Displaying 20 results from an estimated 30000 matches similar to: "Install Bind with gss-spnego enabled"
2015 Apr 16
3
Install Bind with gss-spnego enabled
Hi Johnny,
Thank you for your response. I thought to choose the sernet package
because of the following stated in Samba Readme:
Samba packages shipped in some distributions like e. g. Fedora, RHEL may
not be able to be used as Samba AD DC, because the distribution relies on
MIT Kerberos which isn't supported by Samba yet. In this case build Samba
yourself or use the packages from SerNet or
2015 Apr 16
2
Install Bind with gss-spnego enabled
On 16 Apr 2015 14:29, "Johnny Hughes" <johnny at centos.org> wrote:
>
> On 04/16/2015 06:33 AM, Mike wrote:
> > Hi Johnny,
> >
> > Thank you for your response. I thought to choose the sernet package
> > because of the following stated in Samba Readme:
> >
> > Samba packages shipped in some distributions like e. g. Fedora, RHEL may
>
2015 Apr 16
0
Install Bind with gss-spnego enabled
On 04/16/2015 12:53 AM, Mike wrote:
> CentOS 7.1503 installed.
> Installed Samba 4 from sernet: Version 4.1.17-SerNet-RedHat-11.el7 (to be
> configured).
>
> The samba wiki Readme First page states, "Some distributions like . . . Red
> Hat Enterprise Linux (and clones), ship BIND9 packages with disabled
> GSS-SPNEGO option, which is required for signed DNS updates when
2015 Apr 16
0
Install Bind with gss-spnego enabled
On 04/16/2015 06:33 AM, Mike wrote:
> Hi Johnny,
>
> Thank you for your response. I thought to choose the sernet package
> because of the following stated in Samba Readme:
>
> Samba packages shipped in some distributions like e. g. Fedora, RHEL may
> not be able to be used as Samba AD DC, because the distribution relies on
> MIT Kerberos which isn't supported by
2017 Dec 04
4
Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed
Il giorno lun, 04/12/2017 alle 14.48 +0000, Rowland Penny via samba ha
scritto:
>
>
> The cure is to STOP your windows clients trying to update their own
> records.
Yes, this is true, on windows I will stop this service.
But my problem now is another
The samba command
samba_dnsupdate --verbose --all-names --fail-immediately
not work
It's possible to resolve this
2010 Sep 19
1
Suppressing the GSS-API SPNEGO negTokenInit message on Negotiate Protocol Response
Dear SAMBA experts,
I'm looking to emulate the behavior of some older Windows servers, mainly
old Win2k/XP machines.
On newer clients (possibly XP-SP2 and above), the SMB server will send a
GSS-API message at the end of the Negotiate Protocol Response packet
detailing the supported Security Service Providers by OIDs in a negTokenInit
structure. However, older servers did not send this message
2015 Apr 16
0
Install Bind with gss-spnego enabled
On Thu, Apr 16, 2015 at 6:03 PM, James Hogarth <james.hogarth at gmail.com>
wrote:
> This was required for kerberos secured updates prior to el7.1 and el6.6 ...
>
> The problem in the underlying kerberos libraries was resolved so that
> kerberos based updates worked with gss again and spnego doesn't need to be
> compiled in.
>
2015 Apr 17
2
Install Bind with gss-spnego enabled
On 17 Apr 2015 00:42, "Mike" <1100100 at gmail.com> wrote:
>
> On Thu, Apr 16, 2015 at 6:03 PM, James Hogarth <james.hogarth at gmail.com>
> wrote:
>
> > This was required for kerberos secured updates prior to el7.1 and el6.6
...
> >
> > The problem in the underlying kerberos libraries was resolved so that
> > kerberos based updates worked
2008 Aug 12
5
[PATCH] Support GSS-SPNEGO natively
I cooked this up while trying to figure out why thunderbird on Windows
w/ SSPI was not working, but it turned out thunderbird does not use
it, so I haven't been able to test it yet. I'm presenting it for
discussion only, unless someone else can try it :)
Modern versions of MIT kerberos support GSS-SPNEGO natively, but are
only willing to negotiate for kerberos tickets and not NTLM
2015 Apr 17
0
Install Bind with gss-spnego enabled
On Fri, Apr 17, 2015 at 7:46 AM, James Hogarth <james.hogarth at gmail.com>
wrote:
> It wasn't the bind package directly but rather an issue with the libkrb5
> libraries.
