Displaying 20 results from an estimated 3000 matches similar to: "Kerberos issues"
2024 Jun 26
1
Kerberos issues
On Wed, 26 Jun 2024 14:00:03 +0300
?????? ??????? via samba <samba at lists.samba.org> wrote:
> Hello Samba community!
>
> I have an legacy system with 7 Windows VM.
> In this system, the domain user is used to run services and interact
> with individual parts.
> I also have one PC on a domain from which I can run RSAT and can
> check the Zentyal webconfig.
>
>
2012 Jan 20
1
Samba 4 Cannot contact any KDC for requested realm
Version 4.0.0alpha18-GIT-957ec28
After starting samba -i -d3,
wbinfo -i someuser
gives this:
ldb_wrap open of secrets.ldb
using SPNEGO
Selected protocol [8][NT LANMAN 1.0]
Cannot reach a KDC we require to contact cifs/hh3.site at SITE : kinit for
HH3$@SITE failed (Cannot contact any KDC for requested realm)
SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS
ldb_wrap open of
2019 Feb 26
5
gpo not applied a boot computer
Hello everyone
since now a certain time I pull my hair and do not understand the source of
my problem.
after a samba 3 pdc migration to samba 4.8.5 AD, when a windows client
starts the gpo computer is not applied to the boot.
in the windows logs there are 1058 GPO errors and server side samba here
are the logs:
GSS server Update (krb5) (1) Update failed: Miscellaneous failure (see
text): Failed
2019 Aug 08
3
Problems joining Samba 4 in the domain
Hi,
I have 2 DC in my network.
DC master is a Samba 4 and the secondary is Windows Server 2008.
I want to put another Samba 4 as DC to replace Windows Server, however the
following errors are emerging:
root at samba4-dc2:~# samba-tool domain join empresa.com.br DC -k yes -d 3
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC
2013 Jan 27
2
Samba Authentication With Kerberos
Hi All,
Im thrying to setup a server with Samba4 with Kerberos. When I want to see list all shares with smbclient with samba authentication, everything works fine. But when I try to authenticate using Kerberos, I get and error.
The command I execute is:
smbclient -L localhost -k
The error message from Samba is:
using SPNEGO
Selected protocol [8][NT LANMAN 1.0]
GSS server Update(krb5)(1)
2009 Dec 04
1
smbtorture config issue?
Hello,
I'm trying to run smbtorture against another system. I have installed
version 4.0.0alpha9 locally. The remote system is registered with ADS
as:
distinguishedName: CN=bl-uits-cictest,CN=Computers,DC=ads,DC=iu,DC=edu
name: bl-uits-cictest
dNSHostName: bl-uits-cictest.ads.iu.edu
servicePrincipalName: HOST/bl-uits-cictest.ads.iu.edu
servicePrincipalName: HOST/BL-UITS-CICTEST
The
2017 Nov 07
3
after DCs migration to 4.7, two things
Hi Marc,
Thanks for your reply!
> Check if your dynamic DNS works. For details and troubleshooting, see:
> https://wiki.samba.org/index.php/Testing_Dynamic_DNS_Updates
I'm not sure about the "--all-names" option, but the regular
"samba_dnsupdate --verbose" updated all dns records for all DCs shortly
after I joined them.
The problematic dns records here are
2018 Apr 25
1
4.3.11-Ubuntu fail to add DC to a AD domain
yes, I tried working with samba wiki and quad-verifying what is recommended
to be checked.
OK, I'll try to join using 18.04.
the samba_dnsupdate tool does not have the --use-samba-tool option in
ubuntu 16.04
2018-04-25 22:47 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Wed, 25 Apr 2018 22:32:10 +0200
> Jakub Kulesza <jakkul+samba at gmail.com> wrote:
2020 Apr 07
2
Join new DC to domain - advice to upgrade Samba 4.
Hello Guys,
I have a working Samba 4 DC running on Debian Stretch 9.9 with samba 4.5.16
and I would like to add a new Samba DC (on Debian Stretch 9.9 with the same
Samba version).
During the joining process I get the error WERR_DS_DRA_MISSING_PARENT. I
read this thread
https://lists.samba.org/archive/samba/2017-December/212938.html and
executed the samba_upgradedns on working DC as Rowland
2017 Feb 01
2
gpupdate - Failed to find DC1 in keytab
Can someone help me with samba4 with internal dns. Something strange
showing in log.smbd when computers are doing gpupdate (becouse of this
error computers cant apply gpo)
log.smbd on DC1:
[2017/01/13 13:49:16.075361, 1]
../source4/auth/gensec/gensec_gssapi.c:619(gensec_gssapi_update)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure
(see text): Failed to find
2017 Nov 07
2
after DCs migration to 4.7, two things
Hi,
I migrated our DCs from 4.5/internal dns to 4.7.1/bind9_dlz. Short
summary of the steps taken:
- added a new temp dc,
- removed the old DCs
- cleaned sam database
- installed new DCs, with their old dns/ip
- removed the temp dc again
- synced sysvol
and all is looking well: no db errors, no replication issues, ldapcmp
matches across DCs, etc.
