Displaying 20 results from an estimated 4000 matches similar to: "Samba4 kinit issue with principal and keytab file"
2015 Feb 12
2
Samba4 kinit issue with principal and keytab file
Hi All !
Using Samba Version 4.1.12, updated from source from
4.0beta1
I've created a user, let say kerbuser, for a web server to
authenticate with kerberos and provide SSO to the end-users.
In my
example, my domain is MYDOMAIN.LOCAL, the apache server is
webserver.mydomain.local and the AD user is kerbuser
I've added a
principal on the user and exported everything in a keytab so
2015 Feb 16
0
Samba4 kinit issue with principal and keytab file
Hi Rowland,
Thanks for your help again. I understand the
difference between the UPN (User Principal Name) and the SPN (Service
Principal Name).
But in your second exemple, you never mention the
SPN, neither in the keytab export or in the kinit command.
Does that
means that there is no kinit possible using the SPN?
So I am worried
of what is the benefice of adding a SPN to a user instead of
2015 Feb 12
1
Samba4 kinit issue with principal and keytab file
Hi Rowland,
Yes, I read this documentation carefully. I have two
working Apache2 with kerberos authentication working.
My question is
more about troubleshooting a keytab. If I need to test manually a keytab
file chalenging a specific principal, what's the prefered method ?
I
thougt that a kinit could be done using a principal name, but I am
unable to kinit with somehting else than the
2019 Jan 11
2
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
On Fri, 11 Jan 2019 16:13:50 +0000 (UTC)
Billy Bob <billysbobs at yahoo.com> wrote:
>
>
> On Friday, January 11, 2019 3:14 AM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> >I have no idea where the above is coming from, but it isn't from
> >the dhcp scripts.
> >
>
> I don't know what to tell you,
2019 Jan 11
2
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
On Friday, January 11, 2019 11:20 AM, Billy Bob via samba <samba at lists.samba.org> wrote:
On Friday, January 11, 2019 10:44 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:
On Fri, 11 Jan 2019 16:13:50 +0000 (UTC)
Billy Bob <billysbobs at yahoo.com> wrote:
>>> Here is what the logs show WITHOUT the -d option:
>>>
>>> Jan
2016 Dec 21
1
Problem with keytab: "Client not found in Kerberos database"
Am 20.12.2016 um 14:50 schrieb Brian Candler via samba:
> (2) Can "net ads keytab create" be told to extract just a single named
> principal? That would simplify things. But I can't see how to.
>
> As usual... clues gratefully received.
samba-tool domain exportkeytab [keytabfile] --principal=[SPN or UPN]
In your case
samba-tool domain exportkeytab /etc/krb5.keytab
2015 Mar 05
2
creating Kerberos host principals for multiple hostnames, multihomed server
Hi!
I maintain Linux servers that are members of a Samba4 Domain.
User authentication / login via ssh works fine with Kerberos.
But: only via one hostname.
Those machines need a working Kerberos login via multiple hostnames
(each hostname has its own IP address and DNS is set up correctly.)
"net ads keytab list" of course gives me the main hostname that was in
use when joining the
2016 Sep 14
1
Exporting keytab for SPN failure
> On Sep 14, 2016, at 12:57 PM, Achim Gottinger <achim at ag-web.biz> wrote:
>
>
>
> Am 14.09.2016 um 18:23 schrieb Michael A Weber:
>>
>>> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>>>
>>>
>>>
>>> Am 14.09.2016 um 05:53
2014 Mar 04
1
keytab question.
Hai,
?
Im working on my dhcp server + dns setup with samba4.?
?
i've exported the?keytabs
?
samba-tool domain exportkeytab?/home/krb5.keytab.samba4
?
when i read the contents of this keytab
?
ktutil
rkt /home/krb5.keytab.samba4
list
?? 1??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD
?? 2??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD
?? 3??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD
??
