similar to: smbclient and Kerberos

I'm finding this a little odd as kinit seems to find the kdc okay, just smbclient fails. host -t srv _kerberos._udp.lan resolves okay too. Could it be that my realm is simply LAN and dns suffix is lan be an issue? This is just a test set up in virtual box for a writeup I'm doing, hence the nonstandard suffixes. Kevin Ratcliffe Sent from [ProtonMail](https://protonmail.ch) --------

The defaults for dns_lookup_realm and dns_lookup_kdc should be false and true respectively, but the samba team recommends using them explicitly, so that's what I do. My /etc/krb5.conf file doesn't include any of the stock lines included with the package from Ubuntu (which I believe is based on the MIT version of kerberos). My file includes the four lines in the previous message and only

On Sat, 12 Aug 2017 05:56:36 +1200 Andrew Bartlett via samba <samba at lists.samba.org> wrote: > On Fri, 2017-08-11 at 08:02 -0400, Ing. Luis Felipe Domínguez Vega via > samba wrote: > > gss_init_sec_context failed with [ The context has expired: Success] > > SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: > > NT_STATUS_INTERNAL_ERROR > > Can you please show

This is with -d10, I test in Windows 10 (joining to domain) and same error, "Internal error". One thing, I don't execute the domain provision command because I put all the files created in the old server into the new server, that's metter??? INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10

hi users a novice here hoping to grasp fundamentals soon I have a samba+sssd as a client to an AD - I have all the keytabs for a host(I think) but I noticed weird(to me at least) smbclient behavior. when I do: $ smbclient -L swir -U me at AAA.PRIVATE.DOM -k all works, clients sees local samba's shares, when I do: $ smbclient -L swir.private.aaa.private.dom -U pe243 at AAA.PRIVATE.DOM -k

Hello, Sorry for take so long to answer, but I was not able to do the tests because the computer is in use and out of my office. Finally I've progressed in this topic with realmd, sssd and autofs, but now I'm locked on mounting shares from my member server. I'm able to use autofs and smbclient to mount and connect to sysvol share on my DC server, but when I try to connect to my

My /etc/nsswitch.conf contains: hosts: files dns if thats what you mean? All my hosts in my test lab are clean installs of Ubuntu with very little else touched other than the stuff needed for testing kerberos and samba. And sorry for top posting if thats a problem on this list Kevin Ratcliffe Sent from [ProtonMail](https://protonmail.ch) -------- Original Message -------- Subject: Re:

I'm running Samba v4.4.4 as a domain member server in security=domain mode. Our 3 domain controllers are Server 2012r2. Every 3-4 days, I see log messages from winbind saying "winbind_samlogon_retry_loop: sam_logon returned ACCESS_DENIED". Sometimes this corresponds to a trust password change, but not always. Today, new connections to Samba were failing with the error

Hi, for a static cifs mount (automount from fstab) I would like to use kerberos with a SPN. The share is accessed from a http service, so I use HTTP/www.samdom.example.com with the username http-www.samdom.example.com. Unfortunately I can not get it to work. The keytab is generated as described on [1]. # klist -kt /etc/http.keytab Keytab name: FILE:/etc/http.keytab KVNO Timestamp

Hello, a short history, I am using samba 4 with Debian 9 from the repository, 2 days ago the server was broken, but I was copy all the /var/lib/samba directory to a safe place, then I was installed a new server with the same Debian and samba from repository, and stopped smbd, nmbd and winbind, unmask samba-ad-dc and finally copied all the directory from the old server to the new server and started

I think MJ is using samba with AD backend and Rowland RID. Rowland, try AD backend if your using rid atm. Gr. Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mj via samba > Verzonden: woensdag 11 oktober 2017 13:25 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Using GPO to mount shares on Linux > > >

hey, now after observe last changes on the weekend… i have also the issue. After 10 hours i can’t connect to the shares on my member server. On Log of DC i found this: [2016/10/02 20:35:45.601265, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ PL0024$@HQ.KONTRAST from ipv4:<member-ip>:55578 for krbtgt/HQ.KONTRAST at HQ.KONTRAST [2016/10/02

Hello all. I'm encountering an issue where smbclient seemingly ignores the kerberos ccache as configured in krb5.conf when using "krb5-user" as the kerberos package and will instead always default to using "FILE:/tmp/krb5cc_uid". I tested each valid default ccache name type but smbclient completely ignores whatever is set as the "default_ccache_name" in the conf

Hello all, I got some updates for my centos 7 (core), but nothing for the sernet-samba-packages. But now, my (test) member server isn't accessable anymore. Its smb.conf: [global] netbios name = SERVERNAME workgroup = DOMAIN security = ADS realm = DOMAIN.EXAMPLE.COM dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab log level = 10

Hai,   now realmd sssd and autofs are all not my cookies.. but..   i see 2 things. 1) you missing the CIFS spn. here is shows how to make them and extract them. https://wiki.samba.org/index.php/Generating_Keytabs  https://wiki.samba.org/index.php/Keytab_Extraction      2) for the smblcient try :  smbclient //server.domain.dom/escaner -U user -W DOMAIN.DOM -R host -k -d 3 -m SMB2 ....added

Hi, I've changed /etc/resolv.conf, rebooted, here is the output: cat /etc/resolv.conf domain rona.loc search rona.loc nameserver 192.168.19.2 ------ smbclient -L $(hostname -f) -UAdministrator%<password> -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5

so i add the pam yesterday and now after 10 hours no connection to member is possible. :( Same errors in logs i send yesterday OLIVER WERNER Systemadministrator > Am 03.10.2016 um 18:54 schrieb Rowland Penny via samba <samba at lists.samba.org>: > > On Mon, 3 Oct 2016 17:56:07 +0200 > Oliver Werner <oliver.werner at kontrast.de <mailto:oliver.werner at

The bios of the server did not know about summer and winter time.. And your welkom ;-) if they were all this easy to fix ;-)) Greetz, Louis >-----Oorspronkelijk bericht----- >Van: lists at kiuni.de [mailto:samba-bounces at lists.samba.org] Namens Tim >Verzonden: donderdag 9 april 2015 16:19 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] After Update Member Server

On Fri, 30 Sep 2016 14:31:06 +0200 Oliver Werner <oliver.werner at kontrast.de> wrote: > Hi rowland, > > is pam really need? > > Users should not login via terminal to this system. this is only as > Samba File-Server > Lets put it this way, to connect to the domain member your users must be known to the underlying OS. The domain member I am typing this on, uses a

Hello, I have upgraded a client and a freeipa server from Fedora 24 to 25 recently. And I cannot access linux shares located on the F25 client from a windows desktop. I get these messages: [2016/12/01 11:42:19.218759, 1] ../source3/librpc/crypto/gse_krb5.c:534(fill_mem_keytab_from_dedicated_keytab) ../source3/librpc/crypto/gse_krb5.c:534: smb_krb5_open_keytab failed (Key table name