Displaying 20 results from an estimated 2000 matches similar to: "Kerberos S4U token with SAMBA4"
2018 Jun 12
1
Kerberos S4U token with SAMBA4
On Tue, 12 Jun 2018 08:28:10 +0200
Norbert Hanke via samba <samba at lists.samba.org> wrote:
> Hi Taylor
>
> That's not hard to explain:
>
> The login to a local account is under the control of sshd, and if
> that has enough privileges it works.
>
> The login to a domain account is a kerberos login which requires
> either Username and Password, or possibly
2008 Feb 12
1
RE: Delegation of authentication (S4U) and SAMBA
Hello,
Does samba support the use of S4U?
What do we need to configure in SAMBA or krb5 to support getting a
ticket obtained by S4U. We are using 3.0.25 and krb5-1.4.1
We are getting the following error:
decode_pac_data: Name in PAC [username@something1.something2.realmname]
does not match principal name in ticket
The ticket could be different than the PAC name because the
2017 Dec 12
5
failure joining a domain as a DC
Andrew - i am trying to join a new DC. Both DCs (old and new) are running
samba 4.5.12-Debian
On Dec 11, 2017 8:11 PM, "Andrew Bartlett" <abartlet at samba.org> wrote:
> On Mon, 2017-12-11 at 19:56 -0600, Taylor Hammerling via samba wrote:
> > Good evening!
> >
> > I am having difficulty joining a Samba4 install to my current domain.
>
> What new
2004 May 26
4
how to realize "MLPPP LFI"
Hi,all
I am using iproute2/tc to manage bandwidth and control traffic.I must realize these two tricky functions in mips linux(kernel 2.4.17):
1.The device MUST support the capability to fragment AF and BE traffic in order to constrain the perturbing impact of AF and BE packets on EF traffic delay, for example using a mechanism such as MLPPP LFI.(RFC1990)
2. The packet size threshold before
2017 Dec 12
2
Can't access DNS from RSAT
I found this page https://bugzilla.samba.org/show_bug.cgi?id=12807 which
seemed to have someone experiencing the same issue I am.
I tried adding "allow dcerpc auth level connect:dnsserver = yes" to my
smb.conf, rebooted the server, but still I get the an access denied message
in windows.
However, what is logged in the log.samba files has changed since adding
this option to my smb.conf.
2017 Dec 12
2
Can't access DNS from RSAT
The user is a member of "Domain Admins" so they should be able to access
the DNS (as is evident by the fact that they can access the DNS thru RSAT
on the initial DC).
But just to be thorough I have added "Domain Admins" to the group
"DnsAdmins" and tested again, still get the "access denied" error from
within windows.
On Tue, Dec 12, 2017 at 11:01 AM,
2017 Dec 12
2
Can't access DNS from RSAT
Good morning all!
I have two DCs, both running Samba 4.7.3. I have just joined the second DC
to the domain. The second DC is replicating AD objects perfectly, I
verified this by running "samba-tool drs showrepl" as well as using the
ADUC RSAT snapin and adding a user to one DC, then switching the DC that
ADUC connects to and verifying that the user was properly replicated.
The DNS
2017 Dec 12
1
failure joining a domain as a DC
in my optinion, yes, i use my own packages for years now, started with 4.1.x ( still the same servers) started with debian wheezy and these are now debian stretch.
Start reading here, it wil help you ;-)
https://github.com/thctlo/samba4/tree/master/howtos
Greetz,
Louis
Van: Taylor Hammerling [mailto:thammerling at tcsbasys.com]
Verzonden: dinsdag 12 december 2017 15:13
Aan: L.P.H.
2004 May 31
3
Re: Re: how to realize "MLPPP LFI" on linux
Hi,Andy
Thank your very much!
For the MLPPP LFI,I found that in Cisco configuration,it use "ppp multilink;ppp multilink fragmentation;ppp multilink fragment-delay 20;ppp multilink interleave " command to enable MLPPP LFI.So I think just realizing the same function on my linux router would be fine.But I got no idea how to do this on linux.So is there anything with iproute2?Would you
2017 Dec 12
1
Can't access DNS from RSAT
Daniel, I could kiss you :D I am using the default SSL certs in samba.
