similar to: using samba-tool from a domain member other than the DC

On 23/07/2020 19:59, Jason Keltz via samba wrote: > Hi Rowland, > > ldap doesn't work for me either: It should. > >> % samba-tool user list -H ldap://dc01.samdom.example.com -k yes >> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER What OS is this ? You wrote this in earlier post: I'm running smbd on the? DC What do you mean by that? On

Hi. I left off from my original question... I've joined the domain using "realm join", and am not using winbind. I'm looking for the minimal configuration I need to have in smb.conf to be able to run samba-tool from a domain member. My /etc/krb5.conf contains: [libdefaults] default_realm = <my realm> dns_lookup_realm = false dns_lookup_kdc = true My /etc/smb.conf

On 23/07/2020 18:42, Jason Keltz via samba wrote: > Hi. > > I left off from my original question... > > I've joined the domain using "realm join", and am not using winbind. > > I'm looking for the minimal configuration I need to have in smb.conf > to be able to run samba-tool from a domain member. > > My /etc/krb5.conf contains: > >

On 11/11/2020 10:54, Jason Keltz via samba wrote: > Hi Louis, > I've looked into that and I'm not sure how this would be done? > By the way, even with your NFS translation fix (which doesn't work for me because gssproxy), do you do this before accessing root files..? > sudo root > kinit -k 'host$' > OK, after a bit of a battle, I now have a Centos 7 Unix

On 12/11/2020 13:27, Jason Keltz via samba wrote: > > On 11/12/2020 8:17 AM, Rowland penny via samba wrote: >> On 11/11/2020 10:54, Jason Keltz via samba wrote: >>> Hi Louis, >>> I've looked into that and I'm not sure how this would be done? >>> By the way, even with your NFS translation fix (which doesn't work >>> for me because

On 23/07/2020 19:31, Jason Keltz via samba wrote: > Hi Rowland, > > I'm running smbd on the? DC.? I want to be able to do things like > adding a user, dns entry, etc. from my workstation without logging > into the DC. > > I can't get samba-tool to work with Kerberos, or ldaps, etc. As I said, I cannot get ldaps to work (yet), but: rowland at devstation:~$ sudo

On 23/07/2020 20:36, Jason Keltz via samba wrote: > > > > On the client, I have the same krb5.conf as above.? For smb.conf I > have the following (I don't even really know if it's required but I > highly suspect samba-tool is at least reading it): > > [global] > ??????? workgroup =<workgroup name> > ??????? security = ADS > ??????? realm = <realm

> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote: > > > On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote: >>>>> On the client, add: >>>>> >>>>> gensec_gssapi:requested_life_time = <int> # seconds >>>>> >>>>> to smb4.conf. E.g. a ticket life time of one hour:

On 11/9/2020 3:00 PM, Rowland penny via samba wrote: > On 09/11/2020 19:41, Jason Keltz via samba wrote: >> Hi. >> >> I have Samba AD configured correctly, and can mount kerberized NFS >> from all the CentOS 7 clients.? I'm not able to use "root" on the >> client even though the nfs export specifies the option: >> no_root_squash option.

On 12/11/2020 14:19, Jason Keltz via samba wrote: > > On 11/12/2020 8:52 AM, Rowland penny via samba wrote: >> On 12/11/2020 13:27, Jason Keltz via samba wrote: >>> >>> On 11/12/2020 8:17 AM, Rowland penny via samba wrote: >>>> On 11/11/2020 10:54, Jason Keltz via samba wrote: >>>>> Hi Louis, >>>>> I've looked into that

Top posting. Is this in freenas jail, perhaps? If so, I'd take a long hard look at the underlying environment. Semi off-topic. FreeNAS on FreeBSD has a whole set of really weird issues, IMO. For example; I was trying to get rsync or rdiff-backup to run [not in a jail, but just in the base context] and performance was really terrible and it would bomb for larger file syncs to a remote Linux

HI Rowland, Sorry if my original email wasn't clear. On the dc, I'm running samba (I said smbd - my error) and winbind .? I'm running CentOS 7.8 with a self-compiled Samba.? That's actually all working perfectly. krb5.conf: [libdefaults] ??????? default_realm = AD.EECS.YORKU.CA ??????? dns_lookup_realm = false ??????? dns_lookup_kdc = true smb.conf: # Global parameters

Hi. I have Samba AD configured correctly, and can mount kerberized NFS from all the CentOS 7 clients.? I'm not able to use "root" on the client even though the nfs export specifies the option: no_root_squash option. I completely understand that in order to use the "root" identity (which doesn't exist as a user in the domain) on the NFS client, this identity has to

On 10/12/2020 4:06 AM, Rowland penny via samba wrote: > On 12/10/2020 02:54, Jason Keltz via samba wrote: >> I've been working on a Samba AD setup with a bunch of test machines - >> the one DC, and a bunch of clients. Last night, I ended up switching >> the name of the test machines temporarily (except the DC), and >> re-joining the domain (that's for another

Hi Rowland, I'm running smbd on the? DC.? I want to be able to do things like adding a user, dns entry, etc. from my workstation without logging into the DC. I can't get samba-tool to work with Kerberos, or ldaps, etc. Jason. On 7/23/2020 2:21 PM, Rowland penny via samba wrote: > On 23/07/2020 18:42, Jason Keltz via samba wrote: >> Hi. >> >> I left off from my

Hi Rowland, ldap doesn't work for me either: > % samba-tool user list -H ldap://dc01.samdom.example.com -k yes > Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER > Failed to connect to 'ldap://dc01.samdom.example.com' with backend > 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER > ERROR(ldb): uncaught exception - LDAP

On 24/07/2020 01:01, Jason Keltz via samba wrote: > Hi Rowland, > > Speaking of senior moment. I just figured out the problem... > > My DC host has its regular name - dc01.example.com and then its AD > name dc01.ad.example.com.? Even though both resolve to the same IP, I > was using dc01.example.com which is apparently a no no because > Kerberos is particular about

On 4/22/19 10:18 AM, Rowland Penny via samba wrote: > On Mon, 22 Apr 2019 09:48:31 -0400 > Paul Griffith via samba <samba at lists.samba.org> wrote: > >> Hi All, >> >>    I am running into an issue mounting a Samba share from our Linux >> server. We are running Samba 4.8.8 on CentOS  7.6.1810. I have done a >> some testing, and I can't get the

I've been working on a Samba AD setup with a bunch of test machines - the one DC, and a bunch of clients.? Last night, I ended up switching the name of the test machines temporarily (except the DC), and re-joining the domain (that's for another e-mail later).? When things didn't work the way I had planned,? I switched the hostnames back, and re-joined the domain today on all the

Hi Rowland, Speaking of senior moment. I just figured out the problem... My DC host has its regular name - dc01.example.com and then its AD name dc01.ad.example.com.? Even though both resolve to the same IP, I was using dc01.example.com which is apparently a no no because Kerberos is particular about name.? If I use dc01.ad.example.com it actually works!!!!!!!!!!? Using either