similar to: SASL DIGEST-MD5 NT_STATUS_INVALID_PARAMETER

That's too bad, I was trying to get the Vasco Identikey server working with samba4 as a backend for FIPS 140-2 compliant OTP, which will only bind with DIGEST-MD5. I guess I will have to join a Windows 2008 R2 to the domain as a domain controller. Thanks for clarifying, Arthur On 07/10/2015 04:38 AM, Andrew Bartlett wrote: > On Tue, 2015-07-07 at 15:10 -0500, Arthur Ramsey wrote:

On Tue, 2015-07-07 at 15:10 -0500, Arthur Ramsey wrote: > I've googled and I believe that SASL method DIGEST-MD5 is supported and > I see it in the samba startup, but it doesn't work. > > ldapsearch -Y DIGEST-MD5 -h dc03.mediture.dom > SASL/DIGEST-MD5 authentication started > ldap_sasl_interactive_bind_s: Operations error (1) > additional info: SASL:[DIGEST-MD5]:

Hello, I'm running Samba 4.5.0 and bind-9.8.2-0.47.rc1.el6_8.1. One DC of four, the PDC, is magnitudes slower running /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names. When that is running on that DC it seems to block any queries. The load average is usually under 0.5. The DC was unsafely halted, which could have corrupted something. I ran a dbcheck with samba-tool and it

We are using Samba-4.1.11. I can run gpupdate /force without error on my machine. H:\>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New Group Policy Object H:\>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New

Yeah, I'm trying to setup the Indentikey server on Windows instead so it uses the Windows API instead of LDAP rather than setup a Windows 2008 R2 domain controller for LDAP w/ SASL DIGEST-MD5 authentication. It seems silly for them to use DIGEST-MD5, but that's what I stuck with for now. If samba4 could support DIGEST-MD5 that would be great. Thanks, Arthur On 07/10/2015 03:29 PM,

Hi folks, I can use kerberos to create or delete user, eg: samba-tool user create test -k yes however, if I want to perform a backup it fails: samba-tool domain backup online --targetdir=/srv/backup --server=192.168.50.40 -k yes gensec_spnego_create_negTokenInit_step: Failed to setup SPNEGO negTokenInit request Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to

On Mon, 25 Mar 2019 20:33:44 -0300 Sergio Belkin via samba <samba at lists.samba.org> wrote: > El lun., 25 mar. 2019 a las 19:41, Sergio Belkin (<sebelk at gmail.com>) > escribió: > > > Hi folks, > > I can use kerberos to create or delete user, eg: > > > > samba-tool user create test -k yes > > > > however, if I want to perform a backup it

On 3/13/2017 2:15 PM, Arthur Ramsey via samba wrote: > Upgraded to 4.6.0 on all nodes. Still seeing the same issue. > > If I create an object on vsc-dc02, epo-dc01 or aws-dc01 DCs it doesn't > replicate. If I create it on vsc-dc01 (PDC emulator) then it does > replicate. > > On 03/13/2017 12:13 PM, Arthur Ramsey wrote: >> >> I believe the problem is a lack

Replication has been running smoothly until I upgraded to 4.5.0. I had various errors with all BDCs and a force sync didn't resolve it. I shutdown all BDCs, demoted them with --remove-other-dead-server then joined new BDCs with new names. At first replication was intermittently failing (consecutive failures counter kept resetting), but it seemed OK, just slow if anything. Now they all

I believe the problem is a lack of outbound replication for non PDC emulator DCs. You'll notice isn't even trying because last successful was epoch (never) yet there are no errors. Inbound replication for this DC seems fine. [root at vsc-dc02 ~]# samba-tool drs showrepl [...]==== OUTBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=mediture,DC=dom aws\AWS-DC01 via RPC DSA object GUID:

[2017/09/28 03:46:51.256663, 1] ../source4/dsdb/kcc/kcc_topology.c:2730(kcctpl_get_spanning_tree_edges) ../source4/dsdb/kcc/kcc_topology.c:2730: failed to run Kruskal's algorithm: NT_STATUS_INVALID_PARAMETER [2017/09/28 03:46:51.256953, 1] ../source4/dsdb/kcc/kcc_topology.c:3283(kcctpl_create_connections) ../source4/dsdb/kcc/kcc_topology.c:3283: failed get spanning tree edges:

Executing the following with nsupdate seems to have fixed replication. update add 28f7281f-3955-4885-8a7d-42a36ee87590._msdcs.mediture.dom. 900 A 192.168.222.5 show send update add 8b750a53-3d39-4bc0-8fe9-9bffa9e413aa._msdcs.mediture.dom. 900 A 172.16.1.106 show send update add fe066b13-6f9e-4f3c-beb4-37df1292b8cb._msdcs.mediture.dom. 900 A 192.168.168.65 show send New DNS records I create

The errors went away, but replication still isn't working properly. There are objects missing on all DCs, but it isn't consistent at all. showrepl: http://pastebin.com/bYfCZcNG Thanks, Arthur On 10/17/2016 12:32 PM, Arthur Ramsey wrote: > This fixed DNS issues. > > samba_upgradedns --dns-backend=BIND9_DLZ > /usr/local/samba/bin/samba-tool domain exportkeytab >

Hello, I'm looking for a way to log the following attributes for all authentication activity (LDAP bind, Kerberos, SMB / CIFS, etc.). I would like to see: * Principle name (user name) * Source IP * Timestamp (including at least seconds if not milliseconds) * Authentication result (success / failure) * Reason for failure: bad password, account lockout, account expired,

Hi everyone I'm trying to use kerberos to authenticate to Samba 4 ldap. At the moment, I authenticate by specifying the binddn and password in /etc/nslcd.conf and all works fine If I add the line: sasl_mech GSSAPI to /etc/nslcd.conf and restart nslcd, no one can connect to the database. Nothing works. ldapsearch and getent passwd draw a blank. ldapsearch -x -b '' -sbase

I seem to be having the same issue as https://lists.samba.org/archive/samba/2012-December/170426.html. I don't see that he ever reached a solution. Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS failure. Minor code may provide more information\nNo key table entry found matching host/appdb01-qa.mediture.dom@\n Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1:

Hello, since I upgraded my NT4 domain Samba 4.2.11 to 4.2.14 I can no longer authenticate when I access any share. After that I even upgraded to Samba 4.4.5 but still get the same error: [2016/10/15 04:42:19.786198, 2] ../source3/auth/auth.c:305(auth_check_ntlm_password) check_ntlm_password: authentication for user [xx] -> [xx] -> [xx] succeeded [2016/10/15 04:42:19.789933, 1]

On 10/20/2016 01:52 PM, Rowland Penny via samba wrote > Have you given Administrator a uidNumber attribute ? Yes, I have. > > It might still help to see the smb.conf Here: http://pastebin.com/M9m8x1DZ This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this

I forgot to associate inter-site links (all using default), which fixed a lot though I'm still having an issue. * vsc site o vsc-dc01 o vsc-dc02 * aws site o aws-dc01 * epo site o epo-dc01 * vsc-dc01 => anywhere: OK * vsc-dc02 => anywhere: not replicating * aws-dc01 => anywhere: OK * epo-dc01 => anywhere: OK I've tried with samba_kcc =

I am attempting to transfer the all FSMO roles from an old DC to our new DC. Both DCs are running Samba 4.7.3. I have transferred the Schma, Infrastructure, RID, PDC and Naming roles without issue. unfortunately, the forestdns and domaindns roles are giving me grief. Here is the output of the commands root at dc1:~# samba-tool fsmo transfer --role=forestdns ldb_wrap open of secrets.ldb