similar to: Kerberos not working after moving Samba AD DC to new server

Displaying 20 results from an estimated 70000 matches similar to: "Kerberos not working after moving Samba AD DC to new server"

2018 Mar 09
1
Kerberos not working after moving Samba AD DC to new server
Check the kr5b.conf and confirm DNS is working On Fri, Mar 9, 2018 at 9:20 PM, Sebastian Arcus via samba < samba at lists.samba.org> wrote: > > On 09/03/18 10:52, Sebastian Arcus via samba wrote: > >> I am moving a Samba AD DC to a new server (I am merging two different >> hardware servers serving different functions). The new server has the same >> name as the
2018 Mar 12
2
NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
On 12/03/18 11:28, Rowland Penny via samba wrote: > On Mon, 12 Mar 2018 11:11:44 +0000 > Sebastian Arcus via samba <samba at lists.samba.org> wrote: > >> I have a Samba AD running Samba 4.7.5. Everything was working fine, >> when, seemingly out of the blue, the users started to be denied >> access to all shares. If I try from a Windows 7 or Windows 10 >>
2019 Dec 02
2
vfs_recycle disables permissions inheritance on AD DC shares
Apologies if this is a documented feature and I missed it - I've been googling and reading through the docs but haven't spotted any mention anywhere. Is the vfs_recycle feature officially being supported with Samba in AD mode? I have a few AD DC's with file shares on them - and have been struggling with file permissions not being inherited on the file shares. I have finally
2024 Jun 26
2
Kerberos issues
Hello Samba community! I have an legacy system with 7 Windows VM. In this system, the domain user is used to run services and interact with individual parts. I also have one PC on a domain from which I can run RSAT and can check the Zentyal webconfig. domain controller objectVersion: 47 #samba-tool domain level show Domain and forest function level for domain Forest function level: (Windows)
2018 Mar 12
2
NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
I have a Samba AD running Samba 4.7.5. Everything was working fine, when, seemingly out of the blue, the users started to be denied access to all shares. If I try from a Windows 7 or Windows 10 machine, logged in as a user in "Domain Uses", I get: "Windows cannot access \\server-name\share_name. You do not have permission to access \\server-name\share_name" If I use
2017 Oct 31
2
kerberos + winbind + AD authentication for samba 4 domain member
Hello, I'm setting up AD user logins for centos 7.4 box. I've almost managed to do everything the way I want and the way I think it should be, but I'm missing last piece:   For ssh access I read parts of the https://wiki.samba.org/index.php/OpenSSH_Single_sign-on Most docs recommend using setting in smb.conf: winbind use default domain = no that means that all domain users have
2017 Nov 01
5
kerberos + winbind + AD authentication for samba 4 domain member
Hello, Thank You for fast response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003
2019 Dec 02
2
vfs_recycle disables permissions inheritance on AD DC shares
On 02/12/19 15:10, Rowland penny via samba wrote: > On 02/12/2019 14:28, Sebastian Arcus via samba wrote: >> Apologies if this is a documented feature and I missed it - I've been >> googling and reading through the docs but haven't spotted any mention >> anywhere. Is the vfs_recycle feature officially being supported with >> Samba in AD mode? I have a few AD
2018 Nov 22
2
Setup a Samba AD DC as an additional DC
which samba version, because i've een reports the 4.8 fails and 4.7 fails but 4.6 should work, and i dont know about 4.9.2 Can you show your /etc/hosts file and /etc/resolv.conf and /etc/krb5.conf You used : samba-tool domain join mydomain.com DC -U"MYDOMAIN\administrator" --dns-backend=SAMBA_INTERNAL --option="interfaces=ens2f0" not wrong, but can you try. kinit
2017 Jun 12
3
Changing the IP Address of a Samba AD DC doesn't work - samba_dnsupdate crashes
Hello! I've followed your tutorial to change the IP Address of our Samba AD DC: https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC But the samba_dnsupdate tool always crashes with this output: samba_dnsupdate --verbose Unknown parameter encountered: "ks" Ignoring unknown parameter "ks" IPs: ['192.168.68.201'] Looking for DNS entry A
2015 Aug 18
2
Samba 4 DC - no AES kerberos tickets - only arcfour
Hi, I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: # kinit testuser1 testuser1 at S4DOM.TEST's Password: # klist -v Credentials cache: FILE:/tmp/krb5cc_0 Ticket etype: arcfour-hmac-md5, kvno 1 I can create keytabs containing
2024 Jun 26
1
Kerberos issues
On Wed, 26 Jun 2024 14:00:03 +0300 ?????? ??????? via samba <samba at lists.samba.org> wrote: > Hello Samba community! > > I have an legacy system with 7 Windows VM. > In this system, the domain user is used to run services and interact > with individual parts. > I also have one PC on a domain from which I can run RSAT and can > check the Zentyal webconfig. > >
2012 Jul 21
2
Samba4 unable to find SPN (Kerberos)
Hi, while trying to use Samba4 as KDC for secure NFS (once again) I found something I suspect to be an error: In order for NFS (with krb5) to work it requires a nfs/... principal, so I created one using samba-tool: samba-tool user add nfs-user samba-tool spn add nfs/atom.mydomain.org nfs-user samba-tool domain exportkeytab /etc/krb5.keytab -principal=nfs/atom.mydomain.org After setting up NFS,
2012 Jul 09
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?
