Displaying 20 results from an estimated 70000 matches similar to: "Kerberos not working after moving Samba AD DC to new server"
2018 Mar 09
1
Kerberos not working after moving Samba AD DC to new server
Check the kr5b.conf and confirm DNS is working
On Fri, Mar 9, 2018 at 9:20 PM, Sebastian Arcus via samba <
samba at lists.samba.org> wrote:
>
> On 09/03/18 10:52, Sebastian Arcus via samba wrote:
>
>> I am moving a Samba AD DC to a new server (I am merging two different
>> hardware servers serving different functions). The new server has the same
>> name as the
2018 Mar 12
2
NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
On 12/03/18 11:28, Rowland Penny via samba wrote:
> On Mon, 12 Mar 2018 11:11:44 +0000
> Sebastian Arcus via samba <samba at lists.samba.org> wrote:
>
>> I have a Samba AD running Samba 4.7.5. Everything was working fine,
>> when, seemingly out of the blue, the users started to be denied
>> access to all shares. If I try from a Windows 7 or Windows 10
>>
2019 Dec 02
2
vfs_recycle disables permissions inheritance on AD DC shares
Apologies if this is a documented feature and I missed it - I've been
googling and reading through the docs but haven't spotted any mention
anywhere. Is the vfs_recycle feature officially being supported with
Samba in AD mode? I have a few AD DC's with file shares on them - and
have been struggling with file permissions not being inherited on the
file shares. I have finally
2024 Jun 26
2
Kerberos issues
Hello Samba community!
I have an legacy system with 7 Windows VM.
In this system, the domain user is used to run services and interact
with individual parts.
I also have one PC on a domain from which I can run RSAT and can check
the Zentyal webconfig.
domain controller objectVersion: 47
#samba-tool domain level show
Domain and forest function level for domain
Forest function level: (Windows)
2018 Mar 12
2
NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
I have a Samba AD running Samba 4.7.5. Everything was working fine,
when, seemingly out of the blue, the users started to be denied access
to all shares. If I try from a Windows 7 or Windows 10 machine, logged
in as a user in "Domain Uses", I get:
"Windows cannot access \\server-name\share_name. You do not have
permission to access \\server-name\share_name"
If I use
2017 Oct 31
2
kerberos + winbind + AD authentication for samba 4 domain member
Hello,
I'm setting up AD user logins for centos 7.4 box. I've almost managed to
do everything the way I want and the way I think it should be, but I'm
missing last piece:
For ssh access I read parts of the
https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
Most docs recommend using setting in smb.conf:
winbind use default domain = no
that means that all domain users have
2017 Nov 01
5
kerberos + winbind + AD authentication for samba 4 domain member
Hello,
Thank You for fast response. I'm glad that it's a mistake somewhere on
my side, it means it will work when I fix it :)
Ok, first of all:
Everything is on centos 7.4
All config files will be below, but to start off: behaviour is stranger
than I thought, but there is a pattern:
when doing
[DOMAIN\kacper_wirski at vs-files ~]$ kinit -V
Using default cache: /tmp/krb5cc_101003
2019 Dec 02
2
vfs_recycle disables permissions inheritance on AD DC shares
On 02/12/19 15:10, Rowland penny via samba wrote:
> On 02/12/2019 14:28, Sebastian Arcus via samba wrote:
>> Apologies if this is a documented feature and I missed it - I've been
>> googling and reading through the docs but haven't spotted any mention
>> anywhere. Is the vfs_recycle feature officially being supported with
>> Samba in AD mode? I have a few AD
2018 Nov 22
2
Setup a Samba AD DC as an additional DC
which samba version, because i've een reports the 4.8 fails and 4.7 fails but 4.6 should work, and i dont know about 4.9.2
Can you show your /etc/hosts file and /etc/resolv.conf and /etc/krb5.conf
You used :
samba-tool domain join mydomain.com DC -U"MYDOMAIN\administrator" --dns-backend=SAMBA_INTERNAL --option="interfaces=ens2f0"
not wrong, but can you try.
kinit
2017 Jun 12
3
Changing the IP Address of a Samba AD DC doesn't work - samba_dnsupdate crashes
Hello!
