Displaying 20 results from an estimated 1000 matches similar to: "krb5_kt_start_seq_get failed (Permission denied)"
2020 Jul 23
1
krb5_kt_start_seq_get failed (Permission denied)
Try this :
#source: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1484262
Add in /etc/krb5.conf in [libdefaults]
ignore_k5login = true
Did it help?
If (as in my case) root is not allowed in the user homdirs it can validateon $HOME/.k5login
Above fixed it for me.
I only cant tell based on the config if this applies to you.
Its a simple thing to try.
Greetz,
Louis
2020 Jul 16
3
Authentication with trusted credentials
On 16/07/2020 22:13, Yakov Revyakin wrote:
> Thank you! I have food for tomorrow. Now I only want to voice some of
> my considerations.
>
> Imagine that a domain had no trusts. At this time a PC became a member
> of this domain.
> After some time DC made trust with another domain. In this case
> existing members don't consider?any extra configuration like adding
>
2020 Jul 21
2
Authentication with trusted credentials
Hi Rowland,
Thank you for effort
My output as you requested:
## Samba DC
d at us-smdc3:~$ wbinfo --online-status
BUILTIN : active connection
SVITLA3 : active connection
APEX : active connection
## Linux Client
d at uc-sm18:~$ wbinfo --online-status
BUILTIN : online
UC-SM18 : online
SVITLA3 : online
APEX : online
# UC-SM18 is a Linux member of SVITLA3.
You decided to demonstrate too difficult
2020 Jul 20
3
Authentication with trusted credentials
Point #1: is not correct.
Why is Jake getting an ID from * Range and not APEX range. ?
That need to be found first
Run: net cache flush
Restart samba. : systemctl restart smbd winbind nmbd (and/or sssd is you use that)
wbinfo --all-domains -ug
id jake
getent passwd jake
Any improvement?
> if you have set: APEX:backend = ad
Yes, and did you assign an UID/GID after you changed RID to
2020 Jul 13
2
Authentication with trusted credentials
Some more details. Below is what I have during joining Linux (Ubuntu 20.04)
to the SVITLA3 domain. SVITLA3 (Samba) is trusting, APEX (AD) is trusted.
SVITLA3 has *administrator *and *test01 *users, APEX has *administrator *and
*jake *users.
test01 - 20000:20000 (uidNumber:gidNumber)
jake - 10000:10000
You can see some delay in some places - I marked them bold. It looks like
DNS timeouts.
The
2020 Jul 13
3
Authentication with trusted credentials
Hi friends,
I have a one way outgoing trust between SAMBA trusting domain and AD
trusted domain.
SSH Authentication of a user belonging to the SAMBA domain works properly
on a Linux computer which is a member of SAMBA domain.
I would like to authenticate a trusted user from the AD domain on the same
Linux computer with SSH. Currently it doesn't work.
I am able to authenticate trusted accounts
2020 Jul 14
3
Authentication with trusted credentials
Hai,
?
Sorry for the late(r) reply but we all need to sleep also sometimes.? ;-)
note, i saw its fixed, but i'll do comment a bit through your replies.
?
?
mainly because of this part
?
this part.? (Sended: monday 13 juli 2020 18:51)
> net ads join -U administrator at SVITLA3.ROOM
> Enter administrator at SVITLA3.ROOM's password:
> Using short domain name -- SVITLA3
>
2020 Jul 23
1
Authentication with trusted credentials
Currently I have the following empirical knowledge about outgoing trust:
- In case of creating this type of trust using direction=both we get
outgoing trust working partially - it is possible to login to Windows
member of trusting domain with trusted credentials as well as access shares
on trusted side further. It is impossible to make the same login on Linux
members.
- In case of making the same
2020 Nov 19
1
Smartcard logon
>
> Hi friends,
> I need your help.
>
> I implemented
> https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
>
> https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities
> enabling smart card logon on a Windows Server 2016 as a domain member of
> Samba DC.
>
> Currently I
2020 Jul 21
0
Authentication with trusted credentials
On 21/07/2020 15:38, Yakov Revyakin wrote:
> Hi Rowland,
> Thank you for effort
>
> My output as you requested:
> ## Samba DC
> d at us-smdc3:~$ wbinfo --online-status
> BUILTIN : active connection
> SVITLA3 : active connection
> APEX : active connection
>
> ## Linux Client
> d at uc-sm18:~$ wbinfo --online-status
> BUILTIN : online
> UC-SM18 : online
>
2020 Jul 13
0
Authentication with trusted credentials
Louis, could you take a look on my case again?
