Displaying 20 results from an estimated 1200 matches similar to: "SAMBA 4 DC and Smartcard authentication"
2020 Nov 19
1
Smartcard logon
>
> Hi friends,
> I need your help.
>
> I implemented
> https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
>
> https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities
> enabling smart card logon on a Windows Server 2016 as a domain member of
> Samba DC.
>
> Currently I
2014 Apr 11
1
4.0 stopped working after updating xubuntu 13.04
Hi
I got some strange issues on my samba4.0.1 install yesterday. It
happened a while after updating my xubuntu server 13.04 not 13.10.
Everything seems to be working fine except shares. Kerberos
authentication seem to function properly, also DNS works fine but shares
seem semi-broken.
I can't mount any shares on my Windows box, including netlogon,
profiles. I have one share that is
2012 Dec 02
1
samba / winbind user authentication problem
Hi,
I have a problem with samba / winbind PAM authentication. Domain
controller is samba4, machines users log on to via PAM are samba 3.6
(all of them ubuntu 12.04 LTS). The whole user authentication was
working already, but after a reboot it somehow broke. Additional reboots
don't help.
The funny thing is that all logs look quite OK to me (except for the
single line saying
2020 Oct 30
1
Samba4 ROLE_STANDALONE vs Kerberos = NT_STATUS_LOGON_FAILURE
>
I do not understand why you are doing this, for kerberos to work
correctly, you need to be able to find everything easily and everything
must be using the same time. So, you need kerberos, a dns server and an
ntp server and if you want more than authentication, you need a
fileserver. OH look, I just described Active Directory ?
Not saying you cannot get this setup to work, but why are
2004 Feb 06
1
winbind mapping depuration
Hi, winbind mantains a mapping to UID's and GID's in fixed ranges, but what
happens if that range is fully filled? How I can depure the winbind mapping,
I mean, the users deleted on the PDC (non samba maybe) must be removed from
the winbind mapping, how I can do that? is that functionality implemented?
if not, what do you suggest to me (without using AD)?
Saludos,
Nahuel Greco.
2015 Mar 19
1
Kerberos: Failed to decrypt PA-DATA
Hi,
Some users can't logon to their workstation if the session is negotiating
with samba domain controller, the password is requested again and again.
Samba is joined as a Domain Controller in a windows domain controllers. The
users' s computers are joined also to the domain. But for some users the
kerberos ticket is failing.
Samba version 4.1.15 - Debian 7.8
Samba debug logs, level 3:
2011 Dec 22
1
Samba 4 Kerberos: Failed to decrypt PA-DATA
Hi everyone
After almost 2 days up-time with Samba 4, it failed again. This time it
simply will not restart.
The krb5.conf had got corrupted. I replaced it with this one from
/usr/local/samba/private
/etc/krb5.conf
[libdefaults]
default_realm = HH3.SITE
dns_lookup_realm = false
dns_lookup_kdc = true
It starts up OK:
samba -i -d 3
lpcfg_load: refreshing parameters from
2013 Aug 07
2
Samba 4 empty password
Hello,
We are trying to setup a SAMBA-Server with users that have empty passwords.
We are using:
Samba 4.0.8
Kernel 3.10.5
Slackware 14.0 x64
When we set a password the login successes!
That's what we get when trying to login:
[2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ media1 at BC from ipv4:10.0.99.100:62078 for
2013 May 01
0
slow automounted cifs
Samba 4.0.6 git both DC and fileserver with openSUSE 12.3 clients
Hi
I'm trying to debug why logins to Linux clients are sometimes slow. Here
is a login with the user steve2 requesting his (automounted) home folder:
]
Kerberos: TGS-REQ authtime: 2013-05-01T20:57:27 starttime:
2013-05-01T20:57:27 endtime: 2013-05-02T06:57:27 renew till:
2013-05-02T20:57:25
Kerberos: AS-REQ steve2 at HH3.SITE
2007 Feb 12
1
Fwd: Joining a SAMBA 4 TP4 Active Directory with WinXP
Am Montag, 12. Februar 2007 14:43 schrieb paul:
> Mag. Leonhard Landrock schrieb:
> > *) Start a virtual machine with WinXP SP2 and trying to join the domain
> > LEOSENDE.FUN.
