similar to: Problem with "kerberos method = secrets and keytab"

Hi Peter, thanks for your hints. The point is, that no /etc/krb5.conf was generated automatically when joining the domain (told in the wiki). Now I generated one manually and now it works. I'm not frustrated at all. I see a lot of advantages for me, even if it doesn't work. Right now we have a system with Bind9, OpenLDAP, Kerberos, NFS4, Samba3 on the server side. I had to configere

Am Freitag, 13. Februar 2015, 11:04:26 schrieb Rowland Penny: > On 13/02/15 10:26, Andreas Hauffe wrote: > > Hi Peter, > > > > thanks for your hints. The point is, that no /etc/krb5.conf was generated > > automatically when joining the domain (told in the wiki). Now I generated > > one manually and now it works. > /etc/krb5.conf is never created automatically

Hi Andreas, I convinced Rowland to change the wiki like that. You might want to check out the thread "Samba4 and sssd, keytab file expires?". Read it, and You will understand its implications. Even if it works now, it doesn't mean that it will work for long... The first thing I would check is the kerberos setup. I would also check, whether DNS is OK for both forward and

On 13/02/15 10:26, Andreas Hauffe wrote: > Hi Peter, > > thanks for your hints. The point is, that no /etc/krb5.conf was generated automatically when > joining the domain (told in the wiki). Now I generated one manually and now it works. /etc/krb5.conf is never created automatically when you join the domain, /etc/krb5.keytab is, so can you point to where in the wiki it says that the

On Mon, 19 Feb 2024 12:21:53 +0100 Simon FONTENEAU via samba <samba at lists.samba.org> wrote: > Hello everyone, > > For the context, I'm trying to add support for offline join in WAPT > WADS OS deployment [1]. Currently WADS supports offline join of > Windows computers, and I want to add support for Linux computer using > SSSD as a authentication client (for the

Hello everyone, For the context, I'm trying to add support for offline join in WAPT WADS OS deployment [1]. Currently WADS supports offline join of Windows computers, and I want to add support for Linux computer using SSSD as a authentication client (for the persons who might dismiss this mail because of a certain keywords, yes it is related to sssd, but it triggers a Samba bug). I also

Hello I don't know if this is normal behavior (does the djoin have the spn?): When a have kerberos method in smb.conf : kerberos method = secrets and keytab Joining with offlinejoin does not work: root at testjoinlinux:/# net offlinejoin requestodj loadfile=/root/djoin =============================================================== INTERNAL ERROR: Signal 11: Erreur de segmentation in net

A question regarding the “kerberos method” configuration option in smb.conf: Are there any practical differences between using ’secrets and keytab’ and ’system keytab’? I’ve been running Samba servers using both methods for a long time and both seems to work more or less fine, but since we’re having this “login hickup at 10 hour service ticket expiration problem” I’m trying to find out if this

Hi, I'm having trouble realizing a krb5auth with pam_winbind with trusted domain users (external trust) on our clients. The client is joined to a local domain, which has a "external trust" to a global domain. The following things are working for all users (local and trusted domain): "wbinfo -i" "wbinfo --pam-logon" "wbinfo -a" "kinit"

Hi, we are running a file server as member server of a windows 2012 domain. Now we are facing the problem, that some UIDs are not mapped to the user names by the running winbindd process. This results in "nobody" usernames for nfs shares mounted by other clients. When doing an "ls -l" in the homes directory on the member server (file server), the list looks like:

Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny

Hi, I'm having a problem with ssh and sssd in a samba4 ad environment. If I logon a linux client everything works fine. When entering klist I'm able to see my ticket. When I try to connect/logon to another linux client with ssh it is possible, but klist shows: klist: Credentials cache file '/run/user/$UID$/krb5cc/tkt' not found. So the ticket cache is not created during

Hai, > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Andreas Hauffe via samba > Verzonden: dinsdag 22 augustus 2017 11:26 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Winbind with krb5auth for trust users > > Hi, > > thanks for the fast answer. > > All DCs (local and trusted domain) running on

On Tue, 22 Aug 2017 13:51:24 +0200 Andreas Hauffe via samba <samba at lists.samba.org> wrote: > Hi, > > sorry for not reading the comment above idmap config. I uninstalled > and reinstalled samba and configs to remove all old id mappings and > so on. Then changed all configs as adviced. The id mapping is working > correctly (wbinfo -i) for local and trusted domain. But I

Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto: >>> OK, you can get winbind to update your keytab, you need to alter your >>> smb.conf slightly. You need to change 'kerberos method = secrets >>> only' >>> to either 'kerberos method = secrets and keytab' or 'kerberos method >>> = >>> system keytab' and add the line

Hello, I set up a new AD with the Sernet Samba 4.1 packages. I did the provisioning with "samba-tool domain provision --use-rfc2307 --interactive". I checked the dc, ldap, kerberos and dns services under linux. Everything seems to work fine. Then I join a Windows 8.1 Enterprise running in as VM to the domain and login as administrator of the domain. When I install the RSAT and try

Hi Am 09.03.20 um 16:32 schrieb Rowland penny via samba: > On 09/03/2020 14:25, Andreas Hauffe via samba wrote: >> [global] >> ??????? dedicated keytab file = /etc/krb5.keytab >> ??????? kerberos method = secrets and keytab > Why the dedicated keytab ? We have a kerberized NFS4 running on that machine, too. > >> workgroup = ILRW >> ??????? idmap config dom :

Hi Rowland, this posting ended a lot of grief I had with expired keytabs. While this is presumably an issue of sssd, I have no chance to attack the issue right at its root*). But rejoining the domain with the lines dedicated keytab file = /etc/krb5.memberserver.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes seems to fix it. Phew... Maybe You or someone

Hi, no, that's my fault. I changed the UIDs and user names in my "ls -l" to unpersonalized/example data for my mail and didn't think about putting these values into the range. A better unpersonalized data example would look like: ---------- drwx------ 43 DOM\user1        DOM\group  4096 Jan 10 08:00 user1 drwx------   5 DOM\user2        DOM\group  4096 Jan 11 08:13 user2

Hi, I have two member server and both with Samba 4.6.7. I'm using winbind for NSS and PAM. One of the member server is exporting an NFS4 mount which the other member server is mounting. For users with an rid-mapped uid below some value everything works fine. If the uid is above this value the group permissions are not evaluated and I'm getting a permission denied if a folder or file is