similar to: gssproxy items...

Displaying 20 results from an estimated 2000 matches similar to: "gssproxy items..."

2015 Jun 30
0
gssproxy items...
Erik Laxdal wrote: > Hi, > > I've been working on some systems trying to get kerberized nfsv4 and > kerberized web services going on 7. Kerberized nfsv4 was working with > 7.0, but with the 7.1 release it stopped working, the key difference > between the two setups is that gssproxy wasn't being used with 7.0, but > seems to be key with 7.1. > > The problem I am
2019 Jul 10
2
Winbind issues with AD member file server
I agree that this sounds like, and indeed is, a recipe for disaster. I was going to explain some of the woes of our environment but I don't think it's actually relevant after looking at my problem a bit more. If I'm way off base I'm happy to be herded back, but please tolerate me as I share what I am seeing today because I really hope to solve the narrow issue of SMB file access
2018 Oct 10
1
NFSv4, homes, Kerberos...
Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny
2019 May 02
3
[Fwd: [Bug 1699331] gssproxy segmentation fault]
Hi, folks, Especially Johnny - could you possibly push this fix through as soon as upstream puts it out? It's a real issue for us - we've had a number of servers whether gssproxy keeps SEGVing, which hits NFS and samba. Thanks in advance. mark ---------------------------- Original Message ---------------------------- Subject: [Bug 1699331] gssproxy segmentation fault
2019 May 08
1
[Fwd: [Bug 1699331] gssproxy segmentation fault]
Hi, Johnny, Johnny Hughes wrote: > On 5/2/19 9:15 AM, mark wrote: >> >> Especially Johnny - could you possibly push this fix through as soon as >> upstream puts it out? It's a real issue for us - we've had a number of >> servers whether gssproxy keeps SEGVing, which hits NFS and samba. > > See if this fixes your issues .. if do, let me know and we can
2019 May 08
1
[Fwd: [Bug 1699331] gssproxy segmentation fault]
Hi, Johnny, Johnny Hughes wrote: > On 5/2/19 9:15 AM, mark wrote: >> >> Especially Johnny - could you possibly push this fix through as soon as >> upstream puts it out? It's a real issue for us - we've had a number of >> servers whether gssproxy keeps SEGVing, which hits NFS and samba. > > See if this fixes your issues .. if do, let me know and we can
2019 Jan 25
2
C 7 and gssproxy
Ok, folks, I brought this up some time ago, and got no replies. We have a good number of systems - > 100 - and we use sssd. On the C 7 boxen, which is most of them, gssproxy *frequently* (like once a day or so) dies with a SEGV. It restarts fine. Dies again eventually. ARE other people seeing this? If so, I guess we get to file a bug report with upstream. Speaking as an old C
2016 Oct 19
1
SSH Weak Ciphers
Once upon a time, Erik Laxdal <elaxdal at ece.uvic.ca> said: > The supported KexAlgorithms, Ciphers, and MACs are generally listed > in the sshd_config man page. So 'man sshd_config' then look for the > section of the item of interest. Note that the man page does not always match the actual compiled binary (the build process does not update the man page to match
2018 Jan 19
1
idmap limit?
Hi, yes, there are some things. But I have not found a nice complete documentation. One main point is the domain name as prefix of the username of the parent domain, e.g. "DOM\user1", you have to use. I was not able to get rid of it, as the client is member of the subdomain which is the default. So you can't use the "default domain" option in smb.conf. The backslash
2019 Jul 10
0
Winbind issues with AD member file server
On 10/07/2019 17:20, Eric Shell via samba wrote: > I agree that this sounds like, and indeed is, a recipe for disaster. I was > going to explain some of the woes of our environment but I don't think it's > actually relevant after looking at my problem a bit more. If I'm way off > base I'm happy to be herded back, but please tolerate me as I share what I > am seeing
2019 Jul 10
1
Winbind issues with AD member file server
> > When I try to > > access even an already-mounted NFS directory to which I have permission, > > gssproxy complains: > > > > Jul 10 08:55:51 smb gssproxy: gssproxy[1469]: (OID: { 1 2 840 113554 1 2 > 2 > > }) Unspecified GSS failure. Minor code may provide more information, > > Client 'host/smb.soe.ucsc.edu at AD.SOE.UCSC.EDU' not found in
2019 May 08
0
[Fwd: [Bug 1699331] gssproxy segmentation fault]
On 5/2/19 9:15 AM, mark wrote: > Hi, folks, > > Especially Johnny - could you possibly push this fix through as soon as > upstream puts it out? It's a real issue for us - we've had a number of > servers whether gssproxy keeps SEGVing, which hits NFS and samba. > Mark, See if this fixes your issues .. if do, let me know and we can get it released into the fasttrack
2016 Aug 02
0
CEBA-2016:1527 CentOS 7 gssproxy BugFix Update
CentOS Errata and Bugfix Advisory 2016:1527 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1527.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 6a9a1160f894ed26bbdf4ca9ea1565fd5b28195000bdb3a2dc1945fc76c59e66 gssproxy-0.4.1-8.el7_2.x86_64.rpm Source:
2019 Jul 09
2
Winbind issues with AD member file server
Hi Rowland, Currently Domain Users doesn't have a gidNumber because it didn't have a corresponding group in OpenLDAP, which is our master directory. The primary Unix group gidNumber for each user is replicated from their OpenLDAP records, but the AD groups have a suffix due to historical name collisions - a POSIX group called harry would be harry-group in AD, but with a matching
2019 Jan 28
0
C 7 and gssproxy
On 1/25/19 10:27 AM, mark wrote: > Ok, folks, > > I brought this up some time ago, and got no replies. We have a good > number of systems - > 100 - and we use sssd. On the C 7 boxen, which is > most of them, gssproxy *frequently* (like once a day or so) dies with a > SEGV. It restarts fine. Dies again eventually. > > ARE other people seeing this? If so, I guess
2018 Oct 09
10
NFSv4, homes, Kerberos...
I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as
2020 Nov 12
1
nfs root kerberos
On 12/11/2020 14:19, Jason Keltz via samba wrote: > > On 11/12/2020 8:52 AM, Rowland penny via samba wrote: >> On 12/11/2020 13:27, Jason Keltz via samba wrote: >>> >>> On 11/12/2020 8:17 AM, Rowland penny via samba wrote: >>>> On 11/11/2020 10:54, Jason Keltz via samba wrote: >>>>> Hi Louis, >>>>> I've looked into that
2002 Mar 25
2
Using kerberized SSHD. Question.
I have a kerberized SSHD installed on HOST-1, a login server for the outside world. How can I make it so users are still authenticated via kerberos, even though they haven't yet received a ticket? The main reason for this is that a user who is at home, no vpn, but has an ssh client could then login and be authenticated by kerberos using password authentication, get a ticket, then be allowed
2020 Nov 12
2
nfs root kerberos
On 12/11/2020 13:27, Jason Keltz via samba wrote: > > On 11/12/2020 8:17 AM, Rowland penny via samba wrote: >> On 11/11/2020 10:54, Jason Keltz via samba wrote: >>> Hi Louis, >>> I've looked into that and I'm not sure how this would be done? >>> By the way, even with your NFS translation fix (which doesn't work >>> for me because
2013 Jun 05
3
Samba4 and NVSv4
Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My