similar to: Fwd: Re: Samba4 and sssd, keytab file expires?

Hi all. I have the following setup: 1st dc is on CentOS 6 with Sernet samba 4.1.13 2nd dc is on Debian 7 with Sernet samba 4.1.13 The 2 dc work as expected. on CentOS I was able to configure sssd to work on Debian I'm using winbind Now I have a 3rd server which is CentOS 7 with samba 4.1.1 from CentOS repository. This system serves as a file server and works ok with samba, but I have a

On 31/12/14 09:56, Rowland Penny wrote: > On 31/12/14 08:58, Alessandro Briosi wrote: >>>> Hi, how have you setup the fileserver ? >>>> Is it joined to the domain ? >>>> Can you post your fileservers smb.conf >> >>>> Rowland >> >> OT: Oops, wasn't subscribed to the mailing list :) >> >> Yes, server is joined to

On 31/12/14 08:58, Alessandro Briosi wrote: >>> Hi, how have you setup the fileserver ? >>> Is it joined to the domain ? >>> Can you post your fileservers smb.conf > >>> Rowland > > OT: Oops, wasn't subscribed to the mailing list :) > > Yes, server is joined to the domain (otherwise I would not be able to > generate the principal) >

Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto: >>> OK, you can get winbind to update your keytab, you need to alter your >>> smb.conf slightly. You need to change 'kerberos method = secrets >>> only' >>> to either 'kerberos method = secrets and keytab' or 'kerberos method >>> = >>> system keytab' and add the line

Il 2014-12-31 18:24 Rowland Penny ha scritto: > > It expires because it was not created on the member server, having > said that, sssd should be able to update the keytab, I would suggest > that sssd is not setup correctly and as such, I think that you need to > take this problem to the sssd mailing list. > > If you decide to use winbind, which I can assure you will work,

Hi Rowland, this posting ended a lot of grief I had with expired keytabs. While this is presumably an issue of sssd, I have no chance to attack the issue right at its root*). But rejoining the domain with the lines dedicated keytab file = /etc/krb5.memberserver.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes seems to fix it. Phew... Maybe You or someone

Hi List, I created a domain member server in my samba domain. I start to realize that there are some issues when colleagues could not access some folders in the their shares. After searching for a solution I found that on that member server I have no "samba" groups available. First of all my setup: Domain controller: CentOS 6.2 x86_64, latest updates installed Samba 3.5.10 (from

On 29/12/14 17:29, Alessandro Briosi wrote: > Hi all. > I have the following setup: > > 1st dc is on CentOS 6 with Sernet samba 4.1.13 > 2nd dc is on Debian 7 with Sernet samba 4.1.13 > > The 2 dc work as expected. > > on CentOS I was able to configure sssd to work > on Debian I'm using winbind > > Now I have a 3rd server which is CentOS 7 with samba 4.1.1

Hi, The short answer to this is that Samba changes the machine account password every 7 days with the default settings. As you were told, if you join the domain with "kerberos method = secrets and keytab" on you smb.conf, the generated keytab won't expire. Another workaround would be to set "machine password timeout = 0" Best regards. On Mon, Dec 29, 2014 at 2:29 PM,

On 31/12/14 15:48, Alessandro Briosi wrote: > Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto: >>>> OK, you can get winbind to update your keytab, you need to alter your >>>> smb.conf slightly. You need to change 'kerberos method = secrets only' >>>> to either 'kerberos method = secrets and keytab' or 'kerberos method = >>>>

On Tue, 2 Oct 2018 12:40:19 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > > On 10/1/18 8:40 PM, Rowland Penny via samba wrote: > > On Mon, 1 Oct 2018 19:28:29 +0200 > > Peter Milesson via samba <samba at lists.samba.org> wrote: > > > >> Hi Louis and Rowland, > >> > >> I'm just reporting back on this, in case

On Wed, 3 Oct 2018 12:45:11 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > Hi folks, > > I have finally nailed down the problem with the non-functional getent > command when using winbind on a samba member server (AD domain). > > The problem was the entry > >    idmap config * : range 3000-9999 No, it wasn't > I used the instructions

Hello, This one is nasty... I followed the documentation on configuring sssd: https://wiki.samba.org/index.php/Sssd In the section on extracting the keytab, it says: - Extract the keytab for a domain account (you can use the machines[sic] account for that, too) and make sure it is readable only by root. The following example uses the machine account of the host „DC1“ So, I used the

On Wed, 3 Oct 2018 16:57:07 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > > > On 03.10.2018 15:38, Rowland Penny via samba wrote: > > On Wed, 3 Oct 2018 15:16:50 +0200 > > Peter Milesson via samba <samba at lists.samba.org> wrote: > > > >> On 10/3/18 1:09 PM, Rowland Penny via samba wrote: > >>> On Wed, 3 Oct 2018

On Wed, 3 Oct 2018 15:16:50 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > > On 10/3/18 1:09 PM, Rowland Penny via samba wrote: > > On Wed, 3 Oct 2018 12:45:11 +0200 > > Peter Milesson via samba <samba at lists.samba.org> wrote: > > > >> Hi folks, > >> > >> I have finally nailed down the problem with the

Good afternoon friends I have a problem with SAMPA My environment has several branches. And each branch office has an AD Win 2012 Server And I have in each branch a Centos Server 7.7 with sampa 4.9.1 that only communicates with the matrix server AD. Samba does not communicate with the local AD Server. Follow my SAMPA setup # See smb.conf.example for a more detailed config file or # read the

Hi, When using AD authentication from a rhel8.1 environment with samba-4.10.4 installed, information on the primary group group01 set on the AD side for any user user01 cannot be obtained. [root @ rhel8_1 ~] # id user01 uid=2001107(user01) gid=2000513(domain users) groups=2000513(domain users),2001107(oec0814e),2001103(group01) If you perform the same operation on the same AD from the

Would someone please tell me where I can find some good troubleshooting documents to resolve AD authentication issues when using Samba? Is this mailing list the best place? I was able to setup a working WINBIND-Samba setup on CentOS 7.6, but I am required to use SSSD on a different CentOS 7.6 server. Using a test VM, I can get services running, but I can't authenticate from a Mac or

> First, I suggest read : > https://wiki.samba.org/index.php/Keytab_Extraction I did. > Second, it his for > a member or AD-DC? Thats because of the location of the keytab and > the ad-dc creates its own keytab file. Thirth, are any other services > going to use it? Last, root must be able to write the keytab file. > They're members. The intent is to auto join clients

> > dedicated keytab file = /tmp/krb5.keytab > > For which programs do you use the keytab? I already tried that. But still tries to write at /etc. It seems this parameter used when you have a keytab already. __ Taner Tas