Displaying 20 results from an estimated 5000 matches similar to: "Anonymous"
2018 Jan 06
5
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client.
When I select the option "Account is sensitive and cannot be delegated" (in Active Directory Users and Computers under the Account tab) for a user account regardless of its
2018 Jan 31
2
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
On 6/1/2018 23:55, Andrew Bartlett wrote:
> On Sat, 2018-01-06 at 11:11 +0000, Antonios Kalkakos via samba wrote:
>> I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client.
>>
>> When I select the option "Account is
2018 Jan 06
0
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
On Sat, 2018-01-06 at 11:11 +0000, Antonios Kalkakos via samba wrote:
> I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7 Pro client.
>
> When I select the option "Account is sensitive and cannot be delegated" (in Active Directory
2018 Feb 01
0
Account is sensitive and cannot be delegated (userAccountControl NOT_DELEGATED flag 0x00100000)
On Wed, 2018-01-31 at 16:15 +0000, Antonios Kalkakos wrote:
> On 6/1/2018 23:55, Andrew Bartlett wrote:
> > On Sat, 2018-01-06 at 11:11 +0000, Antonios Kalkakos via samba wrote:
> > > I have an AD with two Debian Stretch Samba 4.5.12 DCs. The Samba and Heimdal Kerberos 7.1.0 packages are installed from Debian repositories. Management is done from MS-RSAT installed on a Windows 7
2005 May 11
6
Need help with GSSAPI authentication
Client: Windows XP pro, in an AD 2003 domain, running SecureCRT 4.1.11.
I've also got MIT Kerberos for Windows installed on the client, and Leash
shows that my tickets ARE forwardable.
Server: Solaris 8 Sparc server, with MIT Kerberos (krb5-1.4.1), and
OpenSSH 4.0p1.
I've created two AD accounts, and extracted keys mapped to
"host/hostname.domainname.com at REALM.COM" and
2006 Jan 07
2
need palette of topographic colors similar to topo.colors()
Dear useRs,
I got stuck trying to generate a palette of topographic colors that
would satisfy these two requirements:
- the pallete must be 'anchored' at 0 (just like on a map), with
light blue/lawn green corresponding to data values close to 0 (dark
blue to light blue for negative values, green-yellow-brown for
positive values)
- the brown must get darker for higher positive
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
Alon,
I should have provided more background. You are assuming that I could
perform the PKINIT prior to connecting to the SSH server. In this case
(and others) there is an interest in not exposing the kerberos servers
to the world and thus someone connecting remotely would not be able to
obtain a TGT or do a PKINIT. The goal would be for SSH to handle all
the auth and only after connecting to
2005 Nov 03
2
Question about GSSAPI with OpenSSH 4.2p1
Hey all, perhaps someone might be able to shed a little light on this
problem. Nothing I find in books and groups seem to address the
problem. I'm trying to set up a series of connections with ssh that
authenticate through GSSAPI. However, it seems that the credentials are
not getting passed.
>From the client..
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a
2018 Dec 19
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
Alon,
On 12/18/2018 06:52 PM, Alon Bar-Lev wrote:
> OK... So you have an issue...
>
> First, you need to delegate your smartcard to remote machine, probably
> using unix socket redirection managed by openssh. This can be done in
> many levels...
> 1. Delegate USB device, this will enable only exclusive usage of the
> smartcard by remote machine.
> 2. Delegate PC/SC, this
2013 Feb 07
0
[LLVMdev] [llvm-tblgen] Two issues: crash case and mysterious double-inclusion case
On Wed, Feb 06, 2013 at 11:47:31PM +0100, Dmitry Mikushin wrote:
> Dear all,
>
> I need your help to understand weird llvm-tblgen behavior. Please take your
> favourite version of llvm-tblgen and use it in the root directory of the
> archive attached in both bug reports:
>
> http://llvm.org/bugs/show_bug.cgi?id=15188
> http://llvm.org/bugs/show_bug.cgi?id=15189
$
2011 Aug 23
1
Testing Specific Hypothesis
Hi All!
