similar to: Samba 4 no longer accepts SASL GSSAPI?

Hello Williams Thanks for your prompt help, well valid user and write-list were define as got to read but still got confused so can you share me the link of the standard document or mail me that document so that i can go through it and implement on the given scenario. Or if you can share any example configuration then it will be great. I hope for help from you and all experts. Thank You Regards

Hi everyone Version 4.0.0alpha18-GIT-bfc7481 I'm using nslcd to map Samba 4 users to uid:gid and home directory. At startup I get this: ldb_wrap open of secrets.ldb WARNING: no socket to connect to and /var/log/messages shows: Jan 15 14:20:13 hh3 nslcd[2425]: [334873] failed to bind to LDAP server ldap://h h3.site/: Can't contact LDAP server: Transport endpoint is not connected Jan

Hi everyone I'm trying to use kerberos to authenticate to Samba 4 ldap. At the moment, I authenticate by specifying the binddn and password in /etc/nslcd.conf and all works fine If I add the line: sasl_mech GSSAPI to /etc/nslcd.conf and restart nslcd, no one can connect to the database. Nothing works. ldapsearch and getent passwd draw a blank. ldapsearch -x -b '' -sbase

Hi Same checkout, same provision, same machine. openSUSE samba --version Version 4.0.0alpha18-GIT-c3a7573 hh3:/home/steve # ldapsearch -H ldap://192.168.1.3 cn=steve2 -b "dc=hh3,dc=site" -Y GSSAPI SASL/GSSAPI authentication started <snip> and all is OK. Ubuntu samba --version Version 4.0.0alpha18-GIT-c3a7573 root at hh3:/tmp# ldapsearch -H ldap://192.168.1.3 cn=steve2 -b

On 22/06/2020 21:00, Daniel Lopes de Carvalho via samba wrote: > Hello guys > I need some lights to migrate a Winbind/Samba share to a new AD. > My scenario is: > I have an old AD running on a Debian 9 and Samba 4.5.16 with many > replication issues. > Then I decided to create a new one from the scratch using Debian 10 and > Samba 4.12.2 (and everything is working perfectly).

This is a continuation of a problem I have been having. Samba 4 has recently changed to require binds. I need LDAP to verify users exist. I am using Kerberos (GSSAPI) as the passdb. Samba can handle GSSAPI/Kerberos SASL binds. I have the following in my dovecot-ldap setup for userdb: dn = smtp/mailhost.example.org at EXAMPLE.ORG sasl_bind = yes sasl_mech = GSSAPI sasl_realm = EXAMPLE.ORG

Hello, I have a Dovecot 2.2.25 set up with OpenLDAP back end. I was trying to set up a GSSAPI Kerberos authentication with the LDAP server but with little success. Seems no matter what I try I end up with the following error message: dovecot: auth: Error: LDAP: binding failed (dn (imap/host.example.com at EXAMPLE.COM)): Local error, SASL(-1): generic failure: GSSAPI Error: Unspecified GSS

I can't get my domain users presented to my local machine with getent passwd and the wiki https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd doesn't give me any steps troubleshoot this issue. My best guess it that I configured the user account incorrectly or I configured nslcd incorrectly. I can't exactly see what is the problem. I get these messages from

Hi, I am trying to configure the nslcd service on an Ubuntu client for kerberos authentication against samba4. My /etc/nslcd.conf contains the following: uid nslcd gid nslcd uri ldapi:///cofil01.mydomain.net base dc=mydomain,dc=net sasl_mech GSSAPI krb5_ccname FILE:/tmp/host.tkt I have added the host principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" to /etc/krb5.keytab on both

On Mon, Jun 22, 2020 at 5:34 PM Rowland penny via samba < samba at lists.samba.org> wrote: > On 22/06/2020 21:00, Daniel Lopes de Carvalho via samba wrote: > > Hello guys > > I need some lights to migrate a Winbind/Samba share to a new AD. > > My scenario is: > > I have an old AD running on a Debian 9 and Samba 4.5.16 with many > > replication issues. >

