similar to: Kerberos MS PAC info dump

Does SAMBA 3.0 use the PAC information available within a Microsoft Kerberos ticket? Thanks. -dan -------------------------------------- Daniel Wachdorf drwachd@sandia.gov Sandia National Laboratories System Security Research and Integration 505-284-8060

Apologies if this is off topic. I'd like to decode the Kerberos PAC which is NDR decoded and I know Samba has all the code to decode a PAC. I looked at http://msdn.microsoft.com/en-us/library/cc237933.aspx as an example and read the opengroup document, but I am still lost. Is there a good book, link, course about NDR endocding/decoding ? Thank you Markus

Not sure, I'm reopening an OLD thread here (sorry). I need some answers, looking somewhere I found this: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/html/MSDN_PAC.asp I'm not sure, I just gave it a brieft read. Can't this be used to include PAC data on a kerberos ticket in order to use the kerberos autentication on win2k/xp? I know that it also

Hello List We run a Solaris9 Server running Samba 3.0.20, Local Users (no winbind) but authenticating against ADS. There are up to 800 concurrent users, mostly Windows XP SP3. When clients access MyDocuments, which is redirected to the Samba share, we observe several "Session Setup AndX Request"s followed by "Session Setup AndX Response, Error:

https://bugzilla.mindrot.org/show_bug.cgi?id=928 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Blocks| |1481 --- Comment #4 from Damien Miller

Hello -- I'm trying to run a samba4 server (note: Fedora packaged version, samba-4.0.0-174.fc18.x86_64) under a kerberos realm that isn't AD. This is a summation of the config that I'm using (works under samba 3.6): security = ADS passdb backend = tdbsam restrict anonymous = yes server signing = auto client signing = auto smb

http://bugzilla.mindrot.org/show_bug.cgi?id=928 Summary: Kerberos/GSSAPI authentication does not work with multihomed hosts Product: Portable OpenSSH Version: -current Platform: Other URL: http://marc.theaimsgroup.com/?l=openssh-unix- dev&m=108008882620573 OS/Version: All

(was: "Re: Pending OpenSSH release, call for testing", topic drift at its finest :-) Markus Moeller wrote: > Douglas, > > OK three possible settings(hostname,connection IP,GSS_C_NO_NAME) are fine for me too. Does GSS_C_NO_NAME relate to this bug (addressless tickets)? http://bugzilla.mindrot.org/show_bug.cgi?id=488 BTW, I opened a bug the the multihomed thing a couple of

Hello, We're having a problem with "Samba 4" joined to a "Server 2008 R2" domain (at "Server 2008" functional level across the forest). The interesting thing is that this only affects a single user - all other accounts work without problems. When accessing our main server using that account, "smbd" always reports "can't parse the PAC:

Hi list, I'm trying to set up a simple fileserver (Samba 4.1.6 on Ubuntu 14.04) as domain member, which delegates user authentication to AD (2k8R2) via Kerberos/NSS ? SSSD without using Winbind. I have SSSD up and running and things like getent passwd some-domain-user getent group some-domain-group chown some-domain-user:some-domain-group /tmp/foobar work just fine and show the

Hi UseRs, Please find the Job Description posted below. Our organization is looking for people with strong quantitative skills who is also strong in programming with R. Do get in touch with Prabhanshu (prabhanshu.pandey at 247customer.com) if you consider your experience and skills a good fit for the roles below. Location: *Bangalore, India* Let me know if you need any further clarification.

Darren, We have systems which are multihomed for virtualisation, but run only one sshd. You can connect to any IP-address and should be authenticated with gssapi/kerberos. So the client will ask for a principal host/virt-ip-X and the server has to have an entry for this in the keytab and has to select the right key by determining the hostname from the connection IP-address. There is no other way

Hai Amos, Thank you for your very clear responce.. few small questions.. Is there a way to setup the proxy for the following. 1) use negotiate kerberos for auth, ( which is working already for all domain joined machines ) 2) use a fall back that works, for now basic ldap works for non windows machines, and domain joined machines. 3) use any other fallback way for authentication users on windows

On Mon, 16 Oct 2017 10:40:44 -0400 (EDT) me at tdiehl.org wrote: > Hi Rowland, > > > On Sun, 15 Oct 2017, Rowland Penny via samba wrote: > > > On Sun, 15 Oct 2017 13:38:13 -0400 (EDT) > > me at tdiehl.org wrote: > > > >> Yes I understand, however, there are 2 things I am concerned about. > >> > >> When the errors are spewing, winbind

Ok after installing libpam-winbind etc I had someone try to connect from a MacOS and they got: [2023/04/13 15:50:50.002773,? 1] ../../source3/auth/auth_generic.c:211(auth3_generate_session_info_pac) ? auth3_generate_session_info_pac: Unexpected PAC for [testuser at OURREALM.REALM] in standalone mode - NT_STATUS_BAD_TOKEN_TYPE [2023/04/13 15:50:50.002891,? 3]

... sorry wrong list.. but you can read it and learn from it.. :-)) Greetz, Louis >-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens >L.P.H. van Belle >Verzonden: dinsdag 18 augustus 2015 9:45 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] [squid-users] debian Jessie squid with >auth (kerberos/ntlm/basic) ERROR

When I use package?<pac> the author field gets reproduced twice, once with the \author{ } string and a secod time formatted. Also, would it be possible to make package?<pac> find the overview without the package being attached, or at least give a more informative error message. Paul Gilbert

Hi, I'm currently attempting to setup a Linux Samba and Kerberized NFS server using a Windows 2008 R2 Domain controller as a KDC and I've run into an issue. Currently I can make Kerberized NFS or Samba fileserving work but not both at the same time. Specifically: The Linux kerberized NFS daemon (rpc.svcgssd) appears to only be able to deal with service tickets up to a certain size.

Hi All. I'm looking for some help to merge an outstanding Kerberos credential cache change from OpenBSD into Portable. I don't know enough about Kerberos to figure out how that change should be applied for the non-Heimdal(?) code path. The outstanding diff is attached. Any volunteers? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4

Hi Tom, Small update. I'am also still looking into this but im not getting much futher.. I am just reading : https://blogs.msdn.microsoft.com/openspecification/2009/12/31/verifying-the-server-signature-in-kerberos-privilege-account-certificate/ Bit older but, im trying to understand more what happens here. And the only "guess" i can make here is . A kerberos ticket, with