Displaying 20 results from an estimated 70000 matches similar to: "Kerberos not working after moving Samba AD DC to new server"
2018 Mar 09
1
Kerberos not working after moving Samba AD DC to new server
Check the kr5b.conf and confirm DNS is working
On Fri, Mar 9, 2018 at 9:20 PM, Sebastian Arcus via samba <
samba at lists.samba.org> wrote:
>
> On 09/03/18 10:52, Sebastian Arcus via samba wrote:
>
>> I am moving a Samba AD DC to a new server (I am merging two different
>> hardware servers serving different functions). The new server has the same
>> name as the
2018 Mar 12
2
NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
On 12/03/18 11:28, Rowland Penny via samba wrote:
> On Mon, 12 Mar 2018 11:11:44 +0000
> Sebastian Arcus via samba <samba at lists.samba.org> wrote:
>
>> I have a Samba AD running Samba 4.7.5. Everything was working fine,
>> when, seemingly out of the blue, the users started to be denied
>> access to all shares. If I try from a Windows 7 or Windows 10
>>
2019 Dec 02
2
vfs_recycle disables permissions inheritance on AD DC shares
Apologies if this is a documented feature and I missed it - I've been
googling and reading through the docs but haven't spotted any mention
anywhere. Is the vfs_recycle feature officially being supported with
Samba in AD mode? I have a few AD DC's with file shares on them - and
have been struggling with file permissions not being inherited on the
file shares. I have finally
2018 Mar 12
2
NT_STATUS_ACCESS_DENIED listing \* on Samba AD - out of the blue
I have a Samba AD running Samba 4.7.5. Everything was working fine,
when, seemingly out of the blue, the users started to be denied access
to all shares. If I try from a Windows 7 or Windows 10 machine, logged
in as a user in "Domain Uses", I get:
"Windows cannot access \\server-name\share_name. You do not have
permission to access \\server-name\share_name"
If I use
2017 Oct 31
2
kerberos + winbind + AD authentication for samba 4 domain member
Hello,
I'm setting up AD user logins for centos 7.4 box. I've almost managed to
do everything the way I want and the way I think it should be, but I'm
missing last piece:
For ssh access I read parts of the
https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
Most docs recommend using setting in smb.conf:
winbind use default domain = no
that means that all domain users have
2017 Nov 01
5
kerberos + winbind + AD authentication for samba 4 domain member
Hello,
Thank You for fast response. I'm glad that it's a mistake somewhere on
my side, it means it will work when I fix it :)
Ok, first of all:
Everything is on centos 7.4
All config files will be below, but to start off: behaviour is stranger
than I thought, but there is a pattern:
when doing
[DOMAIN\kacper_wirski at vs-files ~]$ kinit -V
Using default cache: /tmp/krb5cc_101003
2018 Nov 22
2
Setup a Samba AD DC as an additional DC
which samba version, because i've een reports the 4.8 fails and 4.7 fails but 4.6 should work, and i dont know about 4.9.2
Can you show your /etc/hosts file and /etc/resolv.conf and /etc/krb5.conf
You used :
samba-tool domain join mydomain.com DC -U"MYDOMAIN\administrator" --dns-backend=SAMBA_INTERNAL --option="interfaces=ens2f0"
not wrong, but can you try.
kinit
2017 Jun 12
3
Changing the IP Address of a Samba AD DC doesn't work - samba_dnsupdate crashes
Hello!
I've followed your tutorial to change the IP Address of our Samba AD DC:
https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC
But the samba_dnsupdate tool always crashes with this output:
samba_dnsupdate --verbose
Unknown parameter encountered: "ks"
Ignoring unknown parameter "ks"
IPs: ['192.168.68.201']
Looking for DNS entry A
2019 Dec 02
2
vfs_recycle disables permissions inheritance on AD DC shares
On 02/12/19 15:10, Rowland penny via samba wrote:
> On 02/12/2019 14:28, Sebastian Arcus via samba wrote:
>> Apologies if this is a documented feature and I missed it - I've been
>> googling and reading through the docs but haven't spotted any mention
>> anywhere. Is the vfs_recycle feature officially being supported with
>> Samba in AD mode? I have a few AD
2012 Jul 21
2
Samba4 unable to find SPN (Kerberos)
Hi,
while trying to use Samba4 as KDC for secure NFS (once again)
I found something I suspect to be an error:
In order for NFS (with krb5) to work it requires a nfs/... principal,
so I created one using samba-tool:
samba-tool user add nfs-user
samba-tool spn add nfs/atom.mydomain.org nfs-user
samba-tool domain exportkeytab /etc/krb5.keytab -principal=nfs/atom.mydomain.org
After setting up NFS,
2015 Aug 18
2
Samba 4 DC - no AES kerberos tickets - only arcfour
Hi,
I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“:
# kinit testuser1
testuser1 at S4DOM.TEST's Password:
# klist -v
Credentials cache: FILE:/tmp/krb5cc_0
Ticket etype: arcfour-hmac-md5, kvno 1
I can create keytabs containing
2012 Jul 09
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?
