similar to: Question on Kerberos (GSSAPI) auth

On Jan 17, 2017, at 9:57 AM, Douglas E Engert <deengert at gmail.com> wrote: > On 1/16/2017 2:09 PM, Ron Frederick wrote: >> I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462.

(I hope this message is appropriate for these lists. If not, please tell me and I won't do it again.) Hi All. There will be a new release of OpenSSH in a couple of weeks. This release contains Kerberos and GSSAPI related changes that we would like to get some feedback about (and hopefully address any issues with) before the release. I encourage anyone with an interest in

Hai,   I had some users today that couldnt login. Windows stopped at the “Welcome” screen.     Now, i checked the logs and i noticed a change in winbind. i noticed 2 logs files with increase a 1000% in size.  log.winbindd-idmap and log.wb-NTDOM     Before ( samba 4.4.5 ) log.winbindd-idmap [2016/09/30 11:32:37.040567,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

On 5/17/2020 5:29 AM, Rowland penny via samba wrote: > On 17/05/2020 00:24, James Atwell wrote: >>>> So I suppose I still have trouble with my domain. >>>> >>>> root at pfdc1:/# net ads user info administrator -U administrator >>>> >>>> Enter administrator's password: >>>> kerberos_kinit_password SAMBA at SAMBA.LOCAL

Hi, I used Samba 4.0.5 in Wheezy. Here is that I have done: --------------------------------------------------------------- samba-tool domain provision --realm=CHEZMOI.PRIV --domain=CHEZMOI \ --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass='+toto123' echo "nameserver 192.168.0.21" > /etc/resolv.conf samba ln -s /usr/local/samba/lib/libnss_winbind.so

On 5/17/2020 1:43 PM, Rowland penny via samba wrote: > On 17/05/2020 16:54, James Atwell wrote: >> >> Strange results on a domain member >> >> jatwell at osticket:~$ net ads user info administrator -U administrator >> Enter administrator's password: >> create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for >> file

> You might want to take a look at "Integrating Red Hat Enterprise Linux 6 with Active Directory". It's the best document I've seen on this topic. I found that Samba/Kerberos/Winbind is the most complete solution for attaching a Samba fileserver in my AD environment. https://access.redhat.com/sites/default/files/attachments/rhel-ad-integration-deployment-guidelines-v1.5.pdf

Hi List, I am currently testing inter-forest trusts between a pair of AD domains. All DCs and member servers are using Sernet Samba 4.4.5. I have set up conditional forwarding in by Bind setup (I'm using BIND9_DLZ) and all machines can resolve each other. On the DCs, I can see users from the other side of the trust using wbinfo -u --domain=<other domain>. In addition if I set up ID

On Sat, 12 Aug 2017 05:56:36 +1200 Andrew Bartlett via samba <samba at lists.samba.org> wrote: > On Fri, 2017-08-11 at 08:02 -0400, Ing. Luis Felipe Domínguez Vega via > samba wrote: > > gss_init_sec_context failed with [ The context has expired: Success] > > SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: > > NT_STATUS_INTERNAL_ERROR > > Can you please show

> Not sure what would cause that error message, nor have I experienced it. Looks like other people have seen it: > https://www.google.com/?gws_rd=ssl#q=gss_init_sec_context+failed+with+%5BUnspecified+GSS+failure.++Minor+code+may+provide+more+information:+No+credentials+cache+found I found no way to get rid of this, although everything seems to work fine. Red Hat need to push out an update

hi users a novice here hoping to grasp fundamentals soon I have a samba+sssd as a client to an AD - I have all the keytabs for a host(I think) but I noticed weird(to me at least) smbclient behavior. when I do: $ smbclient -L swir -U me at AAA.PRIVATE.DOM -k all works, clients sees local samba's shares, when I do: $ smbclient -L swir.private.aaa.private.dom -U pe243 at AAA.PRIVATE.DOM -k

Hi All Is this behaviour expected in smbclient: I have a kerberized Samba server and a share that works as expected on desktop clients, but when I use smbclient with a valid ticket with the -k flag I get a KDC lookup failure kev at client:/home/testuser$ smbclient -k -L //fileserver gss_init_sec_context failed with [ Miscellaneous failure (see text): unable to reach any KDC in realm LAN]

http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-10-17 21:13 ------- Please commit the patch http://bugzilla.mindrot.org/attachment.cgi?id=396&action=view and close this bug. KRB5 does not work, but I don't care anymore as there's krb4 patch from ftp://ftp.mcc.ac.uk/pub/misc/ssh/ . :) Thanks! ------- You are

Hello, Based on the GSS userauth code that went into 3.7p1, I have made a patch to make OpenSSH support an alternative Kerberos 5 implementation called Shishi, via an alternative GSS-API implementation called GSSLib. The reason behind this message is mostly to let you know that another pair of eyes has been reading GSS userauth code in OpenSSH, and my impression is that it looks pretty good. I

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

On 5/16/2020 2:02 PM, Rowland penny via samba wrote: > On 16/05/2020 18:41, James Atwell wrote: >> >> On 5/16/2020 9:55 AM, Rowland penny via samba wrote: >>> On 16/05/2020 14:40, James Atwell wrote: >>>> >>>> On 5/16/2020 5:00 AM, Rowland penny via samba wrote: >>>>> On 15/05/2020 19:52, James Atwell via samba wrote:

I updated to the latest versions of libfido2 and openssh-portable tonight, with an intention to test out the security key functionality and look closely at the changes over the last couple of months to see if I need to change anything in my AsyncSSH implementation to stay in sync. However, it seems that libfido2 no longer provides the ?libsk-libfido2.so? library that it used to. That was something

Hello, Sorry for take so long to answer, but I was not able to do the tests because the computer is in use and out of my office. Finally I've progressed in this topic with realmd, sssd and autofs, but now I'm locked on mounting shares from my member server. I'm able to use autofs and smbclient to mount and connect to sysvol share on my DC server, but when I try to connect to my

Hello, I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab environment, set up like this: https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up-a-samba-4-domain-controller-on-debian-9/ I would now like to configure this server to enable login via domain credentials. I'm aware that the Samba wiki recommends the following: -

This is with -d10, I test in Windows 10 (joining to domain) and same error, "Internal error". One thing, I don't execute the domain provision command because I put all the files created in the old server into the new server, that's metter??? INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10