similar to: Problem with Samba4 installation - trouble at kinit

I have a Samba-4 system running as an Active Directory server. It's working great: computers are joined to it, users are logged in, etc. Good job Samba developers, and thank you! But of course I am not satisfied. Now I want to configure another server (well, a VM) as a file server using Samba-3.6.12. I want it to refer to the Samba4 server for all user authentication. My understanding of

I am not able to get the Samba4 internal DNS server to respond to DNS requests on the network. I am running Samba4 4.1.0pre1-GIT-c1fb37d on my CentOS 6.3 system. I followed the instructions here: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO I configured Samba4 to use the internal DNS server. My Samba4 server is 192.168.0.13. Its full hostname is ubuntu-ad.allenlan.net. The realm is

This isn't exactly a Samba problem, but I am hoping the experts here can help me. I have been trying to get my OpenIndiana system to join a Samba4 domain and I was running into multiple problems. So I decided to test against a true Windows Server (2003) domain, to see if there is something wrong with my client-side setup. Attempting to join the WS2003 AD domain also fails. Snooping the

The problem was definitely SELinux and/or firewall (iptables). Thank you for the help. On Wed, Jan 9, 2013 at 8:38 PM, Andrew Bartlett <abartlet at samba.org> wrote: > On Wed, 2013-01-09 at 09:47 -0500, felix at epepm.cupet.cu wrote: > > > I am not able to get the Samba4 internal DNS server to respond to DNS > > > requests on the network. > > > > > >

Samba 3.6.17 joined to Samba 4.2.0 AD domain, using winbind 'wbinfo -g' and 'getent group' successfully list all groups. 'getent group 10006' returns: domain users:x:10006: 'getent group "domain users"' fails with return code 2 partial log.winbind after above command: [2013/10/11 10:01:31.288199, 3]

hi, ? i have recently installed a samba 4 in a DC role. The distribution is a debian jessie/sid, the version of samba is 4.1.7. The server is globally working but there is some litle trouble. on the server itself, i can do a kinit without probleme but if i try a kpasswsd, i obtain the following ? root at station:/var/log/samba# kinit Password for administrator at TOTO.FR: root at

The OS I'm using is Ubuntu 16.04. The previous OS I was working with was Ubuntu 14.04. The krb issue I had was that the kdc server " RuntimeError: kinit for DOMAINCONTROLLER$@SAMDOM.EXAMPLE.COM failed (Cannot contact any KDC for requested realm)". The modified krb5.conf file I distilled out of information on the internet helped to create a working version. When comparing the

Timo Altun schrieb am 19.03.2015 10:30: > As I wrote in my first mail, Kerberos does work. I can successfully request > and list a ticket on the AC DC. OK, then next things, which come to my mind are: is the keytab, you set in named.conf.options readable for the user, under which bind is run. Then, is the /etc/bind/namedb writable for bind. And in the end, it might be a screwed up

Samba4 as AD controller. Same samba as domain members. Winbind. Periodically (once in few days) after subject message in winbind logs its stop working and only restart of winbindd helps. Error message: [2015/08/10 13:31:14.410866, 0] ../source3/libads/sasl.c:1025(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: The context has expired : Success smb.conf [global]

Hi all, I'm having trouble joining samba to active directory. My samba version is 3.0.28a-35 and krb is 1.6.1-17.el5. It's running on centos 5, kernel version 2.6.18-53.1.14.el5. It's running on vmware server by the way if that is of any significance. The specific error that I get are as follows: when testjoining the domain: [2008/03/18 04:34:07, 0]

Thank you Louis for that answer! Actually I did get kinit and samba_dnsupdate working, though I am unsure how. I tried some changes to krb5.conf in the [realms] and [domain_realm] sections, als well as setting dns_lookup_realm = false to true, but reverted it all back to the initial file: [libdefaults] default_realm = INTRANET.MAYWEG.NET dns_lookup_realm = false dns_lookup_kdc = true After a

Good morning! First of all thanks Rowland for the fast answer yesterday! I realized that samba-technical might have been the wrong mailing list and switched it to the normal samba users list (hopefully it worked, as it does get a bit confusing with spamgourmets sendto addresses!). Unfortunately the problem with samba_dnsupdate remains after the changes. I did changed the smb.conf, krb5.conf, and

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at

2015-04-25 16:57 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: > On 25/04/15 15:44, Daniel Carrasco Mar?n wrote: > >> >> >> On AD server i've linked the kerberos file on samba folder: >> lrwxrwxrwx 1 root root 32 abr 25 16:23 krb5.conf -> >> /var/lib/samba/private/krb5.conf >> >> On client i've the default: >>

I'm trying to test Samba4 as an AD style pdc. following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO at step 9 I get root at pdc:~# kinit administrator at MYDOMAIN.COM kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting initial credentials root at pdc:~# and yet host -t SRV _kerberos._udp.mydomain.com gives _kerberos._udp.mydomain.com has

Hi Rowland, Yes, I read this documentation carefully. I have two working Apache2 with kerberos authentication working. My question is more about troubleshooting a keytab. If I need to test manually a keytab file chalenging a specific principal, what's the prefered method ? I thougt that a kinit could be done using a principal name, but I am unable to kinit with somehting else than the

Hi All ! Using Samba Version 4.1.12, updated from source from 4.0beta1 I've created a user, let say kerbuser, for a web server to authenticate with kerberos and provide SSO to the end-users. In my example, my domain is MYDOMAIN.LOCAL, the apache server is webserver.mydomain.local and the AD user is kerbuser I've added a principal on the user and exported everything in a keytab so

Hi guys, thanks again for the quick answers. First, the smb.conf on the linux fileserver. It is quite long, as I took the old file (working version from samba3 configuration) and only made adjustments, like adding the realm. /etc/samba/smb.conf: [global] ### Browsing/Identification ### workgroup = MAYWEG.NET realm = INTRANET.MAYWEG.NET netbios name = server13 smb ports = 139, 445

On 09/12/15 17:03, James wrote: > On 12/9/2015 11:33 AM, Ole Traupe wrote: >> >>> - But when I try to ssh to a member server, it still takes forever, >>> and a 'kinit' on a member server gives this: >>> "kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while >>> getting initial credentials" >>> >>>

> - But when I try to ssh to a member server, it still takes forever, > and a 'kinit' on a member server gives this: > "kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while > getting initial credentials" > > > My /etc/krb5.conf looks like this (following your suggestions, > Rowland, as everything else are defaults): > >