similar to: NTLM Authentication with Dovecot and Postfix

I'm trying to get NTLM authentication working with Dovecot to authenticate Postfix SMTP clients. I can authenticate postfix smtp clients using the plain text login mechanism through winbind. However, using the NTLM mechanism gives me an error in my maillog that says: "dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL". At this point,

I'm trying to get NTLM authentication working with Dovecot to authenticate Postfix SMTP clients. I can authenticate postfix smtp clients using the plain text login mechanism through winbind. However, using the NTLM mechanism gives me an error in my maillog that says: "dovecot: auth: winbind(?,10.20.2.0): user not authenticated: NT_STATUS_UNSUCCESSFUL". At this point, I'm

I'm working on getting authentication for Postfix smtpd clients working with Dovecot. I've got both plain text and GSSAPI mechanisms working. Winbind also works for shell access and the command line test work fine. If I can get NTLM authentication working I can use Postfix as a drop in replacement for a MS MTA I want get rid of. I'm hoping the community might be able to offer some

I'm working on getting authentication for Postfix smtpd clients working with Dovecot. I've got both plain text and GSSAPI mechanisms working. Winbind also works for shell access and the command line test work fine. If I can get NTLM authentication working I can use Postfix as a drop in replacement for a MS MTA I want get rid of. I'm hoping the community might be able to offer some

Hello: I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well. smb.conf workgroup = MYDOMINIO security = ads netbios name = srv-proxy server string = Servidor Proxy de

Hi!, I'm trying to use single sign on from Windows. Install dovecot on CentOS 6. The host name is prueba-mail. I'm using version 2.0.9 because the latest 64-bit gives errors. But first I wanted to test whether user validation works with telnet. When I try to try "telnet prueba-mail imap" and try to "a1 LOGIN MyUsername MyPassword", I get the following error:prueba-mail

Hello, Thank You for fast response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003

Luis, ok I'v removed everything, step 1: KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P klist -ke /etc/krb5.keytab2|grep 7|sort 7 cifs/FS-A at DOM.CORP (aes128-cts-hmac-sha1-96) 7 cifs/FS-A at DOM.CORP (aes256-cts-hmac-sha1-96) 7 cifs/FS-A at DOM.CORP (arcfour-hmac) 7 cifs/FS-A at DOM.CORP (des-cbc-crc) 7 cifs/FS-A at DOM.CORP (des-cbc-md5) 7

Hai, Nope.. To much again ;-) This is one step to much: step2: # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba.dom.corp at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba at DOM.CORP # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD cifs/oldsamba$@DOM.CORP And why are you adding @REALM .. Do it exactly as shown below. Because

Luis, my typos, I'v to mask the output sorry (compliance) # su - testuser $ smbclient --option='client min protocol=NT1' -U testuser //oldsamba/testuser -c 'ls' Unable to initialize messaging context Enter DOM\testuser's password: session setup failed: NT_STATUS_LOGON_FAILURE [2019/11/05 15:50:50.009481, 1] ../../source3/librpc/crypto/gse.c:660(gse_get_server_auth_token)

samba-tool computer remove oldsamba Il giorno mar 5 nov 2019 alle ore 17:04 L.P.H. van Belle <belle at bazuin.nl> ha scritto: > Hai, > > Well that great you found it. > > Ah.. so you removed the entry from the DNS or ADDB? > Can you tell what you exactly did, that might help the next person with a > problem like this. > > And not many list messages today.. ;-)

On Tue, 26 Feb 2019 16:37:39 +0100 David Jehin <bedou210977 at gmail.com> wrote: > THANK YOU FOR YOUR REPLY > > THE RESULT : > KVNO Principal > ---- > -------------------------------------------------------------------------- > 1 HOST/samba4 at FSS.LAN (des-cbc-crc) > 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc) > 1 SAMBA4$@FSS.LAN (des-cbc-crc) >

Just to update this, I'm going to upgrade to samba4 but it won't be for a few days yet, I'll keep this thread updated with what happens. On 10 Nov 2017 11:23, "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > No, no idee, but really, upgrade to samba, best option, in my opinion. > If thats not possible, it happens.. > > A timeout option can

Hai,   I noticed something strange in the keytab file on my member server. This is a followup of : [Samba] winbind question. (challenge/response password authentication) Samba 4.5.3 on Debian Jessie.   Leave the domain. net ads leave -k Deleted account for 'PROXY2' in realm 'REALM'   I checked in windows, and the computer is gone in the “Computer” ou.   Removed the

compiled samba version : 4.8.5 and my distribution is: debian stretch 9.6 I said that when I join the domain, restarting the machine takes the GPO, the other restart does not take the gpo computer. Thanks for your help Le mar. 26 févr. 2019 à 17:11, Rowland Penny via samba < samba at lists.samba.org> a écrit : > On Tue, 26 Feb 2019 16:37:39 +0100 > David Jehin <bedou210977 at

Samba expects the keytab file as /etc/krb5.keytab. Solaris 11 looks for a keytab file in /etc/krb5/krb5.keytab When samba joins the domain it (probably) updates the machine password and then updates its krb5.keytab file. When connecting via ssh, the system would use a keytab file that had the wrong kvno and probably the wrong password key. The following symlink command fixed ssh

THANK YOU FOR YOUR REPLY THE RESULT : KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/samba4 at FSS.LAN (des-cbc-crc) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc) 1 SAMBA4$@FSS.LAN (des-cbc-crc) 1 HOST/samba4 at FSS.LAN (des-cbc-md5) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5) 1 SAMBA4$@FSS.LAN (des-cbc-md5) 1

On Fri, 2024-04-05 at 19:13 +0100, Rowland Penny via samba wrote: > On Fri, 5 Apr 2024 19:58:33 +0200 > Pavel Lis? <pavel.lisy at gmail.com> wrote: > > > So, > > > > I've done some progress. > > > > I've made configuration according this article > > https://fedoramagazine.org/samba-as-ad-and-domain-controller/ > > they use sample

No, no idee, but really, upgrade to samba, best option, in my opinion. If thats not possible, it happens.. A timeout option can be set in krb5.conf for example : kdc_timeout = 5000 You have these for krb5.conf to try out also. the complete list. des-hmac-sha1 DES with HMAC/sha1 (weak) aes256-cts-hmac-sha1-96 aes256-cts AES-256 CTS mode with 96-bit SHA-1 HMAC

I have a Windows 2008 domain (one Win 2008 DC, one Win 2012 R2 DC.) I am trying to join a Solaris 11 machine to the domain for both Samba and other services. For "unix" logins and ssh, Solaris 11 is configured to use LDAP for user and group lookup and kerberos for authentication. The "kclient -T ms_ad" command joins the Solaris machine to the AD domain. It even