I am not sure that the problem is in incorrect groups.
Only trusted credentials don't work. Have you any idea what the reason is?
On Mon, 13 Jul 2020 at 19:50, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> Some more details. Below is what I have during joining Linux (Ubuntu
> 20.04) to the SVITLA3 domain. SVITLA3 (Samba) is
2020 Jul 16
2
Authentication with trusted credentials
On 16/07/2020 16:11, L.P.H. van Belle via samba wrote:
> First of all, why does the DOMAIN contains/shows a dot in it.
> ( i think its a wrong setting in sssd, but i dont know sssd )
> I know this is one of your REALMs and not the domain.
>
>
> Now your lines :
> Works Yes: Jul 16 11:23:48 uc-sssdlbox20 sshd[2048]: pam_sss(sshd:auth): authentication success; logname= uid=0
2020 Jul 13
0
Authentication with trusted credentials
What you need is to add the windows group in ssh to allowedgroups
And give that windows group a GID.
You "cant" add a linux user into the windows group, but you can add a windows user (if it has UID/GID) Into the linux group.
I separeted that, to there is always ssh access available.
I use the following :
AllowGroups lin-allow-ssh win-allow-ssh
Windows users in win-allow-ssh
Linux
2020 Jul 16
0
Authentication with trusted credentials
Hai,
I dont use trusts myself, this is what i see.
Lets take small steps here.
First of all, why does the DOMAIN contains/shows a dot in it.
( i think its a wrong setting in sssd, but i dont know sssd )
I know this is one of your REALMs and not the domain.
I refer to :
https://support.microsoft.com/en-us/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
2016 Nov 11
1
Domain self join
Am 11.11.2016 um 17:33 schrieb Marc Muehlfeld:
> Hello Ronny,
>
> Am 11.11.2016 um 17:19 schrieb Ronny Forberger via samba:
>> I want to authenticate against Samba 4 using samba and sssd on FreeBSD
>> using this guide:
>>
>> http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd
>>
>> The problem
2016 Nov 11
3
Domain self join
Hi,
I want to authenticate against Samba 4 using samba and sssd on FreeBSD
using this guide:
http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd
The problem is, the machine I want to install authentication on is the
domain controller itsself.
So the following commands show the errors:
net ads join
2011 Nov 14
2
[LLVMdev] Transferring value* in LLVM
Here is the error that I get:
Assertion failed: (i >= FTy->getNumParams() || FTy->getParamType(i) ==
Params[i]->getType()) && "Calling a function with a bad signature!"
Yakov
On Mon, Nov 14, 2011 at 9:05 PM, Eric Christopher <echristo at apple.com>wrote:
> You'll probably need to dump both the source and the dest and show the
> code that's being
2011 Nov 14
2
[LLVMdev] Transferring value* in LLVM
yes - i checked that the src->getType()->isFloatTy() is true
Yakov
On Mon, Nov 14, 2011 at 8:24 PM, Duncan Sands <baldrick at free.fr> wrote:
> On 14/11/11 19:20, Yakov Malinkovich wrote:
>
>> I sure that is.
>>
>
> Did you test it? Can you do: src->getType()->isFloatTy()
>
>
> What could be other reasons for such error?
>
> The only
2011 Nov 14
2
[LLVMdev] Transferring value* in LLVM
I sure that is.What could be other reasons for such error?
Yakov
On Mon, Nov 14, 2011 at 5:44 PM, Duncan Sands <baldrick at free.fr> wrote:
> On 14/11/11 16:39, Yakov Malinkovich wrote:
>
>> It doesnt work it fails with assertation that cast is invalid .What
>> could be done?
>>
>
> Maybe src doesn't have Float type?
>
> Ciao, Duncan.
>
>
>
2011 Nov 14
1
[LLVMdev] Transferring value* in LLVM
So what do you think the problem is?
Thank you.
Yakov
On Mon, Nov 14, 2011 at 10:20 PM, Duncan Sands <baldrick at free.fr> wrote:
> On 14/11/11 21:11, Yakov Malinkovich wrote:
>
>> Here is the error that I get:
>> Assertion failed: (i >= FTy->getNumParams() || FTy->getParamType(i) ==
>> Params[i]->getType()) && "Calling a function with a