2016 Sep 14
5
Exporting keytab for SPN failure
> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>
>
> Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba:
>> Experts—
>>
>> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error:
>>
>> ERROR(runtime): uncaught exception - Key table entry not
2016 Dec 20
4
Problem with keytab: "Client not found in Kerberos database"
I finally found it, thanks to a clue from
https://wiki.archlinux.org/index.php/Active_Directory_Integration
This works:
kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$'
These don't work:
kinit -k -t /etc/krb5.keytab
kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net
kinit -k -t /etc/krb5.keytab host/wrn-radtest
That is: the keytab contains three different principals:
root
2018 Dec 12
5
GSSAPI/Kerberos authenticate with Dovecot
Hello,
I try to setup Dovecot with Kerberos/GSSAPI and use this howto:
https://wiki.samba.org/index.php/Authenticating_Dovecot_against_Active_Directory#Create_the_Dovecot_user_and_keytab
I also try https://wiki.dovecot.org/Authentication/Kerberos
I can login as windows user on win7 and access shares.
When I open Thunderbird I get the message:
"kerberos/gssapi ticket was not accepted"
2019 Jan 11
2
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
On Thu, 10 Jan 2019 22:23:41 +0000 (UTC)
Billy Bob <billysbobs at yahoo.com> wrote:
>
>
> On Thursday, January 10, 2019 2:56 PM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
>
>
> >Uncomment line 10, adjust it for prefix if Samba isn't in /usr/local and then try again.
> Here it is with script properly configured.
> Regarding
2018 May 12
3
Keytab extraction for tshark analyze
Hi, i'm trying to analyze kerberos traffic using tshark (Samba 4.8.1 on
Centos 7).
I can't figure out how to extract keytab with password/keys.
I follow precisely the instructions at
https://wiki.samba.org/index.php/Keytab_Extraction
But it seems like I only get slot, kvno and principal, can't find a way to
get passwords or keys.
Any idea someone ?
ktutil: rkt decode.keytab
ktutil:
2016 Jun 27
6
Where is krb5.keytab or equivalent?
> ... you don't get the /etc/krb5.keytab by default on a DC, you will need
> to create it:
>
> samba-tool domain exportkeytab /etc/krb5.keytab
Excellent! Thank you. I've done that now, but I have more issues more appropriate to a reply to mathias' message following.
--Mark
-----Original Message-----
> To: samba at lists.samba.org
> From: Rowland penny <rpenny
2018 Feb 05
6
Using Samba AD for NFSV4 Kerberos servers and clients
Thanks Luc,
First, can I just use the small /etc/krb5.conf suggested in Samba AD
docs or do I need something more substantial on the server & client for
Kerberos NFS to work?
[libdefaults]
default_realm = SUBDOMAIN.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
I understand a /etc/krb5.keytab file has to be created on both server &
client. Most
2015 Jan 22
2
ACL ignored on cifs mounted share
Am 22.01.2015 um 12:28 schrieb Rowland Penny:
> On 22/01/15 10:53, Norbert Heinzelmann wrote:
>> Hello,
>>
>> I have the problem that the ACLs are ignored when I mount a share via
>> cifs. I have an AD with Samba 4.1.6 Ubuntu 14.04 (but I also tried it
>> with Gentoo and samba 4.1.14). So I joined a member server like the
>> wiki describes. Everything
2015 Jan 23
2
ACL ignored on cifs mounted share
Am 22.01.2015 um 17:17 schrieb Rowland Penny:
> On 22/01/15 12:57, Norbert Heinzelmann wrote:
>> Am 22.01.2015 um 12:28 schrieb Rowland Penny:
>>> On 22/01/15 10:53, Norbert Heinzelmann wrote:
>>>> Hello,
>>>>
>>>> I have the problem that the ACLs are ignored when I mount a share
>>>> via cifs. I have an AD with Samba 4.1.6 Ubuntu
2015 Jan 23
1
ACL ignored on cifs mounted share
Am 23.01.2015 um 10:19 schrieb Rowland Penny:
> On 23/01/15 07:34, Norbert Heinzelmann wrote:
>>
>> Am 22.01.2015 um 17:17 schrieb Rowland Penny:
>>> On 22/01/15 12:57, Norbert Heinzelmann wrote:
>>>> Am 22.01.2015 um 12:28 schrieb Rowland Penny:
>>>>> On 22/01/15 10:53, Norbert Heinzelmann wrote:
>>>>>> Hello,
2016 Jan 18
4
[samba4] DNS updates
Hi all,
I would like to be able to rely on samba given tools to manage my DNS
entries but until now, I failed.
>From what I have understood there is one and only one tool responsible to
update DNS: samba_dnsupdate.
Is that previous affirmation true?
I had issue with DNS backend set to internal DNS server: samba_dnsupdate
was almost never working.
So I switched to Bind-DLZ as advised here