subject:"\[Samba\] AD and ticket"

[Samba] AD and ticket

2010-05-27 Thread Paras pradhan

Hi,

A quick question.

Today I noticed (might have been there from a long time)

klist: No credentials cache file found while setting cache flags(ticket
cache /tmp/krb5cc_0)


Samba is authenticating fine but don't see the cache. Is this normal? Do we
need ticket to join Samba to ADS only and don't care afterwards?

Thanks
Paras.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] AD member ticket verify errors

2004-11-30 Thread John Stile

On Mon, 2004-11-29 at 17:36 -0800, John Stile wrote: 
 On Mon, 2004-11-29 at 16:48 -0800, Jeremy Allison wrote:
  On Mon, Nov 29, 2004 at 01:26:36PM -0800, John Stile wrote:
   I installed samba-3.0.9-1 on RedHat-AS3, configured it as a member
   server, and joined the domain.  wbinfo -u and -g work.  When I brows to
   the samba share from Windows XP client, I see the shares, and my home
   directory is listed, but I am prompted for a password when I try to use
   the share.  No password works.  The samba log for the client session
   shows: 'smbd/sesssetup.c:reply_spnego_kerberose(173) Failed to verify
   incoming ticket!'  
   
   Is this a common problem?
   
   The system has RedHat rpm's:
 krb5-libs-1.2.7-28
 krb5-workstation-1.2.7-28
 krb5-devel-1.2.7-28
  
  You're going to need krb5 1.3 or later for the correct enctype.
 
 Is there an rpm available for RedHat AS?
I got it working but only after some bad practices.
My verbose notes follow:
 
Downloaded source rpm for fedora :
  wget 
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/SRPMS/krb5-1.3.1-6.src.rpm
 # NOTE: tried krb5-1.3.4-5.src.rpm  but it failed.
-
Rebuild kerberose (first try):
 rpmbuild --rebuild krb5-1.3.1-6.src.rpm
error: Failed build dependencies:
   bison is needed by krb5-1.3.1-6
   e2fsprogs-devel = 1.33 is needed by krb5-1.3.1-6
   libtermcap-devel is needed by krb5-1.3.1-6
-
Install needed packages:  
 up2date -i bison e2fsprogs-devel libtermcap-devel
   #Note: version of e2fsprogs too old. need to upgrade
-
Download newer version of e2fsprogs:  
  wget  
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/SRPMS/e2fsprogs-1.34-1.src.rpm
  rpmbuild --rebuild e2fsprogs-1.34-1.src.rpm
  rpm -U /usr/src/redhat/RPMS/i386/e2fsprogs-1.34-1.i386.rpm
  rpm -U /usr/src/redhat/RPMS/i386/e2fsprogs-devel-1.34-1.i386.rpm
-
Rebuild kerberose (second try)
  rpmbuild --rebuild krb5-1.3.1-6.src.rpm
-
Install new kerberose
  rpm -U /usr/src/redhat/RPMS/i386/krb5-*

error: Failed dependencies:
libcom_err.so.3 is needed by (installed) everything under the sun
-
Since I know we are upgrading existing requiremetns, I think it's ok to use 
--nodeps   
   rpm -Uhiv --nodeps /usr/src/redhat/RPMS/i386/krb5-*
-
Rebuilding latest samba rpm from samba.org to ensure linking against kerberose
   rpmbuild --rebuild samba-3.0.9-1.src.rpm   
-
Install samba
   rpm -i /usr/src/redhat/RPMS/i386/samba-3.0.9-1.i386.rpm
   Installing stack version of /etc/pam.d/samba...
-
Create my /etc/samba/smb.conf
  [global]
   server string = Samba Server
   workgroup = MYREALM
   realm = MYREALM.MY.DOMAIN.COM
   security = ADS
   map to guest = Bad User
   password server = *
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   preferred master = no
   local master = no
   domain master = no
   os level = 33
   wins server = 128.32.68.75 128.32.67.118
   ldap ssl = no
   idmap uid = 1-2
   idmap gid = 1-2
   winbind enum users = yes
   winbind enum groups = yes
   winbind separator = +
   winbind use default domain = Yes
shares snipped
-
Create the /etc/krb5.conf
 [logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
 [libdefaults]
  ticket_lifetime = 24000
  default_realm = MYREALM.MY.DOMAIN.COM
  dns_lookup_realm = true
  dns_lookup_kdc = true
 [realms]
  MYREALM.MY.DOMAIN.COM = {
   kdc = hcs-ad-a.myrealm.my.domain.com:88
   admin_server = hcs-ad-a.myrealm.my.domain.com:749
   default_domain = myrealm.my.domain.com
  }

