similar to: Samba 4 DC - no AES kerberos tickets - only arcfour

Hi Trever, things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: root at ubuntu1:~# kinit user09999 user09999 at S4DOM.TEST's Password: root at ubuntu1:~# klist -v Credentials cache: FILE:/tmp/krb5cc_0 Principal: user09999 at S4DOM.TEST Cache version: 4 Server: krbtgt/S4DOM.TEST at

On 08/18/2015 02:28 PM, Ritter, Marcel (RRZE) wrote: > Hi, > > I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: > > # kinit testuser1 > testuser1 at S4DOM.TEST's Password: > > # klist -v > Credentials cache:

On 08/19/2015 12:02 AM, Ritter, Marcel (RRZE) wrote: > Hi Trever, > > things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: > > root at ubuntu1:~# kinit user09999 > user09999 at S4DOM.TEST's Password: > root at ubuntu1:~# klist -v > Credentials cache: FILE:/tmp/krb5cc_0 >

Hi, I am doing some kerberos testing with samba4 using ssh. I have setup samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and active directory seems to be working both with Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults]

I made some progress with the issue, but didn't solve it completely It's basically a kind of bug (i'm not sure if it's on kerberos side or samba, I think samba is the culprit here (?). Microsoft uses kind of weird SPN for Hyper-V. Weird as there are "spaces" in the string - which is kind of unique as far as SPN's go, usually SPN form a complete string. So I kind

Here's the keytab info: ubuntu at kvm7246-vm022:~/samba$ sudo klist -ek /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 1) 12 host/KVM7246-VM022 at TC83.LOCAL (etype 1) 12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 3) 12

On Fri, 11 Jan 2019 16:13:50 +0000 (UTC) Billy Bob <billysbobs at yahoo.com> wrote: > > > On Friday, January 11, 2019 3:14 AM, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > > >I have no idea where the above is coming from, but it isn't from > >the dhcp scripts. > > > > I don't know what to tell you,

Hi all. I?m trying to understand a weird authentication failure: I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest, with a bidirectional forest trust. The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is running a recent build from git master (f38077ea5ee). When I test authentication of users in each domain by running ntlm_auth on the samba server,

Hi again, the attached patch (re-)enables parts of lua's liolib.c, especially io.write() for formatted output (similar to printf() ): Example: -- define printf() function printf = function(s,...) return io.write(s:format(...)) end -- function printf("Hallo, this is hex %04x\n", 64321) Bye, Marcel -------------- next part -------------- A non-text

Hi again, I just started to debug things on the samba4 side: When trying to mount the Windows NFS share, I get the following error on the samba4 dc (just grepping for nfs in the logs): auth_check_password_send: Checking password for unmapped user [S5DOM.TEST]\[nfs/nfsclient.mydom.test]@[] map_user_info_cracknames: Mapping user [MYDOM.TEST]\[nfs/nfsclient.mydom.test] from workstation []

On Friday, January 11, 2019 11:20 AM, Billy Bob via samba <samba at lists.samba.org> wrote:     On Friday, January 11, 2019 10:44 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: On Fri, 11 Jan 2019 16:13:50 +0000 (UTC) Billy Bob <billysbobs at yahoo.com> wrote: >>> Here is what the logs show WITHOUT the -d option: >>> >>> Jan

Hi, Me again, still trying to migrate my samba3-server. Using the script op L.P.H. van Belle, there is one failure : net rpc rights grant ${SETNTDOM}\\"Domain Admins" SeDiskOperatorPrivilege -U${SETNTUSER} This is the result : ==========SE Privileges =============================== Giving group Domain Admins the SeDiskOperatorPrivilege rights. Enter Admikoen's password: Could not

hello i have been struggling for to long trying to setup the following configuration: debian samba 3 member server of a win 2000 AD here is my configuration: ## smb.conf ## [global] log level = 4 interfaces = 192.168.10.11/255.255.255.0 workgroup = datom realm = datom.dyndns.org server string = samba membre security = ads netbios name = cafeine log file = /var/log/samba/samba.log max log size

Hai..   I need to have my home dirs shared over some of my servers. I did setup a nfs4 kerberos base Debian jessie, samba 4.1.17 and sernet samba 4.1.3 on these servers.   This works, i can mount without problems.   But because verything is created with the windows user tools, the owner/Group is root. Like this   Server:   ls -al drwxrwx---+  2 root  root 4096 Sep  4 13:17

Hi! I've been working with pxelinux for quite some time now, and I'd like to use PXE and a simple kind of selection menu (like syslinux does). But I couldn't get it to work. I can enter several "label" sections to my pxelinux.cfg/<something> but it'll never ask, just boot the first/default one ... Is this currently supported at all? Or did I miss something?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm trying to access a Samba 3.0 server (running on Debian unstable) in an Active Directory environment. I successfully joined the domain, klist shows my Kerberos ticket(s) and I can use smbclient -k to access a Windows 2000 server. However, when I try to access a share on the Samba machine from a Windows 2000 client, I'm being asked

I have started tinkering with samba 4. I have a Windows 2008 active directory domain controller. It is also the main DNS server but is not the wins server. The DNS server does NOT allow DNS registration by client machines. I have a fedora core 19 linux machine with samba 4.1.13 (bundled with Fedora.) smb.conf includes security = ads realm = MYDOMAIN.COM

On 18.07.2016 22:48, Achim Gottinger wrote: > > > Am 18.07.2016 um 11:45 schrieb Norbert Hanke: >> On 18.07.2016 01:52, Achim Gottinger wrote: >>> >>> >>> Am 18.07.2016 um 01:02 schrieb Norbert Hanke: >>>> Hello, >>>> >>>> I'm trying to join a samba 4 DC to an already existing samba 4 DC, >>>> both with

On 18.07.2016 01:52, Achim Gottinger wrote: > > > Am 18.07.2016 um 01:02 schrieb Norbert Hanke: >> Hello, >> >> I'm trying to join a samba 4 DC to an already existing samba 4 DC, >> both with BIND9_DLZ. Samba is at version 4.4.5, bind is version >> 9.10.4-P1, all brand new. >> >> The existing DC runs fine, but the added DC refuses to update

Good Morning, We have a network of Solaris 10 machines authenticating and doing name lookups via a Windows 2008 (SP2) domain using the Solaris ldap client and self/gssapi credentials. Each machine has a machine account that is prepared via a script with the following attributes: userAccountControl: 4263936 (WORKSTATION_TRUST_ACCOUNT | DONT_EXPIRE_PASSWORD | DONT_REQ_PREAUTH)