> >
> > The last point (joining the domain) doesn't work. I try the username
> > Administrator and the passwort as set with "./setup/provision" but it
> > doesn't
2017 Jun 20
0
DRS stopped working after upgrade from debian Jessie to Stretch
Hello thanks again for the help !
I have analysed samba logs more closely. I'am very worried. I have
three DC (fichdc, fichds01, fichds02) but here I talk just about
fichdc's logs.
-> Almost every times, "AS-REQ" fail for the 3 DCs with something like this :
----------------
Kerberos: AS-REQ FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR
from ipv4:172.16.0.20:59818 for
2017 Feb 06
2
Regular users can't log in to Samba AD DC from Windows
Hi,
I continue setting up my FreeBSD 11.0 machine with Samba 4.4.9 built
from sources. (Actually, OS type and Samba version don't matter so much,
as I have the same problem with Debian Jessie and Samba 4.5.5)
I followed the Wiki very close. Some details from provisioning:
...
Realm [RW.LAN]:
Domain [RW]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL,
2012 Oct 18
1
mount.cifs: regular freezes with s3fs
cifs-utils-5.6
samba Version 4.0.0rc3
openSUSE 12.2
LAN of XP, w7 and Linux clients under Samba4 DC and s3fs fileserver
Hi
I am testing the possibility of migrating from nfs to cifs to serve our
Linux clients.
Currently we mount the samba shares, e.g. the home directory, using nfs.
The test setup is that instead of:
mount -t nfs hh1:/home2 /home2 -osec=rw,krb5
I changed to:
mount -t cifs
2018 Feb 12
0
Windows user domain accounts getting locked out regularly
Hi All,
We have a mixed environment running with Windows and Linux with samba as
the domain controller. Smart card login is configured and working
properly with pkinit and certs, etc
(https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login) though I
don't think this is related.
A handful of Windows clients are regularly getting their accounts locked
during what seems to be a
2014 Nov 10
0
User's DPAPI/backupkey protected data lost when changing domain password
After a user changes their password (CTRL-ALT-DEL) in our Samba 4 domain
(4.1.12) they lose access to any stored passwords on their Windows PC.
I've set the log level in smb.conf to 4 and enabled the GPO to record DPAPI
log entries in Windows to get the below log data.
My reading of the two is that the Windows PC believes it is failing to reset
the access to its DPAPI store (where the saved
2020 Oct 02
0
Failed auth attempt i don't understand.
Ive seen something simular here.
Does this happen if you try to connect to a PC where you already are logged in.
If yes, logout, test again.
If no, reboot the pc and test again.
What is the exact message you see.
(optinal PM me the print screen)
I do/did get some 0x... Message when trying to login on first attempt.
The second always worked for me.
And lookup the windows events.
Or are
2012 Dec 06
1
Problem samba3 to samba4
Hello
I've migrated a samba 3 server to a samba 4 (.all the tests mentioned in
this howto are succesfull) .But i can't open a session with a
workstation on samba4 domain : approbation problem. The workstation name
which can't connect is "admin-pc"
Any idea ?
*Here are the logs of log.samba
*
Kerberos: Looking for ENC-TS pa-data -- *admin-pc$@SC*
[2012/12/06 12:50:59,
2016 Jun 24
0
Login not possible / machine account issues
Hi,
Did you find any solution?
I am facing exactly the same scenario.
-CentOS 6.7
-Samba Version 4.4.3
-BIND_DLZ 9.9.8
Some workstations suddenly are unable to login, unless I reboot or rejoin
the domain. The only odd event I see in the client is the one already said:
Log Name: System
Source: Microsoft-Windows-Security-Kerberos
Event ID: 4
Task Category:
2018 Mar 04
1
Samba AD + Kerbero + NFS "Client no longer in database"
I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for
NFSv4. The NFS server is the Samba AD server running Ubuntu Server
16.0.4.3 and the client is Linux Mint 18.3
This export WORKS and mounts on client
########## /etc/exports ##########
/mnt/fileshare *(rw,no_subtree_check,async)
############################
This export DOES NOT
########## /etc/exports ##########
2012 Oct 03
1
Samba4 KDC Windows 7 clients may fail to get a ticket
Hello.
Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. Windows 7 machines may fail to get a ticket:
[2012/10/03 09:31:54, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ con-11$@KLIN.KIFATO-MK.COM from ipv4:192.168.1.138:49682 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM
[2012/10/03 09:31:54, 3]