similar to: AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"

Here's the keytab info: ubuntu at kvm7246-vm022:~/samba$ sudo klist -ek /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 1) 12 host/KVM7246-VM022 at TC83.LOCAL (etype 1) 12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 3) 12

Your config looks ok, as far i can tell. This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL" As it should spn/hostname.fqdn at REALM nothing wrong with that. But if i understand it right. Your server : kvm7246-vm022.maas.local is in REALM : TC83.LOCAL ( NTDOM:TC83 ) But you get TC84 back?. On the problem server run the following: dig a kvm7246-vm022.maas.local @IP_of_AD-DC

Hi all. I?m trying to understand a weird authentication failure: I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest, with a bidirectional forest trust. The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is running a recent build from git master (f38077ea5ee). When I test authentication of users in each domain by running ntlm_auth on the samba server,

On 28/10/2019 21:53, Nathaniel W. Turner via samba wrote: > Hi folks, > > I'm trying to support a customer with multiple AD forests, and during my > research, I've observed some odd behavior. In my lab tests, it seems like > authentication works for users in all trusted forests, but only if NTLMSSP > is used. When Kerberos ends up being used, authentication only seems to

In case you missed the link in the original email, here's the smb.conf: [global] kerberos method = secrets and keytab logging = systemd realm = TC83.LOCAL security = ADS template homedir = /home/%U@%D template shell = /bin/bash winbind offline logon = Yes winbind refresh tickets = Yes workgroup = TC83 idmap config * : range = 1000000-19999999 idmap config * : backend = autorid

Hi Louis, On Wed, Nov 20, 2019 at 3:27 AM L.P.H. van Belle via samba < samba at lists.samba.org> wrote: > Your config looks ok, as far i can tell. > > This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL" > As it should spn/hostname.fqdn at REALM nothing wrong with that. > > But if i understand it right. > > Your server : kvm7246-vm022.maas.local is in

Hi, please run the command: klist -ek /etc/krb5.keytab and post the output along with the file smb.conf. how do you access your share? \\kvm7246-vm022.maas.local\\ <https://lists.samba.org/mailman/listinfo/samba>sharename" or something like that? bb. Il giorno ven 15 nov 2019 alle ore 18:24 Nathaniel W. Turner via samba < samba at lists.samba.org> ha scritto: > Hi all.

I?m trying to understand a weird authentication failure: I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest, with a bidirectional forest trust. The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is running a recent build from git master (f38077ea5ee). When I test authentication of users in each domain by running ntlm_auth on the samba server, it is

Show the servers there smb.conf that might help. And your using autorid.. https://wiki.samba.org/index.php/Idmap_config_autorid Drawbacks: User and group IDs are not equal across Samba domain members. TC84\administrator:*:1100500:1100513::/home/administrator at TC84 TC83\administrator:*:1200500:1200513::/home/administrator at TC83 1200500-1100500 = 100000 idmap config * : rangesize =

Sorry, this probably belongs on samba, not -technical, at least for now. On Wed, Apr 8, 2020 at 1:55 PM Nathaniel W. Turner <nate at houseofnate.net> wrote: > I have a configuration that is working correctly with samba 4.8 (in CentOS > 7.6). When I apply the same basic configuration to a system running samba > 4.9 (CentOS 7.7), I see a very strange behavior: The ID mapping for

Hi all, Thanks for the replies. On Thu, Apr 9, 2020 at 3:54 AM L.P.H. van Belle via samba < samba at lists.samba.org> wrote: > Good morning Rowland, > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Rowland penny via samba > > Verzonden: donderdag 9 april 2020 9:46 > > Aan: samba at

On Tue, Oct 29, 2019 at 11:43 AM Rowland penny via samba < samba at lists.samba.org> wrote: > A) You do not need 'realmd', 'sssd' etc > Understood. Using realmd is a convenience, as it automates some housekeeping, but I'm happy to take it out of the picture for the purposes of this test, if that's important. > B) Your smb.conf is incorrectly set up. >

I see. =) I probably should have set the backend to autorid for "*", but I didn't think the ID mapping really mattered for the specific test I was doing. The "realm list" output shows the client software as winbind (not sssd) and the logs show messages from winbindd as it handles the authentication (in the successful cases), so I think that indicates that winbind is in

I realize I never followed up with this. The problem here turned out to be that I was doing a "reload" of the samba services (smb, nmb, winbind) to pick up my ID mapping changes in smb.conf. Switching my test case to do a "restart" instead resolved the issue. More details: The test case basically did the following: 1. Join AD using "realm join --client-software=winbind

Good morning Rowland, > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: donderdag 9 april 2020 9:46 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] autorid broken in samba 4.9? > > On 09/04/2020 08:34, L.P.H. van Belle via samba wrote: > > Show the servers there smb.conf

On 29/10/2019 15:59, Nathaniel W. Turner via samba wrote: > On Tue, Oct 29, 2019 at 11:43 AM Rowland penny via samba < > samba at lists.samba.org> wrote: > >> A) You do not need 'realmd', 'sssd' etc >> > Understood. Using realmd is a convenience, as it automates some > housekeeping, but I'm happy to take it out of the picture for the purposes

Hi Rowland, On Tue, Oct 29, 2019 at 5:37 AM Rowland penny via samba < samba at lists.samba.org> wrote: > > I am sorry but you seem to be asking on the wrong list, you appear to be > using sssd (which isn't supported with Samba from 4.8.0), Samba isn't > doing the authentication. > What part of my problem description, or which log entries make you think I am using

On Wed, 1 Feb 2017 07:30:19 -0800 Chris Stankevitz <chrisstankevitz at gmail.com> wrote: > On Wed, Feb 1, 2017 at 1:12 AM, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > He is also unlikely to be running avahi, he is using Freebsd 10.3 > > truss (like strace) showed that wbinfo, net, and sshd were all hanging > after system calls to getuid() and

I have 2 similar servers. Since upgrading one from CentOS 5.5 to 6, disk write performance in kvm guest VMs is much worse. There are many, many posts about optimising kvm, many mentioning disk performance in CentOS 5 vs 6. I've tried various changes to speed up write performance, but northing's made a significant difference so far: - Install virtio disk drivers in guest - update the

Hi, I've changed /etc/resolv.conf, rebooted, here is the output: cat /etc/resolv.conf domain rona.loc search rona.loc nameserver 192.168.19.2 ------ smbclient -L $(hostname -f) -UAdministrator%<password> -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5