Hi,
I am doing some kerberos testing with samba4 using ssh. I have setup
samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and
active directory seems to be working both with Windows and Linux clients.
ssh unfortunately is not kerberos authenticating via GSSAPI. The client
krb5.conf contains this:
=====================================================
[libdefaults]
2010 Sep 06
3
SAMBA4 kinit fails
I'm trying to test Samba4 as an AD style pdc.
following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO
at step 9 I get
root at pdc:~# kinit administrator at MYDOMAIN.COM
kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting initial credentials
root at pdc:~#
and yet
host -t SRV _kerberos._udp.mydomain.com
gives
_kerberos._udp.mydomain.com has
2019 Jun 11
2
Problems with inconsistent ACL inheritance and permissions after Samba upgrade
On 11/06/19 13:29, Rowland penny via samba wrote:
> On 11/06/2019 13:13, Sebastian Arcus via samba wrote:
>>
>> On 11/06/19 11:49, Rowland penny via samba wrote:
>>> On 11/06/2019 11:38, Sebastian Arcus via samba wrote:
>>>>
>>>> On 11/06/19 11:07, Rowland penny via samba wrote:
>>>>> On 11/06/2019 10:34, Sebastian Arcus via samba
2019 Dec 02
2
vfs_recycle disables permissions inheritance on AD DC shares
On 02/12/19 16:53, Rowland penny via samba wrote:
> On 02/12/2019 16:24, Sebastian Arcus via samba wrote:
>>
</snip>
>
>>> You should have 'vfs objects = dfs_samba4 acl_xattr recycle'
>>
>> Thank you very much for this - now it is working. This lack of
>> permissions inheritance issue has been plaguing me for months - it is
>> very
2019 Dec 02
4
vfs_recycle disables permissions inheritance on AD DC shares
On 02/12/19 15:44, Rowland penny via samba wrote:
> On 02/12/2019 15:32, Sebastian Arcus via samba wrote:
>>
>> On 02/12/19 15:10, Rowland penny via samba wrote:
>>
>> Thank you for the quick reply. I should have mentioned that these DC's
>> are at at different sites. At each site there is only one Linux server
>> - hence why the DC is also the file
2019 Jun 11
2
Problems with inconsistent ACL inheritance and permissions after Samba upgrade
On 11/06/19 11:49, Rowland penny via samba wrote:
> On 11/06/2019 11:38, Sebastian Arcus via samba wrote:
>>
>> On 11/06/19 11:07, Rowland penny via samba wrote:
>>> On 11/06/2019 10:34, Sebastian Arcus via samba wrote:
>>>> I've just upgraded a Samba AD server to 4.10.2 a few weeks ago from
>>>> 4.x (I'm afraid I'm not sure the exact
2015 Jan 14
2
Kerberos Authentication problem "Username X is invalid on this system"
This is a new Samba config that has not yet worked. I have installed sernet-samba 4.1.14.
[root at sltltfsee samba]# rpm -qa | grep sernet
sernet-samba-libsmbclient0-4.1.14-10.el6.x86_64
sernet-samba-common-4.1.14-10.el6.x86_64
sernet-samba-4.1.14-10.el6.x86_64
sernet-samba-libs-4.1.14-10.el6.x86_64
sernet-samba-winbind-4.1.14-10.el6.x86_64
sernet-samba-client-4.1.14-10.el6.x86_64
I have been
2005 Sep 01
2
Kerberos problem with net ads join under AIX
Hello!
If i try a net ads join i get a kerberos error , but my kerberos works
fine, i can do a kinit,klist and so on.
the error i get is the following.
[2005/09/01 08:02:16, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password root@MY.DOMAIN.COM failed: Cannot resolve network
address for KDC in requested realm
[2005/09/01 08:02:16, 0] utils/net_ads.c:ads_startup(191)
2004 Mar 31
9
failing to browse unix shares with samba 3.0.2a
We upgraded our Solaris 9 samba server to version 3.0.2a and configured
Kerberos MIT 1.3.2.
I was able to run kinit and join samba to our windows 2003 domain as a
domain member, but when I am trying to browse the samba shares from a
windows XP machine it is failing. When I am looking at the samba logs this
is what I am getting:
[2004/03/30 11:15:26, 3]