Displaying 20 results from an estimated 6000 matches similar to: "set UPN / SPN from samba-tool."
2016 Aug 30
2
set UPN / SPN from samba-tool.
And reading last mails comforts me in believing the filter used by client
side to retrieve user is not correct, that filter should use SPN then you
won't need to set up SPN into UPN field.
2016-08-30 15:55 GMT+02:00 mathias dufresne <infractory at gmail.com>:
> Hi Louis,
>
>
> 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba <
> samba at lists.samba.org>:
>
2016 Aug 30
0
set UPN / SPN from samba-tool.
Hi Louis,
2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba <samba at lists.samba.org
>:
> Hai
>
>
>
> After my squid group adventure, i have a remaining question here.
>
>
>
> The problem was as followed. ( and this probely dont applie to squid
> kerberos helpers only. )
>
>
>
> samba-tool setup for squid i used, was as followed.
>
>
2016 Aug 30
2
set UPN / SPN from samba-tool.
2016-08-30 16:10 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Tue, 30 Aug 2016 15:58:13 +0200
> mathias dufresne via samba <samba at lists.samba.org> wrote:
>
> > And reading last mails comforts me in believing the filter used by
> > client side to retrieve user is not correct, that filter should use
> > SPN then you won't need to
2016 Aug 29
1
set UPN / SPN from samba-tool.
hello Achim,
yes, if you change the
userPrincipalName LDAP attributethats suffient, thats what i changed through the windows tool.
greetz,
Louis
Op 29 aug. 2016 om 19:42 heeft Achim Gottinger via samba <samba at lists.samba.org> het volgende geschreven:
Am 29.08.2016 um 17:17 schrieb L.P.H. van Belle via samba:
No,
That was not sufficient, i had to use the windows tool to
2016 Aug 29
0
set UPN / SPN from samba-tool.
No,
That was not sufficient, i had to use the windows tool to change it.
The is the explanation from the developer of squid helper.
/snap
I would say they are bugs. The first “issue” is as you say more about understanding the difference between UPN and SPN and how the tools use them. The helper tries to “authenticate” squid to AD as a user with the found SPN name, so the UPN must be the same
2016 Dec 29
3
Error with samba update in debian.
no thats not it
samba-tool does not set upn but msktutil does set the upn.
So an option for samba-tool to set upn would be nice...
Greetz
Louis
> Op 28 dec. 2016 om 18:38 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven:
>
> On Wed, 28 Dec 2016 17:05:39 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
2016 Feb 22
6
Kerberos Principal
Hi all,
I’m looking to add in a kerberos principal on my server for the AD domain.
I see there are ways to do this for user(s), but I don’t see how to add a principal for hosts.
In general, I’ld like to add something like the following to me 4.3.4 Domain:
ktpass -princ afpserver/fqdn at REALM -mapuser mapuser at domain +rndPass -out afpserver.keytab
This is for a netatalk server. I’ve never
2011 May 25
1
Winbind Trust -- grr
First, Thanks for any and all help!!!!
I can't seem to figure out what I need to do, I've been fighting this
for a month and am now beating my head off my desk with no solution to
be found. I've read others having this issue but they were all older
versions.. I am using 3.5.4,, Please read over and give me some input..
Every 7 days winbindd fails on the trust secret. The only way
2008 Dec 11
3
Failed to join domain: failed to set machine spn: Constraint violation
Hi,
I'm seeing this error on 3.0.24, 3.0.28, 3.0.32 and 3.2.6:
Failed to join domain: failed to set machine spn: Constraint violation
[Sanitised]
First Run:
net ads join createupn=HOST/FQDN@DOM.REALM.DOMAIN.COM createcomputer="OU/OU/OU/Services" -U username -d1
Enter username's password:
[2008/12/11 17:02:32, 1] libnet/libnet_join.c:libnet_Join(1770)
libnet_Join:
2016 Dec 28
2
Error with samba update in debian.
No its a misconfiguration somewhere.
Squid works fine i have it all running.
Took me some time to understand things but it works fine now.
See the list links..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> Verzonden: woensdag 28 december 2016 16:12
> Aan: samba at lists.samba.org
2018 Apr 05
2
Question: Samba and YP-Yellow Pages relation.
