similar to: Samba4 kinit issue with principal and keytab file

Hi All ! Using Samba Version 4.1.12, updated from source from 4.0beta1 I've created a user, let say kerbuser, for a web server to authenticate with kerberos and provide SSO to the end-users. In my example, my domain is MYDOMAIN.LOCAL, the apache server is webserver.mydomain.local and the AD user is kerbuser I've added a principal on the user and exported everything in a keytab so

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at

Hi Rowland, Yes, I read this documentation carefully. I have two working Apache2 with kerberos authentication working. My question is more about troubleshooting a keytab. If I need to test manually a keytab file chalenging a specific principal, what's the prefered method ? I thougt that a kinit could be done using a principal name, but I am unable to kinit with somehting else than the

On Friday, January 11, 2019 10:44 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: On Fri, 11 Jan 2019 16:13:50 +0000 (UTC) Billy Bob <billysbobs at yahoo.com> wrote: >> Here is what the logs show WITHOUT the -d option: >> >> Jan 11 10:00:36 dc01 dhcpd[1704]: Commit: IP: 172.20.10.165 DHCID: >> 1:d4:be:d9:22:9f:7d Name: mgmt01 Jan 11 10:00:36

On Fri, 11 Jan 2019 17:44:48 +0000 (UTC) Billy Bob via samba <samba at lists.samba.org> wrote: > > > On Friday, January 11, 2019 11:20 AM, Billy Bob via samba > <samba at lists.samba.org> wrote: > > > >     On Friday, January 11, 2019 10:44 AM, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > On Fri, 11 Jan 2019

On Friday, January 11, 2019 11:20 AM, Billy Bob via samba <samba at lists.samba.org> wrote:     On Friday, January 11, 2019 10:44 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: On Fri, 11 Jan 2019 16:13:50 +0000 (UTC) Billy Bob <billysbobs at yahoo.com> wrote: >>> Here is what the logs show WITHOUT the -d option: >>> >>> Jan

Hai, ? Im working on my dhcp server + dns setup with samba4.? ? i've exported the?keytabs ? samba-tool domain exportkeytab?/home/krb5.keytab.samba4 ? when i read the contents of this keytab ? ktutil rkt /home/krb5.keytab.samba4 list ?? 1??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ?? 2??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ?? 3??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ??

On Fri, 11 Jan 2019 16:13:50 +0000 (UTC) Billy Bob <billysbobs at yahoo.com> wrote: > > > On Friday, January 11, 2019 3:14 AM, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > > >I have no idea where the above is coming from, but it isn't from > >the dhcp scripts. > > > > I don't know what to tell you,

Am 14.09.2016 um 18:23 schrieb Michael A Weber: > >> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba >> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >> >> >> >> Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba: >>> Experts— >>> >>> I’m attempting to export a keytab for a created

Hi, i'm trying to analyze kerberos traffic using tshark (Samba 4.8.1 on Centos 7). I can't figure out how to extract keytab with password/keys. I follow precisely the instructions at https://wiki.samba.org/index.php/Keytab_Extraction But it seems like I only get slot, kvno and principal, can't find a way to get passwords or keys. Any idea someone ? ktutil: rkt decode.keytab ktutil:

> On Sep 14, 2016, at 12:57 PM, Achim Gottinger <achim at ag-web.biz> wrote: > > > > Am 14.09.2016 um 18:23 schrieb Michael A Weber: >> >>> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: >>> >>> >>> >>> Am 14.09.2016 um 05:53

Hai, ? Just a question . Why are the Principals in the dns.keytab?? different from what is in the named.conf.update file. ? ktutil:? rkt /var/lib/samba/private/dns.keytab ktutil:? list slot KVNO Principal ---- ---- --------------------------------------------------------------------- ?? 1??? 1 DNS/rtd-dc1.INTERNAL.DOMAIN.TLD at INTERNAL.DOMAIN.TLD ?? 2??? 1????????? dns-rtd-dc1 at

Rowland Perry wrote: > >/imdap config AD : backend = rid /> >/ > /> How did you 'fix' this, on face value, there is nothing wrong with that line. "imdap" is not "idmap" (so now you understand why I missed it after staring at it so long :-) > When you join the domain with 'kerberos method = secrets and keytab', > you should get a

Hai, >Those machines need a working Kerberos login via multiple hostnames >(each hostname has its own IP address and DNS is set up correctly.) looks to me a bit overkill, but you wil have your reasons this a setup like this.. so.. you can try this.. asumming this : REALM=MY.REALM.TLD DNSDOMAIN=my.domain.tld and a serviceaccount the spn's. You can also use the existing

On 22/01/15 12:57, Norbert Heinzelmann wrote: > Am 22.01.2015 um 12:28 schrieb Rowland Penny: >> On 22/01/15 10:53, Norbert Heinzelmann wrote: >>> Hello, >>> >>> I have the problem that the ACLs are ignored when I mount a share >>> via cifs. I have an AD with Samba 4.1.6 Ubuntu 14.04 (but I also >>> tried it with Gentoo and samba 4.1.14). So

Hello, I noticed within last Centos7 samba (4.10) issues with joining computers to AD. Which was no problem in previous versions (and is working with samba present in Ubuntu 16.04 - 4.3) I'm joining my clients to Active directory for example domain.org, with DNS subdomain base.domain.org The issue is that the client is joined and keytab generated for FQDN: client.domain.org instead of

On 23/01/15 07:34, Norbert Heinzelmann wrote: > > Am 22.01.2015 um 17:17 schrieb Rowland Penny: >> On 22/01/15 12:57, Norbert Heinzelmann wrote: >>> Am 22.01.2015 um 12:28 schrieb Rowland Penny: >>>> On 22/01/15 10:53, Norbert Heinzelmann wrote: >>>>> Hello, >>>>> >>>>> I have the problem that the ACLs are ignored when I

Am 23.01.2015 um 10:19 schrieb Rowland Penny: > On 23/01/15 07:34, Norbert Heinzelmann wrote: >> >> Am 22.01.2015 um 17:17 schrieb Rowland Penny: >>> On 22/01/15 12:57, Norbert Heinzelmann wrote: >>>> Am 22.01.2015 um 12:28 schrieb Rowland Penny: >>>>> On 22/01/15 10:53, Norbert Heinzelmann wrote: >>>>>> Hello,

Am 22.01.2015 um 17:17 schrieb Rowland Penny: > On 22/01/15 12:57, Norbert Heinzelmann wrote: >> Am 22.01.2015 um 12:28 schrieb Rowland Penny: >>> On 22/01/15 10:53, Norbert Heinzelmann wrote: >>>> Hello, >>>> >>>> I have the problem that the ACLs are ignored when I mount a share >>>> via cifs. I have an AD with Samba 4.1.6 Ubuntu

Hello List, I have successfully integrated samba to an Active Directory Domain, and it is authenticating against the ADS, but only while the Kerberos ticket is valid. After that period it seems to take only the user/group list from its (winbind) cache. By now i can get a kerberos ticket with "kinit Administrator" or any other username that has administrative rights on ADS and all is