similar to: Advantage of 'kerberos method = secrets and keytab' over 'kerberos method = system keytab'

On 05/11/2019 12:17, banda bassotti via samba wrote: > Luis, ok I'v removed everything, step 1: > > KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab CREATE -P I have said this once already, but, I will try again ;-) You are creating a keytab, which may or may not be called /etc/krb5.keytab2 > step2: > # KRB5_KTNAME=FILE:/etc/krb5.keytab2 net ads keytab ADD >

I am trying to use a keytab for a client machine to authenticate to Samba's own LDAP server. The samba servers (replicated) are ubuntu 16.04 with samba 4.5.2 compiled from source. The client machine is ubuntu 16.04 with stock samba 4.3.11. It has been joined directly to the Samba domain ("net ads join"). I have also extracted a keytab ("net ads keytab create -P")

Hi, I'm using the smb.conf from https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server to add a member server as file server to the domain. If I'm using the original smb.conf with "kerberos method = secrets and keytab", I'm not able to see any share on a Windows Client in the domain. If I use the default "kerberos method = secrets" everything works.

On Mon, 19 Feb 2024 12:21:53 +0100 Simon FONTENEAU via samba <samba at lists.samba.org> wrote: > Hello everyone, > > For the context, I'm trying to add support for offline join in WAPT > WADS OS deployment [1]. Currently WADS supports offline join of > Windows computers, and I want to add support for Linux computer using > SSSD as a authentication client (for the

Am Freitag, 13. Februar 2015, 11:04:26 schrieb Rowland Penny: > On 13/02/15 10:26, Andreas Hauffe wrote: > > Hi Peter, > > > > thanks for your hints. The point is, that no /etc/krb5.conf was generated > > automatically when joining the domain (told in the wiki). Now I generated > > one manually and now it works. > /etc/krb5.conf is never created automatically

Hello everyone, For the context, I'm trying to add support for offline join in WAPT WADS OS deployment [1]. Currently WADS supports offline join of Windows computers, and I want to add support for Linux computer using SSSD as a authentication client (for the persons who might dismiss this mail because of a certain keywords, yes it is related to sssd, but it triggers a Samba bug). I also

Hi, i'm trying to analyze kerberos traffic using tshark (Samba 4.8.1 on Centos 7). I can't figure out how to extract keytab with password/keys. I follow precisely the instructions at https://wiki.samba.org/index.php/Keytab_Extraction But it seems like I only get slot, kvno and principal, can't find a way to get passwords or keys. Any idea someone ? ktutil: rkt decode.keytab ktutil:

Hi Peter, thanks for your hints. The point is, that no /etc/krb5.conf was generated automatically when joining the domain (told in the wiki). Now I generated one manually and now it works. I'm not frustrated at all. I see a lot of advantages for me, even if it doesn't work. Right now we have a system with Bind9, OpenLDAP, Kerberos, NFS4, Samba3 on the server side. I had to configere

> > dedicated keytab file = /tmp/krb5.keytab > > For which programs do you use the keytab? I already tried that. But still tries to write at /etc. It seems this parameter used when you have a keytab already. __ Taner Tas

Hello I don't know if this is normal behavior (does the djoin have the spn?): When a have kerberos method in smb.conf : kerberos method = secrets and keytab Joining with offlinejoin does not work: root at testjoinlinux:/# net offlinejoin requestodj loadfile=/root/djoin =============================================================== INTERNAL ERROR: Signal 11: Erreur de segmentation in net

Hi, the problem seems to be related to this bug: https://bugzilla.samba.org/show_bug.cgi?id=6750 I try therefore to set machine password timeout = 0 Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba < samba at lists.samba.org> ha scritto: > On 29/10/2019 10:04, banda bassotti wrote: > > I had already done it: > > > > # samba-tool spn list

Can someone help me with samba4 with internal dns. Something strange showing in log.smbd when computers are doing gpupdate (becouse of this error computers cant apply gpo) log.smbd on DC1: [2017/01/13 13:49:16.075361, 1] ../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find

Ok, you did to much as far i can tell. You want to see this: i'll show my output, then i is better to see what i mean. this is where you start with. klist -ke |sort ( default member ) ---- -------------------------------------------------------------------------- 3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96) 3 host/HOSTNAME1 at REALM.DOMAIN.TLD

> First, I suggest read : > https://wiki.samba.org/index.php/Keytab_Extraction I did. > Second, it his for > a member or AD-DC? Thats because of the location of the keytab and > the ad-dc creates its own keytab file. Thirth, are any other services > going to use it? Last, root must be able to write the keytab file. > They're members. The intent is to auto join clients

On Fri, 3 Feb 2017 16:00:45 +0100 Łukasz Sellmann via samba <samba at lists.samba.org> wrote: > any ideas ? please i got stuck and have no ideas what else i can do > > > pozdrawiam > > Łukasz Sellmann > > 2017-02-01 17:50 GMT+01:00 Łukasz Sellmann <bravo.galaxy at gmail.com>: > > > Can someone help me with samba4 with internal dns. Something

Ok, Your keytab looks ok now. oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp. fs-a.dom.corp has address 10.0.0.2 i would have expected here. oldsamba.dom.corp is an alias for fs-a.dom.corp. fs-a.dom.corp has address 10.0.0.2 Or was that a typo? I assuming a typo.. About your setup from the script outpout. Change this one. /etc/hosts 10.0.0.2 fs-a.dom.corp fs-a oldsamba #

We have a 2008r2 AD domain. We join Linux machines as domain members using Samba with Winbind (I'll show all of my config files below). This portion of our setup works without failures of any kind. However, some of these machines are web servers for Intranet stuff and we'd like to have SSO working. For this, we use Apache (HTTPD) plus mod_auth_kerb (requires a keytab file). So, since

https://bugs.freedesktop.org/show_bug.cgi?id=93373 Bug ID: 93373 Summary: sometimes hickup with persistent garbaby Product: xorg Version: unspecified Hardware: x86-64 (AMD64) OS: Linux (All) Status: NEW Severity: minor Priority: medium Component: Driver/nouveau Assignee:

Hi Andreas, I convinced Rowland to change the wiki like that. You might want to check out the thread "Samba4 and sssd, keytab file expires?". Read it, and You will understand its implications. Even if it works now, it doesn't mean that it will work for long... The first thing I would check is the kerberos setup. I would also check, whether DNS is OK for both forward and

On 13/02/15 10:26, Andreas Hauffe wrote: > Hi Peter, > > thanks for your hints. The point is, that no /etc/krb5.conf was generated automatically when > joining the domain (told in the wiki). Now I generated one manually and now it works. /etc/krb5.conf is never created automatically when you join the domain, /etc/krb5.keytab is, so can you point to where in the wiki it says that the