Hi Rowland,
First of all, thanks Much for the message. Appreciate it!
Here more details...
The users do not log into the pfSense. The Samba is being used to authenticate users with the proxy (squid) in a pfsense environment (Freebsd)
The PfSense box is added to the AD Domain as a "Member" only, so that way the proxy can authenticate against the AD via NTLM/Kerberos.
Here is part of my
2023 Jun 16
2
using spn with winbind
Hi,
with sssd i can do:
$ ssh user at domain.tld@HOST1
$ id user at domain.tld
$ ls -al /home/domain.tld/user
drwx------ 5 user at domain.tld domain users at domain.tld 103 12. Jun 14:14 .
$ grep AllowGroups /etc/ssh/sshd_config
AllowGroups lokale_gruppe samba_gruppe at domain.tld
When switching to winbind only
$ id user at domain.tld
is working any other command is using user\domain
$ ls -al
2017 Nov 30
2
added spn and exported keytab not match
Hello All.
I am using Samba AD DC and Linux server with Squid, and
I try to configure kerberos authentication for proxy server users.
I need to add SPN for user and then export keytab with it to file.
I am add user with RSAT and add SPN for it with samba-tool (like
https://wiki.samba.org/index.php/Generating_Keytabs):
--------------------
root at ad41:/# samba-tool spn list proxy
proxy
User
2016 Sep 16
2
Exporting keytab for SPN failure
Am 16.09.2016 um 22:49 schrieb Rowland Penny via samba:
> On Fri, 16 Sep 2016 22:43:42 +0200
> Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>>
>> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba:
>>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
>>>>
>>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via
2020 Oct 13
1
[Fwd: Joining AD - wrong DNS name, wrong keytab]
Thank you for input!
UPN is set OK - client.base.example.com (as it is specified in join
command).
SPN is not. And it is as well confusing - I can provide UPN, but cannot
say what will be in SPN.
But if this is working as designed, I cease any questions.
The DNS setup is done to easily distinguish between servers and cliens
mainly as well as other services.
J.
On Tue, 2020-10-13 at 09:32
2020 Oct 13
2
[Fwd: Joining AD - wrong DNS name, wrong keytab]
Maybe I wrote it misleading, its just a DNS name, not whole active
directory subdomain.
Jan
> If it is a bug, it is a bug that has been fixed. I am actually
> surprised
> that you could join a computer with the wrong dns domain.
>
> Samba does not do subdomains (yet)
>
> Rowland
2019 Nov 12
2
FreeRADIUS & SAMBA when Active Directory domain is not a FQDN
OS is Centos 7; FreeRADIUS Version 3.0.13; Samba version 4.9.1;
I'm building a FreeRADIUS box for Eduroam authentication for both SP & IDP, and have hit a stumbling block I can?t figure or Google my way out of.
The issue is the local AD domain is along the lines of ?example.campus?, but users have a UPN of ?user at example.com? which was added for Skype for Business as prior the UPN
2016 Sep 14
5
Exporting keytab for SPN failure
> On Sep 14, 2016, at 10:44 AM, Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>
>
> Am 14.09.2016 um 05:53 schrieb Michael A Weber via samba:
>> Experts—
>>
>> I’m attempting to export a keytab for a created SPN on the AD DC machine but I’m receiving an error:
>>
>> ERROR(runtime): uncaught exception - Key table entry not
2016 Aug 24
5
missing dns records? _ldaps._tcp ?
Hai,
Im wondering, im missing the _ldaps._tcp. INTERNAL.DOMAIN.TLD entries in my dns.
Now, before the updates ( badlock ) etc. this wasnt notice i think.
But now since im setting up that everything is doing ldaps i noticed this in my squid setup
( squid mailing subject : [squid-users] ext_kerberos_ldap_group_acl problem )
My question is... did someone resently setup a new AD
2016 Feb 09
2
Authenticate using AD UPN name
Hey,
I am running Ubuntu Trusty 14.04.3 with samba and winbind version
4.1.6-Ubuntu. Its run in a windows domain env which is running an AD on
2008 R2 servers.
I can login just fine with using the AD accounts sam name. However, the
question is now if all machines on the domain can use the AD UPN to login
instead of the sam. I have looked around a bit and found a few old posts
about this.
This