Displaying 20 results from an estimated 8000 matches similar to: "NTLM Authentication with Dovecot and Postfix"
2013 Jun 24
0
NTLM Authentication for Postfix SMTP clients
I'm trying to get NTLM authentication working with Dovecot to
authenticate Postfix SMTP clients.
I can authenticate postfix smtp clients using the plain text login
mechanism through winbind. However, using the NTLM mechanism gives me
an error in my maillog that says:
"dovecot: auth: winbind(?,10.20.2.0): user not authenticated:
NT_STATUS_UNSUCCESSFUL".
At this point,
2013 Jun 21
0
Getting NTLM authentication for Postfix SMTP clients to work
I'm trying to get NTLM authentication working with Dovecot to authenticate
Postfix SMTP clients.
I can authenticate postfix smtp clients using the plain text login
mechanism through winbind. However, using the NTLM mechanism gives me an
error in my maillog that says:
"dovecot: auth: winbind(?,10.20.2.0): user not authenticated:
NT_STATUS_UNSUCCESSFUL".
At this point, I'm
2013 Jun 27
0
NTLM authentication mechanism with Postfix
I'm working on getting authentication for Postfix smtpd clients
working with Dovecot. I've got both plain text and GSSAPI mechanisms
working. Winbind also works for shell access and the command line
test work fine.
If I can get NTLM authentication working I can use Postfix as a drop
in replacement for a MS MTA I want get rid of.
I'm hoping the community might be able to offer some
2013 Jun 27
1
Dovecot NTLM Authentication
I'm working on getting authentication for Postfix smtpd clients
working with Dovecot. I've got both plain text and GSSAPI mechanisms
working. Winbind also works for shell access and the command line
test work fine.
If I can get NTLM authentication working I can use Postfix as a drop
in replacement for a MS MTA I want get rid of.
I'm hoping the community might be able to offer some
2024 Jun 04
2
Classicupgrade FL 2012_R2 NTLM/Kerberos logon
Hi samba list,
I work on an classicupgrade of our NT4/ldap domain.
On my tests (DC and filer are on FreeBSD and zfs file system, client is
a Windows 10 22H2):
-> I'm able to do this classicupgrade and keep all users able to connect
on computers with their domain account.
-> In a second step I configure samba DC to improve security and by the
way I upgrade our FL to 2012_R2, schema
2018 Jun 08
2
samba4+squid3+ntlm
Hello:
I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well.
smb.conf
workgroup = MYDOMINIO
security = ads
netbios name = srv-proxy
server string = Servidor Proxy de
2013 Jun 26
0
NTLM authentication with dovecot.
Hi!,
I'm trying to use single sign on from Windows.
Install dovecot on CentOS 6. The host name is prueba-mail.
I'm using version 2.0.9 because the latest 64-bit gives errors.
But first I wanted to test whether user validation works with telnet.
When I try to try "telnet prueba-mail imap" and try to "a1 LOGIN MyUsername
MyPassword", I get the following error:prueba-mail
2017 Nov 01
5
kerberos + winbind + AD authentication for samba 4 domain member
Hello,
Thank You for fast response. I'm glad that it's a mistake somewhere on
my side, it means it will work when I fix it :)
Ok, first of all:
Everything is on centos 7.4
All config files will be below, but to start off: behaviour is stranger
than I thought, but there is a pattern:
when doing
[DOMAIN\kacper_wirski at vs-files ~]$ kinit -V
Using default cache: /tmp/krb5cc_101003
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Luis, ok I'v removed everything, step 1:
KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P
klist -ke /etc/krb5.keytab2|grep 7|sort
7 cifs/FS-A at DOM.CORP (aes128-cts-hmac-sha1-96)
7 cifs/FS-A at DOM.CORP (aes256-cts-hmac-sha1-96)
7 cifs/FS-A at DOM.CORP (arcfour-hmac)
7 cifs/FS-A at DOM.CORP (des-cbc-crc)
7 cifs/FS-A at DOM.CORP (des-cbc-md5)
7
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hai,
Nope.. To much again ;-)
This is one step to much:
step2:
# KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba.dom.corp at DOM.CORP
# KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba at DOM.CORP
# KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba$@DOM.CORP
And why are you adding @REALM .. Do it exactly as shown below.
