similar to: Samba - faster failover to other AD servers?

Ok after installing libpam-winbind etc I had someone try to connect from a MacOS and they got: [2023/04/13 15:50:50.002773,? 1] ../../source3/auth/auth_generic.c:211(auth3_generate_session_info_pac) ? auth3_generate_session_info_pac: Unexpected PAC for [testuser at OURREALM.REALM] in standalone mode - NT_STATUS_BAD_TOKEN_TYPE [2023/04/13 15:50:50.002891,? 3]

Hello List, below our smb.conf and loglevel 5 output of a failed authentication. We want to get the Unix User details from MS-SFU using the new idmap_ad Backend. If the Windows User is mapped to local name it's all fine. But if we want to use our SFU Users it fails. We believe getpwnam() on AIX is faulty. "id username" and login works for all users local and AD! Any ideas how to

Our setup: Windows AD realm with ~115K users (and numerous groups etc) FreeBSD servers with Samba 4.7.6 and Samba 4.9.3 (both show the same growth) We just noticed that one of the ‘winbindd’ daemons on the servers seems to be growing and growing forever. A bit of detective work pointed us at the “wbinfo -u” command being that culprit. As part of a systems monitoring script we ran that once a

Hi, I'm trying to use wildcard in keytab because i don't want join every computer, client for service NFS krb5. I add a spn like this # samba-tool spn add host/* nfs (I create user nfs before) # samba-tool spn list nfs nfs User CN=nfs,CN=Users,DC=if,DC=ujf-grenoble,DC=fr has the following servicePrincipalName: host/* I export keytab : #samba-tool domain exportkeytab

It's probably difting slightly off the topic, but I know that there are some people listening here, who have a decent expertise. I'm trying to setup a file server (nfs4 at ad.domain) and mount from a client (hunin at ad.domain) using the user database and especially Kerberos provided by my AD (samba at ad.domain). It already works nicely, if I forget about krb5, i.e. idmapd is

Hi Marcel thx. for your fast response. I didn't manage to follow up sooner. I had already verbose logging turned on but I don't seem to find the real reason, why the domain controller searchs for a userPrincipalName instead of servicePrincipalName. Because I wasn't sure whether it is the nfs client process or the server process that failed to get the kerberos ticket when I tried the

Hi Folks I'm trying to share user home directories hosted on a Samba-4 member server via NFSv4. Everything's working well with the Windows shares but when it comes to kerberized NFSv4 it fails. I can't even mount the home root directory via nfs on the server itself ("mount.nfsv4: access denied by server while mounting ..."). As far as I have tracked it down, it appears to

Good morning Marco and others. > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: dinsdag 23 oktober 2018 18:58 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > > Sorry, i come back to this topic in a different thread,

All, I have multiple Asterisk servers in various locations running various 1.4 and 1.6 versions (lab and production) and am having trouble with a new Aastra 6739i (3.0.1.2015) registering. Below is my request to support and they have looked it over and don't see anything wrong: Support, Can not get a 6739i to register with 3 different Asterisk servers with varying configurations/versions

Hi, I simplified the config in my first email, but I actually have 2x4 servers in replicate-distribute with each 4 bricks for 6 of them and 2 bricks for the remaining 2. Full healing will just take ages... for a just single brick to resync ! > gluster v status home volume status home Status of volume: home Gluster process TCP Port RDMA Port Online Pid

Hai Marco, > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > Sofar, until tomorrow, > > Done some tests, metoo. > > 1) seems that nfs-common is disabled 'by design'. Looking at debian > changelog: > > nfs-utils (1:1.2.8-9.1) unstable; urgency=medium > > Partial sync from ubuntu, included changes: > >

Hi, I'm trying to set up NFSv4 on two boxes (centos 5.5) and have it authenticate against our Windows 2008R2 AD server acting as the KDC. (samba/winbind is running ok with "idmap config MYCOMPANY: backend = rid" so we have identical ids across the servers.) I can mount my test directory fine via NFSv4 *without* the sec=krb5 option. However, once I put the sec=krb5 option in,

Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My

Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My

Hai Rowland, Yes, that correct. If you use this in override.conf then its. ( so not a copy of the service file to /etc/systemd ) systemctl edit rpc-gssd.service [Service] ExecStart= ExecStart=/Your/Own/Script/script.sh Note the empty line, without that won the override is NOT working. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: Rowland Penny [mailto:rpenny at

Hey guys, I have a OCFS2 Cluster mounted at 4 xen-server (gentoo). Today I upgraded the xen-kernel for tests at one server (server2) from 2.6.34-xen to 2.6.38-xen-r1. After reboot the server couldn''t mount the ocsfs2 device anymore. ocfs2-tools version: sys-fs/ocfs2-tools-1.4.3 Modules are loaded and /config type configfs and /dlm type ocfs2_dlmfs are mounted. server2 ~ # mount

Hello, I've got a little problem with NFSv4 + Kerberos. I can do a mount with Kerberos with a valid ticket, but read-only. After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/ I can see: #klist: Feb 6 07:22:47 Feb 6 17:22:43 nfs/nfsserver at my.domain #/var/heimdal/kdc.log: 2013-02-06T07:28:26 TGS-REQ clientnfs at my.domain from IPv4:192.168.0.23 for nfs/nfsserver at

Sorry, i come back to this topic in a different thread, because i'm still totally puzzled with the previuous one. Louis, sorry me. ;( I've tried to start with this, that seems very simple: https://wiki.debian.org/NFS/Kerberos And so i've done: a) installed 'nfs-kernel-server' on server, 'nfs-common' on client. Ok, this is easy. b) AFAI've understood i need

I have a problem that is driving me crazy. Our nfs server is running Solaris. Most clients mount directories from it with no problems, but not all. All clients that have problems run CentOS (5.4 and 5.5). I've found one or two of each version that fail, but also a couple of each version that work. The mounting is done for user home directories via autofs but that doesn't seem to make any

https://bugzilla.mindrot.org/show_bug.cgi?id=2815 Bug ID: 2815 Summary: please set KRB5CCNAME to collection Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Kerberos support Assignee: unassigned-bugs