similar to: Samba4 and sssd, keytab file expires?

Displaying 20 results from an estimated 10000 matches similar to: "Samba4 and sssd, keytab file expires?"

2014 Dec 30
0
Samba4 and sssd, keytab file expires?
On 29/12/14 17:29, Alessandro Briosi wrote: > Hi all. > I have the following setup: > > 1st dc is on CentOS 6 with Sernet samba 4.1.13 > 2nd dc is on Debian 7 with Sernet samba 4.1.13 > > The 2 dc work as expected. > > on CentOS I was able to configure sssd to work > on Debian I'm using winbind > > Now I have a 3rd server which is CentOS 7 with samba 4.1.1
2015 Jan 01
0
Samba4 and sssd, keytab file expires?
Hi, The short answer to this is that Samba changes the machine account password every 7 days with the default settings. As you were told, if you join the domain with "kerberos method = secrets and keytab" on you smb.conf, the generated keytab won't expire. Another workaround would be to set "machine password timeout = 0" Best regards. On Mon, Dec 29, 2014 at 2:29 PM,
2014 Dec 31
4
Fwd: Re: Samba4 and sssd, keytab file expires?
Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto: >>> OK, you can get winbind to update your keytab, you need to alter your >>> smb.conf slightly. You need to change 'kerberos method = secrets >>> only' >>> to either 'kerberos method = secrets and keytab' or 'kerberos method >>> = >>> system keytab' and add the line
2015 Jan 01
1
Fwd: Re: Samba4 and sssd, keytab file expires?
Il 2014-12-31 18:24 Rowland Penny ha scritto: > > It expires because it was not created on the member server, having > said that, sssd should be able to update the keytab, I would suggest > that sssd is not setup correctly and as such, I think that you need to > take this problem to the sssd mailing list. > > If you decide to use winbind, which I can assure you will work,
2014 Dec 31
2
Fwd: Re: Samba4 and sssd, keytab file expires?
>> Hi, how have you setup the fileserver ? >> Is it joined to the domain ? >> Can you post your fileservers smb.conf >> Rowland OT: Oops, wasn't subscribed to the mailing list :) Yes, server is joined to the domain (otherwise I would not be able to generate the principal) Server configuration is following (only global part), winbind config is there because it was
2015 Jan 15
1
Fwd: Re: Samba4 and sssd, keytab file expires?
Hi Rowland, this posting ended a lot of grief I had with expired keytabs. While this is presumably an issue of sssd, I have no chance to attack the issue right at its root*). But rejoining the domain with the lines dedicated keytab file = /etc/krb5.memberserver.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes seems to fix it. Phew... Maybe You or someone
2014 Dec 31
2
Fwd: Re: Samba4 and sssd, keytab file expires?
On 31/12/14 09:56, Rowland Penny wrote: > On 31/12/14 08:58, Alessandro Briosi wrote: >>>> Hi, how have you setup the fileserver ? >>>> Is it joined to the domain ? >>>> Can you post your fileservers smb.conf >> >>>> Rowland >> >> OT: Oops, wasn't subscribed to the mailing list :) >> >> Yes, server is joined to
2013 Oct 17
1
Authenticating sudo with ipa.
