similar to: Slow Kerberos Authentication

No, no idee, but really, upgrade to samba, best option, in my opinion. If thats not possible, it happens.. A timeout option can be set in krb5.conf for example : kdc_timeout = 5000 You have these for krb5.conf to try out also. the complete list. des-hmac-sha1 DES with HMAC/sha1 (weak) aes256-cts-hmac-sha1-96 aes256-cts AES-256 CTS mode with 96-bit SHA-1 HMAC

Hai Paul,   hmm, i think its time.. to upgrade your samba.   I dont think the other krb5.conf options work, but you might give it a try. See man krb5.conf, where i took it from. add /change in krb5.conf  [kdc] tgt-use-strongest-session-key = BOOL svc-use-strongest-session-key = BOOL preauth-use-strongest-session-key= BOOL use-strongest-server-key = BOOL encode_as_rep_as_tgs_rep = BOOL   BOOL

Just to update this, I'm going to upgrade to samba4 but it won't be for a few days yet, I'll keep this thread updated with what happens. On 10 Nov 2017 11:23, "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > No, no idee, but really, upgrade to samba, best option, in my opinion. > If thats not possible, it happens.. > > A timeout option can

Hi All, I've a problem with samba 3.6.23 on Oracle Linux 6, Kerberos authentication is working but it takes around 30 seconds on first access. This is an active directory domain with 2008r2 DC's. I've tracked it down to what looks like the incorrect encryption type being used according to the debug output below, as you can see it fails twice with enc type of 17 and 18 but succeeds

Hi people, I have a Linux box running Samba 3.0.2a in ADS mode MIT Kerberos 1.3.3. My W2K e WXP users can't access the linux box by netbios name, the only access that works is by IP address, I know that's caused because access thought IP address don't make use of Kerberos. The most strange for me it's that the same environment works fine with a W2K Active Directory, I read in same

Hi Jim, I did what the doc says but the problem is the same. Does anybody saw this work ? I mean, is the Samba 3.0.2a+Kerberos MIT 1.3.3 able to be accessed by a WXP, W2K or W2K3 machine, using Kerberos tickets generated in a Windows 2003 KDC (W2K3 AD) ? Thanks -----Mensagem original----- De: Jim McDonough [mailto:jmcd@us.ibm.com] Enviada em: segunda-feira, 19 de abril de 2004 17:07 Para:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm trying to access a Samba 3.0 server (running on Debian unstable) in an Active Directory environment. I successfully joined the domain, klist shows my Kerberos ticket(s) and I can use smbclient -k to access a Windows 2000 server. However, when I try to access a share on the Samba machine from a Windows 2000 client, I'm being asked

I'm having problems with ADS membership for samba. I had a "mostly" working version with RHES v2.1, krb5 v1.2, samba v3.0.5. I knew to get to a fully functioning version I would need krb5 v1.3 or later. So finally I had an opertunity to junk RH's crufty krb5 and build from scratch with: RHES v2.1 MIT krb5 v1.4 samba v3.0.13 This works fine on another server. Now to the

Hello samba experts ! I have a big problem with my samba 3.0.2a on debian. I use winbindd, which seems to work (getent passwd/group and wbinfo -u works), and the net ads join worked too, but the authentication with the AD controler, hosted on Win2003 Server, fails. Sample of the level 3 log file : ... [2004/05/04 08:47:20, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX

On Fri, 5 Apr 2024 19:58:33 +0200 Pavel Lis? <pavel.lisy at gmail.com> wrote: > So, > > I've done some progress. > > I've made configuration according this article > https://fedoramagazine.org/samba-as-ad-and-domain-controller/ > they use sample kerberos config file from package samba-dc-provision: > > sudo cp /usr/share/samba/setup/krb5.conf

Hello, I'm trying to access a samba share using an ADS user credentials. I always get an error, and the debug traces (log level = 5) are giving me the output in the follow. I have searched the samba ML archives, and I have found the thread http://lists.samba.org/archive/samba/2004-April/084545.html but, before asking the system admin to apply the eventual KB fixes, I would like to know if the

hey, now after observe last changes on the weekend… i have also the issue. After 10 hours i can’t connect to the shares on my member server. On Log of DC i found this: [2016/10/02 20:35:45.601265, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ PL0024$@HQ.KONTRAST from ipv4:<member-ip>:55578 for krbtgt/HQ.KONTRAST at HQ.KONTRAST [2016/10/02

Ok, you did to much as far i can tell. You want to see this: i'll show my output, then i is better to see what i mean. this is where you start with. klist -ke |sort ( default member ) ---- -------------------------------------------------------------------------- 3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96) 3 host/HOSTNAME1 at REALM.DOMAIN.TLD

We upgraded our Solaris 9 samba server to version 3.0.2a and configured Kerberos MIT 1.3.2. I was able to run kinit and join samba to our windows 2003 domain as a domain member, but when I am trying to browse the samba shares from a windows XP machine it is failing. When I am looking at the samba logs this is what I am getting: [2004/03/30 11:15:26, 3]

THANK YOU FOR YOUR REPLY THE RESULT : KVNO Principal ---- -------------------------------------------------------------------------- 1 HOST/samba4 at FSS.LAN (des-cbc-crc) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc) 1 SAMBA4$@FSS.LAN (des-cbc-crc) 1 HOST/samba4 at FSS.LAN (des-cbc-md5) 1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5) 1 SAMBA4$@FSS.LAN (des-cbc-md5) 1

Ok, Your keytab looks ok now. oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp. fs-a.dom.corp has address 10.0.0.2 i would have expected here. oldsamba.dom.corp is an alias for fs-a.dom.corp. fs-a.dom.corp has address 10.0.0.2 Or was that a typo? I assuming a typo.. About your setup from the script outpout. Change this one. /etc/hosts 10.0.0.2 fs-a.dom.corp fs-a oldsamba #

Hi, the problem seems to be related to this bug: https://bugzilla.samba.org/show_bug.cgi?id=6750 I try therefore to set machine password timeout = 0 Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba < samba at lists.samba.org> ha scritto: > On 29/10/2019 10:04, banda bassotti wrote: > > I had already done it: > > > > # samba-tool spn list

Hello, I have different Sites in my domain and want the different members to use the respective domain controller of their site. I can't get this to work right. I have a member that is in site B but executing "net ads info" outputs the DC of site A as active. I read about enabling "winbind_krb5_locator", but it is already located in

Hi All, I have machine M1 hosting Samba PDC. It stores only user information. I have machine M2 acting as KDC server. I have machine M3 hosting CIFS shares and it joins into the domain hosted by PDC M1. I have machine M4 used as CIFS client. On M2, I have added users and cifs/host service principals for M3. Also added service principal in keytab file. I have added all the user and service

Hello everyone since now a certain time I pull my hair and do not understand the source of my problem. after a samba 3 pdc migration to samba 4.8.5 AD, when a windows client starts the gpo computer is not applied to the boot. in the windows logs there are 1058 GPO errors and server side samba here are the logs: GSS server Update (krb5) (1) Update failed: Miscellaneous failure (see text): Failed