similar to: krb5.conf & kdc=, explicit vs automatic

Hello list, I've upgraded from Samba 3.0.14a to 3.0.27a (Samba is a domain member of a W2k3 native AD) and I see that in the /var/lib/samba/smb_krb5 directory a krb5.conf file is created. Is this krb5.conf file extracted from my original /etc/krb5.conf? Or is this file created from the "password server =" entry in my smb.conf file? My original /etc/krb5.conf contains the DC's in

i am in a mixed win2000 and win2003 R1 ActiveDirectory environment. Have always had ntlmv2 server and client required. LM and NTLM have always been rejected. That is how it has been for 10 years. Mounting from CentOS 5 to the windows servers has not been an issue for years. However, using ADS credentials for Linux workstation logons has always been a issue. If using ADS credentials to logon

Hi all ! I have some problems browsing a samba share from a Canon ImageRunner printer. It tries to write to a share located on a samba server, configured to authenticate users against a windows 2003 Active directory. Samba version 3.2.6 is running on opensuse 11.1. After a lot of search, I tought that maybe it did not support the encryption type requested by my Samba server, so I checked my

Just a question. Did you create this server on site a and the moved it to site b? >-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Felix >Matouschek >Verzonden: vrijdag 14 augustus 2015 8:58 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] winbind_krb5_locator usage > >Hello, > >i investigated further and

Hi Rowland, /var/run/samba/smb_krb5 does not exist. However /var/cache/samba/smb_krb5 exists, there is a file named "krb5.conf.INTRANET". Contents: [libdefaults] default_realm = INTRANET.VIPCO.DE default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = aes256-cts-hmac-sha1-96

On 18/06/2023 16:29, Dale Renton via samba wrote: > On Sat, Jun 10, 2023 at 1:49?PM Rowland Penny via samba < > samba at lists.samba.org> wrote: >> Dale, just checking back on what you posted earlier and you had: >> >> create krb5 conf = no >> >> in your smb.conf >> >> Is that line still there ? >> If so, try removing it. >>

Hello, I am having a problem getting my server to join our realm as a domain member server. I have read through google, yahoo, and this list, but I cannot find the answer yet. When I run: net join ads -Uadministrator and try to login it gives the following error: kerberos_kinit_password Administrator@MYREALM.COM failed: Cannot resolve network address for KDC in requested realm

Hi, Are there any way to add options to /var/run/samba/smb_krb5/krb5.conf_DOMAIN? I need to add udp_preference_limit and maybe have a better control on which kdc's are used. Best regards Emil Assarsson Sony Ericsson Mobile Communications AB "The information in this email, and attachment(s) thereto, is strictly confidential and may be legally privileged. It is intended solely for the

All, I am running Solaris 10 and Samba 3.6.6. We use intelligent DNS and have more than 10 ADs. In /etc/krb5/krb5.conf I configure kdc and admin_server to point to the IDNS server so any one of our functioning ADs can be used dynamically. I've noticed that /var/samba/locks/smb_krb5/krb5.conf.DOM get created when net ads join is run. I've also noticed that the kdc is set to an IP address

I forgot the smb.conf file: [global] workgroup = MYDOMAIN netbios name = svcanimp socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind gid = 10000-20000 os level = 20 winbind enum groups = yes winbind separator = /

Hi, Is there any way to stop Samba regenerating the krb5.conf.[WORKGROUP] file under /var/lib/samba/smb_krb5 every time? It appears to completely ignore /etc/krb5.conf, is this expected? Kernel: Linux localhost 2.6.16.60-0.37_f594963d-smp #1 SMP Mon Mar 23 13:39:48 UTC 2009 x86_64 x86_64 x86_64 GNU/Linux smbd -V: Version 3.0.32-0.8-2045-SUSE-CODE10 Thanks, Alex

Hi! We had a painful debugging session today, with a samba AS member server not being able to auth users anymore. The issue seems to be due to defect in samba internal DNS resolution as done in winbind. TL;DR: samba internal DNS client should not rely on UDP-only DNS, but should retry using TCP if TC bit is set in answer. There's a real-life issue with this simplistic DNS implementation.

Am 18.07.2016 um 11:45 schrieb Norbert Hanke: > On 18.07.2016 01:52, Achim Gottinger wrote: >> >> >> Am 18.07.2016 um 01:02 schrieb Norbert Hanke: >>> Hello, >>> >>> I'm trying to join a samba 4 DC to an already existing samba 4 DC, >>> both with BIND9_DLZ. Samba is at version 4.4.5, bind is version >>> 9.10.4-P1, all brand

On 18/07/16 22:31, Norbert Hanke wrote: > On 18.07.2016 22:48, Achim Gottinger wrote: >> >> >> Am 18.07.2016 um 11:45 schrieb Norbert Hanke: >>> On 18.07.2016 01:52, Achim Gottinger wrote: >>>> >>>> >>>> Am 18.07.2016 um 01:02 schrieb Norbert Hanke: >>>>> Hello, >>>>> >>>>> I'm trying

Thanks, Unfortunately, I still got the same error. I may be wrong, but it is like it does the automatic lookup process of kdc instead of using the krb5.conf file. However, as per my note below, if I do add bad config info to the krb5.conf, it does complain. David David Shapiro Unix Team Lead 919-765-2011 >>> Dimitri Yioulos <dyioulos@firstbhph.com> 2/1/2006 10:15:49 AM

I just added a window server 2008 r2 to be a backup DC for our samba 4.4.5 AD/DC but I am getting an error when trying to manually sync samba to the windows server. I used the link on the wiki site to make the initial sync, which worked great § <https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_ DC_to_a_Samba_AD> Joining a Windows Server 2008 / 2008 R2 DC to a

If I add winbind rpc only = Yes to smb.conf file then "wbinfo -u" will list users in the current domain. It won't list users in any trusted domains (including domains in the same forest.) This indicates that the domain is having some issue retrieving user names via LDAP. The forest is 2008 function level. The domain was 2003 functional level but I just raised that

I am able to get a kerberos ticket with kinit. When I try to net ads join, it seems to loop. In running net ads join in -d 10, I found that it tries enctypes 18,17,16,and 2 and then repeats, over and over. It does not seem to work on any of these. I'm trying to get it to join a win2k3 domain. Below is the bottom part of the log from net ads join, as well as some of my krb5.conf. Any

Hello, Thank You for fast response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003

I have a Win2k3 server and am trying to manage a Samba4 box (name:UBUNTUSERVER, running Ubuntu 12.04.3 + Samba 4.0.10) as a backup. All seemed well, but after a problem with replication (result 1306 WERR_REVISION_MISMATCH), I couldn't even demote the samba4 DC. So I deleted from SERVERW2K3, deleted /usr/local/samba and re-compiled everything. Also ran make quicktest, all seems OK. Now, this