similar to: Move a samba file server new hardware

Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny

Hi Am 09.03.20 um 16:32 schrieb Rowland penny via samba: > On 09/03/2020 14:25, Andreas Hauffe via samba wrote: >> [global] >> ??????? dedicated keytab file = /etc/krb5.keytab >> ??????? kerberos method = secrets and keytab > Why the dedicated keytab ? We have a kerberized NFS4 running on that machine, too. > >> workgroup = ILRW >> ??????? idmap config dom :

Hi, thanks for your hints. DNS, /etc/resolf.conf, /ets/hosts seem to be correct. I'm able to do a kerberized ssh with a user from subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE) But I'm not able to do the same with a user from example.de (user1 at EXAMPLE.DE). -- Regards, Andreas Am 01.11.2017 um 10:51 schrieb L.P.H. van Belle via samba: > I can suggest a few

Is anyone on the list using kerberized-nfs on any kind of scale? I've been fighting with this for years. In general, when we have issues with this system, they are random and/or not repeatable. I've had very little luck with community support. I hope I don't offend by saying that! Rather, my belief is that these problems are very niche/esoteric, and so beyond the scope of typical

hi All, thanks for the responses. After being dropped into the # Filesystem repair prompt, ( on account of "inode 27344909 has illegal blocks" ) following warm reboot (via "reboot") after finding (SAN ) filesystem in read-only mode yesterday morning (possibly because of HBA fault on SAN) , I ran fsck -r /data (Linux version 2.6.18-92.1.18.el5 , Red Hat 4.1.2-42 , ext3

Hi, yes, there are some things. But I have not found a nice complete documentation. One main point is the domain name as prefix of the username of the parent domain, e.g. "DOM\user1", you have to use. I was not able to get rid of it, as the client is member of the subdomain which is the default. So you can't use the "default domain" option in smb.conf. The backslash

On 2 January 2018 at 17:08, Marc Haber <mh+openssh-unix-dev at zugschlus.de> wrote: > On Tue, Jan 02, 2018 at 04:03:34PM +1030, David Newall wrote: >> On 02/01/18 03:29, Michael Str?der wrote: >> > How high is the risk that this unmaintained device is added to >> > yet-another-bot-net in the Internet-of-shitty-devices or is used to >> > enter parts of your

What are the HA options for Switchvox systems? Is it possible to set up redundant systems with DRBD? I know on the digium website they talk about "Optional cold spare failover" What does this mean? Is this an active spare ready for some sort of automated failover? Thanks for you help, Bob

Hi, I've been working on some systems trying to get kerberized nfsv4 and kerberized web services going on 7. Kerberized nfsv4 was working with 7.0, but with the 7.1 release it stopped working, the key difference between the two setups is that gssproxy wasn't being used with 7.0, but seems to be key with 7.1. The problem I am encountering with Kerberized NFSv4 is that the directory will

Am 16.01.2018 um 17:26 schrieb Rowland Penny via samba: > On Tue, 16 Jan 2018 16:54:17 +0100 > Andreas Hauffe via samba <samba at lists.samba.org> wrote: > >> Ok, you are completely right. Here are the real numbers with changed >> user names: >> >> drwx------ 43 DOM\user1        DOM\domain-user  4096 Jan 10 08:00 >> user1 drwx------   5 DOM\user2       

Hi, I'm having trouble realizing a krb5auth with pam_winbind with trusted domain users (external trust) on our clients. The client is joined to a local domain, which has a "external trust" to a global domain. The following things are working for all users (local and trusted domain): "wbinfo -i" "wbinfo --pam-logon" "wbinfo -a" "kinit"

I have a kerberized SSHD installed on HOST-1, a login server for the outside world. How can I make it so users are still authenticated via kerberos, even though they haven't yet received a ticket? The main reason for this is that a user who is at home, no vpn, but has an ssh client could then login and be authenticated by kerberos using password authentication, get a ticket, then be allowed

Thanks, I will give that a try. But I need the 'winbind separator = +'. We use some expensive commercial software (e.g. ANSYS, ABAQUS, ...), which uses shell scripts to start their software under linux. These scripts are not able to handle a backslash in the user name. The only solution was to switch to a "+" character. We reported these issues two years ago. Regards,

Hi, I tried samba 4.12.0 on our file server which is a domain member and exporting some shares. We're getting some strange errors on some shares since the update. Right after starting or restarting smbd everything is fine. After short while (seconds or a few minutes) users are getting errors when trying to access the shares, e.q. "Invalid Handle Error", "An unexpected

Hi, a new hint. If I change the default_realm in krb5.conf to EXAMPLE.DE than the kerberized ssh is working for a user from example.de (user1 at EXAMPLE.DE) and not working for a user from subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE) So with the actuall configuration I'm able to use kerberized ssh for users from example.de or users from subdom2.subdom1.example.de

Hi, I'm currently attempting to setup a Linux Samba and Kerberized NFS server using a Windows 2008 R2 Domain controller as a KDC and I've run into an issue. Currently I can make Kerberized NFS or Samba fileserving work but not both at the same time. Specifically: The Linux kerberized NFS daemon (rpc.svcgssd) appears to only be able to deal with service tickets up to a certain size.

Hi, I'm having a problem with ssh and sssd in a samba4 ad environment. If I logon a linux client everything works fine. When entering klist I'm able to see my ticket. When I try to connect/logon to another linux client with ssh it is possible, but klist shows: klist: Credentials cache file '/run/user/$UID$/krb5cc/tkt' not found. So the ticket cache is not created during

Hi all, I have installed Samba 3.0.7 on HP-UX and I have configured to work with "security = ADS" with a Windows 2000 Domain Controller and kerberized connection. It works fine, I have joined the domain and I can use the share defined, but the log contains: [2005/07/28 09:46:32, 1] smbd/service.c:make_connection_snum(648) 10.11.50.51 (10.11.50.51) connect to service SHARE initially

My college is kerberized, and so in many situations authentication is both faster and more secure using kerberos tickets. Sadly I have run into a problem. The Heimdal included in FreeBSD seems to be incompatible with my school's servers running MIT kerberos when authenticating over gssapi. For example ssh in verbose mode returns: debug2: we sent a gssapi-with-mic packet, wait for reply

Hi, the external trust, we have, is a one directional external trust. So users of the trusted dom can logon on local dom clients, but not the other way around. In case of "wbinfo -a" all communication is between the client and the domain controller of the local domain, which is the proxy for the auth process. In case of "wbinfo -K" all communication is between the client