similar to: W2k8r2 and samba 3 integration

Hi Rowland, this posting ended a lot of grief I had with expired keytabs. While this is presumably an issue of sssd, I have no chance to attack the issue right at its root*). But rejoining the domain with the lines dedicated keytab file = /etc/krb5.memberserver.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes seems to fix it. Phew... Maybe You or someone

Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto: >>> OK, you can get winbind to update your keytab, you need to alter your >>> smb.conf slightly. You need to change 'kerberos method = secrets >>> only' >>> to either 'kerberos method = secrets and keytab' or 'kerberos method >>> = >>> system keytab' and add the line

Hi, Created a zpool with 64k recordsize and enabled dedupe on it. zpool create -O recordsize=64k TestPool device1 zfs set dedup=on TestPool I copied files onto this pool over nfs from a windows client. Here is the output of zpool list Prompt:~# zpool list NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT TestPool 696G 19.1G 677G 2% 1.13x ONLINE - When I ran a

I am trying to join an existing samba server but I get an error message that the DNS update failed. I have read that this doesn?t matter and the join is still successful. But the problem comes when I try to grant privileges to the unix admins. root at dna:/home/pi# net ads join -U administrator Enter administrator's password: Using short domain name -- DOMAIN Joined 'DNA' to dns

Hi I have a new Samba 3.6.10 server running on Solaris 10. The server is a member of the local Active Directory (which I'll call "DOMAIN" in this email). Unix username resolution is via NIS. All domain users have NIS usernames as well.Winbind is running to allow SMBD to perform sid>uid mapping and I have setup idmap_nss. I am not using winbind in /etc/nsswitch.conf as NIS

OK, I know that there''s been some discussion on this before, but I''m not sure that any specific advice came out of it. What would the advice be for supporting a largish number of users (10,000 say) on a system that supports ZFS? We currently use vxfs and assign a user quota, and backups are done via Legato Networker. >From what little I currently understand, the general

Hello. I am trying to clarify in my mind how winbind, pam and kerberos all work. I am hoping to get some knowledge to help debug and ensure our samba server keeps it's domain membership in the most robust way possible. Background: We are using a samba server to serve a filesystem to windows users. A group policy on the machines will automatically mount the filesystem. Samba and all the

The output is: getent group 'domain admins? Copying without understanding what it does is not smart I know. But sometimes you will understand it later. And atm I am using a test setup. Here are is all the info you need: Main AD: Collected config --- 2020-09-05-18:16 ----------- Hostname: gaia DNS Domain: rompen.local FQDN: gaia.rompen.local ipaddress: 192.168.88.2 -----------

hi! can join and see users with wbinfo -u and getent passwd.. On w2k8r2 is identity management for unix installed so there are uid/gid infos inside... winbind uses home dir and shell informations but dont uses uid/gid from ad... why? example: my user has 10000 uid in ad but winbind/getent shows 10003. My config: [global] workgroup = CHAOS realm = CHAOS.LOCAL netbios name = SATAN

I've samba 3.6.6 with cups 1.4.4 running. Printing from XP and 2003 works, by just browsing to the printers folder on the samba server, connecting with automatic download of the printer driver. I also succeeded uploading a 64bit driver using the 2003 server. So 32 bit world works smoothly. When I try to connect from a 2008R2 server, I get "could not connect, error 000006d1".

Hi, we use kerberos with keytabs on our clients. We do *not* trust root on the clients! One client should never have access to any other client''s keytab. This is my proposed solution to get the keytabs to the clients, any comments welcome! 1. Use file to get /root/.ssh/authorized_keys 2. Use exported resource to let the client "notify" the server that it wants a keytab 3. On

There was lack of membership in Administrators domain/Builtin group. I had only: Domain Users Group Policy Creator Owners Enterprise Admins Schema Admins Domain Admins I've added and I'll try. Thank you. Any hint with the recreation of keytab file? Regards, Kris -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent:

Hi Viktor, I didn't go through all the conversations and I'm not sure if this will > be of any help, I just wanted to inform that I've been using mapped > drives with Windows 10 for ages and never had the problems you > described. I also never added or changed the "smb encrypt" option. My > Samba file server (AD member) was set up pretty much the way as is >

Hi. am running a samba server version 3.0.5 on a gentoo linux machine, kernel 2.6.7-gentoo-r8. the client is a windows XP machine. the PDC is a windows NT 4.0 machine. this is my smb.conf: [global] workgroup = FOO hosts allow = 192.168.30.0/255.255.255.0 127.0.0.1 local master = no log file = /var/log/samba3/log.%m os level = 0 preferred master =

Hello, I installed Samba4 according to the HOWTO. The provisioning created a user (dns) and a keytab for DNS updates, but the service principal in the keytab seems to be wrong for me (the domain name instead of ns1.domainname). What would be the correct way of changing / adding service principals associated with a user and re-generating the keytab? I got the dns updates working by adding a

Hi! I can Join, wbinfo -u etc works but getent passwd doesnt... I think the problem is: get this error: 'get_dc_list: preferred server list: ", *"' but why does it not know my domain? (already joined) Can someone help? Greetz Conf: #GLOBAL PARAMETERS [global] workgroup = CHAOS realm = chaos.local password server = beelzebub.chaos.local preferred master = no

Am 05.09.19 um 18:37 schrieb Rowland penny via samba: > That what you mean ? ;-) ;-) > You will probably have a keytab now '/etc/krb.keytab', the join should > have recreated it. /etc/krb5.keytab > I take it that you are mounting the users homedirs and require the > 'cifs' keytab to do this, I also take it that the computers short > hostname is

Hi! I think I ran into the same Problem. What I tried so far: 1) * Adopt SPNs on the DC with samba-tool spn * Create keytab on Member with net ads keytab create * Result: ** klist and net ads keytab list on Member match ** samba-tool spn list on DC doesn't 2) * Clear SPNs from Member via net ads keytab flush * Result: ** net ads keytab list on Member is empty ** samba-tool spn list on DC

Hello! I'm trying to get Samba4 working as an additional AD DC. bin/net vampire reports no errors, but when I start sbin/samba I got the following in my var/samba.log: -------------------- [Sun May 23 03:58:08 2010 MSD, 0 ../smbd/server.c:373:binary_smbd_main()] samba version 4.0.0alpha12-GIT-UNKNOWN started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [Sun May 23 03:58:08

You need for the apache keytab something like Alias /webmail /usr/share/webmail # <Directory /usr/share/ webmail > AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbServiceName HTTP KrbAuthRealms EXAMPLE.COM Krb5KeyTab /etc/httpd/conf/keytab require valid-user </Directory> chmod 400 /etc/httpd/conf/keytab chown