similar to: kerberos | client not found

Hai Mourik-Jan, I think you missing your ptr record in the reverse zone. Or you missing the Krb5KeyTab variable in the apache setup. Test : dig keycloak.company.com ( results in A ip. ) dig -x ip_adres https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at

Hai Louis, On 21-11-2016 14:33, L.P.H. van Belle via samba wrote: > I think you missing your ptr record in the reverse zone. > Or you missing the Krb5KeyTab variable in the apache setup. > > Test : > dig keycloak.company.com ( results in A ip. ) > dig -x ip_adres Correct, I had no reverse. But reading that page, I also discovered something else: <QUOTE> We next need

thanks, I believe I will need to do an Adfs for this kind of authentication. I found nothing in documented about federation service, is it possible to do samba? Thiago Em sex, 11 de out de 2019 00:16, Andrew Bartlett <abartlet at samba.org> escreveu: > On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba > wrote: > > Hello everyone, > > I received a

Hello, I'm trying to configure roundcube / dovecot to work with keycloak. I activated xoauth2 oauthbearer in dovecot. But a problem occurs when dovecot tries to contact the keycloak server (logs are below). My problem looks like this one: https://dovecot.org/pipermail/dovecot/2019-December/117768.html The response to this problem was about a bug in oauth driver

?Hi Team, Environment:? Samba 4.20.4 AD-DC on bookworm. I am trying to setup password change for users as self-service in the account-console in Keycloak (25.0.4 on Bookworm). I have setup Keycloak user federation with writable (Active Directory) LDAP and Kerberos and without synchronization (so there are no local Keycloak actions, everything goes directly to Samba). I have tested the

Hi, We are using keycloak with our samba-4.4.4 AD environment. (an ldaps client application) Keycloak is able to ask users to change their passwords, when the checkbox "require password change upon next logon" is set in ADUC. However, in our environment (samba-4.4.4) keycloak simply refuses the logons when tht checkbox is set. ("bad username or password") RedHat

Hello everyone, I received a somewhat strange and complicated demand today. The idea of the manager is to use samba as a domain server but the directory tree (authentication and authorization of users) is on an external SAML server using keycloak. The samba will pass only GPO. Is this possible? As far as I've seen samba works the version of Windows Active Directory as well, and I've

> On 05/07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: > > > > > > Hello, > > > > I'm trying to configure roundcube / dovecot to work with keycloak. > > I activated xoauth2 oauthbearer in dovecot. > > But a problem

Hi Andrew and Rowland, Two replies, so quickly! I'm impressed :-) On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote: > And a very interesting one at that. I'm glad to see someone has taken > on some of the ADFS capability I hear folks ask for regularly. Yes I agree, keycloak is very cool. I have found the following samba bug report:

On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > Hi! > > It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Tracking as DOP-1590. Regards, Stephan. >> On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: >> >> >> Hi, >> >> For troubleshooting purposes, I

Hi. I'm using Samba 4 on two Zentyal servers as Domain Controller and now I have to authenticate some services to it (Apache and PAM in particular). The LDAP integration asks me for a LDAP bind password, but I cannot find out where it is on Zentyal. Is there a way to check (or change it) directly on Samba 4? Or is it preferable to authenticate against Active Directory or Kerberos? Thank you

I changed some of the tls options following the document, now config is following: tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection

Hello, Still trying to make roundcube / Dovecot works with Keycloak. Dovecot can't seem to validate the access_token that Roundcube gave. ----- Jul 08 20:48:05 auth: Debug: http-client[1]: request [Req1: GET

You need for the apache keytab something like Alias /webmail /usr/share/webmail # <Directory /usr/share/ webmail > AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbServiceName HTTP KrbAuthRealms EXAMPLE.COM Krb5KeyTab /etc/httpd/conf/keytab require valid-user </Directory> chmod 400 /etc/httpd/conf/keytab chown

It's ok So, if I create a httpuser and an httpgroup in my AD and use these at owner and group for my apache2 daemon, this one could access to userdirs (while permissions granting it) ? But I need to cron 'kinit' to keep valid ticket... ? My local root user always can't access to the share, but my other problem seems to be resolved. Thanks Le 02/08/2016 à 16:37, Rowland

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in debug logs. I can confirming using commands

Le 05/10/2024 ? 02:48, Douglas Bagnall via samba a ?crit?: > hi Hubert, > > I missed this earlier. Hello, I exerienced the same kind of problem.? DC were overloaded by some requests. running DC with suficient debug level shows immediately 2 problems : - requests on big groups ( 70 000 members) with? member attributes - requests with *? in filters. these requests were? consuming from

On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba wrote: > Hello everyone, > I received a somewhat strange and complicated demand today. > > The idea of the manager is to use samba as a domain server but the > directory tree (authentication and authorization of users) is on an > external SAML server using keycloak. The samba will pass only GPO. > > Is

On 5/07/20 18:46, Aki Tuomi wrote: >> On 05/07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >> >> >>> On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: >>> >>> >>> Hello, >>> >>> I'm trying to configure roundcube / dovecot to work with keycloak. >>> I

If not done, add the server to the AD. Add the host and nfs to the COMPUTERNAME($) account. And use winbind to refresh the keytab. Stop samba, remove the keytab, create the new with the new SPN's in it, start samba. And Use the second keytab for apache with only http as upn in it. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at