I am interested in testing whether the means for the data I am investigating
are equal to a specific value - let's say 0.01. I have already run a
one-way ANOVA and know that the differences in the means are not
significant, so now I want to know what values the means take on. "otestme"
is the data I am working with (it would be hard for me to get into a form
that would be
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
I know OpenSSH currently supports PKCS11 devices (such as smartcards)
for publickey authentication, but I would love to see PKCS11 extended
further. It is currently possible to perform PKCS11 certificate
authentication, via pam_krb5.so (on Linux at least and likely something
similar on other *NIX) which allows smartcard auth to a Kerberos
(including AD) server, where a TGT can also be granted.
2015 Nov 03
2
Pam_mount not working with "sec=krb5"
Am 03.11.2015 um 16:44 schrieb buhorojo:
> On 03/11/15 10:56, Ole Traupe wrote:
>>
>>>> I mean, putting the key in the keytab looks like a security risk to
>>>> me.
>>> In what way does it appear any more of a risk than having the keys
>>> which you have there already? Even if someone steals the keytab,
>>> they're gonna be hard
2019 Jan 15
4
SSH SSO without keytab file
Hai,
Lets start here.
Handy for us to know.
OS?
Samba version?
AD or member setup?
And I suggest, set this in the ssh server.
# GSSAPI options
GSSAPIAuthentication yes
Restart the ssh server and try to SSO login.
If its a AD server this should work.
Yes, you dont get home dir etc, end up in / after login, but lets check if this works.
Greetz,
Louis
> -----Oorspronkelijk
2002 Jul 31
2
privsep+kerb5+ssh1
please test Olaf Kirch's patch. it looks fine to me, but i don't to K5.
i'd like to see this in the next release. thx
-m
-------------- next part --------------
--- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002
+++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002
@@ -73,18 +73,17 @@
* from the ticket
*/
int
-auth_krb5(Authctxt *authctxt, krb5_data *auth, char
2013 Feb 06
4
[LLVMdev] [llvm-tblgen] Two issues: crash case and mysterious double-inclusion case
Dear all,
I need your help to understand weird llvm-tblgen behavior. Please take your
favourite version of llvm-tblgen and use it in the root directory of the
archive attached in both bug reports:
http://llvm.org/bugs/show_bug.cgi?id=15188
http://llvm.org/bugs/show_bug.cgi?id=15189
====
1) First test case: crashing
====
$ ./llvm-tblgen -gen-tgt-intrinsic NVPTX1.td
assert(iid <=
2015 Nov 03
4
Pam_mount not working with "sec=krb5"
>> I mean, putting the key in the keytab looks like a security risk to me.
> In what way does it appear any more of a risk than having the keys
> which you have there already? Even if someone steals the keytab,
> they're gonna be hard pressed to crack the key in the few hours before
> the tgt expires. Do you have very sensitive data maybe?
Ok. And maybe I misunderstood
2014 Feb 03
1
Obtaining TGT using service principal name
I have been trying to setup Samba4 as a DC using kerberos for
authentication. I have successfully provisioned the domain, and was able to
join my domain using my windows machine as well as kinit to obtain a ticket
for my administrator user from my servers.
I have hit a wall trying to setup a server to authenticate a SPN using a
keytab. I can join the domain and kinit as my administrator user,
2012 Aug 02
2
ggplot does not show in knitr
Hello,
I'm having some issues getting a ggplot figure to show up in the knitr
output, when placed in a loop.
Specifically, I have a loop inside a knitr chunk :
```{r fitting, warning=FALSE, fig.width=10, fig.height=10, fig.keep='high'}
for (t in 1:T)
{
# do a regression of tgt.vals ~ predictors and compute coeffs and
fitted values (fit.vals / fit.adj.vals)
plot(
2008 May 22
4
winbind,ads, win2k3, trusted domains, user mapping
I have been ready everything I can regarding this setup but am having a
problem that I am unsure of.
I am unable to authenticate any user despite the following commands working:
%> getent passwd <username>
%> wbinfo -u
%> wbinfo -g
With the getent passwd I am able to see all of my UID/GID being mapped
via winbdind to the rid of the domain user account.
This command fails:
%>