Hello, I have set up IPA on a private network and have hit some bumps configuring sudo access for the clients. kinit seems to work fine for both client and server, user and root. When I run sudo on the server I see the following in /var/log/messages: Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]: Decrypt integrity check failed Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]:
2019 Apr 12
3
Sudo rules in samba with winbind
Hello All, I am currently changing my samba linux clients (Debian) from sssd binding to winbind. With sssd I had all sudo rules within the samba active directory. The configuration was based on: https://lists.samba.org/archive/samba/2016-April/199402.html Is there some guideline like the one mentioned available/has someone already experience with this for winbind based clients? Within the
2019 May 14
2
Samba4 changing a user's password from linux workstation
Le 14/05/2019 à 09:12, Rowland penny via samba a écrit : > On 14/05/2019 07:32, Julien TEHERY via samba wrote: >> Le 13/05/2019 à 18:44, Rowland penny via samba a écrit : >>> On 13/05/2019 16:11, Julien TEHERY via samba wrote: >>>> Hi >>>> >>>> I'm trying to find a way to change user passwords from ubuntu >>>> client
2019 Aug 30
1
Samba SSSD Integration
Was hoping for a helping hand. Trying to set up Samba on a domain member server. The member server was previously joined to the kerberized domain using realm join and a system keytab file exists in the /etc. Subsequently I added samba along with winbind not being entirely sure if the latter was needed. This is a Redhat 7.4 server. My smb.conf appears as follows. [global] password server = *
2016 Apr 20
9
Samba 4 sudoers
Has anyone here managed to get sudo working with Samba 4 AD users, using either ldap or sssd, with sssd preferred? If so, can you please point me in the direction of whatever instructions you used? It seems like there are a bunch of tutorials on the subject, each with different, and sometimes conflicting, information but none of those I've tried work for me. regards, John
2019 May 14
2
Samba4 changing a user's password from linux workstation
On Tue, May 14, 2019 at 3:42 AM Rowland penny via samba <samba at lists.samba.org> wrote: > > On 14/05/2019 08:30, Julien TEHERY via samba wrote: > > Yep I allready tried it, it ends with "kpasswd preauthentication > > failed getting initial ticket" What does "klist" say? And can you run "kinit" to ensure you have a valid ticket? One of my
2024 Jun 05
1
Failed to bind to uuid NT_STATUS_LOGON_FAILURE
Good afternoon, tell me, this error occurs on the domain controller samba v 4.19.0, I paired the domain controller with sssd so that authentication occurs under domain accounts on the domain controller, but as you know, sssd changes the machine password every 30 days if this option is not disabled ad_maximum_machine_account_password_age = 0 I haven?t disabled it for 30 days and as I understand it,
2016 Mar 24
1
sssd keytab bug
Hello, This one is nasty... I followed the documentation on configuring sssd: https://wiki.samba.org/index.php/Sssd In the section on extracting the keytab, it says: - Extract the keytab for a domain account (you can use the machines[sic] account for that, too) and make sure it is readable only by root. The following example uses the machine account of the host „DC1“ So, I used the
2019 Mar 20
3
AD authentication issue in Samba (kerberos errors)
I have CENTOS7 box with Samba 4.8.3-4 and SSSD 1.16.2-13, authentication against MS Win domain. - Recently, Active Directory authentication stopped working within Samba - Users who try to connect to reach the point of being prompted for AD credentials; failures happen afterward. - All flavors of client OS are affected: Windows, Mac and Linux (via smbclient). - There have been no configuration
2016 Aug 23
2
Use of specific DCs within smb.conf
Is it possible to specify a list of DCs for Samba to use, rather than have it look them up dynamically via DNS? I have an issue with Kerberos, Samba, and SSSD where my machines stop authenticating after a period of time – preAuthentication errors, etc. I suspect it's because of a "DC mismatch" between the three. Because we have numerous DCs all over the world, I specifically
2017 Jul 01
1
integrating samba with pam
On Sat, 1 Jul 2017 19:27:09 +0100, Rowland Penny via samba wrote: > On Sat, 01 Jul 2017 14:19:13 -0300 > Guido Lorenzutti wrote: > >> We used to hide some information from our windows group, to make acls only in unix groups. But well.. i think we can start sharing that info with the domain groups. > > You can do something very similar by using ACLs, create groups in AD,
2016 Aug 23
2
Use of specific DCs within smb.conf
You believe that SSSD is bypassing Samba entirely and going direct to Kerberos? That’s possible. At the moment, to the best of my understanding, Samba is only being used to join the domain. There are no file/printer/etc. shares happening; this is just basic domain join/membership and keytab generation and after that it’s done. The question was still specific to Samba itself: can I specify the DCs
2016 Aug 23
2
Use of specific DCs within smb.conf
I found adcli a little too late; I plan to use it in the future but for the time being I just deployed 16 VMs using Samba so we’re going to keep that for now! Also, the rest of what I wrote can be disregarded – I figured out exactly why my hosts were failing to authenticate after a period of time. It’s too stupid to admit publicly. On 8/23/16, 3:50 PM, "samba on behalf of Kris Lou via