similar to: Samba + ADS + Kerberos ticket problem

Hi, I am trying to join a samba to ADS with kerberos + Winbind.... Everything is right, i mean, when i do the following: kinit Administrator@DOMAIN.CL (Ask for the password) and OK. Then: debian:/etc/samba# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator@DOMAIN.CL Valid starting Expires Service principal 07/30/08 16:49:17 07/31/08 02:49:21

Hi, i've installed Samba 3.0.23d on Solaris 10 (SPARC) with MIT Kerberos 1.5.1, openLDAP 2.3.30 and openSSL 0.9.8d. I have 2 Windows Server 2003 SP1 Domain Controller and about 20 Windows XP SP2 clients. My problem is that i can't get a kerberos ticket to join the domain. If i try to get a ticket with 'kinit Administrator@PONTOS.LOCAL' i get always the error kinit(v5): KDC

I have the following scenario. Windows 2K Active Dir server, Samba 3.0.7 running on Solaris 2.8. Running MIT Kerberos to join and authenticate with the AD. Things work ok, can join the domain, and can access the samba server from trusted domains as well as local domain. However, when doing 'kinit' I have found that the default ticket life was for 24 hours is seemed. After I reboot

On 01/09/15 21:59, Quirin Maier wrote: > Hi, > > I'd like to use ldbadd with kerberos authentication using samba > 4.2.3-SerNet-Debian-7.jessie, but it seems authentication is not being > processed. Executing... > > kinit Administrator at INTERNAL.DOMAIN.TLD -k -t /etc/admin.keytab > > root at dc01:/# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default

Did you "deleated the computer object" to allow kerberos services. And did you add the CIFS/spn to the computer and keytab ? https://wiki.samba.org/index.php/Generating_Keytabs If its a member, which i assume. kinit Administrator net ads keytab add cifs/$(hostname -f) -k net ads keytab add_update_ads -k Add these and it should work. You might need to restart or reboot., sometimes

After re-join kinit Administrator net ads keytab add cifs/$(hostname -f) -k net ads keytab add_update_ads -k samba-tool delegation for-any-service COMPUTERNAME$ on ( or use : delegation add-service accountname principal [options] ) Reboot Should work now. ;-) Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Yvan

On 9/30/2020 7:23 PM, Jason Keltz wrote: > On 9/30/2020 4:11 PM, Remy Zandwijk via samba wrote: > >>> On 30 Sep 2020, at 21:42, Jason Keltz via samba >>> <samba at lists.samba.org> wrote: >>> >>> >>> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote: >>>>>>> On the client, add: >>>>>>>

On 25/04/16 21:38, Chris Stankevitz wrote: > Hello, > > I have these questions regarding samba running in ads mode such that > users are authenticated against active directory: > > 1. What is the role of 'kinit'? Basically to create a kerberos ticket for a user > > 2. How often must 'kinit user at domain.local' be run? If you take my advice, never, you

I'm attempting to configure Samba 3.0.4 to work with Windows 2003 Active Directory, mapping users' home directories automatically. Currently we use this method in production with Windows 2000 but wish to migrate to 2003. The problem seems to be Kerberos related. I was able to join the Linux box (RedHat 9) to the AD. I can do a "kinit <username>" successfully. Klist shows a

Thanks for your help! Le 09/03/2020 ? 15:39, L.P.H. van Belle via samba a ?crit?: > Did you "deleated the computer object" to allow kerberos services. > And did you add the CIFS/spn to the computer and keytab ? > I am sorry, I don't really understand the above: mount requires a keytab AND a user ticket? > https://wiki.samba.org/index.php/Generating_Keytabs > >

I'm trying to set up a CIFS mount to a NetApp F840 called 'elmer' over an SSH tunnel. I also tunnel the Kerberos ports to the Windows AD server 'cannonstreet' Using Ubuntu hardy, with recent updates for CIFS that are claimed to work: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/236830 I tunnel like this: ssh -f -N -x -o TCPKeepAlive=yes -L88:cannonstreet:88

Hi, I compiled Samba 3.0.7, MIT Kerberos 1.3.5 and OpenLDAP 2.2.17. I did not notice any errors during compilation. I searched and found the #define HAVE_LDAP 1 and #define HAVE_KRB5 1 statements in the config.h file of Samba 3.0.7's include dir. So, ADS should be supported in the compiled Samba 3.0.7 version. Here is what I did up to now. As described in the How-To Samba doc, I created

Am 03.07.20 um 13:05 schrieb Rowland penny via samba: > On 03/07/2020 11:33, Stefan Just via samba wrote: >> We are using tmux, screen and x2go to run long-running jobs on our >> compute servers. $HOME and other data should be mounted via CIFS or >> NFS4. Because such a job can run for more than a week, I would like to >> increase the Kerberos ticket lifetime or better

On 9/30/2020 4:11 PM, Remy Zandwijk via samba wrote: >> On 30 Sep 2020, at 21:42, Jason Keltz via samba <samba at lists.samba.org> wrote: >> >> >> On 9/30/2020 3:01 PM, Remy Zandwijk via samba wrote: >>>>>> On the client, add: >>>>>> >>>>>> gensec_gssapi:requested_life_time = <int> # seconds

Hello List, I am (unsuccessfully) trying to automatically get a valid kerberos ticket for my linux box. I have - in a test environment: - a windows 2000 server with Active directory and DNS properly set up. - a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67. - I am able to join the domain and get a valid ticket through kinit, if I enter the Administrator's password or the

On 03/07/2020 12:35, Stefan Just via samba wrote: > A kinit needs the user's password if the Kerberos ticket maximum > renewable lifetime has been exceeded. This is simply not possible > because users cannot be online for weeks. Where did you get the idea that you need the password from ? If a user logs in and PAM is set up correctly on a Unix domain member, the user should get a

Hi I have Samba 3 running on Fedora 4, configured to use pam_winbind to validate user logins against my W2K ADS. Logins are fully functional using names such as adsdomain.adsuser (I have the fullstop character configured as my winbind seperator). This is all working fine. What I would now like to do, is to have a Kerberos ticket from the ADS Kerberos realm issued to the user that has just

Hi all, I'm having some very weird issues with some users in a Samba ADS configuration. (:: kerberos logins seems to give users different rights/group memberships ::) Sysinfo: OS: Debian 3.0 + some backports packages Kernel: 2.4.24-1-686-smp (from backports.org) Samba: 3.0.2a (from debian packages fetched from samba) Filesystem: ext3 (no acl patches or acl support) Configuration

Hi folks! We finally have an answer to a question posted in 2009... and the answer is: YES SET UP KERBEROS. Here is the original thread: http://www.pubbs.net/200910/samba/27283-samba-is-it-ever-needed-to-set-u p-kerberos-manually-if-you-use-samba-to-join-an-ads-domain-as-a-domain-m ember.html Now here is the correct answer:

According to the latest version of the Samba Documentation there are three major steps to add a samba server as member server to an ADS: 1.) Configure samba correctly to use ADS (smb.conf). 2.) Configure Kerberos correctly to work with ADS KDC (krb5.conf). 3.) Join the samba server with "net ads join -U Administrator". Well, all this sounds good, but it definetly doesn't work, you