 [domain_realm]
  .myrealm.domain.com = MYREALM.MY.DOMAIN.COM
  myrealm.domain.com = MYREALM.MY.DOMAIN.COM
  .myrealm.my.domain.com = MYREALM.MY.DOMAIN.COM
  myrealm.my.domain.com = MYREALM.MY.DOMAIN.COM
 [kdc]
  profile = /var/kerberos/krb5kdc/kdc.conf
 [appdefaults]
  pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
  }
-
Starting winbind fails:
  /etc/init.d/winbind start
 Starting Winbind services: winbindd: error while loading shared libraries: 
libcom_err.so.3: cannot open shared object file: No such file or directory  
[FAILED]
-
It looks like the new verison of kerberose doesn't supply libcom_err.so.3
  whereis libcom_err.so.3
   libcom_err.so: /lib/libcom_err.so.2 /usr/lib/libcom_err.so
  ls -alF /lib/libcom_err.so.2*
   lrwxrwxrwx1 root   root17 Nov 30 02:53 /lib/libcom_err.so.2 - 
libcom_err.so.2.1*
   -rwxr-xr-x1 root   root 18472 Nov 30 02:52 /lib/libcom_err.so.2.1*
  ldconfig  -p |grep

Re: [Samba] AD member ticket verify errors

2004-11-30 Thread Jeremy Allison

On Tue, Nov 30, 2004 at 05:05:54AM -0800, John Stile wrote:

  Is there an rpm available for RedHat AS?
 I got it working but only after some bad practices.
 My verbose notes follow:

Well done ! Thanks for posting these to the list, I'm sure
others will find them useful (and you went through a lot
of pain to get them :-).

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] AD member ticket verify errors

2004-11-29 Thread John Stile

I installed samba-3.0.9-1 on RedHat-AS3, configured it as a member
server, and joined the domain.  wbinfo -u and -g work.  When I brows to
the samba share from Windows XP client, I see the shares, and my home
directory is listed, but I am prompted for a password when I try to use
the share.  No password works.  The samba log for the client session
shows: 'smbd/sesssetup.c:reply_spnego_kerberose(173) Failed to verify
incoming ticket!'  

Is this a common problem?

The system has RedHat rpm's:
  krb5-libs-1.2.7-28
  krb5-workstation-1.2.7-28
  krb5-devel-1.2.7-28

-- 
._.
|   \0/John Stile |
| UniX Administration |
|   / \  510-305-3800 | 
| [EMAIL PROTECTED] |
.-.



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] AD member ticket verify errors

2004-11-29 Thread Jeremy Allison

On Mon, Nov 29, 2004 at 01:26:36PM -0800, John Stile wrote:
 I installed samba-3.0.9-1 on RedHat-AS3, configured it as a member
 server, and joined the domain.  wbinfo -u and -g work.  When I brows to
 the samba share from Windows XP client, I see the shares, and my home
 directory is listed, but I am prompted for a password when I try to use
 the share.  No password works.  The samba log for the client session
 shows: 'smbd/sesssetup.c:reply_spnego_kerberose(173) Failed to verify
 incoming ticket!'  
 
 Is this a common problem?
 
 The system has RedHat rpm's:
   krb5-libs-1.2.7-28
   krb5-workstation-1.2.7-28
   krb5-devel-1.2.7-28

You're going to need krb5 1.3 or later for the correct enctype.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] AD member ticket verify errors

2004-11-29 Thread John Stile

On Mon, 2004-11-29 at 16:48 -0800, Jeremy Allison wrote:
 On Mon, Nov 29, 2004 at 01:26:36PM -0800, John Stile wrote:
  I installed samba-3.0.9-1 on RedHat-AS3, configured it as a member
  server, and joined the domain.  wbinfo -u and -g work.  When I brows to
  the samba share from Windows XP client, I see the shares, and my home
  directory is listed, but I am prompted for a password when I try to use
  the share.  No password works.  The samba log for the client session
  shows: 'smbd/sesssetup.c:reply_spnego_kerberose(173) Failed to verify
  incoming ticket!'  
  
  Is this a common problem?
  
  The system has RedHat rpm's:
krb5-libs-1.2.7-28
krb5-workstation-1.2.7-28
krb5-devel-1.2.7-28
 
 You're going to need krb5 1.3 or later for the correct enctype.

Is there an rpm available for RedHat AS?



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] AD and ticket

Re: [Samba] AD member ticket verify errors

Re: [Samba] AD member ticket verify errors

[Samba] AD member ticket verify errors

Re: [Samba] AD member ticket verify errors

Re: [Samba] AD member ticket verify errors

6 matches

Site Navigation

Mail list logo

Footer information