similar to: Samba4 kinit issue with principal and keytab file

Hi All ! Using Samba Version 4.1.12, updated from source from 4.0beta1 I've created a user, let say kerbuser, for a web server to authenticate with kerberos and provide SSO to the end-users. In my example, my domain is MYDOMAIN.LOCAL, the apache server is webserver.mydomain.local and the AD user is kerbuser I've added a principal on the user and exported everything in a keytab so

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at

Hi Andrew, Thanks for your reply. We tried successfully the --full-sync option from first to second DC. Unfortunately, afterwards the second DC was still in a corrupted state. The "Deleted Objects" still contained the ugly groups with the missing attribute... So we achieved to get a successfull replication after editing the "deleted objects" with ldbedit. We have deleted

Hi Rowland, Thanks for your help again. I understand the difference between the UPN (User Principal Name) and the SPN (Service Principal Name). But in your second exemple, you never mention the SPN, neither in the keytab export or in the kinit command. Does that means that there is no kinit possible using the SPN? So I am worried of what is the benefice of adding a SPN to a user instead of

Hi samba4 mates ! We work with a Samba4 in production (10 users) from a few month now, and we wonder about the new specific policy templates that can be created by Microsoft in their recent (or future releases, but we are not rushed) releases. How could we add them to the AD to be able to apply them to the hosts? For example, with windows 7 there is a *new* policy in the Computer

Hi Rowland, and many thanks for fast reply, When using --noexpiry, the userAccountControl is set to 66048, which disable expiry for password as well (in MS console, "password never expires" is now checked). This means that the password expiry (let say, every 6 month) will never popup again to the user, which is in my sense a wrong behaviour. Is there a way to change ONLY

Hi Rowland and list, I allow myself to give a UP to my message in case someone has an idea. Thanks, --Oliver Le 2023-05-24 15:55, Olivier BILHAUT via samba a ?crit : > Hi Rowland, and many thanks for fast reply, > > When using --noexpiry, > the userAccountControl is set to 66048, which disable expiry for > password as well (in MS console, "password never

On 26/05/2023 14:44, Olivier BILHAUT wrote: > Thanks Rowland, > > I'll give a try to ldbmodify, even if I prefer to avoid modifying > directly ldb files. > > What do you think samba-tool does ? Using samba-tool to set expiry, ultimately does this: setexp = """ dn: %s changetype: modify replace: userAccountControl userAccountControl: %u

I am hoping someone will tak up this chalenge (I am new to R) I have inheritied an R script but need to change it. The script currently includes hardcoded file locations on lines 12,166 and 167. I need to modify this script to allow the folder to be passed as a command line argument to Rscript.exe Can anybody help please? Regards, Ian http://www.nabble.com/file/p25924237/My_script.R

Hi list :) I am looking for the right command to achieve my goal. I would like to remove the account expiry date of an ACCOUNT with a samba-tool command (account never expires) Options of "samba-tool user setexpiry" are : --filter=FILTER LDAP Filter to set password on --days=DAYS Days to expiry --noexpiry Unfortunately, the "noexpiry" parameter just set another option

Hi friends. This morning waking up is painfull. We've got a great CUPS+Samba+Winbind print server sharing 30+ printers to our windows clients. Until this morning no issue, used on production for a couple of weeks. Today, the printer shares became unbrowsable from windows. We can see the printers names from samba share : "\printserver", but when we click on the "Show

Hi ! I bounce on the Mr Sloop's post ([Samba] DDNS / DHCPd && Internal DNS or BIND_DLZ) to ask what's the easiest way to allow Linux clients to update themself their DNS record in the Samba4 AD server (with BIND_DLZ Dns server). It works well with windows clients, but with Linux clients joined to the domain, with a valid Kerberos ticket, the client receive a error

Hi to Samba list, dev, contributors and all the community. We are samba users for a long time now, and S4 since the early alpha version. We run now 5 DC for 700 users in our hospital and are very enthusiastic. This is definitely a great project. But now, we face a new challenge. We look over a new authentication method rather than the old user/password. Because we have many users switching

Hi Samba List! We are using Samba Version 4.1.12 on two master DC. We've noticed that a corrupted group has been created, we tried to delete it, and since then, the replication fail between the two DC. The result of the command : "samba-tool drs showrepl" is the following : On the first DC, INBOUND NEIGHBORS : Last attempt @ Wed Feb 4 11:26:41 2015 CET failed, result 58

On Mon, 2018-03-19 at 11:55 +1300, Garming Sam via samba wrote: > Hi, > > Maybe this page might be helpful. I don't know how up to date it is, but > the expectation seems to be that it should be able to work with > alternative forms of authentication (with Kerberos PKINIT). > > https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login Yeah, I think something that

hello NG, my config: - SuSe 8.1 box with Samba (2.2.5 running as PDC) and a FTP server. - Windows XP and 2k clients with shared directories my problem: i want that the shares of the Windows- clients to get mounted automatically while booting to a mountpoint of the Linux- box (the FTP- directory) until now, i have tried to solve this problem like this: i have added the commands preexec and

>> what is in '/usr/bin/dhcpd-update-samba-dns.sh' ? # will receive addresses from this DHCP server. Instructions are found here: # https://wiki.archlinux.org/index.php/Samba_4_Active_Directory_Domain_Controller#DHCP sleep 5 checkvalues() { [ -z "${2}" ] && echo "Error: argument '${1}' requires a parameter." && exit 1 case ${2} in -*) echo

Hello, there is an article in the wiki about DDNS: https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 Dose anyone has a solution for doing the same with IPv4 AND IPv6? Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL:

Hi the list, I am a member of the organizing comity of the French Statistics Association (SFdS)'s conference. We are looking for sponsors. Some software (SAS, RITME, ...) are represented. Do you know if there is any possibility to be sponsored by R (or by an association close to R)? Do you think I can ask to the R fondation? Sincerely Christophe -- Christophe Genolini Maître de

what is the purpose of get_arg()? should it return the option itself and/or the arguments passed to an option? this patch returns either 'rw' or '/dev/nfs' if name was root=/dev/nfs --- usr/klibc/klibc-0.81.orig/kinit/kinit.c 2003-06-01 08:18:41.000000000 +0200 +++ usr/klibc/klibc-0.81/kinit/kinit.c 2003-11-22 19:19:17.000000000 +0100 @@ -181,10 +181,15 @@ char *get_arg(int