similar to: Slow Kerberos Authentication

Hai Paul,   hmm, i think its time.. to upgrade your samba.   I dont think the other krb5.conf options work, but you might give it a try. See man krb5.conf, where i took it from. add /change in krb5.conf  [kdc] tgt-use-strongest-session-key = BOOL svc-use-strongest-session-key = BOOL preauth-use-strongest-session-key= BOOL use-strongest-server-key = BOOL encode_as_rep_as_tgs_rep = BOOL   BOOL

Hai, You may need to add the the following in krb5.conf [libdefaults] allow_weak_crypto = true ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; for Windows 2008 with AES default_tgs_enctypes = aes128-cts-hmac-sha1-96

Just to update this, I'm going to upgrade to samba4 but it won't be for a few days yet, I'll keep this thread updated with what happens. On 10 Nov 2017 11:23, "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > No, no idee, but really, upgrade to samba, best option, in my opinion. > If thats not possible, it happens.. > > A timeout option can

No, no idee, but really, upgrade to samba, best option, in my opinion. If thats not possible, it happens.. A timeout option can be set in krb5.conf for example : kdc_timeout = 5000 You have these for krb5.conf to try out also. the complete list. des-hmac-sha1 DES with HMAC/sha1 (weak) aes256-cts-hmac-sha1-96 aes256-cts AES-256 CTS mode with 96-bit SHA-1 HMAC

Hi people, I have a Linux box running Samba 3.0.2a in ADS mode MIT Kerberos 1.3.3. My W2K e WXP users can't access the linux box by netbios name, the only access that works is by IP address, I know that's caused because access thought IP address don't make use of Kerberos. The most strange for me it's that the same environment works fine with a W2K Active Directory, I read in same

Hi Jim, I did what the doc says but the problem is the same. Does anybody saw this work ? I mean, is the Samba 3.0.2a+Kerberos MIT 1.3.3 able to be accessed by a WXP, W2K or W2K3 machine, using Kerberos tickets generated in a Windows 2003 KDC (W2K3 AD) ? Thanks -----Mensagem original----- De: Jim McDonough [mailto:jmcd@us.ibm.com] Enviada em: segunda-feira, 19 de abril de 2004 17:07 Para:

I have been fighting with this FreeBSD port for two days off/on Can anyone please suggest something? Even if it's paid support to fix this? Thanks! Eric [2005/11/03 17:03:17, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(619) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2005/11/03 17:03:17, 3]

I'm having problems with ADS membership for samba. I had a "mostly" working version with RHES v2.1, krb5 v1.2, samba v3.0.5. I knew to get to a fully functioning version I would need krb5 v1.3 or later. So finally I had an opertunity to junk RH's crufty krb5 and build from scratch with: RHES v2.1 MIT krb5 v1.4 samba v3.0.13 This works fine on another server. Now to the

Hello, We are experiencing ADS lower performance on Samba-3.0.22 for HPUX. I did Google search, and find out one message posted at http://lists.samba.org/archive/samba/2005-November/114231.html at the earlier time. >From my observation, it seems there was a spin on reply_spnego_negotiate()/ reply_spnego_kerberos() calls that invokes register_vuid() to register uvid with different vuid# for a

I'm having problems with ADS membership for samba. I had a "mostly" working version with RHES v2.1, krb5 v1.2, samba v3.0.5. I knew to get to a fully functioning version I would need krb5 v1.3 or later. So finally I had an opertunity to junk RH's crufty krb5 and build from scratch with: RHES v2.1 MIT krb5 v1.4 samba v3.0.13 This works fine on another server. Now to the

=20 \\128.252.123.123\sharename <file:///\\128.252.123.123\sharename>=20 =20 And it works as expected - my clients are in the same domain, no password is asked for, etc. =20 Using any form of the hostname in the URI, either \\hostname\sharename <file:///\\hostname\sharename> or \\hostname.domain.name\sharename <file:///\\hostname.domain.name\sharename> in the URI will

Having a problem getting v3.0.0(or pre3) to compile on a Solaris 8 box, tried Sun compilers and Solaris compilers.. Recompiled/Re-installed Kerberos all roads lead to the same error compiling Samba, it gets about 2/3 of the way done and spews... Compiling libads/kerberos_verify.c libads/kerberos_verify.c: In function `create_keytab': libads/kerberos_verify.c:77: structure has no member

I recently upgraded a backup fileserver used for testing purposes from samba-3.0.10 to the current samba-3.0.11 using the FreeBSD portupgrade. The fileserver is setup in a W2K AD. The fileserver uses Winbind to get AD accounts and shares are created on the Samba server. Worked fine until the upgrade. Here is a copy of the current smb.conf [global] unix charset = LOCALE

Hi all, we here have a user that got a new Windows 7 client (before he had Windows XP) and now is no longer able to connect to our Samba shares. Testing his client with another account has proven that the client is not the problem, other user can connect. Also testing the user on another (Windows 7) client gave the result that the user is not allowed to access. Running Samba with different log

Hello, i need some help. A samba3 (3.6.9-151.el6_4.1) ADS member (WIN 2008 AD Master) Server did his work for years. Since hours some Clients can not connect to the name (\\fileserver) connecting to \\192... sometimes work. Log say: 2013/10/09 09:54:27.735101, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1638 [2013/10/09 09:54:27.735423, 3]

This has been submitted to https://bugzilla.samba.org/ as Bug 636 I'm trying to build Samba 3.0.0 CVS 3.0.1pre2 under Solaris 8 with MIT Kerberos 5 1.3.1 OpenLDAP 2.1.22 using the Sun Workshop 6U2 compiler Arguments to configure are: configured by ./configure, generated by GNU Autoconf 2.53, with options \"'--with-readline' '--with-libiconv=/usr/local'

Can someone verify that I am having the same problem with Mac OS X Panther (10.3.3) using Samba 3.0.2 based on my log below? I get this trying to connect from my WinXP machine to my Mac which is configured with ADS. If so, can you point me to a set of instructions on upgrading from 3.0.2 to 3.0.4 with this patch? I don't have control over the server I authenticate with...it is about 300

Since I haven't gotten any responses from the segfault log I posted earlier, I will try another approach. Below is what happens when a client tries to connect. Again, this all started after I changed a username mapping entry from root = DOMAIN\Administrator to root = @"DOMAIN\Domain Admins". This is in a security = ADS setup. wbinfo -u and -g return the correct information.

Hello, I have been working diligently since my last post to solve the error I've been receiving. I did manage to fix the credentials problem, but now I am at the same point where many others are, mainly, when doing hostname mapping (net use X: \\foo\bar), Samba prompts for a username and password and does not use Kerberos. In my error logs: [2004/01/05 15:51:59, 10]

Hi! I have samba4 domain controller + samba 3.4 member server. On XP login to domain and connection to member server works ok. Vista can login to domain but can't get connected to member server. Member servers log.smbd is following error with Vista client: ------------------- [2009/09/02 14:12:02, 3] smbd/process.c:1259(switch_message) switch message SMBsesssetupX (pid 30541) conn 0x0