I tried connecting to the new DC using it's FQDN instead of it's IP, and
BAM, it connected just fine. Couldn't really tell you why, but as long as
I can access it I'm happy!
On Tue, Dec 12, 2017 at 11:20 AM, Daniel Carrasco <d.carrasco at i2tic.com>
wrote:
> Are you using the default ssl certs in
2017 Dec 12
2
DNS replication only working one way
I'm sorry Rowland, I meant to mention in my initial email that I am running
4.7.3.
and other replication (like AD object replication) is working in both
directions. it is just DNS replication that is only working one way.
On Tue, Dec 12, 2017 at 2:15 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 12 Dec 2017 14:00:32 -0600
> Taylor Hammerling via samba
2017 Dec 12
3
Errors transferring forestdns and domaindns FSMO roles
I am attempting to transfer the all FSMO roles from an old DC to our new DC.
Both DCs are running Samba 4.7.3. I have transferred the Schma,
Infrastructure, RID, PDC and Naming roles without issue.
unfortunately, the forestdns and domaindns roles are giving me grief.
Here is the output of the commands
root at dc1:~# samba-tool fsmo transfer --role=forestdns
ldb_wrap open of secrets.ldb
2017 Dec 13
2
DNS replication only working one way
I ran thru the wikipage you linked to, and the results were as they should
be
# record 1
dn: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tcsbasys,DC=com
objectGUID: 0d5ebcac-88d7-44fb-a830-ec3eacb6757f
# record 2
dn: CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tcsbasys,DC=com
objectGUID:
2017 Dec 15
3
UID/GID -> SID -> NAME mapping across multiple DCs
Danke!
On Fri, Dec 15, 2017 at 1:03 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 15 Dec 2017 11:56:25 -0600
> Taylor Hammerling <thammerling at tcsbasys.com> wrote:
>
> > Interesting... How do I go about getting them/keeping them in sync?
> >
>
> see here:
>
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_
>
2019 Feb 16
2
[PATCH] Cygwin: rel 3.0 drops requirement for privileged non-SYSTEM account
Seteuid now creates user token using S4U. We don't create a token
from scratch anymore, so we don't need the "Create a process token"
privilege. The service can run under SYSTEM again.
---
contrib/cygwin/ssh-host-config | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index
2017 Dec 08
2
DNS issue with clean install of samba 4.5.12-Debian
i suggest review my howto
its on github find my name, thctlo, goto samba4.
full ad and member howto and scripts to check things.
Greetz,
Louis
(mobile)
> Op 8 dec. 2017 om 18:49 heeft Taylor Hammerling via samba <samba at lists.samba.org> het volgende geschreven:
>
> I am working on building a test ADDC environment for my business. I have
> performed a clean install of
2018 Oct 31
2
Pair ADFS with samba: possible?
hi all,
is it feasible to setup a ADFS server paired with a samba AD DC?
Are there ADFS requirements (versions not older than ..., not newer than
...) if the samba AD DC is samba-4.9.1?
I tried to match a Windows Server 2016 ADFS v3 with a samba-4.9.1 AD DC.
The web form authentication allow a user to insert username and
password, the ADFS correctly recognizes wrong password, but when
password
2017 Nov 14
2
SAMBA4 API
by modify I mean add, change and/or remove DNS records (depending on the
values passed to the API).
Also, yes I mispoke, we would only be modifying the records on one DC, and
replication would take care of the rest.
On Mon, Nov 13, 2017 at 11:17 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Mon, 13 Nov 2017 11:07:28 -0600
> Taylor Hammerling via samba <samba
2017 Nov 13
2
SAMBA4 API
I am looking for a way to programatically modify DNS settings from outside
of my SAMBA4 DCs.
I am working on creating a PHP inventory page, which (in an ideal world)
would hook into our SAMBA4 domain controllers, allowing us to modify DNS
records in the inventory, and then have the backend of the inventory
communicate with the DCs over an API and modify the DNS on the DCs.
Is it possible that
2017 Nov 14
2
SAMBA4 API
We aren't using BIND, we are using the builtin SAMBA backend. Also the
requests for updates are going to come from external to the DC. IE, the
inventory server needs to send a request to the DC to add/update/remove etc
DNS records. This is why I'm looking for an API.
On Tue, Nov 14, 2017 at 11:32 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 14 Nov