Displaying 20 results from an estimated 800 matches similar to: "AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost""
2019 Nov 15
3
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Here's the keytab info:
ubuntu at kvm7246-vm022:~/samba$ sudo klist -ek /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 1)
12 host/KVM7246-VM022 at TC83.LOCAL (etype 1)
12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 3)
12
2019 Nov 20
4
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Your config looks ok, as far i can tell.
This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"
As it should spn/hostname.fqdn at REALM nothing wrong with that.
But if i understand it right.
Your server : kvm7246-vm022.maas.local is in REALM : TC83.LOCAL ( NTDOM:TC83 )
But you get TC84 back?.
On the problem server run the following:
dig a kvm7246-vm022.maas.local @IP_of_AD-DC
2019 Nov 15
2
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Hi all. I?m trying to understand a weird authentication failure:
I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest,
with a bidirectional forest trust.
The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is
running a recent build from git master (f38077ea5ee).
When I test authentication of users in each domain by running ntlm_auth on
the samba server,
2019 Oct 29
0
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
On 28/10/2019 21:53, Nathaniel W. Turner via samba wrote:
> Hi folks,
>
> I'm trying to support a customer with multiple AD forests, and during my
> research, I've observed some odd behavior. In my lab tests, it seems like
> authentication works for users in all trusted forests, but only if NTLMSSP
> is used. When Kerberos ends up being used, authentication only seems to
2019 Nov 19
0
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
In case you missed the link in the original email, here's the smb.conf:
[global]
kerberos method = secrets and keytab
logging = systemd
realm = TC83.LOCAL
security = ADS
template homedir = /home/%U@%D
template shell = /bin/bash
winbind offline logon = Yes
winbind refresh tickets = Yes
workgroup = TC83
idmap config * : range = 1000000-19999999
idmap config * : backend = autorid
2019 Nov 20
0
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Hi Louis,
On Wed, Nov 20, 2019 at 3:27 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> Your config looks ok, as far i can tell.
>
> This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"
> As it should spn/hostname.fqdn at REALM nothing wrong with that.
>
> But if i understand it right.
>
> Your server : kvm7246-vm022.maas.local is in
2019 Nov 15
0
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Hi, please run the command:
klist -ek /etc/krb5.keytab and post the output along with the file smb.conf.
how do you access your share?
\\kvm7246-vm022.maas.local\\
<https://lists.samba.org/mailman/listinfo/samba>sharename"
or something like that?
bb.
Il giorno ven 15 nov 2019 alle ore 18:24 Nathaniel W. Turner via samba <
samba at lists.samba.org> ha scritto:
> Hi all.
2019 Nov 15
0
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
I?m trying to understand a weird authentication failure:
I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest,
with a bidirectional forest trust.
The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is
running a recent build from git master (f38077ea5ee).
When I test authentication of users in each domain by running ntlm_auth on
the samba server, it is
2020 Apr 09
3
autorid broken in samba 4.9?
Show the servers there smb.conf that might help.
And your using autorid..
https://wiki.samba.org/index.php/Idmap_config_autorid
Drawbacks: User and group IDs are not equal across Samba domain members.
TC84\administrator:*:1100500:1100513::/home/administrator at TC84
TC83\administrator:*:1200500:1200513::/home/administrator at TC83
1200500-1100500 = 100000
idmap config * : rangesize =
2020 Apr 08
0
autorid broken in samba 4.9?
Sorry, this probably belongs on samba, not -technical, at least for now.
On Wed, Apr 8, 2020 at 1:55 PM Nathaniel W. Turner <nate at houseofnate.net>
wrote:
> I have a configuration that is working correctly with samba 4.8 (in CentOS
> 7.6). When I apply the same basic configuration to a system running samba
> 4.9 (CentOS 7.7), I see a very strange behavior: The ID mapping for
2020 Apr 09
2
autorid broken in samba 4.9?
Hi all,
Thanks for the replies.
On Thu, Apr 9, 2020 at 3:54 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> Good morning Rowland,
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland penny via samba
> > Verzonden: donderdag 9 april 2020 9:46
> > Aan: samba at
2019 Oct 29
3
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
On Tue, Oct 29, 2019 at 11:43 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> A) You do not need 'realmd', 'sssd' etc
>
Understood. Using realmd is a convenience, as it automates some
housekeeping, but I'm happy to take it out of the picture for the purposes
of this test, if that's important.
> B) Your smb.conf is incorrectly set up.
>
2019 Oct 29
2
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
I see. =)
I probably should have set the backend to autorid for "*", but I didn't
think the ID mapping really mattered for the specific test I was doing.
The "realm list" output shows the client software as winbind (not sssd) and
the logs show messages from winbindd as it handles the authentication (in
the successful cases), so I think that indicates that winbind is in
2020 Jun 17
0
autorid broken in samba 4.9?
I realize I never followed up with this. The problem here turned out to be
that I was doing a "reload" of the samba services (smb, nmb, winbind) to
pick up my ID mapping changes in smb.conf. Switching my test case to do a
"restart" instead resolved the issue.
More details:
The test case basically did the following:
1. Join AD using "realm join --client-software=winbind
2020 Apr 09
0
autorid broken in samba 4.9?
Good morning Rowland,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: donderdag 9 april 2020 9:46
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] autorid broken in samba 4.9?
>
> On 09/04/2020 08:34, L.P.H. van Belle via samba wrote:
> > Show the servers there smb.conf
2019 Oct 29
0
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
On 29/10/2019 15:59, Nathaniel W. Turner via samba wrote:
> On Tue, Oct 29, 2019 at 11:43 AM Rowland penny via samba <
> samba at lists.samba.org> wrote:
>
>> A) You do not need 'realmd', 'sssd' etc
>>
> Understood. Using realmd is a convenience, as it automates some
> housekeeping, but I'm happy to take it out of the picture for the purposes
2019 Oct 29
2
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
Hi Rowland,
On Tue, Oct 29, 2019 at 5:37 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
>
> I am sorry but you seem to be asking on the wrong list, you appear to be
> using sssd (which isn't supported with Samba from 4.8.0), Samba isn't
> doing the authentication.
>
What part of my problem description, or which log entries make you think I
am using
2017 Feb 01
2
net ads and wbinfo are painfully slow -- but they work
On Wed, 1 Feb 2017 07:30:19 -0800
Chris Stankevitz <chrisstankevitz at gmail.com> wrote:
> On Wed, Feb 1, 2017 at 1:12 AM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > He is also unlikely to be running avahi, he is using Freebsd 10.3
>
> truss (like strace) showed that wbinfo, net, and sshd were all hanging
> after system calls to getuid() and
2012 Aug 10
3
CentOS 6 kvm disk write performance
I have 2 similar servers. Since upgrading one from CentOS 5.5 to 6, disk
write performance in kvm guest VMs is much worse.
There are many, many posts about optimising kvm, many mentioning disk
performance in CentOS 5 vs 6. I've tried various changes to speed up
write performance, but northing's made a significant difference so far:
- Install virtio disk drivers in guest
- update the
2017 Aug 11
4
cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
Hi,
I've changed /etc/resolv.conf, rebooted, here is the output:
cat /etc/resolv.conf
domain rona.loc
search rona.loc
nameserver 192.168.19.2
------
smbclient -L $(hostname -f) -UAdministrator%<password> -d5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5