similar to: samba rotates keytabs without telling apache

On Wed, 22 Nov 2017 13:07:09 +0100 Herman Øie Kolden via samba <samba at lists.samba.org> wrote: > Hello! > > Our organization has since June had problems with samba on our web > server incrementing keytab version numbers every month - precisely > every month. Since apache2 with mod_auth_kerb isn't made aware of > this, all our web sites go 503. The manual solution

We have a 2008r2 AD domain. We join Linux machines as domain members using Samba with Winbind (I'll show all of my config files below). This portion of our setup works without failures of any kind. However, some of these machines are web servers for Intranet stuff and we'd like to have SSO working. For this, we use Apache (HTTPD) plus mod_auth_kerb (requires a keytab file). So, since

Hi List, My goal in sending this email is to get some direction on where to start looking to solve my problem. Thank you all in advance for reading through this and providing any guidance! I'm working on moving to new servers, upgrading from CentOS 6.7 to CentOS 7.5. In this move, we are also upgrading from Apache/2.2.15 to Apache/ 2.4.33. Our servers are all sitting behind a load

Hello, We're starting to use FreeIPA in house (which is awesome btw) which means that Kerberos and TLS client certificate authentication is suddenly quite easy. Im looking for a list of common Linux services with data on how one can Authenticate/Authorise for these services. * httpd support TLS client certificate authentication and Kerberos * rabbitmq supports TLS client certificate

On Thu, 2016-07-14 at 16:20 +0100, Rowland penny wrote: > I don't think the problem is with mentioning 'Dovecot', it is with > using > the DC for anything other than authentication. > > Reading the Dovecot wiki page, creating the user & SPN on the DC is > okay, but once you start exporting the keytab to be used on the DC, > you > are doing something

LDAP can be use in clear text mode or with start_tls. There is still LDAPS which can also be used. Any of these should be used to authenticate users as LDAP[s] is not meant to authenticate anything, it's a DB. Kerberos should be used for authentication as it is meant for that purpose and could grant your users possibility to have SSO. More secure for admins, more simple for users... I have

Hello everyone, In the 6.0 release, I have found a gap in the provided source under the SRPMS/ directories on the mirrors. Let's take the 'bash' source as the first example. The version of bash that I find in the binary x86_64 directories is: http://mirror.centos.org/centos-6/6.0/os/x86_64/Packages/bash-4.1.2-3.el6.x86_64.rpm One would expect to find the source to that binary at:

Hello there. I have a network with 35 new Windows 7 (64 bit) PCs that should connect to printers via a cups/samba server. I want them to use their own windows drivers, and I want these to be installed automatically from print$ when they first connect. I'm trying to install the drivers from the clients as described here:

On Thu, 2016-07-14 at 22:05 +0100, Rowland penny wrote: > On 14/07/16 21:52, Andrew Bartlett wrote: > >  > > Rowland: > > > > Running samba-tool domain exportkeytab for a specific user is quite > > a > > reasonable thing to do, and is entirely sensible to recommand as > > part > > of adding a new user with an SPN.  They keytab can then be

Hi, After doing a clean install of ovirt in a Fedora 11 VM, I am unable to get anything working in the web interface. All I get is an error 500. After reviewing the logs I see the following error in /var/log/http/error.log [Thu Nov 26 11:29:11 2009] [notice] Apache/2.2.13 (Unix) DAV/2 mod_auth_kerb/5.4 mod_nss/2.2.11 NSS/3.12.2.0 mod_python/3.3.1 Python/2.6 configured -- resuming normal

On 15/07/16 08:17, Rowland penny wrote: > On 15/07/16 00:34, Andrew Bartlett wrote: >> On Thu, 2016-07-14 at 22:05 +0100, Rowland penny wrote: >>> On 14/07/16 21:52, Andrew Bartlett wrote: >>>> Rowland: >>>> >>>> Running samba-tool domain exportkeytab for a specific user is quite >>>> a >>>> reasonable thing to do, and

Hi all On a CentOS 5.4 system with Samba 3.0.33 (member server of an AD domain in 2003 native mode) I have the problem that certain users can't use the shares (can't logon), while others can. I *think* this is related to the fact that those users unable to connect are member of a huge number of groups (100+). We know from experience that this is a problem in Windows itsself (need to

My company is approx 200 users. We have 10 offices each with 5-30 users each. A few offices work independently, but there has been a lot more inter-office work lately. I am looking for a way to provide fast local access to files stored in the same office as the user, but also acceptable performance for inter-office file transfers. We are currently using Oracle Drive for a central file server, it

Hi. First of all, I will probably post this question several places, at least here, on the ubuntu forums, and perhaps OpenOffice forums. It is a problem that I'm not sure if really is samba related, Openoffice related or perhaps even OS related. As stated in the heading, it's about file locking, so many apps come into play. I work at a school where we teachers use mainly Ubuntu Hardy and

hey I already compiled apache 2.0.58 from source onto my centos server and noticed I needed to get SSL module added "after the fact" -what are the commands I would run to get this working without wiping everything out and starting over? -karlski

Dear sir I am using RedHat Enterprise Linux Release 3, which is having Samba-3.0.0- 14.3E i am trying to copy a file of size 6 gb from this server to a windows 2000 server through samba, but when 2 gb of file copied then i got a error "FILE SIZE LIMIT EXCEEDED", plz tell me how can i copy this file to the window server. Waiting for your reply Amit Agarwal Network Engineer Agra

Hi everyone, I'm trying to figure out the best way to accomplish below project and would appreciate your input. I need to setup a web page on CentOS with Active Directory authentication. So far I've accomplished the following: - Setup httpd.conf to successfully authenticate against AD by passing my username/passwd. <Directory /var/www/html/secure> Allow from All AuthType

[Apologies if this gets through twice. I sent it first without subscribing, but it seems like it got stuck in the moderation queue, so I subscribed and re-sent it.] I'm doing some work on audio fingerprinting for a school project (more precisely, my master's thesis. I got a hint on #vorbis that I might want to look into the internal floor representations in libvorbisenc to get out audio

Hi Samba Users, I have Samba providing shares to several XP clients. The clients currently authenticate using private/smbpasswd. I do not have an Active Directory server nor any Windows servers. I also have an MIT KDC. Various services have been Kerberised including SSH (proper GSSAPI negotiation) and Apache (Basic auth). This is all functioning correctly. The Apache login and SSH logins from

Hi, for a static cifs mount (automount from fstab) I would like to use kerberos with a SPN. The share is accessed from a http service, so I use HTTP/www.samdom.example.com with the username http-www.samdom.example.com. Unfortunately I can not get it to work. The keytab is generated as described on [1]. # klist -kt /etc/http.keytab Keytab name: FILE:/etc/http.keytab KVNO Timestamp