similar to: Samba4 Kerberos & Oracle

Hi again. I apologize for my vague previous question. After some investigation I can be much more precise in my consult. Furthermore, I think I found a bug... Context: -Samba4 AD DC working fine with many user and machine accouns. -Windows7 client trying to connect via sqlplus to an oracle database residing in a Windows2008 server. Both machines are in the domain. -Server database is using

On 03/03/15 09:56, Izan D?ez S?nchez wrote: > Hi again. I apologize for my vague previous question. After some > investigation I can be much more precise in my consult. Furthermore, I > think I found a bug... > > Context: > -Samba4 AD DC working fine with many user and machine accouns. > -Windows7 client trying to connect via sqlplus to an oracle database > residing in a

After a user changes their password (CTRL-ALT-DEL) in our Samba 4 domain (4.1.12) they lose access to any stored passwords on their Windows PC. I've set the log level in smb.conf to 4 and enabled the GPO to record DPAPI log entries in Windows to get the below log data. My reading of the two is that the Windows PC believes it is failing to reset the access to its DPAPI store (where the saved

Hi, I try to use nslcd with samba 4 for get suers and group for AD. if I do a ldapsearch, I have a message : Server not in kerberos database if I do a getent passwd, nslcd display same error message. log of samba4: [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: TGS-REQ Administrator at CORMANDOM.INT-CORMAN.BE from

Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)

After reviewing logs I found that my previous assumption was wrong. Situation: - i'm trying to start live migration from hyper-v host A (BMSRV4-HYPERV) to hyper-v host B (BM-SRV-5) from host B (logged in as user from DOMAIN ADMINS group). Kerberos constrained delegation is set in accordnance to microsoft instructions with proper SPN's set (well, proper as in with the workaround I

Hi all. I'm experiencing a little problem when I rename an already joined windows machine. The rename operation is done in the traditional way "Computer properties> advanced settings> Computer name> change" in a windows 7 Machine. The rename itself finishes successful, but when I check the computer name in the ADUC, the old name is still displayed. Checking the object

Hi, I have a problem with samba / winbind PAM authentication. Domain controller is samba4, machines users log on to via PAM are samba 3.6 (all of them ubuntu 12.04 LTS). The whole user authentication was working already, but after a reboot it somehow broke. Additional reboots don't help. The funny thing is that all logs look quite OK to me (except for the single line saying

I made some progress with the issue, but didn't solve it completely It's basically a kind of bug (i'm not sure if it's on kerberos side or samba, I think samba is the culprit here (?). Microsoft uses kind of weird SPN for Hyper-V. Weird as there are "spaces" in the string - which is kind of unique as far as SPN's go, usually SPN form a complete string. So I kind

Hi, I'm trying to setup the following configuration but encounter a problem. I'm not sure if it's a normal behavior for samba 4. I have a smartcard provided with a user principal name looking like serial_number at domain. The serial number is in the form of 0000-0000-0000-0000. The domain, let's say "upn.example.com", doesn't match my Samba Realm, that would be

I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES NOT ########## /etc/exports ##########

Hi, Did you find any solution? I am facing exactly the same scenario. -CentOS 6.7 -Samba Version 4.4.3 -BIND_DLZ 9.9.8 Some workstations suddenly are unable to login, unless I reboot or rejoin the domain. The only odd event I see in the client is the one already said: Log Name: System Source: Microsoft-Windows-Security-Kerberos Event ID: 4 Task Category:

Hello, This won't be a very helpful reply, but I can confirm I've had the exact same issue. I ran into this a few years ago and could not get HyperV migrations to work with a Samba DC. I even went so far as to install a Windows DC just to prove to myself that it is supposed to work, and it does, perfectly (with ADDC it even creates all the SPNs for you auto-magically). Unfortunately at

Hi, I had Samba 4.2.14 working as AD DC with shares. After upgrade to version 4.3.11 AD DC authentication, ADUC, etc, stopped working. Shares still work fine. OS. Oracle Linux 6.x with UEK, uptodate. Samba compiled from source. Upgrade procedure (nothing special): ./configure --enable-selftest make make install Testparm output: # Global parameters [global] workgroup = EXAMPLE realm =

Hello there. I have a setup with Samba AD and a Named backend. Everything has been working fine, until a few days ago, I cannot start the DNS snap-in from windows. I get a dialog box saying "Access was denied. Would you like to add it anyway?" If I enable level 3 debugging in the samba.conf, I get the following: [2017/05/11 07:25:30.413481, 3]

We have setup Samba 4.1 as a PDC. We have successfully connected several Windows 2008 Servers to the domain and created various users/groups. During an application installation on the Windows server, it runs the command in SQL server: master..xp_logininfo 'MYDOMAIN\useraccount' SQLserver is running as a service user created on the domain (here called MYDOMAIN) This returns: Msg

>>This can occur when the target server principal name (SPN) is registered >>on an account other than the account the target service is using. Hmm, multiple computers with the same serial cause these things. So first make sure this computers serial isnt used before. Or 2 computers with the same name in the netwerk, happens with not syspreped computers. Keep an eye on your samba

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >

Hello, I just found and odd behaviour here on my test environment (debian jessie with samba 4.4.5 backported from sid). I create and ad-dc as usual, adjust nsswitch.conf and enable pam-auth-winbind (ruuning pam-auth-update). I also define /bin/bash as template shell. Now after i create an samba-user and the users home directory (/home/DOMAIN/achim). I can login with that account on the

Hmm, looks like it's not. I've just set the password for something that cracklib-check would argue using both ad management tools and at windows login. Should it work that way or I'm missing something? My dc's smb.conf: [global] workgroup = KURSK realm = KURSK.MTT netbios name = DEBIAN-DC server role = active directory domain controller