similar to: GSSAPIAuthentication needs krb5.keytabe on one config, not on another one

Hi, here's a proposal of a new ssh/scp-feature: ------------------------------------------------------- please implement a timeout with non-zero error-returncode on "Are you sure you want to continue connecting (yes/no)?" ------------------------------------------------------- My situation: recently I have implemented a cronjob that is using scp. Due to organizational

Hi, i'm trying to analyze kerberos traffic using tshark (Samba 4.8.1 on Centos 7). I can't figure out how to extract keytab with password/keys. I follow precisely the instructions at https://wiki.samba.org/index.php/Keytab_Extraction But it seems like I only get slot, kvno and principal, can't find a way to get passwords or keys. Any idea someone ? ktutil: rkt decode.keytab ktutil:

Hi Justin, Thank you for your answer, I had found this utility during my searches, and will probably try it. As you say, reversible + plaintext is far for optimal from a security point of view. Also, I would like to integrate the solution in a "packaged" distribution like for example Zentyal or UCS. But I'm happy to learn that this solution is viable, I wouldn't lose my time

On Sat, 12 May 2018 19:45:10 +0200 Lapin Blanc <fabien.toune at lapin-blanc.com> wrote: > I'm studying samba related protocols for a work I have to present at > the university, > and for me to really understand how it works, I try to put in in > practice. So I was reading > http://www.kerberos.org/software/tutorial.html and tried to track > packets... I was hoping this

Hello, and thank you for the answer. I'm quite new to Samba, and when you speak about Samba storing a crypt() password hash and about the virtualCryptSHA256 attribute I get the general meaning, but not the way to get to those informations. Would you have any pointer on where I could learn more about that ? I found discussions about some patches from Stefan Metzmacher in the mailing lists, is

I'm trying to have my Samba 4 AD DC users mapped and synchronized with google apps for education accounts. I would like to start from the native windows password update procedure to eventually update the google apps password (actually, I think only some types of hashes are stored). Google actually provides a tool to synchronize user accounts and profiles which works juste fine. This tools

I receive stdin input from "samba user syncpasswords" in my python script. The user is created with ' Active Directory Users and Computers', and have some accentuated characters in their givenName and/or familyName (sn) When parsing the diff, the CN reads of, but weird characters appears in the attributes instead of the right name : INFO:root:DN found: CN=Arsène

On Thu, 2018-03-22 at 21:15 +0100, Lapin Blanc via samba wrote: > Hi Justin, > > Thank you for your answer, I had found this utility during my searches, and > will probably try it. As you say, reversible + plaintext is far for optimal > from a security point of view. > Also, I would like to integrate the solution in a "packaged" distribution > like for example

On Wed, 2018-03-28 at 16:06 +0200, Reindl Harald via samba wrote: > > Am 28.03.2018 um 15:52 schrieb Lapin Blanc via samba: > > I receive stdin input from "samba user syncpasswords" in my python script. > > The user is created with ' Active Directory Users and Computers', and have > > some accentuated characters in their givenName and/or familyName (sn)

Fabien, The way that we’ve accomplished this was to ensure that all users have the “Store passwords using reversible encryption” (which is not optimal) and use a utility called “samba4-gaps.” Also: samba-tool domain passwordsettings set --store-plaintext=on Works perfectly. https://github.com/baboons/samba4-gaps Justin > On Mar 22, 2018, at 3:58 PM, Lapin Blanc via samba <samba at

Hi, If you look at both: samba-tool user getpassword --help samba-tool user syncpasswords --help You may be able to find the information that you're looking for. Samba does store all the hashes in the LDAP directory, but you have to normally access them directly from the system (not over LDAP). You should also note that our Kerberos server reads and updates the password stored in the

Hi, I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at: http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and the MIT Krb5 package from ports intstalled). I patched the src tree, reconfigured, recompiled, installed, and it works - except for Krb5 passwords or Krb5 tickets. And I really

Dovecot version dovecot-1.0.rc14-7 (opensuse) Postfix is using Dovecot LDA. I'm getting this error message, and I guess it's going to be a problem on my next task, which is to set up sieve scripts. Is there something wrong/contraditory on my config or I forgot something? I want: /var/dovecot-tests/: where user's inbox resides /var/dovecot-tests/home/: home dir (users will not be

Hi, we get errors about corrupted indexes and we are losing flags with mdbox on NFSv4: Error: Recent flags state corrupted for mailbox Error: Corrupted dbox file Error: Corrupted transaction log file It looks like a LMTP director problem. The user has IMAP IDLE connections open and lmtp delivers to another host. This leads to nfs corruption problems. The user is logged into mail04 and has some

Hello, I'm using Dovecot to provide an IMAP service to a small number of users and I'm seeing two recurring errors which look like they might be related. Environment: o FreeBSD 5.2.1 / Postfix 2.0.18 / Dovecot 0.99.10.4 o Maildir mailboxes Problem: On logging in all the folders under the users mailbox are empty. This has happened with both MS Outlook 2000 clients as well as

Hello listmembers, we have some trouble connecting postfix to dovecot. after a lot of hours the transport and delivery is working but dovecot can't get the correct user. postmap -q some.user at domain.com ldap:/etc/postfix/ldap-aliases.cf first returns: someuser The mailbox someuser exists and i can login with this user on imap and i can deliver directly using deliver -d but on mail

On 14 Feb 2015, at 16:23, Santiago Vila <sanvila at unex.es> wrote: > I wrote about this three weeks ago but got no answer. I'm going to > officially "forward" the Debian bug this time, with all the details. > > The test case is just 840 bytes long. Please give it a try. .. > Package: dovecot-imapd > Version: 1:2.2.13-11 > Severity: serious I can't

Hi, Hanns Mattes <hanns at hannsmattes.de> schrieb: [replication not updating sieve rules] I didn't get any further but at least I saw an error message. After I deleted one user's home-directory on one of the two machines, maillog was showing (on both machines with a short delay): ,----[ /var/log/mail ] | dsync-server(someuser at example.com): Panic: file dsync-brain-mailbox.c: |

CentOS 5.3 w/ updates Puppet 0.25.1.rc2 (installed from source) Mongrel + Nginx Am I making a mistake or is this a bug? I''ve experienced this issue using 0.24.8 from EPEL also. Thu Oct 22 13:59:43 -0700 2009 //user::virtual-users_groups/User [someuser]/ensure (err): change from absent to present failed: Could not create user someuser: Execution of ''/usr/sbin/useradd -G

Hello again, and thank you so much for those valuable information, I'm progressing well. Google accepts crypt hashes, and I've managed with Garming's advice to get hashes when passwords get updated. I've only one small question at this point, the hash seems to be printed spanned on two lines, with a line break and a few spaces in the middle of the hash... Is this normal ? eg : INFO