similar to: Kerberos not working after moving Samba AD DC to new server

Check the kr5b.conf and confirm DNS is working On Fri, Mar 9, 2018 at 9:20 PM, Sebastian Arcus via samba < samba at lists.samba.org> wrote: > > On 09/03/18 10:52, Sebastian Arcus via samba wrote: > >> I am moving a Samba AD DC to a new server (I am merging two different >> hardware servers serving different functions). The new server has the same >> name as the

On 12/03/18 11:28, Rowland Penny via samba wrote: > On Mon, 12 Mar 2018 11:11:44 +0000 > Sebastian Arcus via samba <samba at lists.samba.org> wrote: > >> I have a Samba AD running Samba 4.7.5. Everything was working fine, >> when, seemingly out of the blue, the users started to be denied >> access to all shares. If I try from a Windows 7 or Windows 10 >>

Apologies if this is a documented feature and I missed it - I've been googling and reading through the docs but haven't spotted any mention anywhere. Is the vfs_recycle feature officially being supported with Samba in AD mode? I have a few AD DC's with file shares on them - and have been struggling with file permissions not being inherited on the file shares. I have finally

I have a Samba AD running Samba 4.7.5. Everything was working fine, when, seemingly out of the blue, the users started to be denied access to all shares. If I try from a Windows 7 or Windows 10 machine, logged in as a user in "Domain Uses", I get: "Windows cannot access \\server-name\share_name. You do not have permission to access \\server-name\share_name" If I use

Hello, I'm setting up AD user logins for centos 7.4 box. I've almost managed to do everything the way I want and the way I think it should be, but I'm missing last piece:   For ssh access I read parts of the https://wiki.samba.org/index.php/OpenSSH_Single_sign-on Most docs recommend using setting in smb.conf: winbind use default domain = no that means that all domain users have

Hello, Thank You for fast response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003

which samba version, because i've een reports the 4.8 fails and 4.7 fails but 4.6 should work, and i dont know about 4.9.2 Can you show your /etc/hosts file and /etc/resolv.conf and /etc/krb5.conf You used : samba-tool domain join mydomain.com DC -U"MYDOMAIN\administrator" --dns-backend=SAMBA_INTERNAL --option="interfaces=ens2f0" not wrong, but can you try. kinit

Hello! I've followed your tutorial to change the IP Address of our Samba AD DC: https://wiki.samba.org/index.php/Changing_the_IP_Address_of_a_Samba_AD_DC But the samba_dnsupdate tool always crashes with this output: samba_dnsupdate --verbose Unknown parameter encountered: "ks" Ignoring unknown parameter "ks" IPs: ['192.168.68.201'] Looking for DNS entry A

On 02/12/19 15:10, Rowland penny via samba wrote: > On 02/12/2019 14:28, Sebastian Arcus via samba wrote: >> Apologies if this is a documented feature and I missed it - I've been >> googling and reading through the docs but haven't spotted any mention >> anywhere. Is the vfs_recycle feature officially being supported with >> Samba in AD mode? I have a few AD

Hi, while trying to use Samba4 as KDC for secure NFS (once again) I found something I suspect to be an error: In order for NFS (with krb5) to work it requires a nfs/... principal, so I created one using samba-tool: samba-tool user add nfs-user samba-tool spn add nfs/atom.mydomain.org nfs-user samba-tool domain exportkeytab /etc/krb5.keytab -principal=nfs/atom.mydomain.org After setting up NFS,

Hi, I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: # kinit testuser1 testuser1 at S4DOM.TEST's Password: # klist -v Credentials cache: FILE:/tmp/krb5cc_0 Ticket etype: arcfour-hmac-md5, kvno 1 I can create keytabs containing

Hi, I am doing some kerberos testing with samba4 using ssh. I have setup samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and active directory seems to be working both with Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults]

I'm trying to test Samba4 as an AD style pdc. following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO at step 9 I get root at pdc:~# kinit administrator at MYDOMAIN.COM kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting initial credentials root at pdc:~# and yet host -t SRV _kerberos._udp.mydomain.com gives _kerberos._udp.mydomain.com has

On 11/06/19 13:29, Rowland penny via samba wrote: > On 11/06/2019 13:13, Sebastian Arcus via samba wrote: >> >> On 11/06/19 11:49, Rowland penny via samba wrote: >>> On 11/06/2019 11:38, Sebastian Arcus via samba wrote: >>>> >>>> On 11/06/19 11:07, Rowland penny via samba wrote: >>>>> On 11/06/2019 10:34, Sebastian Arcus via samba

On 02/12/19 16:53, Rowland penny via samba wrote: > On 02/12/2019 16:24, Sebastian Arcus via samba wrote: >> </snip> > >>> You should have 'vfs objects = dfs_samba4 acl_xattr recycle' >> >> Thank you very much for this - now it is working. This lack of >> permissions inheritance issue has been plaguing me for months - it is >> very

On 02/12/19 15:44, Rowland penny via samba wrote: > On 02/12/2019 15:32, Sebastian Arcus via samba wrote: >> >> On 02/12/19 15:10, Rowland penny via samba wrote: >> >> Thank you for the quick reply. I should have mentioned that these DC's >> are at at different sites. At each site there is only one Linux server >> - hence why the DC is also the file

On 11/06/19 11:49, Rowland penny via samba wrote: > On 11/06/2019 11:38, Sebastian Arcus via samba wrote: >> >> On 11/06/19 11:07, Rowland penny via samba wrote: >>> On 11/06/2019 10:34, Sebastian Arcus via samba wrote: >>>> I've just upgraded a Samba AD server to 4.10.2 a few weeks ago from >>>> 4.x (I'm afraid I'm not sure the exact

This is a new Samba config that has not yet worked. I have installed sernet-samba 4.1.14. [root at sltltfsee samba]# rpm -qa | grep sernet sernet-samba-libsmbclient0-4.1.14-10.el6.x86_64 sernet-samba-common-4.1.14-10.el6.x86_64 sernet-samba-4.1.14-10.el6.x86_64 sernet-samba-libs-4.1.14-10.el6.x86_64 sernet-samba-winbind-4.1.14-10.el6.x86_64 sernet-samba-client-4.1.14-10.el6.x86_64 I have been

Hello! If i try a net ads join i get a kerberos error , but my kerberos works fine, i can do a kinit,klist and so on. the error i get is the following. [2005/09/01 08:02:16, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password root@MY.DOMAIN.COM failed: Cannot resolve network address for KDC in requested realm [2005/09/01 08:02:16, 0] utils/net_ads.c:ads_startup(191)

We upgraded our Solaris 9 samba server to version 3.0.2a and configured Kerberos MIT 1.3.2. I was able to run kinit and join samba to our windows 2003 domain as a domain member, but when I am trying to browse the samba shares from a windows XP machine it is failing. When I am looking at the samba logs this is what I am getting: [2004/03/30 11:15:26, 3]