similar to: Can windows clients get kerberos tickets from samba3 PDC?

On Mon, 1 Dec 2014, Gaiseric Vandal wrote: > On 12/01/14 11:17, Tiit Kaeeli wrote: >>> Is it possible for windows clients to authenticate against kerberos and >>> receive tickets from a Samba3 PDC, when kerberos server is MIT kerberos >>> running on a Linux server, not a Windows AD server? >>> >>> https://help.ubuntu.com/community/Samba/Kerberos

On 12/01/14 11:17, Tiit Kaeeli wrote: >> Is it possible for windows clients to authenticate against kerberos >> and receive tickets from a Samba3 PDC, when kerberos server is MIT >> kerberos running on a Linux server, not a Windows AD server? >> >> https://help.ubuntu.com/community/Samba/Kerberos >> Suggests that this may be possible and I can succesfully

Hello, I try to setup Dovecot with Kerberos/GSSAPI and use this howto: https://wiki.samba.org/index.php/Authenticating_Dovecot_against_Active_Directory#Create_the_Dovecot_user_and_keytab I also try https://wiki.dovecot.org/Authentication/Kerberos I can login as windows user on win7 and access shares. When I open Thunderbird I get the message: "kerberos/gssapi ticket was not accepted"

Hello. I currently have Samba running on AIX and joined to an NT4 domain. I need to change this membership to new Active Directory domain. Yes, it is running in Native Mode. I understand that Kerberos is *the* requirement to make this work. Are there any special Kerberos versions, configuration options, etc. that are required? The Official Samba-3 HOWTO and Reference Guide (Terpstra and Vernooij)

Hy, Has anybody a working "unattend.xml" file for a silent Windows7 installation which joins directly to a Samba3 domain directly? I tried with "netdom" and "powershell" scripts without success yes. Thanks, Schuller Tom

Hello, I used net ads join createcomputer="OU=Computer,OU=ErlF,OU=UNIX,OU=_CentralServices,DC=ww004,DC=glanzmann,DC=net" -W WW004 -U adglth0a to join a samba machine to an active directory. Now I would like to configure in a way that windows clients use a cifs/hostname kerberos ticket to authenticate to the machine. I tried the following settings: [global] workgroup = WW004

Hello, We are running samba version 3.0.25a and Heimdal 0.6.3 for kerberos. With 3.0.25a version of Samba, we observe that if we are attempting to join our primary domain in ADS mode and the Active Directory happens to be the closest DC, samba creates its own local private krb5 conf file and overrides the KRB5_CONFIG environment variable [create_local_private_krb5_conf_for_domain() is invoked

Hello List, I have successfully integrated samba to an Active Directory Domain, and it is authenticating against the ADS, but only while the Kerberos ticket is valid. After that period it seems to take only the user/group list from its (winbind) cache. By now i can get a kerberos ticket with "kinit Administrator" or any other username that has administrative rights on ADS and all is

I have the following scenario. Windows 2K Active Dir server, Samba 3.0.7 running on Solaris 2.8. Running MIT Kerberos to join and authenticate with the AD. Things work ok, can join the domain, and can access the samba server from trusted domains as well as local domain. However, when doing 'kinit' I have found that the default ticket life was for 24 hours is seemed. After I reboot

> -----Original Message----- > > I've tried to use the pam_krb5 module, but as pam modules > validate the user as given, pam_krb5 is trying to match the > password to adsdomain.adsuser@ADSDOMAIN.REALM.... so it fails. > Pam_krb5 can be configured to convert winbind usernames back into principal names, by means of some regexp matching and template filling magic. It it

I'm setting up a Solaris 10 server as a test samba server with AD authentication. I'm running into a little bit of issue with Kerberos tickets. The setup is as follows Solaris-10, Windows AD-2003/R2, native Solaris (sparc) samba, Kerberos, LDAP (shipped with the distro) and IMU on windows. My LDAP client is working good and validates getent passwd <user> and can run ldaplist -l

On 08/18/2015 02:28 PM, Ritter, Marcel (RRZE) wrote: > Hi, > > I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: > > # kinit testuser1 > testuser1 at S4DOM.TEST's Password: > > # klist -v > Credentials cache:

On 08/19/2015 12:02 AM, Ritter, Marcel (RRZE) wrote: > Hi Trever, > > things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: > > root at ubuntu1:~# kinit user09999 > user09999 at S4DOM.TEST's Password: > root at ubuntu1:~# klist -v > Credentials cache: FILE:/tmp/krb5cc_0 >

Dear all I'm not too sure where to start here - possibly a feature request. I am getting great results with using Winbind to manage Kerberos tickets for Linux workstations "joined" to an AD. Fixed machines work beautifully - I have Raspberry Pis and PCs (running Arch and Gentoo) and servers running Ubuntu LTS , all doing Kerberos against AD KDCs with local logins via AD and local

Hello world (of Samba) We've had this periodic issue with Win 10 users 'losing their connection' to a Samba share This problem originally started on our Solaris server but we could be seeing it now on our replacement Red Hat Linux server Microsoft looked at the PC logs some time ago and stated .. "The unix device does not like some aspect of our Kerberos ticket. The device

On Mon, Mar 06, 2023 at 06:54:05PM +0000, Vaughan, Robert J via samba wrote: >Hello world (of Samba) > >We've had this periodic issue with Win 10 users 'losing their connection' to a Samba share > >This problem originally started on our Solaris server but we could be seeing it now on our replacement Red Hat Linux server > >Microsoft looked at the PC logs some time

Hi I have Samba 3 running on Fedora 4, configured to use pam_winbind to validate user logins against my W2K ADS. Logins are fully functional using names such as adsdomain.adsuser (I have the fullstop character configured as my winbind seperator). This is all working fine. What I would now like to do, is to have a Kerberos ticket from the ADS Kerberos realm issued to the user that has just

Has anyone had experience with MIT Kerberos tickets not valid after server reboot? After server reboot I have to do a 'kinit' to get a new ticket, re-join the AD domain, and restart samba. Then all is fine until I have to reboot the server again.. Same thing again and again. My time is synced, Kerberos tickets are good for 500d.

Hi, I'm running a mixed linux/Windows network with authentication done using Active Directory. The Linux clients use Samba/Winbind for authentication (with help from the list, thanks!). I've setup smb.conf such that doing 'net ads join -Uadministrator' populates my /etc/krb5.keytab (see configuration files below). klist shows me a nice set of principals from /etc/krb5.keytab

I came across a race condition in lightdm greeter setup phase before the login screen is displayed (at boot time or after logout). I reported this also on Launchpad with more details (https://bugs.launchpad.net/lightdm/+bug/1172752), but to work on a proper fix, ideas on how to fix this would be welcome. During greeter setup "lightdm --session-child" is spawned twice. The first call to