similar to: Missing domain user tickets with winbind

> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Shyam Prasad N via samba > Verzonden: woensdag 1 april 2020 13:10 > Aan: samba-technical at lists.samba.org; samba at lists.samba.org > CC: sribhat.msa at outlook.com > Onderwerp: [Samba] Missing domain user tickets with winbind > > Hi, > > My name is Shyam Prasad.

Hi, My name is Shyam Prasad. I work at Microsoft in the Azure Files team. For the past few days, I've been working on getting the Azure Linux VMs to join the AD domain in Azure, login as domain users, and mount Azure file shares over SMB3. Most things work fine. Except that I need perform a few Kerberos related tasks manually, for the SMB3 mount to work with domain user credentials. I did

Hi, I've ended up in a weird situation with my Windows AD environment. My linux host was originally joined to the domain. For some reason, the domain server got reset and created a fresh domain with the same name and all the AD objects (including users/groups) were recreated. After this, I tried leaving the domain (which was failing with 'No such file or directory' error). I then

On 01/04/2020 12:20, L.P.H. van Belle via samba wrote: > For that to work, you need to add the CIFS/hostname.fqdn at REALM to the host your logging in. > The COMPUTER$ should hold it. > Allow the computer to delegate the cifs service. ( or all ) Thing is, the OP is trying to use a users ticket to mount, but seems to be doing it as root, which isn't going to work, mainly because

On 03/11/15 10:56, Ole Traupe wrote: > >>> I mean, putting the key in the keytab looks like a security risk to me. >> In what way does it appear any more of a risk than having the keys >> which you have there already? Even if someone steals the keytab, >> they're gonna be hard pressed to crack the key in the few hours >> before the tgt expires. Do you

On 03/11/15 17:18, Ole Traupe wrote: > > > Am 03.11.2015 um 16:44 schrieb buhorojo: >> On 03/11/15 10:56, Ole Traupe wrote: >>> >>>>> I mean, putting the key in the keytab looks like a security risk >>>>> to me. >>>> In what way does it appear any more of a risk than having the keys >>>> which you have there already?

Am 03.11.2015 um 16:44 schrieb buhorojo: > On 03/11/15 10:56, Ole Traupe wrote: >> >>>> I mean, putting the key in the keytab looks like a security risk to >>>> me. >>> In what way does it appear any more of a risk than having the keys >>> which you have there already? Even if someone steals the keytab, >>> they're gonna be hard

On 02/11/15 15:51, Ole Traupe wrote: > > > Am 02.11.2015 um 15:10 schrieb buhorojo: >> On 02/11/15 14:42, Ole Traupe wrote: >>> >>> Am 02.11.2015 um 13:12 schrieb buhorojo: >>>> On 02/11/15 12:54, Ole Traupe wrote: >> >>>> Why can't the user do it with his own key file? >> Only root can perform mounts and anyway, > Right,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It has been a while since I've cut a new release for cifs-utils. This one has more visible changes than were in the last few releases. Major highlights: - - documentation additions for the fsc option - - mount.cifs deals with _netdev, mand and nomand options correctly now - - a change in how mount.cifs handles the MS_MANDLOCK flag. It used to

Hello, Have spotted strange behaviour of GlusterFS fuse mount. I am unable to list files in a directory until parent directory is listed. However if I do list file with full path it is listed on some client nodes. Example: localadmin at ldgpsua00000038:~$ ls -al /var/lib/nova/instances/_base/ ls: cannot access /var/lib/nova/instances/_base/: No such file or directory localadmin at

I tried to compile helloworld program using llcj to native but i got the following error shyam at shyam:~$ cat hello.javaclass hello { public static final String str = "Hello Word"; public static void main(String[] args) { System.out.println(str); }}shyam at shyam:~$ llcj --main=hello hello.class -o hellollc: Unknown command line argument '-f'. Try:

Hi,I have recently installed llvm-3.1 , gnu classpath-0.97.2 and vmkit I compiled a simple java file "hello.java" to hello.class Then converted hello.class to llvm bytecode(hello.bc) using vmjc from vmkitwhen i tried to run "hello.bc" using lli I am getting the following error shyam at shyam:~$ cat hello.javaimport java.io.*; class hello { public static void main(String[]

I installed vmkit-0.29 and tried to generate a executable using llcj I generated the libvmjc and updated the library path export LD_LIBRARY_PATH=$(VMKIT_OBJ)/Release/lib llcj --main=hello hello.class -o hello but i am getting the following error /home/shyam/classpath-0.97.2/lib/vmkit/Release+Debug/lib/libvmjc.a(glibj.zip.o): In function

Meeting date: 05/02/2018 (May 02nd, 2018), 19:30 IST, 14:00 UTC, 10:00 EDT BJ Link * Bridge: https://bluejeans.com/205933580 * Download: <TBD> Attendance * Raghavendra M (Raghavendra Bhat), Kaleb, Atin, Amar, Nithya, Rafi, Shyam Agenda * Commitment (GPLv2 Cure) * Email and Patch * [amarts] 20+ people already have done +1. Will wait another

Hi Rowland, I tried both pam winbind & also samba with fix for CVE-2018-1139. But still cannot get windows 2016 "protected users" to work with samba. Note that "wbinfo --krb5auth" manages to authenticate. This I see it uses WINBIND_PAM_AUTH & not WINBIND_PAM_AUTH_CRAP. I dont see how to switch to WINBIND_PAM_AUTH instead of AUTH_CRAP. Any further insights? Thanks!

Time for a new cifs-utils release! The main change in this release is a set of cleanups to cifs.upcall to make it more efficient and work better with alternate style credcaches. No longer does it blithely stumble around in /tmp looking for credcaches. We now just use the default credcache that to which the krb5.conf points. Go forth and download!

Hi Jeff, Could you look at the following mailing list posting? https://lists.samba.org/archive/samba/2017-February/206468.html It looks like cifs.upcall has changed its behavior. As described in that post, I can mount with root / kerberos, but then cannot access with another user who has credentials. The logs indicate that cifs.upcall cannot find the kerberos ticket for the non-root user.

Hi I have a s3 fileserver joined to a s4 DC Here is smb.conf on the fileserver: [global] workgroup = HH3 realm = HH3.SITE security = ADS kerberos method = system keytab winbind enum users = Yes winbind enum groups = Yes idmap config *:backend = tdb idmap config *:range = 3000-4000 idmap config HH3:backend = ad idmap config HH3:range = 20000-40000000 idmap config HH3:schema_mode = rfc2307 winbind

On Thu, 2017-02-09 at 14:45 -0600, Chad William Seys wrote: > Hi Jeff, > Could you look at the following mailing list posting? > > https://lists.samba.org/archive/samba/2017-February/206468.html > > It looks like cifs.upcall has changed its behavior. As described in > that post, I can mount with root / kerberos, but then cannot access with > another user who has

Hi all! Is it possible to run smbd in an AD user's context? If not, is it possible to have smbd to tell a third-party function to not stray outside from logged on user's (AD user) context (home directory)? I'm programming a VFS module[1] which will be the bridge between Windows and iRODS[2]. iRODS depends on a configuration file, .irods/irods_environment.json, which resides in the