similar to: kerberos issue (SPN not found) with windows Hyper-V ( samba 4.5.3 AD)

After reviewing logs I found that my previous assumption was wrong. Situation: - i'm trying to start live migration from hyper-v host A (BMSRV4-HYPERV) to hyper-v host B (BM-SRV-5) from host B (logged in as user from DOMAIN ADMINS group). Kerberos constrained delegation is set in accordnance to microsoft instructions with proper SPN's set (well, proper as in with the workaround I

Hello, This won't be a very helpful reply, but I can confirm I've had the exact same issue. I ran into this a few years ago and could not get HyperV migrations to work with a Samba DC. I even went so far as to install a Windows DC just to prove to myself that it is supposed to work, and it does, perfectly (with ADDC it even creates all the SPNs for you auto-magically). Unfortunately at

Hello, I've setup over 6 months ago samba 4 AD on centos 7.3 (self compiled from source). Up until now I didn't encounter any undocumented errors. I have 3 DC's (all samba 4.5.3) which are working pretty nice with over 60 windows clients. The issue I've stumbled upon is when I added Windows server Hyper-V hosts to the domain. Tried with Hyper-V from 2012, 2012r2 and new 2016

Hi, I hit the issue described in this thread https://groups.google.com/forum/#!topic/linux.samba/VfjW9Af92Wg while testing out s4u2self and s4u2proxy in a windows service, so I wanted to share my setup. So I wrote a small windows service that's running as a local system account to impersonate an user via s4u2self (using LsaLogonUser in win32 api than calling ImpersonateLoggedOnUser) and then

Hello, Thank You for fast response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003

----- Original Message ----- > From: "samba" <samba at lists.samba.org> > To: "samba" <samba at lists.samba.org> > Sent: Tuesday, October 10, 2017 10:19:29 AM > Subject: Re: [Samba] Opensolaris-ish joins but does not seem to be valid > On Tue, 10 Oct 2017 09:39:43 -0500 (CDT) > Andrew Martin <amartin at xes-inc.com> wrote: > >>

Hi list, we have a forest trust of two domains. One domain in US (us.root.prv) running exclusively on Windows 2012 R2 and one in EU (spreadshirt.private) running exclusively Sernet Samba 4.8.2-11. Both domains run functional level "2008 R2". The trust validates successful using "samba-tool domain trust validate" and in "Domains and trusts". My problem is: I

On 1/6/2016 10:56 AM, Ole Traupe wrote: > Ok, I updated resolv.conf as you said. Then I restarted the network > service on this member server and afterwords suspended the 1st DC. > Now, kinit gives me again: > > "Cannot contact any KDC for realm 'BPN.TU-BERLIN.DE' while getting > initial credentials" > > Ole > > > Am 05.01.2016 um 13:41 schrieb

Hi, I had Samba 4.2.14 working as AD DC with shares. After upgrade to version 4.3.11 AD DC authentication, ADUC, etc, stopped working. Shares still work fine. OS. Oracle Linux 6.x with UEK, uptodate. Samba compiled from source. Upgrade procedure (nothing special): ./configure --enable-selftest make make install Testparm output: # Global parameters [global] workgroup = EXAMPLE realm =

Hi all, James, After following James' suggestions fixing the several dbcheck errors, and having observed things for a few days, I'd like to update this issue, and hope for some new input again. :-) Summary: three DCs, all three running Version 4.5.10-SerNet-Debian-16.wheezy, samba-tool dbcheck --cross-ncs reports no errors, except for two (supposedly innocent) dangling forward links

In a leap of faith, I decided to relax the iptables rules on our Samba DC (4.0.5) on Wednesday, permitting some of our production clients to actually authenticate against it (in addition to our W2k3R2 DC). After all, there are no replication errors and no errors either in log.samba or Windows event log, so things _should've_ been generally working, and various test clients also have had no

Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)

Hi everyone, A quick question: Is check password script option working for ad dc setup? I believe, ad on it's own cannot provide password protection against dictionaries.

Hello, I am running samba 4.11.8 as Active Directory DC and a member server. I wanted to authenticate cyrus-imapd by GSSAPI, and found this mailhttps://lists.samba.org/archive/samba-technical/2013-April/091429.html I tried to run the cyrus-imap server on a member server, which has successfuly 'net ads join'ed and authenticate user with winbindd without problems. I followed the method

On Thu, 12 Oct 2017 13:28:40 -0500 (CDT) Mike Ray <mray at xes-inc.com> wrote: > ----- On Oct 11, 2017, at 5:56 PM, samba samba at lists.samba.org wrote: > > > ----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org > > wrote: > > > >> On Tue, 10 Oct 2017 11:28:09 -0500 (CDT) > >> Andrew Martin <amartin at xes-inc.com> wrote: >

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >

I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES NOT ########## /etc/exports ##########

On 28/01/16 21:32, Wayne Merricks wrote: > Apologies, managed to venture onto the dreaded 2nd page of Google and > found an answer. > > If anyone gets stuck add --server to the end of the command and this > points samba-tool directly to the DC you wish to use for joining. > > E.g. my dc of ukads001.int.thevoiceasia.com makes this command: > > sudo samba-tool domain

We have setup Samba 4.1 as a PDC. We have successfully connected several Windows 2008 Servers to the domain and created various users/groups. During an application installation on the Windows server, it runs the command in SQL server: master..xp_logininfo 'MYDOMAIN\useraccount' SQLserver is running as a service user created on the domain (here called MYDOMAIN) This returns: Msg

Everytime I try to login using windows credentials to my db instance I get the error: ORA-12638: Credential retrieval failed. Looking at my alert log I find: ns main err code: 12638 which means the database is not able to connect the domain controller. The database connector makes use of NTLM protocol to authenticate. Is it supported by samba4 (4.1.16)? I'm unable to find any