Displaying 20 results from an estimated 10000 matches similar to: "ads: tickets and joins"
2016 Apr 26
2
ads: tickets and joins
Rowland,
Thank you. I read the Oreilly book chapter 10, but I am still unclear
on the requirements. If you have an idea for another book/man to
read, please let me know and I will read.
On Mon, Apr 25, 2016 at 11:48 PM, Rowland penny <rpenny at samba.org> wrote:
> You may however run 'kinit user at DOMAIN.TLD' to ensure there is a kerberos
> ticket before doing something
2016 Apr 26
0
ads: tickets and joins
On 25/04/16 21:38, Chris Stankevitz wrote:
> Hello,
>
> I have these questions regarding samba running in ads mode such that
> users are authenticated against active directory:
>
> 1. What is the role of 'kinit'?
Basically to create a kerberos ticket for a user
>
> 2. How often must 'kinit user at domain.local' be run?
If you take my advice, never, you
2015 Feb 04
2
"net join" failed, but it still worked
Hello,
I am using AD authentication. When I setup samba on my new server,
users could not access shares. However, the following command "fixed"
the problem:
net join -U XXXXX\\cstankevitz
The command returned what appears to be an error:
kerberos_kinit_password XXXXX\cstankevitz at XXXXX.CORP failed: Client
not found in Kerberos database
Failed to join domain: failed to connect to
2015 Mar 10
2
Joining a domain
Hello,
Please consider a scenario in which samba is sharing files and users
provide their Active Directory usernames and passwords to log into to
samba.
1. Must "net join" be used?
2. Under what circumstances will samba (and family) require an
explicit "net join"?
3. What technically is happening when samba/computer "joins" the domain?
3a. Is a file added to the
2016 Apr 26
0
ads: tickets and joins
On 26/04/16 19:14, Chris Stankevitz wrote:
> On Tue, Apr 26, 2016 at 10:33 AM, Rowland penny <rpenny at samba.org> wrote:
>> Can I suggest you browse the Samba wiki:
>> https://wiki.samba.org/index.php/Main_Page
> I will... thank you.
>
>> I would suggest you stop using the username map for this, if a user exists in
>> AD and the user logins into a Unix
2017 Feb 01
2
net ads and wbinfo are painfully slow -- but they work
On Wed, 1 Feb 2017 07:30:19 -0800
Chris Stankevitz <chrisstankevitz at gmail.com> wrote:
> On Wed, Feb 1, 2017 at 1:12 AM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > He is also unlikely to be running avahi, he is using Freebsd 10.3
>
> truss (like strace) showed that wbinfo, net, and sshd were all hanging
> after system calls to getuid() and
2015 Mar 11
3
Joining a domain
Marc,
Thank you for taking the time to give me some complete answers. When
writing to lists like these I often struggle with how much or little
detail to give.... and I am eager to add more detail where you have
explicitly asked.
On Tue, Mar 10, 2015 at 2:13 PM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:
>> 1. Must "net join" be used?
>
> If you want to join the
2015 Sep 01
3
ldbadd with kerberos ticket => 00002020: Operation unavailable without authentication
Hi,
I'd like to use ldbadd with kerberos authentication using samba
4.2.3-SerNet-Debian-7.jessie, but it seems authentication is not being
processed. Executing...
kinit Administrator at INTERNAL.DOMAIN.TLD -k -t /etc/admin.keytab
root at dc01:/# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at INTERNAL.DOMAIN.TLD
Valid starting Expires Service
2005 Sep 01
2
Kerberos problem with net ads join under AIX
Hello!
If i try a net ads join i get a kerberos error , but my kerberos works
fine, i can do a kinit,klist and so on.
the error i get is the following.
[2005/09/01 08:02:16, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password root@MY.DOMAIN.COM failed: Cannot resolve network
address for KDC in requested realm
[2005/09/01 08:02:16, 0] utils/net_ads.c:ads_startup(191)
2009 Jul 06
1
TOSHARG-DomainMember.xml translate finish and some bug found
Now, TOSHARG-DomainMember.xml translate to Japanese finished.
and Some bug found.
<procedure>
<title>Server Manager Account Machine Account Management</title>
-------Domain?
<step><para>
From the menu select <guimenu>Computer</guimenu>.
