similar to: Samba4 unable to find SPN (Kerberos)

Hai Marco, > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > Sofar, until tomorrow, > > Done some tests, metoo. > > 1) seems that nfs-common is disabled 'by design'. Looking at debian > changelog: > > nfs-utils (1:1.2.8-9.1) unstable; urgency=medium > > Partial sync from ubuntu, included changes: > >

Hi, I'm trying to use wildcard in keytab because i don't want join every computer, client for service NFS krb5. I add a spn like this # samba-tool spn add host/* nfs (I create user nfs before) # samba-tool spn list nfs nfs User CN=nfs,CN=Users,DC=if,DC=ujf-grenoble,DC=fr has the following servicePrincipalName: host/* I export keytab : #samba-tool domain exportkeytab

Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My

Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My

Hi, I've a SAMBA4 AD Domain that works nicely. All my W7 joined perfectly and all my Linux clients authenticates against kerberos part of SAMBA. All work perfectly, now I'm trying to secure my NFS mounts by using kerberos part of SAMBA. My NFS server works and I can mount NFS4 exports without kerberos (and without problem ;-) ), but when I want to mount a gss/krb5 export on a linux

Good morning Marco and others. > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: dinsdag 23 oktober 2018 18:58 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > > Sorry, i come back to this topic in a different thread,

Hai Batiste, Ok, thanks for these, i'll test that also. And the "why" is a bit more explained here. http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html and per example, http://www.citi.umich.edu/projects/nfsv4/crossrealm/ldap_server_setup.html First my work here, but this is a good one which i also need to adjust in my scripts, so thank you for asking

Hi, I'm having trouble realizing a krb5auth with pam_winbind with trusted domain users (external trust) on our clients. The client is joined to a local domain, which has a "external trust" to a global domain. The following things are working for all users (local and trusted domain): "wbinfo -i" "wbinfo --pam-logon" "wbinfo -a" "kinit"

Hello samba team ! I have some NFS4 exports managed by a Samba's Kerberos realm. All the standard user accesses work fine. I try now to setup an NFS4 root access to administer the share from another server (the two host are DC, one PDC and one SDC). But I have trouble understanding the kerberos/principals layer. ------------ Actually I do ------------- -> on the server I create an nfs

Hai Baptiste, I re-checked my setup and your totaly correct. I can not enter the nfsV4 mounted directory as root. What i've added in idmap.conf Is this : Domain = your_DNS_domain.tld [Translation] Method = nsswitch And i found this link. http://serverfault.com/questions/526762/root-access-to-kerberized-nfsv4-host-on-ubuntu im testing this now. Greetz, Louis >

Thanks you very much Louis ! I have tried your setup and I can't mount the share neither from the server itself or the client. On /var/log/syslog I have : rpc.gssd : ERROR : no credentials found for connecting to server myserver This is because the machine principal is not present in the keytab : $ klist -k 1 nfs/myclient.samdom.com at SAMDOM.COM 1 nfs/myclient.samdom.com at SAMDOM.COM 1

Hello, I am trying to export keytab by following this guide: https://wiki.samba.org/index.php/Generating_Keytabs OS: CentOS 7.5 Samba: samba-dc-4.7.6-0.el7.centos.x86_64 (from Tranquil repo) Everything seems to work, but keytab is not exported (keytab file is not created). [root at ads1 /]# net ads enctypes list svc_confluence_sso 'svc_confluence_sso' uses

Am 14.09.2016 um 17:54 schrieb Rowland Penny via samba: > On Wed, 14 Sep 2016 10:30:03 -0500 > Michael A Weber <mweber.subscriptions01 at gmail.com> wrote: > >>> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba >>> <samba at lists.samba.org> wrote: >>> >>> On Tue, 13 Sep 2016 22:53:44 -0500 >>> Michael A Weber via samba

Am 14.09.2016 um 20:33 schrieb Michael A Weber: > >> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz >> <mailto:achim at ag-web.biz>> wrote: >> >> >> >> Am 14.09.2016 um 19:53 schrieb Michael A Weber: >>> >>>> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba >>>> <samba at

> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > > Am 14.09.2016 um 18:23 schrieb Michael A Weber: >> Question though, just for my curiosity: >> >> The encryption algorithms specified after each SPN: I see that aes-256 is listed when I export the user, but not the SPN. Are those expected, or have I done

> On Sep 14, 2016, at 1:38 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Tue, 13 Sep 2016 22:53:44 -0500 > Michael A Weber via samba <samba at lists.samba.org> wrote: > >> Experts— >> >> I’m attempting to export a keytab for a created SPN on the AD DC >> machine but I’m receiving an error: >> >>

Am 14.09.2016 um 19:53 schrieb Michael A Weber: > >> On Sep 14, 2016, at 12:23 PM, Achim Gottinger via samba >> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >> >> >> >> Am 14.09.2016 um 18:23 schrieb Michael A Weber: >>> Question though, just for my curiosity: >>> >>> The encryption algorithms

Achim Gottinger via samba wrote on 9/15/16 1:20 AM: > > > Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >> On Wed, 14 Sep 2016 16:23:27 -0500 >> Michael A Weber via samba <samba at lists.samba.org> wrote: >> >>>> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> >>>> wrote: >>>> >>>>

On Wed, 14 Sep 2016 16:23:27 -0500 Michael A Weber via samba <samba at lists.samba.org> wrote: > > > On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> > > wrote: > > > > > > > > Am 14.09.2016 um 20:33 schrieb Michael A Weber: > >> > >>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz

Achim Gottinger via samba wrote on 9/16/16 1:43 PM: > > > Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>> >>> >>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>>> On Wed, 14 Sep 2016 16:23:27 -0500 >>>> Michael A Weber via samba <samba at