similar to: set UPN / SPN from samba-tool.

No, That was not sufficient, i had to use the windows tool to change it. The is the explanation from the developer of squid helper. /snap I would say they are bugs. The first “issue” is as you say more about understanding the difference between UPN and SPN and how the tools use them. The helper tries to “authenticate” squid to AD as a user with the found SPN name, so the UPN must be the same

Hai   After my squid group adventure, i have a remaining question here.   The problem was as followed. ( and this probely dont applie to squid kerberos helpers only. )   samba-tool setup for squid i used, was as followed.   samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password samba-tool user setexpiry

Hi Louis, 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba <samba at lists.samba.org >: > Hai > > > > After my squid group adventure, i have a remaining question here. > > > > The problem was as followed. ( and this probely dont applie to squid > kerberos helpers only. ) > > > > samba-tool setup for squid i used, was as followed. > >

And reading last mails comforts me in believing the filter used by client side to retrieve user is not correct, that filter should use SPN then you won't need to set up SPN into UPN field. 2016-08-30 15:55 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Hi Louis, > > > 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba < > samba at lists.samba.org>: >

2016-08-30 16:10 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Tue, 30 Aug 2016 15:58:13 +0200 > mathias dufresne via samba <samba at lists.samba.org> wrote: > > > And reading last mails comforts me in believing the filter used by > > client side to retrieve user is not correct, that filter should use > > SPN then you won't need to

Hai Rowland, Simply put, - UPN: An entity performing client requests to some service. Entity may be human or machine. Source : https://msdn.microsoft.com/en-us/library/windows/desktop/ms721629(v=vs.85).aspx#_security_user_principal_name_gly - SPN: An entity processing requests for a specific service, e.g., HTTP, LDAP, SSH, etc. Entity is Machine only. Source:

no thats not it samba-tool does not set upn but msktutil does set the upn. So an option for samba-tool to set upn would be nice... Greetz Louis > Op 28 dec. 2016 om 18:38 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven: > > On Wed, 28 Dec 2016 17:05:39 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

Hi, I'm seeing this error on 3.0.24, 3.0.28, 3.0.32 and 3.2.6: Failed to join domain: failed to set machine spn: Constraint violation [Sanitised] First Run: net ads join createupn=HOST/FQDN@DOM.REALM.DOMAIN.COM createcomputer="OU/OU/OU/Services" -U username -d1 Enter username's password: [2008/12/11 17:02:32, 1] libnet/libnet_join.c:libnet_Join(1770) libnet_Join:

Hi Samba-Group, my name is carsten from cologne. I would like to use samba/winbind in a Windows AD 2k3, 2k8 multi-domain environment as workstation. All users from the AD should be able to logon via ssh for example. It would great to use the MS userprincipalName (UPN). I am using samba 3.2.6.37 from sernet on a centos 5.2 system. The normal authentication by domain+username works fine.

On Tue, 2023-04-04 at 09:37 +0200, Kees van Vloten wrote: > Op 04-04-2023 om 00:32 schreef Andrew Bartlett: > > > > > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > Unfortunately it's still erroring out: > > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > > > (7) mschap:

Am 16.09.2016 um 22:49 schrieb Rowland Penny via samba: > On Fri, 16 Sep 2016 22:43:42 +0200 > Achim Gottinger via samba <samba at lists.samba.org> wrote: > >> >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>>> >>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via

On Fri, 16 Sep 2016 23:02:20 +0200 Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > Am 16.09.2016 um 22:49 schrieb Rowland Penny via samba: > > On Fri, 16 Sep 2016 22:43:42 +0200 > > Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > >> > >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >

Hi, during my tests to use Samba4 as a kdc for kerberized NFS, I found a bug in the KDC code, when generating a principal without pac (e.g. with msktutil and option --no-pac), that causes Samba4 to crash: Running the following command on one of the client machines msktutil -c --upn nfs/testa.linex.org -h testa.linex.org --computer-name testa-service-nfs --server s4-dc1.linex.org --no-pac

Hi Rowland, Thanks for your help again. I understand the difference between the UPN (User Principal Name) and the SPN (Service Principal Name). But in your second exemple, you never mention the SPN, neither in the keytab export or in the kinit command. Does that means that there is no kinit possible using the SPN? So I am worried of what is the benefice of adding a SPN to a user instead of

We want to know if Samba 4 supports UPN for AD authentication. Thanks. Angelica

When using mskutil in order to setup a keytab fail for Squid Kerberos authentication, it stops with an error: Error: Unable to set machine password for FIREWALL-K$: (2) Server error This is the output of the mskutil command: ########################################################## # msktutil -f -b "CN=COMPUTERS" -s HTTP/firewall.example.com -k /etc/squid/squid.keytab --computer-name

Thank you for input! UPN is set OK - client.base.example.com (as it is specified in join command). SPN is not. And it is as well confusing - I can provide UPN, but cannot say what will be in SPN. But if this is working as designed, I cease any questions. The DNS setup is done to easily distinguish between servers and cliens mainly as well as other services. J. On Tue, 2020-10-13 at 09:32

The production will be updated as soon as possible, back to the kinit it seems to me that we are going around the problem :) I will do tests, in the next few days I will make up for it unless there are some hints. thanks. Il giorno mer 10 giu 2020 alle ore 20:46 Rowland penny via samba < samba at lists.samba.org> ha scritto: > On 10/06/2020 19:25, banda bassotti via samba wrote: >

Hi, while trying to use Samba4 as KDC for secure NFS (once again) I found something I suspect to be an error: In order for NFS (with krb5) to work it requires a nfs/... principal, so I created one using samba-tool: samba-tool user add nfs-user samba-tool spn add nfs/atom.mydomain.org nfs-user samba-tool domain exportkeytab /etc/krb5.keytab -principal=nfs/atom.mydomain.org After setting up NFS,

Achim Gottinger via samba wrote on 9/16/16 1:43 PM: > > > Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >> Achim Gottinger via samba wrote on 9/15/16 1:20 AM: >>> >>> >>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: >>>> On Wed, 14 Sep 2016 16:23:27 -0500 >>>> Michael A Weber via samba <samba at