So, I took things to production today, and
2024 Jun 05
1
Failed to bind to uuid NT_STATUS_LOGON_FAILURE
Good afternoon, tell me, this error occurs on the domain controller samba v
4.19.0, I paired the domain controller with sssd so that authentication
occurs under domain accounts on the domain controller, but as you know,
sssd changes the machine password every 30 days if this option is not
disabled
ad_maximum_machine_account_password_age = 0
I haven?t disabled it for 30 days and as I understand it,
2019 Feb 26
1
Gpo computer not applied a boot system
Bonjour à tous
depuis maintenant un certain temps je tire mes cheveux et ne comprends pas
la source de mon problème.
après une migration de samba 3 pdc vers samba 4.8.5 AD, au démarrage d’un
client Windows, l’ordinateur gpo n’est pas appliqué au démarrage.
Dans les journaux Windows, il y a 1058 erreurs d'objet de stratégie de
groupe et samba côté serveur. Voici les journaux:
Mise à jour du
2011 Dec 22
1
Samba 4 Kerberos: Failed to decrypt PA-DATA
Hi everyone
After almost 2 days up-time with Samba 4, it failed again. This time it
simply will not restart.
The krb5.conf had got corrupted. I replaced it with this one from
/usr/local/samba/private
/etc/krb5.conf
[libdefaults]
default_realm = HH3.SITE
dns_lookup_realm = false
dns_lookup_kdc = true
It starts up OK:
samba -i -d 3
lpcfg_load: refreshing parameters from
2018 Apr 04
3
Unable to rejoin domain, LDAP error 50
Hi,
This is strange what you are writing. Are you saying, that if Administrator is in Domain Users group = ALL my users have admins rights? Hard to believe.
Moreover, I'm unable to delete Administrator from Domain Users group, as this is my basic group (I received such an info).
I believe the keytab is needed to sth, cause without it I keep receiving:
[2018/04/03 17:32:39.331938, 1]
2018 Apr 25
2
4.3.11-Ubuntu fail to add DC to a AD domain
Rowland, thank you for answering!
I have investigated this a bit, and I think that using 18.04 for the new DC
will not be successful anyway. Reasons: the AD I have has been created back
in the days when 14.04 LTS was fresh. The provisioning scripts worked
differently. 14.04 has been upgraded to 16.04, and I think that I do not
have all of the DNSes configured properly and this might be the cause
2019 Jul 16
4
messy replication
Hi all,
I have an old dc (4.0.9). Let's call it dc1.
I also have a new one (4.5.16) which I'm planning to switch to. Let's
call it dc2.
After initial set up of dc2 I initialised replication and things looked
ok for a couple of weeks.
Recently I've managed to mess it up. Possibly by editing users and DNS
records. Or copying Kerberos cache and trying to use it elsewhere for
2020 Jul 14
3
Replication only working one way
Checking the databases against each other throws up pages and pages of
errors. The two are completely out of sync now.
What I have seen is that for no apparent reason, one of the servers
suddenly decided it would sync with the Windows server, which appears to
have updated the schema. Yesterday when I compared the databases on the two
linux servers they only had a couple of errors, today, many
2019 Feb 27
1
gpo not applied a boot computer
Hai,
Did you set in the GPO (computer policy)
Under System\Logon, "Always wait for the network at computer startup and logon" = Enabled"
If its a script, also add these.
"Configure Network Options preference extension policy processing" is "Enabled"
"Configure Logon Script Delay" = Enabled and set to 0
And, after setting the GPO, reboot 2 x !
2019 Feb 26
2
gpo not applied a boot computer
THANK YOU FOR YOUR REPLY
THE RESULT :
KVNO Principal
----
--------------------------------------------------------------------------
1 HOST/samba4 at FSS.LAN (des-cbc-crc)
1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-crc)
1 SAMBA4$@FSS.LAN (des-cbc-crc)
1 HOST/samba4 at FSS.LAN (des-cbc-md5)
1 HOST/samba4.fss.lan at FSS.LAN (des-cbc-md5)
1 SAMBA4$@FSS.LAN (des-cbc-md5)
1