similar to: Winbindd segfaults with bind9-dlz trying to login via libwinbind-pam

Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)

Well, in my option, you the have found your problem. https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx 3) ..... After the unique system information is removed, .... And https://blogs.msdn.microsoft.com/aaron_margosis/2009/11/05/machine-sids-and-domain-sids/ Says: Mark?s point is that SIDs must be unique within the authority in which they are used. So while DEMOSYSTEM

We have setup Samba 4.1 as a PDC. We have successfully connected several Windows 2008 Servers to the domain and created various users/groups. During an application installation on the Windows server, it runs the command in SQL server: master..xp_logininfo 'MYDOMAIN\useraccount' SQLserver is running as a service user created on the domain (here called MYDOMAIN) This returns: Msg

I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES NOT ########## /etc/exports ##########

Hello. Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. Windows 7 machines may fail to get a ticket: [2012/10/03 09:31:54, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ con-11$@KLIN.KIFATO-MK.COM from ipv4:192.168.1.138:49682 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM [2012/10/03 09:31:54, 3]

hey, now after observe last changes on the weekend… i have also the issue. After 10 hours i can’t connect to the shares on my member server. On Log of DC i found this: [2016/10/02 20:35:45.601265, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ PL0024$@HQ.KONTRAST from ipv4:<member-ip>:55578 for krbtgt/HQ.KONTRAST at HQ.KONTRAST [2016/10/02

Hello, We are trying to setup a SAMBA-Server with users that have empty passwords. We are using: Samba 4.0.8 Kernel 3.10.5 Slackware 14.0 x64 When we set a password the login successes! That's what we get when trying to login: [2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ media1 at BC from ipv4:10.0.99.100:62078 for

so i add the pam yesterday and now after 10 hours no connection to member is possible. :( Same errors in logs i send yesterday OLIVER WERNER Systemadministrator > Am 03.10.2016 um 18:54 schrieb Rowland Penny via samba <samba at lists.samba.org>: > > On Mon, 3 Oct 2016 17:56:07 +0200 > Oliver Werner <oliver.werner at kontrast.de <mailto:oliver.werner at

Hi, Some users can't logon to their workstation if the session is negotiating with samba domain controller, the password is requested again and again. Samba is joined as a Domain Controller in a windows domain controllers. The users' s computers are joined also to the domain. But for some users the kerberos ticket is failing. Samba version 4.1.15 - Debian 7.8 Samba debug logs, level 3:

Hi. We're trying to upgrade an old NT domain to AD. It's our second upgrade, and while the first was successfull this one has raised some issues for existing Windows 7 clients. If we disconnect the computer from the domain and join it back to the new S4 AD it works. Existing clients throws this error in Samba: Kerberos: AS-REQ b1rd42nbtmp648$@NT4DOMAIN from ipv4:10.0.0.42:49472 for krbt

Hi, I had Samba 4.2.14 working as AD DC with shares. After upgrade to version 4.3.11 AD DC authentication, ADUC, etc, stopped working. Shares still work fine. OS. Oracle Linux 6.x with UEK, uptodate. Samba compiled from source. Upgrade procedure (nothing special): ./configure --enable-selftest make make install Testparm output: # Global parameters [global] workgroup = EXAMPLE realm =

I made some progress with the issue, but didn't solve it completely It's basically a kind of bug (i'm not sure if it's on kerberos side or samba, I think samba is the culprit here (?). Microsoft uses kind of weird SPN for Hyper-V. Weird as there are "spaces" in the string - which is kind of unique as far as SPN's go, usually SPN form a complete string. So I kind

Hi guys, about a one or two weeks ago I've updated my samba to v4.1.7 which might or might not relate to the problem at hand. However lately we've seen some issues with users not able to login to workstations (win 7). Windows servers (2008 r2 and newer) were also affected. Sometimes one or two reboots would solve this problems, on few occasions I had to rejoin the computer account to the

Hello there. I have a setup with Samba AD and a Named backend. Everything has been working fine, until a few days ago, I cannot start the DNS snap-in from windows. I get a dialog box saying "Access was denied. Would you like to add it anyway?" If I enable level 3 debugging in the samba.conf, I get the following: [2017/05/11 07:25:30.413481, 3]

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >

Hi, Did you find any solution? I am facing exactly the same scenario. -CentOS 6.7 -Samba Version 4.4.3 -BIND_DLZ 9.9.8 Some workstations suddenly are unable to login, unless I reboot or rejoin the domain. The only odd event I see in the client is the one already said: Log Name: System Source: Microsoft-Windows-Security-Kerberos Event ID: 4 Task Category:

Hi, I'm trying to use wildcard in keytab because i don't want join every computer, client for service NFS krb5. I add a spn like this # samba-tool spn add host/* nfs (I create user nfs before) # samba-tool spn list nfs nfs User CN=nfs,CN=Users,DC=if,DC=ujf-grenoble,DC=fr has the following servicePrincipalName: host/* I export keytab : #samba-tool domain exportkeytab

Hi all, James, After following James' suggestions fixing the several dbcheck errors, and having observed things for a few days, I'd like to update this issue, and hope for some new input again. :-) Summary: three DCs, all three running Version 4.5.10-SerNet-Debian-16.wheezy, samba-tool dbcheck --cross-ncs reports no errors, except for two (supposedly innocent) dangling forward links

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

>>This can occur when the target server principal name (SPN) is registered >>on an account other than the account the target service is using. Hmm, multiple computers with the same serial cause these things. So first make sure this computers serial isnt used before. Or 2 computers with the same name in the netwerk, happens with not syspreped computers. Keep an eye on your samba