similar to: Samba and SSH

Hi, I am doing some kerberos testing with samba4 using ssh. I have setup samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and active directory seems to be working both with Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults]

hi' Ive followed the steps from http://weblog.bignerdranch.com/?p=6 <http://weblog.bignerdranch.com/?p=6&page=2> &page=2 and http://forums.fedoraforum.org/showthread.php?t=92804 I'm trying to login as a domain user in x (gdm) If a boot the pc and try to login i get the following error in /var/log/messages: Jan 9 13:10:35 zgltsp03 gdm(pam_unix)[2812]: check pass; user

We have several linux computers (with different distributions) in a samba4 domain. All computers are domain members and the domain users can login to the different machines via pam and winbind3/4. A user that is authenticated on one machine automatically receives a kerberos ticket and can login via ssh to another machine using this kerberos ticket. This setup works fine for some weeks until

> On May 9, 2017, at 11:15 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Tue, 9 May 2017 11:00:09 -0400 > Robert Kudyba via samba <samba at lists.samba.org> wrote: > >> Running Feora 25 workstation we're able to register the computer in >> AD but I can't get SSH to authenticate properly. wbinfo -u brings >> back all the

When I issue command 'net ads keytab add HTTP' I got a message 'Processing principals to add...' but nothing else happens - no change in keytab, net ads keytab list output, no errors in log etc. [Global] netbios name = HOSTNAME workgroup = DOMAIN realm = DOMAIN server string = %h Gentoo DT security = ads auth methods = sam winbind encrypt passwords = yes kerberos

Hello, I've installed a samba4 server and now I've tried to get a kerberos ticket, like this: base:/usr/local/samba# kinit stefan stefan@SAMBA4.LOCAL's Password: kinit: converting creds: Invalid argument I'm using heimdal-clients (0.6.3) and samba4 svn r22508. My krb5.conf test configuration: [libdefaults] default_realm = SAMBA4.LOCAL kdc_timesync = 1

Hi, I 've a gateway and I want to use squid authenticated with Windows 2000 Active Directory users. I've a development platform with Debian/Sarge as gateway, and it works. (samba 3.0.10-1 and Kerberos 1.3.6-1) On the other side the production platform uses RedHat Enterprise AS3, initially with Samba 3.0.6 and Kerberos 1.2.7-28. I was not able to use Active directory groups without get

Hi, I built OpenSSH 7.7p1-1 to try to include some security fixes for an old OS version (SLES 10). We use a special PAM module for root to allow us to provide auto-expiring passwords. There is, however, one root password that should always work. root can login just fine on the console, which I assume means that the PAM module is working correctly because I can use both the always should work

Hi, I'm using samba-*-3.0.6-4.3.100mdk and libkrb51-1.3-6.3.100mdk on LM10.0. A similar summary to what I'm seeing could be found here. http://lists.samba.org/archive/samba/2004-July/090210.html My relevant config info could be found below. May I ask how could I solve this in LM10.0? What packages do I need to update? The problem does not arise with NT. It happens to only W2K, XP,

I have a client host that I don't have access to now, which attempts to establish ssh connection back to my BSD server using the private key. Client runs this command: /usr/bin/ssh -i ~/.ssh/my_key_rsa -o "ExitOnForwardFailure yes" -p $HPORT $HUSER@$HOST -R $LPORT:localhost:$LPORT -N On the server debug log looks like this: Connection from NNN.NNN.NNN.NNN port 43567 debug1: HPN

Matthias Busch schrieb am 12.03.2015 22:08: > --- this is my /etc/krb5.conf > > [libdefaults] > default_realm = MY-DOMAIN.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = true add these (partly done below) forwardable = true renewable = true ticket_lifetime = 24h renew_lifetime = 7d debug = false delete from

Hi There, we have a winbind installation here that is used for squid authentication and group resolving. the winbind server is part of the domain ch.domain.intern. the ads forrest is organized like domain.intern ch.domain.intern at.domain.intern fr.domain.intern and other sites will follow. authentication and group resolving works actually fine, BUT: if the link to at or fr is down winbind

I try to get Samba 4 with ssh running. I found in the Script from Matthieu Patou tot he sysvol sync the follwing intresting line. --- kinit -k -t /etc/krb5.keytab `hostname -s | tr "[:lower:]" "[:upper:]"`\$ rsync -X -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING --- when i understand correct he uses the domain controller service principle to connect to the

Hello the list, I have a problem using smbclient with samba 3.0.2a + kerberos, in a Win2000 AD environment. When I run smbclient -k -U <AD user> -L <server> where <AD user> is an AD user, and <server> the samba server OR the AD controller, I get the following error : krb5_cc_get_principal failed (No credentials cache found) spnego_gen_negTokenTarg failed: No

Hi ! My problem is that : [2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/05/12 16:07:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/05/12 16:07:59, 0]

Hi, We just imported (moved) all our staff from the old w2k domain to the new w2k3 domain. Say their accounts and passwords From STAFF domain to say NEW. Seems winbind is keeping the old domain users. I'm using winbind for squid auth on Mandrake linux 10.0 samba-client-3.0.10-0.1.100mdk samba-winbind-3.0.10-0.1.100mdk samba-doc-3.0.10-0.1.100mdk samba-common-3.0.10-0.1.100mdk

Hi, SLES10 SP2 x86_64 + Samba from repo (samba-3.2.4-8.1) When I try to join (net ads join -U Administrator), I get : Failed to join domain: failed to set machine spn: Can't contact LDAP server My Pre-2000 domain name is CLSC_COTENEIGES My DNS ADS name is clsccdn.rtss.qc.ca DNS is ok, I've created an A/PTR record for linux box, ADS seems ok also (netdiag/dcdiag) i've tryied adding

Hi, I am unable to login to a samba system that uses kerberos to authenticate to ADS if the users password has expired on the ADS system or if "User must change password at next login" is checked on the ADS.. I get a "login incorrect" message on the linux system and the log file gives the following error: pam_winbind[3647]: request failed: Must change password, PAM error

I'm having the toughest time getting this to work... I have a windows 2000 domain and i'm in the process of adding a Samba fileserver... All of the setup guides i have seen point me in the right direction, but fail to provide assistance for my single problem... basically i've figured out that if i have security = share. I can run the gentent passwd command and see the domain accounts

I'm using Solaris 8, samba 3, kerberos and openldap. I'm anexing: log.smbd, smb.conf, krb5.conf, nsswitch.conf and the ktpass command in AD. Somebody can help me? I get this output in log.smbd: ----------------------------------- [2005/08/11 12:41:45, 0] smbd/server.c:main(802) smbd version 3.0.20rc1 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/08/11