Hi, I am doing some kerberos testing with samba4 using ssh. I have setup samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and active directory seems to be working both with Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults]
2019 Jun 11
2
Problems with inconsistent ACL inheritance and permissions after Samba upgrade
On 11/06/19 13:29, Rowland penny via samba wrote: > On 11/06/2019 13:13, Sebastian Arcus via samba wrote: >> >> On 11/06/19 11:49, Rowland penny via samba wrote: >>> On 11/06/2019 11:38, Sebastian Arcus via samba wrote: >>>> >>>> On 11/06/19 11:07, Rowland penny via samba wrote: >>>>> On 11/06/2019 10:34, Sebastian Arcus via samba
2019 Dec 02
2
vfs_recycle disables permissions inheritance on AD DC shares
On 02/12/19 16:53, Rowland penny via samba wrote: > On 02/12/2019 16:24, Sebastian Arcus via samba wrote: >> </snip> > >>> You should have 'vfs objects = dfs_samba4 acl_xattr recycle' >> >> Thank you very much for this - now it is working. This lack of >> permissions inheritance issue has been plaguing me for months - it is >> very
2010 Sep 06
3
SAMBA4 kinit fails
I'm trying to test Samba4 as an AD style pdc. following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO at step 9 I get root at pdc:~# kinit administrator at MYDOMAIN.COM kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting initial credentials root at pdc:~# and yet host -t SRV _kerberos._udp.mydomain.com gives _kerberos._udp.mydomain.com has
2019 Dec 02
4
vfs_recycle disables permissions inheritance on AD DC shares
On 02/12/19 15:44, Rowland penny via samba wrote: > On 02/12/2019 15:32, Sebastian Arcus via samba wrote: >> >> On 02/12/19 15:10, Rowland penny via samba wrote: >> >> Thank you for the quick reply. I should have mentioned that these DC's >> are at at different sites. At each site there is only one Linux server >> - hence why the DC is also the file
2019 Jun 11
2
Problems with inconsistent ACL inheritance and permissions after Samba upgrade
On 11/06/19 11:49, Rowland penny via samba wrote: > On 11/06/2019 11:38, Sebastian Arcus via samba wrote: >> >> On 11/06/19 11:07, Rowland penny via samba wrote: >>> On 11/06/2019 10:34, Sebastian Arcus via samba wrote: >>>> I've just upgraded a Samba AD server to 4.10.2 a few weeks ago from >>>> 4.x (I'm afraid I'm not sure the exact
2018 Mar 12
2
NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
On 12/03/18 12:56, Rowland Penny via samba wrote: > On Mon, 12 Mar 2018 11:36:47 +0000 > Sebastian Arcus via samba <samba at lists.samba.org> wrote: > >> >> On 12/03/18 11:28, Rowland Penny via samba wrote: >>> On Mon, 12 Mar 2018 11:11:44 +0000 >>> Sebastian Arcus via samba <samba at lists.samba.org> wrote: >>> >>>> I have a