Problem authenticating OpenBSD to a Windows 2003 Server

2006-04-19 Thread Didier Caamaño 
Greetings:

I have a small Windows network and I'm trying to implement an OpenBSD box to
be my file server and print server. What I'm trying to accomplish is:
configure Samba to publish the share directories so the users can store their
files there but at the same time authenticate the users against the Domain
Controller, pulling the account information from AD and not having to manually
add that info with smbpasswd.

Kerberos, as far as I know, is working fine, at least it tries to connect to
the realm, but then it gives a Password Incorrect Message. I know many of you
will respond that I am typing the password incorrectly, first I thought that
too, but then I went and tried the account in a windows client and it worked.

If it is of any help, I downloaded and installed Samba with LDAP support and
created the computer account in the Windows AD.

This is my krb5.conf file

[libdefaults]
# Set the realm of this host here
default_realm = DOMAIN.COM
ticket_lifetime = 6
clockskew = 300

[realms]
DOMAIN.COM = {
kdc = 10.0.0.1
kdc = 10.0.0.1:88
admin_server = 10.0.0.1:749
}

[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM


and this is the command I'm issuing in order to get tickets from the KDC (the
domain controller)

Code:

# kinit [EMAIL PROTECTED]
[EMAIL PROTECTED]'s Password:
kinit: Password incorrect


Any help or hint of how I might connect to kerberos will be appreciated,
probably there's something I'm doing wrong or I'm missing. Thank you all in
advance.



Didier Caamaqo

Director Departamento Informatica

Sociedad Comercial Electrocenter Ltda.

Correo Electrsnico: [EMAIL PROTECTED]


Telifono: 02 - 584 - 7039

routing problems

2006-06-07 Thread Didier Caamaño 
Greetings:



I have been having this problem while working on an OBSD box I want to
implement as a firewall.



In short this is what I need:



 OBSD Box

10.0.0.100/24 ---> 10.0.0.1/24 <>
192.168.0.49/24--> 192.168.0.50



Host if=xl0if=fxp0
Gateway



So far everything is ok and I can ping from host to fxp0 but I cannot reach
the Gateway from the Host; however I can reach the Gateway and the internet
from fxp0.



PF is enabled but there's not rule set applied yet.  I'm sure there's just a
little step I'm missing, any help or hint will be appreciated, thanks a lot in
advance.



Didier Caamaqo

Director Departamento Informatica

Sociedad Comercial Electrocenter Ltda.

Correo Electrsnico: [EMAIL PROTECTED]


Telifono: 02 - 584 - 7039

Re: routing problems

2006-06-07 Thread Didier Caamaño 
Yes, I do have 'net.inet.ip.forwarding=1'.

By the way, the ascii art was just made really, really fast, so it probably 
wasn't gmail fault, but my bad drawing :D

Didier Caamaqo

Director Departamento Informatica

Sociedad Comercial Electrocenter Ltda.

Correo Electrsnico: [EMAIL PROTECTED]

Telifono: 02 - 584 - 7039


> -Mensaje original-
> De: Bryan Irvine [mailto:[EMAIL PROTECTED]
> Enviado el: miircoles, 07 de junio de 2006 16:01
> Para: Didier Caamaqo
> CC: misc@openbsd.org
> Asunto: Re: routing problems
> 
> 
>OBSD Box
> >
> > 10.0.0.100/24 ---> 10.0.0.1/24 <>
> > 192.168.0.49/24--> 192.168.0.50
> >
> >
> >
> > Host if=xl0
> if=fxp0
> > Gateway
> >
> > So far everything is ok and I can ping from host to fxp0 but I cannot
> reach
> > the Gateway from the Host; however I can reach the Gateway and the
> internet
> > from fxp0.
> >
> > PF is enabled but there's not rule set applied yet.  I'm sure there's
> just a
> > little step I'm missing, any help or hint will be appreciated, thanks a
> lot in
> > advance.
> >
> 
> 
> 
> Gmail b0rked your ASCII diagram (at least I'm hoping that what it was).
> 
> You ahve not provided enough information, but I'm going to guess you
> havn't set 'net.inet.ip.forwarding=1' in '/etc/sysctl.conf'?
> 
> -Bryan

Re: routing problems

2006-06-07 Thread Didier Caamaño 
Gateway has NAT info for 192.168.0.0/24, and the internet is available from 
192.168.0.0/24, but Gateway doesn't have any info about 10.0.0.0/24

Didier Caamaqo

Director Departamento Informatica

Sociedad Comercial Electrocenter Ltda.