Because
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Luis, my typos, I'v to mask the output sorry (compliance)
# su - testuser
$ smbclient --option='client min protocol=NT1' -U testuser
//oldsamba/testuser -c 'ls'
Unable to initialize messaging context
Enter DOM\testuser's password:
session setup failed: NT_STATUS_LOGON_FAILURE
[2019/11/05 15:50:50.009481, 1]
../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)
2019 Nov 05
0
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
samba-tool computer remove oldsamba
Il giorno mar 5 nov 2019 alle ore 17:04 L.P.H. van Belle <belle at bazuin.nl>
ha scritto:
> Hai,
>
> Well that great you found it.
>
> Ah.. so you removed the entry from the DNS or ADDB?
> Can you tell what you exactly did, that might help the next person with a
> problem like this.
>
> And not many list messages today.. ;-)
2019 Feb 26
0
gpo not applied a boot computer
On Tue, 26 Feb 2019 16:37:39 +0100
David Jehin <bedou210977 at gmail.com> wrote:
> THANK YOU FOR YOUR REPLY
>
> THE RESULT :
> KVNO Principal
> ----
> --------------------------------------------------------------------------
> 1 HOST/samba4 at FSS.LAN (des-cbc-crc)
> 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
> 1 SAMBA4$@FSS.LAN (des-cbc-crc)
>
2017 Nov 11
0
Slow Kerberos Authentication
Just to update this, I'm going to upgrade to samba4 but it won't be for a
few days yet, I'll keep this thread updated with what happens.
On 10 Nov 2017 11:23, "L.P.H. van Belle via samba" <samba at lists.samba.org>
wrote:
> No, no idee, but really, upgrade to samba, best option, in my opinion.
> If thats not possible, it happens..
>
> A timeout option can
2017 Feb 01
3
samba creating keytabs... ( possible bug, can someone confirm this )
Hai,
I noticed something strange in the keytab file on my member server.
This is a followup of : [Samba] winbind question. (challenge/response password authentication)
Samba 4.5.3 on Debian Jessie.
Leave the domain.
net ads leave -k
Deleted account for 'PROXY2' in realm 'REALM'
I checked in windows, and the computer is gone in the “Computer” ou.
Removed the
2019 Feb 26
2
gpo not applied a boot computer
compiled samba version : 4.8.5 and my distribution is: debian stretch 9.6
I said that when I join the domain, restarting the machine takes the GPO,
the other restart does not take the gpo computer.
Thanks for your help
Le mar. 26 févr. 2019 à 17:11, Rowland Penny via samba <
samba at lists.samba.org> a écrit :
> On Tue, 26 Feb 2019 16:37:39 +0100
> David Jehin <bedou210977 at
2017 Mar 16
0
Joining Samba4 to Win 2008 AD domain breaks other kerberos functions
Samba expects the keytab file as /etc/krb5.keytab.
Solaris 11 looks for a keytab file in /etc/krb5/krb5.keytab
When samba joins the domain it (probably) updates the machine password
and then updates its krb5.keytab file. When connecting via ssh,
the system would use a keytab file that had the wrong kvno and probably
the wrong password key.
The following symlink command fixed ssh
2019 Feb 26
2
gpo not applied a boot computer
THANK YOU FOR YOUR REPLY
THE RESULT :
KVNO Principal
----
--------------------------------------------------------------------------
1 HOST/samba4 at FSS.LAN (des-cbc-crc)
1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
1 SAMBA4$@FSS.LAN (des-cbc-crc)
1 HOST/samba4 at FSS.LAN (des-cbc-md5)
1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
1 SAMBA4$@FSS.LAN (des-cbc-md5)
1
2024 Apr 05
1
Strange problem with samba-tool dns query ...
On Fri, 2024-04-05 at 19:13 +0100, Rowland Penny via samba wrote:
> On Fri, 5 Apr 2024 19:58:33 +0200
> Pavel Lis? <pavel.lisy at gmail.com> wrote:
>
> > So,
> >
> > I've done some progress.
> >
> > I've made configuration according this article
> > https://fedoramagazine.org/samba-as-ad-and-domain-controller/
> > they use sample
2017 Nov 10
2
Slow Kerberos Authentication
No, no idee, but really, upgrade to samba, best option, in my opinion.
If thats not possible, it happens..
A timeout option can be set in krb5.conf
for example : kdc_timeout = 5000
You have these for krb5.conf to try out also.
the complete list.
des-hmac-sha1
DES with HMAC/sha1 (weak)
aes256-cts-hmac-sha1-96 aes256-cts AES-256
CTS mode with 96-bit SHA-1 HMAC