similar to: Slow Kerberos Authentication

Displaying 20 results from an estimated 6000 matches similar to: "Slow Kerberos Authentication"

2017 Nov 10
2
Slow Kerberos Authentication
No, no idee, but really, upgrade to samba, best option, in my opinion. If thats not possible, it happens.. A timeout option can be set in krb5.conf for example : kdc_timeout = 5000 You have these for krb5.conf to try out also. the complete list. des-hmac-sha1 DES with HMAC/sha1 (weak) aes256-cts-hmac-sha1-96 aes256-cts AES-256 CTS mode with 96-bit SHA-1 HMAC
2017 Nov 10
0
Slow Kerberos Authentication
Hai Paul,   hmm, i think its time.. to upgrade your samba.   I dont think the other krb5.conf options work, but you might give it a try. See man krb5.conf, where i took it from. add /change in krb5.conf  [kdc] tgt-use-strongest-session-key = BOOL svc-use-strongest-session-key = BOOL preauth-use-strongest-session-key= BOOL use-strongest-server-key = BOOL encode_as_rep_as_tgs_rep = BOOL   BOOL
2017 Nov 11
0
Slow Kerberos Authentication
Just to update this, I'm going to upgrade to samba4 but it won't be for a few days yet, I'll keep this thread updated with what happens. On 10 Nov 2017 11:23, "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > No, no idee, but really, upgrade to samba, best option, in my opinion. > If thats not possible, it happens.. > > A timeout option can
2017 Nov 09
0
Slow Kerberos Authentication
Hi All, I've a problem with samba 3.6.23 on Oracle Linux 6, Kerberos authentication is working but it takes around 30 seconds on first access. This is an active directory domain with 2008r2 DC's. I've tracked it down to what looks like the incorrect encryption type being used according to the debug output below, as you can see it fails twice with enc type of 17 and 18 but succeeds
2004 Apr 19
1
Samba 3.0.2a with ADS w2k3 Active Directory, enctypes
Hi people, I have a Linux box running Samba 3.0.2a in ADS mode MIT Kerberos 1.3.3. My W2K e WXP users can't access the linux box by netbios name, the only access that works is by IP address, I know that's caused because access thought IP address don't make use of Kerberos. The most strange for me it's that the same environment works fine with a W2K Active Directory, I read in same
2004 Apr 20
1
RES: Samba 3.0.2a with ADS w2k3 Active Directory, enctype s
Hi Jim, I did what the doc says but the problem is the same. Does anybody saw this work ? I mean, is the Samba 3.0.2a+Kerberos MIT 1.3.3 able to be accessed by a WXP, W2K or W2K3 machine, using Kerberos tickets generated in a Windows 2003 KDC (W2K3 AD) ? Thanks -----Mensagem original----- De: Jim McDonough [mailto:jmcd@us.ibm.com] Enviada em: segunda-feira, 19 de abril de 2004 17:07 Para:
2003 Sep 29
4
bad encryption type when accessing AD member server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm trying to access a Samba 3.0 server (running on Debian unstable) in an Active Directory environment. I successfully joined the domain, klist shows my Kerberos ticket(s) and I can use smbclient -k to access a Windows 2000 server. However, when I try to access a share on the Samba machine from a Windows 2000 client, I'm being asked
2005 Apr 16
1
Problems with ADS membership in win2k domain
I'm having problems with ADS membership for samba. I had a "mostly" working version with RHES v2.1, krb5 v1.2, samba v3.0.5. I knew to get to a fully functioning version I would need krb5 v1.3 or later. So finally I had an opertunity to junk RH's crufty krb5 and build from scratch with: RHES v2.1 MIT krb5 v1.4 samba v3.0.13 This works fine on another server. Now to the
2004 May 04
3
samba 3.0.2a & Win2003 AD controler
Hello samba experts ! I have a big problem with my samba 3.0.2a on debian. I use winbindd, which seems to work (getent passwd/group and wbinfo -u works), and the net ads join worked too, but the authentication with the AD controler, hosted on Win2003 Server, fails. Sample of the level 3 log file : ... [2004/05/04 08:47:20, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX
2024 Apr 05
1
Strange problem with samba-tool dns query ...