</para></step>
When the user elects to make the
2013 Sep 04
2
dns update failt (kerberos)
Hi there,
I am struggling with samba4 and the internal dns and kerberos.
It seems that DNS is the problem.
When I aske for kerberos dns entrys on my workstation, I get this
(11.22.33.202 is the samba4 server):
root at lit2:~# dig _kerberos._udp.DOMAIN.LOCAL @11.22.33.202
; <<>> DiG 9.7.3 <<>> _kerberos._udp.DOMAIN.LOCAL @11.22.33.202
;; global options: +cmd
;; Got
2015 Aug 18
2
Samba 4 DC - no AES kerberos tickets - only arcfour
Hi,
I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“:
# kinit testuser1
testuser1 at S4DOM.TEST's Password:
# klist -v
Credentials cache: FILE:/tmp/krb5cc_0
Ticket etype: arcfour-hmac-md5, kvno 1
I can create keytabs containing
2004 Oct 19
5
Making Red Hat 3 Authenticate against AD Domain
I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I want
to use the homes function of Samba and I want user's to authenticate
against my AD domain. I am having a problem making the server a member
server of my domain.
I tried using the smbpasswd command and got the error about trying net
join for this action. Also, is there anything else I have to do to get
my users to
2011 Oct 03
1
ADS authentication stopped working
Running Samba mostly on Redhat 5 with version 3.5.4-0.83
Also failed on Debian 3.5.6 and Solaris with a 3.5 version.
Logging details here are from Redhat case.
We have a similar problem on all Unix/Linux systems using
ADS as the backend authentication for samba shares on Unix/Linux.
It was working before today and we didn't change anything.
Today, any time we try smbclient or a Windows drive
2017 Jan 31
4
net ads and wbinfo are painfully slow -- but they work
I just created a windows domain. it is essentially empty except for a
couple of users and an group policy related to windows update. I then
configured samba to connect using ads.
net ads join took > 5 minutes - but worked fine
net ads testjoin takes ~5 minutes - shows a good join
wbinfo -u takes ~5 minutes and shows the users
During the long wbinfo pause, the log show: "Starting
2015 Mar 04
2
Is there a listprincs equivalent?
I joined a machine. net ads testjoin says OK. The join exported a
keytab, which among others contains MACHINE$@REALM. However, trying
k5start I get "Client not found in Kerberos database". Also kinit -t
/etc/krb5.keytab MACHINE\$@REALM claims that the client was not found.
But then, how did it come into the keytab?
Is there a tool to list the principals in AD?
Kind regards,
-
2005 Mar 02
1
MIT Kerberos tickets gone..
I have the following scenario.
Windows 2K Active Dir server, Samba 3.0.7 running on Solaris 2.8.
Running MIT Kerberos to join and authenticate with the AD. Things work ok,
can join the domain, and can access the samba server from trusted domains as
well as local domain.
However, when doing 'kinit' I have found that the default ticket life was
for 24 hours is seemed. After I reboot
2009 Aug 29
1
How are tickets used by Samba in an Active Directory environment?
Hi there:
I'm just setting up a Samba as member of an Active Directory Domain. I
followed instructions according to a lof of sites that mentions that we must
configure NTP, Kerberos, Winbind, among others. Then mention that I should
run kinit + bla bla bla.
OK this works fine, but I'm not pretty sure about how Kerberos really works
with Samba and when tickets are needed:
1. After a
2017 Oct 09
2
Opensolaris-ish joins but does not seem to be valid
We have a product that is similar to Opensolaris. It joins to the domain (Samba
version 4.7.0) without error and I can verify that a computer object is created
in the domain for it.
However, the command "getent passwd" which I would expect to return a list of
all domain users, only returns a list of local users.
I am confident I do not have a misconfigured file because if I get a
2016 Dec 01
4
Samba on Debian 8; NT4 domain, win10
Am 2016-12-01 um 13:19 schrieb Rowland Penny via samba:
> You should have seen a line like this towards to the end of the upgrade:
>
> Administrator password has been set to password of user
>
> But it is usually the 'root' user password.
Ah, yes, I should have remembered reading that.
Unfortunately it isn't working for me, yet.
in my test VM
I rm-ed