Hi all, Well, I'm completely lost with AD authentification ... server is : Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu Samba 4.0.10 installed (and upgraded) via git, setup as unique Active Directory Domain Controller ( -> how to upgrade to 4.1 via git ?? ) I 'just' would like that the local services (let's say only dovecot and postfix) can query AD to authentifiate

On 2016-10-11 09:18, Aki Tuomi wrote: > On 11.10.2016 10:13, Juha Koho wrote: >> Hello, >> >> I have a Dovecot 2.2.25 set up with OpenLDAP back end. I was trying to >> set up a GSSAPI Kerberos authentication with the LDAP server but with >> little success. Seems no matter what I try I end up with the following >> error message: >> >> dovecot:

Version 4.0.0alpha18-GIT-567f05e Ubuntu 11.10 ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT dns child failed to find name '_ldap._tcp.HH3.SITE' of type SRV finddcs: Failed to find SRV record for _ldap._tcp.HH3.SITE Is there anything I need to configure in the internal server? Thanks, Steve

Hello, My server is configured as follows: FreeBSD 6.1 OpenLDAP 2.3.27 Cyrus SASL 2.1.21 Dovecot 1.0.rc15 I have PostFix configured to use SASL for SMTP AUTH, which in turn leverages OpenLDAP to verify users in Active Directory. I do not have, nor want to in the future, local users in FreeBSD, so I've configured PostFix for Virtual Mailboxes. Everything is working and I'm getting

On 2016-10-11 10:00, Aki Tuomi wrote: > On 11.10.2016 10:43, Juha Koho wrote: >> >> On 2016-10-11 09:18, Aki Tuomi wrote: >>> On 11.10.2016 10:13, Juha Koho wrote: >>>> Hello, >>>> >>>> I have a Dovecot 2.2.25 set up with OpenLDAP back end. I was trying >>>> to >>>> set up a GSSAPI Kerberos authentication with

Hi After starting Samba 4, before anyone can do anything, Administrator has to do a kinit to get a new ticket. This creates a cache /tmp/krb5cc_0 with an expiry time. I've created a host principal and put it into the keytab: samba-tool spn add host someuser samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE How can I keep Samba 4 up without having to get a new

Hello I'm currently trying to use Active Directory with Unix extensions to store UID, GID and homedir and retrieve them with ldap I don't want to allow anonymous bindings and I would rather not use TLS and manage a PKI. So I'm trying to use SASL to do a Kerberos authentication for Dovecot against AD LDAP. I'm currently getting GSSAPI errors about the lack of "credentials

Hi After upgrading to Version 4.0.0alpha18-GIT-24ed8c5 on Ubuntu 11.10, Samba 4 no longer looks in the keytab for my nfs server entry: mount -t nfs4 foo bar --o sec=krb5 Kerberos: AS-REQ nfs/hh3.hh3.site at HH3.SITE from ipv4:192.168.1.3:53213 for krbtgt/HH3.SITE at HH3.SITE Kerberos: UNKNOWN -- nfs/hh3.hh3.site at HH3.SITE: no such entry found in hdb The nfs entry is in the keytab: klist -ke

Hi everyone samba --version Version 4.0.0alpha18-GIT-bfc7481 openSUSE 12.1 If I do this: ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site dn: CN=steve6,CN=Users,DC=hh3,DC=site changetype: modify add: objectclass objectclass: posixaccount - replace: primarygroupid primarygroupid: 1134 I get an error something like: ERR: (Unwilling to perform) error 53 If however I do the

Hi everyone openSUSE 12.1 samba Version 4.0.0alpha18-GIT-30d4484 Following the wiki instructions for Samba 4, I added include "/usr/local/samba/private/named.conf"; to /etc/named.conf (the last line) The logs give: 3 23:52:50 hh3 named[5743]: Loading 'AD DNS Zone' using driver dlopen 3 23:52:50 hh3 named[5743]: dlz_dlopen failed to open library