Displaying 20 results from an estimated 5000 matches similar to: "Samba4 unable to find SPN (Kerberos)"
2018 Oct 31
12
Again NFSv4 and Kerberos at the 'samba way'...
Hai Marco,
>
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > Sofar, until tomorrow,
>
> Done some tests, metoo.
>
> 1) seems that nfs-common is disabled 'by design'. Looking at debian
> changelog:
>
> nfs-utils (1:1.2.8-9.1) unstable; urgency=medium
>
> Partial sync from ubuntu, included changes:
>
>
2016 Mar 31
5
NFSv4 / Krb / wildcard in keytab
Hi,
I'm trying to use wildcard in keytab because i don't want join every
computer, client for service NFS krb5.
I add a spn like this
# samba-tool spn add host/* nfs
(I create user nfs before)
# samba-tool spn list nfs
nfs
User CN=nfs,CN=Users,DC=if,DC=ujf-grenoble,DC=fr has the following
servicePrincipalName:
host/*
I export keytab :
#samba-tool domain exportkeytab
2013 Jun 05
3
Samba4 and NVSv4
Short story: cannot get Kerberized NFSv4 to work. I've googled a great
deal and cannot find where I have goofed (and there sure is a lot of
misleading and just plain incorrect information out there), so would
appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as
does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not
happy with that. My
2013 Jun 05
3
Samba4 and NVSv4
Short story: cannot get Kerberized NFSv4 to work. I've googled a great
deal and cannot find where I have goofed (and there sure is a lot of
misleading and just plain incorrect information out there), so would
appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as
does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not
happy with that. My
2014 Jul 28
1
NFSv4 + Kerberos understanding
Hi,
I've a SAMBA4 AD Domain that works nicely. All my W7 joined perfectly
and all my Linux clients authenticates against kerberos part of SAMBA.
All work perfectly, now I'm trying to secure my NFS mounts by using
kerberos part of SAMBA.
My NFS server works and I can mount NFS4 exports without kerberos (and
without problem ;-) ), but when I want to mount a gss/krb5 export on a
linux
2018 Oct 24
5
Again NFSv4 and Kerberos at the 'samba way'...
Good morning Marco and others.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: dinsdag 23 oktober 2018 18:58
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
>
>
> Sorry, i come back to this topic in a different thread,
2015 Oct 09
5
kerberos nfs4's principals and root access
Hai Batiste,
Ok, thanks for these, i'll test that also.
And the "why" is a bit more explained here.
http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html
and per example,
http://www.citi.umich.edu/projects/nfsv4/crossrealm/ldap_server_setup.html
First my work here, but this is a good one which i also need to adjust in my scripts, so thank you for asking
2017 Aug 22
3
Winbind with krb5auth for trust users
Hi,
I'm having trouble realizing a krb5auth with pam_winbind with trusted
domain users (external trust) on our clients. The client is joined to a
local domain, which has a "external trust" to a global domain.
The following things are working for all users (local and trusted domain):
"wbinfo -i"
"wbinfo --pam-logon"
"wbinfo -a"
"kinit"
2015 Oct 09
5
kerberos nfs4's principals and root access
Hello samba team !
I have some NFS4 exports managed by a Samba's Kerberos realm. All the
standard user accesses work fine.
I try now to setup an NFS4 root access to administer the share from
another server (the two host are DC, one PDC and one SDC). But I have
trouble understanding the kerberos/principals layer.
------------
Actually I do
-------------
-> on the server I create an nfs
2015 Oct 09
3
kerberos nfs4's principals and root access
Hai Baptiste,
I re-checked my setup and your totaly correct.
I can not enter the nfsV4 mounted directory as root.
What i've added in idmap.conf
Is this :
Domain = your_DNS_domain.tld
[Translation]
Method = nsswitch
And i found this link.
http://serverfault.com/questions/526762/root-access-to-kerberized-nfsv4-host-on-ubuntu
im testing this now.
Greetz,
Louis
>
2015 Oct 09
1
kerberos nfs4's principals and root access
Thanks you very much Louis !
I have tried your setup and I can't mount the share neither from the
server itself or the client.
On /var/log/syslog I have :
rpc.gssd : ERROR : no credentials found for connecting to server myserver
This is because the machine principal is not present in the keytab :
$ klist -k
1 nfs/myclient.samdom.com at SAMDOM.COM
1 nfs/myclient.samdom.com at SAMDOM.COM
1
2018 Aug 08
1
Export keytab for SPN
Hello,
I am trying to export keytab by following this guide:
https://wiki.samba.org/index.php/Generating_Keytabs
OS: CentOS 7.5
Samba: samba-dc-4.7.6-0.el7.centos.x86_64 (from Tranquil repo)
Everything seems to work, but keytab is not exported (keytab file is not
created).
[root at ads1 /]# net ads enctypes list svc_confluence_sso
'svc_confluence_sso' uses
2016 Sep 14
1
Exporting keytab for SPN failure
Am 14.09.2016 um 17:54 schrieb Rowland Penny via samba:
> On Wed, 14 Sep 2016 10:30:03 -0500
> Michael A Weber <mweber.subscriptions01 at gmail.com> wrote:
>
>>> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba
>>> <samba at lists.samba.org> wrote:
>>>
>>> On Tue, 13 Sep 2016 22:53:44 -0500
>>> Michael A Weber via samba
2016 Sep 14
0
Exporting keytab for SPN failure
Am 14.09.2016 um 20:33 schrieb Michael A Weber:
>
>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz
>> <mailto:achim at ag-web.biz>> wrote:
>>
>>
>>
>> Am 14.09.2016 um 19:53 schrieb Michael A Weber:
>>>
>>>> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba
>>>> <samba at
2016 Sep 14
2
Exporting keytab for SPN failure
> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>
>
> Am 14.09.2016 um 18:23 schrieb Michael A Weber:
>> Question though, just for my curiosity:
>>
>> The encryption algorithms specified after each SPN: I see that aes-256 is listed when I export the user, but not the SPN. Are those expected, or have I done
2016 Sep 14
2
Exporting keytab for SPN failure
> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> On Tue, 13 Sep 2016 22:53:44 -0500
> Michael A Weber via samba <samba at lists.samba.org> wrote:
>
>> Experts—
>>
>> I’m attempting to export a keytab for a created SPN on the AD DC
>> machine but I’m receiving an error:
>>
>>
2016 Sep 14
0
Exporting keytab for SPN failure
Am 14.09.2016 um 19:53 schrieb Michael A Weber:
>
>> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>
>>
>>
>> Am 14.09.2016 um 18:23 schrieb Michael A Weber:
>>> Question though, just for my curiosity:
>>>
>>> The encryption algorithms
2016 Sep 16
0
Exporting keytab for SPN failure
Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
>
>
> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
>> On Wed, 14 Sep 2016 16:23:27 -0500
>> Michael A Weber via samba <samba at lists.samba.org> wrote:
>>
>>>> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz>
>>>> wrote:
>>>>
>>>>
2016 Sep 15
0
Exporting keytab for SPN failure
On Wed, 14 Sep 2016 16:23:27 -0500
Michael A Weber via samba <samba at lists.samba.org> wrote:
>
> > On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz>
> > wrote:
> >
> >
> >
> > Am 14.09.2016 um 20:33 schrieb Michael A Weber:
> >>
> >>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz
2016 Sep 16
0
Exporting keytab for SPN failure
Achim Gottinger via samba wrote on 9/16/16 1:43 PM:
>
>
> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba:
>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
>>>
>>>
>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
>>>> On Wed, 14 Sep 2016 16:23:27 -0500
>>>> Michael A Weber via samba <samba at