>
> This is the specific bug that fixed the issue:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1087068
>
> I'll get the samba wiki updated to make this clear.
>
Zoinks! I
2015 Apr 17
1
Install Bind with gss-spnego enabled
On 17 Apr 2015 13:04, "Mike" <1100100 at gmail.com> wrote:
>
> On Fri, Apr 17, 2015 at 7:46 AM, James Hogarth <james.hogarth at gmail.com>
> wrote:
>
> > It wasn't the bind package directly but rather an issue with the libkrb5
> > libraries.
> >
> > This is the specific bug that fixed the issue:
> >
> >
2018 Jan 07
1
Dynamic DNS Update Error GSS failure
Hi @ all,
I try to update the DNS records from my DHCP Clients to my AD DC but there
ist an issue with the GSSAPI I don't know how to solve.
For this I followed this guide.
https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_B
IND9
GSSAPI Error:
start_gssrequest
tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor
code may provide more
2017 Dec 04
0
Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed
Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
scritto:
> The samba command
>
> samba_dnsupdate --verbose --all-names --fail-immediately
>
> not work
I have add '-d 9' to dlz section
dlz "AD DNS Zone" {
# For BIND 9.11.x
database "dlopen /usr/lib64/samba/bind9/dlz_bind9_11.so -d 9";
};
And this is
2015 Apr 24
3
samba-check-db-script python failure
I upped 1.0.4 of the script..
I added checks if no DC's are found, error message and exits script,
so no python errors anymore, if i did it right. ;-)
on both DC's do the following.
and whats the output of :
cat /etc/hosts
cat /etc/resolv.conf
and
kinit Administrator
SETDNSDOMAIN=`hostname -d`
SETHOSTNAME=`hostname -s`
SERVER_IP_ADRESS=`hostname -i`
echo "Test domainname:
2017 Dec 04
2
Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed
On Mon, 04 Dec 2017 16:57:15 +0100
Dario Lesca via samba <samba at lists.samba.org> wrote:
> Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
> scritto:
> > The samba command
> >
> > samba_dnsupdate --verbose --all-names --fail-immediately
> >
> > not work
>
>
> Following this howto,
>
2017 Dec 04
2
Samba 4.7.2 + bind on Fedora 27: samba_dlz: spnego update failed
On Mon, 04 Dec 2017 16:31:16 +0100
Dario Lesca via samba <samba at lists.samba.org> wrote:
> Il giorno lun, 04/12/2017 alle 16.00 +0100, Dario Lesca via samba ha
> scritto:
> > The samba command
> >
> > samba_dnsupdate --verbose --all-names --fail-immediately
> >
> > not work
>
> I have add '-d 9' to dlz section
>
> dlz
2012 Sep 20
1
Samba4, DHCP, & BIND DLZ
Hello,
I have recently compiled, installed and configured samba4 to run on a FreeBSD server.
samba -V reports the version to be Version 4.1.0pre1-GIT-57990cb.
The server has working BIND 9.9 and ISC-DHCP services running on it.
I have provisioned samba 4 to use the BIND_DLZ DNS backend.
On the whole things seem to be working. local names are being resolved. phpLDAPAdmin shows the new
2018 Aug 21
1
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
On Tue, 21 Aug 2018 16:50:19 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> ; TSIG error with server: tsig verify failure
>
> Mayabe update/setup your TSIG key.
> https://access.redhat.com/documentation/en-us/openshift_enterprise/2/html/puppet_deployment_guide/generating_a_bind_tsig_key
>
> Im also wondering why RH is using :
2014 Dec 18
0
Samba 4 with squid3 (--helper-protocol=gss-spnego )
Hai,
?
Im know this might not be the place to ask, but im doing it anyway..? ;-)
?
Im testing an debian Jessie server with squid3 ( 3.4.8 )
Its running Debian Samba 4.1.13 with winbind.
?
Im having troubles, to get the squid auth working.
So my question is is someone here using kerberos authentication on squid. ( 3.4.x )
Or someone who is using the gss-spnego helper protocol.
?
Im using this
2013 Feb 09
1
GSS-SPNEGO with dovecot and Outlook without Samba
I am trying to configure a dovecot2 IMAP server to inter-operate with
a active directory to authenticate users. The users should be able to
login without a password on a domain-joined client(Outlook). Is it
possible to do this only with kerberos? I don't want to put a crappy
winbind on my mailserver... I already configured my server to
authenticate via kerberos(GSSAPI), but Outlook does not