similar to: Keytabs (obviously) not valid after password change

Hi Rowland, this posting ended a lot of grief I had with expired keytabs. While this is presumably an issue of sssd, I have no chance to attack the issue right at its root*). But rejoining the domain with the lines dedicated keytab file = /etc/krb5.memberserver.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes seems to fix it. Phew... Maybe You or someone

Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto: >>> OK, you can get winbind to update your keytab, you need to alter your >>> smb.conf slightly. You need to change 'kerberos method = secrets >>> only' >>> to either 'kerberos method = secrets and keytab' or 'kerberos method >>> = >>> system keytab' and add the line

Hello! Our organization has since June had problems with samba on our web server incrementing keytab version numbers every month - precisely every month. Since apache2 with mod_auth_kerb isn't made aware of this, all our web sites go 503. The manual solution has been exporting new keytabs and reloading apache, but we haven't figured out why the KVNOS are incremented in the first place.

Hi all. I have the following setup: 1st dc is on CentOS 6 with Sernet samba 4.1.13 2nd dc is on Debian 7 with Sernet samba 4.1.13 The 2 dc work as expected. on CentOS I was able to configure sssd to work on Debian I'm using winbind Now I have a 3rd server which is CentOS 7 with samba 4.1.1 from CentOS repository. This system serves as a file server and works ok with samba, but I have a

Hello, This one is nasty... I followed the documentation on configuring sssd: https://wiki.samba.org/index.php/Sssd In the section on extracting the keytab, it says: - Extract the keytab for a domain account (you can use the machines[sic] account for that, too) and make sure it is readable only by root. The following example uses the machine account of the host „DC1“ So, I used the

On Wed, 22 Nov 2017 13:07:09 +0100 Herman Øie Kolden via samba <samba at lists.samba.org> wrote: > Hello! > > Our organization has since June had problems with samba on our web > server incrementing keytab version numbers every month - precisely > every month. Since apache2 with mod_auth_kerb isn't made aware of > this, all our web sites go 503. The manual solution

On Mon, 19 Feb 2024 12:21:53 +0100 Simon FONTENEAU via samba <samba at lists.samba.org> wrote: > Hello everyone, > > For the context, I'm trying to add support for offline join in WAPT > WADS OS deployment [1]. Currently WADS supports offline join of > Windows computers, and I want to add support for Linux computer using > SSSD as a authentication client (for the

In my small home network I have the following setup: main site at home: - AD-DC and - one file (member) server - one windows client and and - one Debian box - one backup server - router as VPN server during week near working place connected by VPN: - AD-DC (set up as VPN client) and - one file server - one windows client All the AD-DCs and the file servers run Samba 4.2-rc2, replication

Il 2014-12-31 18:24 Rowland Penny ha scritto: > > It expires because it was not created on the member server, having > said that, sssd should be able to update the keytab, I would suggest > that sssd is not setup correctly and as such, I think that you need to > take this problem to the sssd mailing list. > > If you decide to use winbind, which I can assure you will work,

> First, I suggest read : > https://wiki.samba.org/index.php/Keytab_Extraction I did. > Second, it his for > a member or AD-DC? Thats because of the location of the keytab and > the ad-dc creates its own keytab file. Thirth, are any other services > going to use it? Last, root must be able to write the keytab file. > They're members. The intent is to auto join clients

Hai Taner, > -----Oorspronkelijk bericht----- > Van: Taner Tas [mailto:taner76 at gmail.com] > Verzonden: donderdag 27 december 2018 12:30 > Aan: L.P.H. van Belle via samba > CC: L.P.H. van Belle > Onderwerp: Re: [Samba] Generating keytab on a read-only file system > > > > > > First, I suggest read : > >

Hello everyone, For the context, I'm trying to add support for offline join in WAPT WADS OS deployment [1]. Currently WADS supports offline join of Windows computers, and I want to add support for Linux computer using SSSD as a authentication client (for the persons who might dismiss this mail because of a certain keywords, yes it is related to sssd, but it triggers a Samba bug). I also

Hi all, I hope that this request for help will be the last one, for a while to come. Today, sernet support helped my sort out our DC mess, and they did a great job. However, sssd no longer works, and I hope someone here can help out. We used to have DC1, DC2 and DC3. DC1 was the classic-upgraded, first, 'original' DC, and had to be shutdown, unfortunately. So only DC2 and DC3

hi users a novice here hoping to grasp fundamentals soon I have a samba+sssd as a client to an AD - I have all the keytabs for a host(I think) but I noticed weird(to me at least) smbclient behavior. when I do: $ smbclient -L swir -U me at AAA.PRIVATE.DOM -k all works, clients sees local samba's shares, when I do: $ smbclient -L swir.private.aaa.private.dom -U pe243 at AAA.PRIVATE.DOM -k

Thanks very much for the quick response/info sir Server is joined to the domain, which, I think, the info I listed demonstrates, apologies if not sssd has nothing to do with Samba. >>I somewhat understand that sir. I listed mainly to provide info on auth methods and services on the host. In case not listing affected diagnosis, and just in case samba did something different interacting on

On 31/12/14 09:56, Rowland Penny wrote: > On 31/12/14 08:58, Alessandro Briosi wrote: >>>> Hi, how have you setup the fileserver ? >>>> Is it joined to the domain ? >>>> Can you post your fileservers smb.conf >> >>>> Rowland >> >> OT: Oops, wasn't subscribed to the mailing list :) >> >> Yes, server is joined to

Hello Jonathan and Rowlaand, Am 09.05.2015 um 17:46 schrieb Rowland Penny: > On 09/05/15 18:20, Jonathan Hunter wrote: >> Hi, >> >> I have a query about the use of sssd on a Samba4 DC. Background is as >> follows: >> >> I have two DCs and would like to synchronise files between the two >> machines. This is for sysvol replication - I am using lsyncd (

Hi, I have a query about the use of sssd on a Samba4 DC. Background is as follows: I have two DCs and would like to synchronise files between the two machines. This is for sysvol replication - I am using lsyncd ( https://code.google.com/p/lsyncd/ ) to trigger an rsync whenever files change. However I have hit a predictable problem, which is that since there is no synchronised UID mapping

Hello all, hope all is well/happy holidays Issues with an old thread out there, valid users containing an AD group Have tried this on systems running cent7u2 and ubuntu trusty. These systems are running sssd. I can login with AD users and chown/chgrp file with AD groups. However, I can't get AD groups to work with valid users for restricting share access. If I just set individual AD users,

Le 31/03/2016 11:44, Rowland penny a écrit : > On 31/03/16 10:04, Service Informatique IF wrote: >> Hi, >> >> I'm trying to use wildcard in keytab because i don't want join every >> computer, client for service NFS krb5. >> >> I add a spn like this >> >> # samba-tool spn add host/* nfs >> >> (I create user nfs before) >>