I've followed your tutorial to change the IP Address of our Samba AD DC:
https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC
But the samba_dnsupdate tool always crashes with this output:
samba_dnsupdate --verbose
Unknown parameter encountered: "ks"
Ignoring unknown parameter "ks"
IPs: ['192.168.68.201']
Looking for DNS entry A
2015 Aug 18
2
Samba 4 DC - no AES kerberos tickets - only arcfour
Hi,
I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“:
# kinit testuser1
testuser1 at S4DOM.TEST's Password:
# klist -v
Credentials cache: FILE:/tmp/krb5cc_0
Ticket etype: arcfour-hmac-md5, kvno 1
I can create keytabs containing
2024 Jun 26
1
Kerberos issues
On Wed, 26 Jun 2024 14:00:03 +0300
?????? ??????? via samba <samba at lists.samba.org> wrote:
> Hello Samba community!
>
> I have an legacy system with 7 Windows VM.
> In this system, the domain user is used to run services and interact
> with individual parts.
> I also have one PC on a domain from which I can run RSAT and can
> check the Zentyal webconfig.
>
>
2012 Jul 21
2
Samba4 unable to find SPN (Kerberos)
Hi,
while trying to use Samba4 as KDC for secure NFS (once again)
I found something I suspect to be an error:
In order for NFS (with krb5) to work it requires a nfs/... principal,
so I created one using samba-tool:
samba-tool user add nfs-user
samba-tool spn add nfs/atom.mydomain.org nfs-user
samba-tool domain exportkeytab /etc/krb5.keytab -principal=nfs/atom.mydomain.org
After setting up NFS,
2012 Jul 09
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?
Hi,
I am doing some kerberos testing with samba4 using ssh. I have setup
samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and
active directory seems to be working both with Windows and Linux clients.
ssh unfortunately is not kerberos authenticating via GSSAPI. The client
krb5.conf contains this:
=====================================================
[libdefaults]
2019 Jun 11
2
Problems with inconsistent ACL inheritance and permissions after Samba upgrade
On 11/06/19 13:29, Rowland penny via samba wrote:
> On 11/06/2019 13:13, Sebastian Arcus via samba wrote:
>>
>> On 11/06/19 11:49, Rowland penny via samba wrote:
>>> On 11/06/2019 11:38, Sebastian Arcus via samba wrote:
>>>>
>>>> On 11/06/19 11:07, Rowland penny via samba wrote:
>>>>> On 11/06/2019 10:34, Sebastian Arcus via samba
2019 Dec 02
2
vfs_recycle disables permissions inheritance on AD DC shares
On 02/12/19 16:53, Rowland penny via samba wrote:
> On 02/12/2019 16:24, Sebastian Arcus via samba wrote:
>>
</snip>
>
>>> You should have 'vfs objects = dfs_samba4 acl_xattr recycle'
>>
>> Thank you very much for this - now it is working. This lack of
>> permissions inheritance issue has been plaguing me for months - it is
>> very
2010 Sep 06
3
SAMBA4 kinit fails
I'm trying to test Samba4 as an AD style pdc.
following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO
at step 9 I get
root at pdc:~# kinit administrator at MYDOMAIN.COM
kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting initial credentials
root at pdc:~#
and yet
host -t SRV _kerberos._udp.mydomain.com
gives
_kerberos._udp.mydomain.com has
2019 Dec 02
4
vfs_recycle disables permissions inheritance on AD DC shares
On 02/12/19 15:44, Rowland penny via samba wrote:
> On 02/12/2019 15:32, Sebastian Arcus via samba wrote:
>>
>> On 02/12/19 15:10, Rowland penny via samba wrote:
>>
>> Thank you for the quick reply. I should have mentioned that these DC's
>> are at at different sites. At each site there is only one Linux server
>> - hence why the DC is also the file
2019 Jun 11
2
Problems with inconsistent ACL inheritance and permissions after Samba upgrade
On 11/06/19 11:49, Rowland penny via samba wrote:
> On 11/06/2019 11:38, Sebastian Arcus via samba wrote:
>>
>> On 11/06/19 11:07, Rowland penny via samba wrote:
>>> On 11/06/2019 10:34, Sebastian Arcus via samba wrote:
>>>> I've just upgraded a Samba AD server to 4.10.2 a few weeks ago from
>>>> 4.x (I'm afraid I'm not sure the exact
2018 Mar 12
2
NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
On 12/03/18 12:56, Rowland Penny via samba wrote:
> On Mon, 12 Mar 2018 11:36:47 +0000
> Sebastian Arcus via samba <samba at lists.samba.org> wrote:
>
>>
>> On 12/03/18 11:28, Rowland Penny via samba wrote:
>>> On Mon, 12 Mar 2018 11:11:44 +0000
>>> Sebastian Arcus via samba <samba at lists.samba.org> wrote:
>>>
>>>> I have a