Correo Electrsnico: [EMAIL PROTECTED]

Telifono: 02 - 584 - 7039


> -Mensaje original-
> De: Huzeyfe Onal [mailto:[EMAIL PROTECTED]
> Enviado el: miircoles, 07 de junio de 2006 16:00
> Para: Didier Caamaqo
> CC: misc@openbsd.org
> Asunto: Re: routing problems
> 
> hi,
> 
> is there any routing on Gateway for 10.0.0.0/24 block?
> or you can nat outgoing packets from fxp0..
> 
> On 6/7/06, Didier Caamaqo <[EMAIL PROTECTED]> wrote:
> > Greetings:
> >
> >
> >
> > I have been having this problem while working on an OBSD box I want to
> > implement as a firewall.
> >
> >
> >
> > In short this is what I need:
> >
> >
> >
> >  OBSD Box
> >
> > 10.0.0.100/24 ---> 10.0.0.1/24 <>
> > 192.168.0.49/24--> 192.168.0.50
> >
> >
> >
> > Host if=xl0
> if=fxp0
> > Gateway
> >
> >
> >
> > So far everything is ok and I can ping from host to fxp0 but I cannot
> reach
> > the Gateway from the Host; however I can reach the Gateway and the
> internet
> > from fxp0.
> >
> >
> >
> > PF is enabled but there's not rule set applied yet.  I'm sure there's
> just a
> > little step I'm missing, any help or hint will be appreciated, thanks a
> lot in
> > advance.
> >
> >
> >
> > Didier Caamaqo
> >
> > Director Departamento Informatica
> >
> > Sociedad Comercial Electrocenter Ltda.
> >
> > Correo Electrsnico: [EMAIL PROTECTED]
> > 
> >
> > Telifono: 02 - 584 - 7039
> >
> >
> 
> 
> --
> Huzeyfe VNAL
> ---
> Ag Guvenligi Listesine uye oldunuz mu?
> http://www.huzeyfe.net/netsec.html

Re: routing problems

2006-06-07 Thread Didier Caamaño 
Nope, I haven't add any nat rules, I just installed the OS, configure the 
ifaces, enable 'net.inet.ip.forwarding=1' and started to do the test, do I need 
to ass a nat rule to PF?

Didier Caamaqo

Director Departamento Informatica

Sociedad Comercial Electrocenter Ltda.

Correo Electrsnico: [EMAIL PROTECTED]

Telifono: 02 - 584 - 7039


> -Mensaje original-
> De: Huzeyfe Onal [mailto:[EMAIL PROTECTED]
> Enviado el: miircoles, 07 de junio de 2006 16:12
> Para: Didier Caamaqo
> Asunto: Re: routing problems
> 
> Hi,
> 
> 
> 10.0.0.100/24 (Host)---> (xl0)10.0.0.1/24
> <>192.168.0.49/24(fxp0)-->
> 192.168.0.50(Gateway)
> 
> is your nat rule like this?
> 
> nat on fxp0 from ! xl0  to any -> fxp0 ...
> 
> 
> On 6/7/06, Didier Caamaqo <[EMAIL PROTECTED]> wrote:
> > Gateway has NAT info for 192.168.0.0/24, and the internet is available
> from 192.168.0.0/24, but Gateway doesn't have any info about 10.0.0.0/24
> >
> > Didier Caamaqo
> >
> > Director Departamento Informatica
> >
> > Sociedad Comercial Electrocenter Ltda.
> >
> > Correo Electrsnico: [EMAIL PROTECTED]
> >
> > Telifono: 02 - 584 - 7039
> >
> >
> > > -Mensaje original-
> > > De: Huzeyfe Onal [mailto:[EMAIL PROTECTED]
> > > Enviado el: miircoles, 07 de junio de 2006 16:00
> > > Para: Didier Caamaqo
> > > CC: misc@openbsd.org
> > > Asunto: Re: routing problems
> > >
> > > hi,
> > >
> > > is there any routing on Gateway for 10.0.0.0/24 block?
> > > or you can nat outgoing packets from fxp0..
> > >
> > > On 6/7/06, Didier Caamaqo <[EMAIL PROTECTED]> wrote:
> > > > Greetings:
> > > >
> > > >
> > > >
> > > > I have been having this problem while working on an OBSD box I want
> to
> > > > implement as a firewall.
> > > >
> > > >
> > > >
> > > > In short this is what I need:
> > > >
> > > >
> > > >
> > > >  OBSD Box
> > > >
> > > > 10.0.0.100/24 ---> 10.0.0.1/24 <>
> > > > 192.168.0.49/24--> 192.168.0.50
> > > >
> > > >
> > > >
> > > > Host if=xl0
> > > if=fxp0
> > > > Gateway
> > > >
> > > >
> > > >
> > > > So far everything is ok and I can ping from host to fxp0 but I
> cannot
> > > reach
> > > > the Gateway from the Host; however I can reach the Gateway and the
> > > internet
> > > > from fxp0.
> > > >
> > > >
> > > >
> > > > PF is enabled but there's not rule set applied yet.  I'm sure
> there's
> > > just a
> > > > little step I'm missing, any help or hint will be appreciated,
> thanks a
> > > lot in
> > > > advance.
> > > >
> > > >
> > > >
> > > > Didier Caamaqo
> > > >
> > > > Director Departamento Informatica
> > > >
> > > > Sociedad Comercial Electrocenter Ltda.
> > > >
> > > > Correo Electrsnico: [EMAIL PROTECTED]
> > > > 
> > > >
> > > > Telifono: 02 - 584 - 7039
> > > >
> > > >
> > >
> > >
> > > --
> > > Huzeyfe VNAL
> > > ---
> > > Ag Guvenligi Listesine uye oldunuz mu?
> > > http://www.huzeyfe.net/netsec.html
> >
> 
> 
> --
> Huzeyfe VNAL
> ---
> Ag Guvenligi Listesine uye oldunuz mu?
> http://www.huzeyfe.net/netsec.html