothing gets written to the zone due to the error: ; TSIG error with server: tsig verify failure Everything is working. We can login to the domain from the same client and we have sssd sending the dyndns update requests which also produce the same

Hi everyone openSUSE 12.1 samba Version 4.0.0alpha18-GIT-30d4484 Following the wiki instructions for Samba 4, I added include "/usr/local/samba/private/named.conf"; to /etc/named.conf (the last line) The logs give: 3 23:52:50 hh3 named[5743]: Loading 'AD DNS Zone' using driver dlopen 3 23:52:50 hh3 named[5743]: dlz_dlopen failed to open library

Hi I'm trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong

Hi I've rfc2703'd the Samba 4 LDAP for a user e.g. steve4. I can search the database and view it with phpldapadmin. I can't login from a linux console: ldapsearch -LLL "(cn=steve4)" SASL/GSSAPI authentication started SASL username: steve4 at HH3.SITE SASL SSF: 56 SASL data security layer installed. dn: CN=steve4,CN=Users,DC=hh3,DC=site cn: steve4 instanceType: 4

Hi everyone openSUSE 12.1 After a recent Samba 4 pull I have these errors: Dec 7 19:53:37 hh3 named[3121]: command channel listening on 127.0.0.1#953 Dec 7 19:53:37 hh3 named[3121]: the working directory is not writable Dec 7 19:53:37 hh3 named[3121]: managed-keys-zone ./IN: loading from master file /var/lib/named/dyn//managed-keys.bind failed: file not found Dec 7 19:53:37 hh3

Hi Joining a lubuntu 11.10 client to the domain I get this: net ads join -UAdministrator Enter Administrator's password: Using short domain name -- POLOP Joined 'LUBUNTU7' to realm 'hh3.site' No DNS domain configured for lubuntu7. Unable to perform DNS Update. DNS update failed! during the join this all seems OK: Kerberos: Looking for PKINIT pa-data --

samba -b Samba version: 4.0.0alpha18-GIT-5c53926 Build environment: Build host: Linux hh3 3.1.0-1.2-desktop #1 SMP PREEMPT Thu Nov 3 14:45:45 UTC 2011 (187dde0) i686 i686 i386 GNU/Linux openSUSE 12.1 i586 Hi everyone. After. ./source4/setup/provision --realm=hh3.site --domain=HH1 --adminpass=SOMEPASSWORD --server-role='domain controller' The wiki howto is for DNS seems to be

Hi everyone Version 4.0.0alpha18-GIT-bfc7481 openSUSE 12.1 Conventional nfs4 export works fine, but I'm having trouble kerberizing it for Samba 4 for my Samba 4 users. I've setup the nfs4 pseudo stuff like this: hh3:/ # mkdir /export hh3:/ # mkdir /export/home hh3:/ # mount --bind /home /export/home Here is /etc/exports: /export

4.0.6 with 3.6.12 file server Hi Ordinary users can connect fine: smbclient //oliva/users -Usteve2 Enter steve2's password: Domain=[HH3] OS=[Unix] Server=[Samba 3.6.9] smb: \> log: schannel_fetch_session_key_tdb: restored schannel info key SECRETS/SCHANNEL/OLIVA schannel_store_session_key_tdb: stored schannel info with key SECRETS/SCHANNEL/OLIVA auth_check_password_send: Checking

Hi I think I've managed to get the automount classes into the the schema: ldbsearch --url=/usr/local/samba/private/sam.ldb.d/"CN=SCHEMA,CN=CONFIGURATION,DC=HH3,DC=SITE.ldb" | grep "dn: CN=automount" dn: CN=automountKey,CN=Schema,CN=Configuration,DC=hh3,DC=site dn: CN=automount,CN=Schema,CN=Configuration,DC=hh3,DC=site dn:

Hi I'm trying to make a share called dropbox rw for members of a group. /usr/local/samba/etc/smb.conf [global] server role = domain controller workgroup = CACTUS realm = hh3.site netbios name = HH3 passdb backend = samba4 template shell = /bin/bash [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path =

Hi everyone samba --version Version 4.0.0alpha18-GIT-bfc7481 openSUSE 12.1 If I do this: ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site dn: CN=steve6,CN=Users,DC=hh3,DC=site changetype: modify add: objectclass objectclass: posixaccount - replace: primarygroupid primarygroupid: 1134 I get an error something like: ERR: (Unwilling to perform) error 53 If however I do the

Version 4.0.0alpha18-GIT-957ec28 After starting samba -i -d3, wbinfo -i someuser gives this: ldb_wrap open of secrets.ldb using SPNEGO Selected protocol [8][NT LANMAN 1.0] Cannot reach a KDC we require to contact cifs/hh3.site at SITE : kinit for HH3$@SITE failed (Cannot contact any KDC for requested realm) SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS ldb_wrap open of

Version 4.0.6-GIT-4bebda4 Hi I have sssd up and running. It works fine except that getent only returns domain users if I specify the object e.g. getent passwd and getent group return only local users but getent passwd steve2 steve2:*:3000034:20513:steve2:/home/users/steve2:/bin/bash and getent group Domain\ Users Domain Users:*:20513: work fine. /etc/nsswitch.conf passwd: compat sss group: