similar to: keytabs basics linux <=> AD ?

Hello, Sorry for take so long to answer, but I was not able to do the tests because the computer is in use and out of my office. Finally I've progressed in this topic with realmd, sssd and autofs, but now I'm locked on mounting shares from my member server. I'm able to use autofs and smbclient to mount and connect to sysvol share on my DC server, but when I try to connect to my

This is with -d10, I test in Windows 10 (joining to domain) and same error, "Internal error". One thing, I don't execute the domain provision command because I put all the files created in the old server into the new server, that's metter??? INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10

Hai,   now realmd sssd and autofs are all not my cookies.. but..   i see 2 things. 1) you missing the CIFS spn. here is shows how to make them and extract them. https://wiki.samba.org/index.php/Generating_Keytabs  https://wiki.samba.org/index.php/Keytab_Extraction      2) for the smblcient try :  smbclient //server.domain.dom/escaner -U user -W DOMAIN.DOM -R host -k -d 3 -m SMB2 ....added

Hi All Is this behaviour expected in smbclient: I have a kerberized Samba server and a share that works as expected on desktop clients, but when I use smbclient with a valid ticket with the -k flag I get a KDC lookup failure kev at client:/home/testuser$ smbclient -k -L //fileserver gss_init_sec_context failed with [ Miscellaneous failure (see text): unable to reach any KDC in realm LAN]

On Sat, 12 Aug 2017 05:56:36 +1200 Andrew Bartlett via samba <samba at lists.samba.org> wrote: > On Fri, 2017-08-11 at 08:02 -0400, Ing. Luis Felipe Domínguez Vega via > samba wrote: > > gss_init_sec_context failed with [ The context has expired: Success] > > SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: > > NT_STATUS_INTERNAL_ERROR > > Can you please show

I think MJ is using samba with AD backend and Rowland RID. Rowland, try AD backend if your using rid atm. Gr. Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mj via samba > Verzonden: woensdag 11 oktober 2017 13:25 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Using GPO to mount shares on Linux > > >

Hi, for a static cifs mount (automount from fstab) I would like to use kerberos with a SPN. The share is accessed from a http service, so I use HTTP/www.samdom.example.com with the username http-www.samdom.example.com. Unfortunately I can not get it to work. The keytab is generated as described on [1]. # klist -kt /etc/http.keytab Keytab name: FILE:/etc/http.keytab KVNO Timestamp

Hello, a short history, I am using samba 4 with Debian 9 from the repository, 2 days ago the server was broken, but I was copy all the /var/lib/samba directory to a safe place, then I was installed a new server with the same Debian and samba from repository, and stopped smbd, nmbd and winbind, unmask samba-ad-dc and finally copied all the directory from the old server to the new server and started

hey, now after observe last changes on the weekend… i have also the issue. After 10 hours i can’t connect to the shares on my member server. On Log of DC i found this: [2016/10/02 20:35:45.601265, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ PL0024$@HQ.KONTRAST from ipv4:<member-ip>:55578 for krbtgt/HQ.KONTRAST at HQ.KONTRAST [2016/10/02

Hi List, I am currently testing inter-forest trusts between a pair of AD domains. All DCs and member servers are using Sernet Samba 4.4.5. I have set up conditional forwarding in by Bind setup (I'm using BIND9_DLZ) and all machines can resolve each other. On the DCs, I can see users from the other side of the trust using wbinfo -u --domain=<other domain>. In addition if I set up ID

Dear, Does anyone have any idea what may be causing this error? Even I had to leave off Samba, because I believe that due to NT_STATUS_INTERNAL_ERROR error, several desktops are presenting failure credentials when they try to access shares. After I left off Samba, the errors are gone. ------------------- Mensagem original ------------------------------- Assunto: Re: [Samba]

so i add the pam yesterday and now after 10 hours no connection to member is possible. :( Same errors in logs i send yesterday OLIVER WERNER Systemadministrator > Am 03.10.2016 um 18:54 schrieb Rowland Penny via samba <samba at lists.samba.org>: > > On Mon, 3 Oct 2016 17:56:07 +0200 > Oliver Werner <oliver.werner at kontrast.de <mailto:oliver.werner at

Am 11.03.2019 um 09:24 schrieb Rowland Penny via samba: > On Mon, 11 Mar 2019 07:16:30 +0100 > Christian via samba <samba at lists.samba.org> wrote: > >> Dear all, >> >> we are transitioning from an openldap / MIT KDC setup to a samba4 AD. >> I am doing this by setting up a samba NT4 domain, populating it from >> LDAP and sticking in the password hashes

Dear Rowland Strange thing is that I do not receive notification on my email about your answers. Here we run an internal DNS. Samba was configured with Bind 9 as secondary DNS. When I put in domain.local settings, it is because we omit the company name. But the name of my domain ends with .local. I disabled Avahi daemon. When I try to run the command you quoted: smbclient -k -L

I'm running Samba v4.4.4 as a domain member server in security=domain mode. Our 3 domain controllers are Server 2012r2. Every 3-4 days, I see log messages from winbind saying "winbind_samlogon_retry_loop: sam_logon returned ACCESS_DENIED". Sometimes this corresponds to a trust password change, but not always. Today, new connections to Samba were failing with the error

Hello, El 20 oct. 2017 4:50 p. m., "Rowland Penny via samba" <samba at lists.samba.org> escribió: On Fri, 20 Oct 2017 14:57:42 +0200 Daniel Carrasco via samba <samba at lists.samba.org> wrote: > Hello, > > Sorry for take so long to answer, but I was not able to do the tests > because the computer is in use and out of my office. > > Finally I've

How strange that is, with the old server that does not happen, but with this new server... I thought that as I only copied the /var/lib/samba to the new server, then samba with the samba provision command make something outside the /var/lib/samba (and smb.conf file) that I miss from the old server. ----- Mensaje original ----- De: "samba" <samba at lists.samba.org> Para:

Hi, I've changed /etc/resolv.conf, rebooted, here is the output: cat /etc/resolv.conf domain rona.loc search rona.loc nameserver 192.168.19.2 ------ smbclient -L $(hostname -f) -UAdministrator%<password> -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5

Does it work if you test like this. kinit testuser at EXAMPLE.COM mount -t cifs -o sec=krb5 //server.example.com/export /mnt/cifs Have a look here : https://runops.wordpress.com/2015/03/05/setup-linux-cifs-autofs-automount-using-kerberos-authentication/ I cant tell much about automount, i use it but through systemd for my nfsv4 mounts. Greetz, Louis > -----Oorspronkelijk

Hello, I have upgraded a client and a freeipa server from Fedora 24 to 25 recently. And I cannot access linux shares located on the F25 client from a windows desktop. I get these messages: [2016/12/01 11:42:19.218759, 1] ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab) ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key table name