similar to: Samba4 kinit issue with principal and keytab file

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at

Hi Rowland, Yes, I read this documentation carefully. I have two working Apache2 with kerberos authentication working. My question is more about troubleshooting a keytab. If I need to test manually a keytab file chalenging a specific principal, what's the prefered method ? I thougt that a kinit could be done using a principal name, but I am unable to kinit with somehting else than the

Hi Rowland, Thanks for your help again. I understand the difference between the UPN (User Principal Name) and the SPN (Service Principal Name). But in your second exemple, you never mention the SPN, neither in the keytab export or in the kinit command. Does that means that there is no kinit possible using the SPN? So I am worried of what is the benefice of adding a SPN to a user instead of

Hi all, As many of us, I'm trying to find a way to have a failover solution for a Samba domain. The actual choice has been (because of hardware cost) to have only 1 physical xen-based server (ubuntu 14.04) that do (dom0) : - DHCP server (LAN) - NTP server - firewall - proxy - DNS server Then 4 VMs running for: - Samba Domain controller - Samba Domain member (file server) - Apache2 server -

Hi. I'm using Samba 4 on two Zentyal servers as Domain Controller and now I have to authenticate some services to it (Apache and PAM in particular). The LDAP integration asks me for a LDAP bind password, but I cannot find out where it is on Zentyal. Is there a way to check (or change it) directly on Samba 4? Or is it preferable to authenticate against Active Directory or Kerberos? Thank you

On Thu, 27 Aug 2015 23:03:39 -0400 Robert Moskowitz <rgm at htt-consult.com> wrote: > > On 08/27/2015 08:45 PM, Jim Seymour wrote: > > On Thu, 27 Aug 2015 17:00:28 -0400 > > Robert Moskowitz <rgm at htt-consult.com> wrote: > > > >> Ah, LDAP is included within Samba, I find. Don't install provided > >> one... [snip] > > >

Hai, ? I have some strange things and i cant figure out whats going on. The problem is the my domain users and the extra Domain Admin ( Admin )? cant access my member server ( and shares ) ? ? When?i login with the DOMAIN\Administrator it all works fine, can access all shares not popups with authorisation requests. ? but as DOMAIN\Admin ( has the same rights as domain Administrator ), is added

I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,

I actually spent the entire last day getting 'ad' backend to work. Adding 'idmap config SAMDOM : backend = ad' and related lines in the client's smb.conf results in `getent passwd` ... Use : getent passwd username Check if wbinfo -u works also. As tip, if you try these. id username getent passwd username wbinfo -u | grep username If all work and show your usename,

On Sat, 29 Jun 2024 22:10:12 -0700 christian baltini <christian.baltini at gmail.com> wrote: > Hello Rowland, I see that and an trying to recreate the script logic > line-by line in the terminal as a proof of understanding, but I am > having some trouble. > > Here is what I am trying: > > ?kinit administrator? - I then provide username and password, You should just

Hello Rowland, I see that and an trying to recreate the script logic line-by line in the terminal as a proof of understanding, but I am having some trouble. Here is what I am trying: ?kinit administrator? - I then provide username and password, and get /tmp/krb5cc_0 ? I understand this is equivalent what the script is generating with the exported keytab file, is this correct? I then try this

Hai, > -----Oorspronkelijk bericht----- > Van: Harpoon [mailto:harp00n at protonmail.com] > Verzonden: vrijdag 18 januari 2019 9:24 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] SSH SSO without keytab file > > Thanks for the prompt reply! Your welkom. > > > I did see that you are using Administrator, and thats the problem.

Hi samba --version Version 4.0.6-GIT-4bebda4 smb.conf: [users] path = /home/users read only = No Working on the DC which is also the fileserver user steve2 can write to his folder at /home/users/steve2 But if we now mount the share: sudo mount -t cifs //doloresdc/users /mnt -osec=krb5,multiuser he can't write to the mounted share at /mnt/users/steve2 He gets 'Permission denied'.

Hai, Lets start here. Handy for us to know. OS? Samba version? AD or member setup? And I suggest, set this in the ssh server. # GSSAPI options GSSAPIAuthentication yes Restart the ssh server and try to SSO login. If its a AD server this should work. Yes, you dont get home dir etc, end up in / after login, but lets check if this works. Greetz, Louis > -----Oorspronkelijk

Hi, I set up a samba 4 in Debian 9.9 as a Domain member server, but authentication is not working as follows: root at srv-proxy:/etc/samba# wbinfo -a marcio at EMPRESA.COM.BR Enter marcio at EMPRESA.COM.BR's password: plaintext password authentication succeeded Enter marcio at EMPRESA.COM.BR's password: challenge/response password authentication failed wbcAuthenticateUserEx(+marcio at

On Fri, 28 Jun 2024 13:07:06 -0700 christian baltini via samba <samba at lists.samba.org> wrote: > Hello all, > > I am looking to rewrite the shell script here > (https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records) > in Python. Basically most of that script is written to check if a kerberos ticket exists and is current and then the ticket is used with

> ............ > > > You can, provided you have a user.map in smb.conf > > Oeps, Ah yes, forgot that, because he was testing on the DC. > And DC's dont use the user.mapping. > > Thanks for the correction. With regard to tdb ipmap, I set this parameter on domain member. Domain controller has no such parameter set. I'll look into the other useful suggestions you

> On Jun 30, 2024, at 12:11?AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Sat, 29 Jun 2024 22:10:12 -0700 > christian baltini <christian.baltini at gmail.com> wrote: > >> Hello Rowland, I see that and an trying to recreate the script logic >> line-by line in the terminal as a proof of understanding, but I am >> having some

Hi all, I have samba4.2 (Version 4.2.0pre1-GIT-6d2f56d) as AD domain controller. Some users can only logon to specific window workstation. Now, we want to configure the samba AD as the user authentication of squid. I use the following configuration in squid. The users without workstation limitation can successfully authenticate to squid, but the user with workstation limitation cannot.

Hai, ? I was wondering, has anybody tried the sernet samba 4 applicance of installed the deb files of the appliance?on a debian (squeeze) server, in combination with zarafa and if so, whats the experiance. ? I want to move my samba 3 pdc to samba 4 AD ( on new server ) and i want to move my current zarafa server to samba4 integrated setup. which is in the applicance, as i saw here :