On Fri, 5 Apr 2024 19:58:33 +0200 Pavel Lis? <pavel.lisy at gmail.com> wrote: > So, > > I've done some progress. > > I've made configuration according this article > https://fedoramagazine.org/samba-as-ad-and-domain-controller/ > they use sample kerberos config file from package samba-dc-provision: > > sudo cp /usr/share/samba/setup/krb5.conf
2009 May 04
2
bad encryption type in AD domain authentication
Hello, I'm trying to access a samba share using an ADS user credentials. I always get an error, and the debug traces (log level = 5) are giving me the output in the follow. I have searched the samba ML archives, and I have found the thread http://lists.samba.org/archive/samba/2004-April/084545.html but, before asking the system admin to apply the eventual KB fixes, I would like to know if the
2016 Oct 03
3
Samba Member NT_STATUS_NETWORK_SESSION_EXPIRED
hey, now after observe last changes on the weekend… i have also the issue. After 10 hours i can’t connect to the shares on my member server. On Log of DC i found this: [2016/10/02 20:35:45.601265, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ PL0024$@HQ.KONTRAST from ipv4:<member-ip>:55578 for krbtgt/HQ.KONTRAST at HQ.KONTRAST [2016/10/02
2019 Nov 05
5
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Ok, you did to much as far i can tell. You want to see this: i'll show my output, then i is better to see what i mean. this is where you start with. klist -ke |sort ( default member ) ---- -------------------------------------------------------------------------- 3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96) 3 host/HOSTNAME1 at REALM.DOMAIN.TLD
2004 Mar 31
9
failing to browse unix shares with samba 3.0.2a
We upgraded our Solaris 9 samba server to version 3.0.2a and configured Kerberos MIT 1.3.2. I was able to run kinit and join samba to our windows 2003 domain as a domain member, but when I am trying to browse the samba shares from a windows XP machine it is failing. When I am looking at the samba logs this is what I am getting: [2004/03/30 11:15:26, 3]
2019 Feb 26
2
gpo not applied a boot computer
THANK YOU FOR YOUR REPLY THE RESULT : KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/samba4 at FSS.LAN (des-cbc-crc) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc) 1 SAMBA4$@FSS.LAN (des-cbc-crc) 1 HOST/samba4 at FSS.LAN (des-cbc-md5) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5) 1 SAMBA4$@FSS.LAN (des-cbc-md5) 1
2019 Nov 05
7
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Ok, Your keytab looks ok now. oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp. fs-a.dom.corp has address 10.0.0.2 i would have expected here. oldsamba.dom.corp is an alias for fs-a.dom.corp. fs-a.dom.corp has address 10.0.0.2 Or was that a typo? I assuming a typo.. About your setup from the script outpout. Change this one. /etc/hosts 10.0.0.2 fs-a.dom.corp fs-a oldsamba #
2019 Oct 29
4
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hi, the problem seems to be related to this bug: https://bugzilla.samba.org/show_bug.cgi?id=6750 I try therefore to set machine password timeout = 0 Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba < samba at lists.samba.org> ha scritto: > On 29/10/2019 10:04, banda bassotti wrote: > > I had already done it: > > > > # samba-tool spn list
2015 Aug 13
4
winbind_krb5_locator usage
Hello, I have different Sites in my domain and want the different members to use the respective domain controller of their site. I can't get this to work right. I have a member that is in site B but executing "net ads info" outputs the DC of site A as active. I read about enabling "winbind_krb5_locator", but it is already located in
2009 Mar 11
1
Samba PDC - Kerberised CIFS access
Hi All, I have machine M1 hosting Samba PDC. It stores only user information. I have machine M2 acting as KDC server. I have machine M3 hosting CIFS shares and it joins into the domain hosted by PDC M1. I have machine M4 used as CIFS client. On M2, I have added users and cifs/host service principals for M3. Also added service principal in keytab file. I have added all the user and service
2019 Feb 26
5
gpo not applied a boot computer
Hello everyone since now a certain time I pull my hair and do not understand the source of my problem. after a samba 3 pdc migration to samba 4.8.5 AD, when a windows client starts the gpo computer is not applied to the boot. in the windows logs there are 1058 GPO errors and server side samba here are the logs: GSS server Update (krb5) (1) Update failed: Miscellaneous failure (see text): Failed