steve@hh3:~/samba-master> git pull
Updating bfc7481..e32ad9b
error: Your local changes to the following files would be overwritten by
merge:
auth/common_auth.h
auth/credentials/credentials_ntlm.c
auth/credentials/credentials_samba3.c
source3/lib/util_cmdline.c
source3/libads
On Tue, 2012-02-07 at 10:24 +0100, steve wrote:
> I just got this from the mit list:
>
>
> DES transition
> ==
>
> The krb5-1.8 release disables single-DES cryptosystems by default. As
> a result, you may need to add the libdefaults setting
> "allow_weak_crypto = true" to communicat
I just got this from the mit list:
DES transition
==
The krb5-1.8 release disables single-DES cryptosystems by default. As
a result, you may need to add the libdefaults setting
"allow_weak_crypto = true" to communicate with existing Kerberos
infrastructures if they do not support s
On 07/02/12 06:57, Gémes Géza wrote:
2012-02-06 23:58 keltezéssel, steve írta:
On 02/06/2012 08:10 PM, Gémes Géza wrote:
2012-02-06 09:29 keltezéssel, steve írta:
On 02/06/2012 07:19 AM, Gémes Géza wrote:
2012-02-06 01:27 keltezéssel, steve írta:
Hi
I've created a Samba 4 group called suseus
2012-02-06 23:58 keltezéssel, steve írta:
> On 02/06/2012 08:10 PM, Gémes Géza wrote:
>> 2012-02-06 09:29 keltezéssel, steve írta:
>>> On 02/06/2012 07:19 AM, Gémes Géza wrote:
2012-02-06 01:27 keltezéssel, steve írta:
> Hi
> I've created a Samba 4 group called suseusers and mixed in p
On 02/06/2012 08:10 PM, Gémes Géza wrote:
2012-02-06 09:29 keltezéssel, steve írta:
On 02/06/2012 07:19 AM, Gémes Géza wrote:
2012-02-06 01:27 keltezéssel, steve írta:
Hi
I've created a Samba 4 group called suseusers and mixed in posixGroup
and gidNumber using samba-tool group add as a basis.
2012-02-06 09:29 keltezéssel, steve írta:
> On 02/06/2012 07:19 AM, Gémes Géza wrote:
>> 2012-02-06 01:27 keltezéssel, steve írta:
>>> Hi
>>> I've created a Samba 4 group called suseusers and mixed in posixGroup
>>> and gidNumber using samba-tool group add as a basis.
>>>
>>> It works, e.g. when I
On 02/06/2012 07:19 AM, Gémes Géza wrote:
2012-02-06 01:27 keltezéssel, steve írta:
Hi
I've created a Samba 4 group called suseusers and mixed in posixGroup
and gidNumber using samba-tool group add as a basis.
It works, e.g. when I added an existing user to the group:
getent group suseusers
sus
2012-02-06 01:27 keltezéssel, steve írta:
> Hi
> I've created a Samba 4 group called suseusers and mixed in posixGroup
> and gidNumber using samba-tool group add as a basis.
>
> It works, e.g. when I added an existing user to the group:
> getent group suseusers
> suseusers:*:2000:
> and
> getent pa
Hi
I've created a Samba 4 group called suseusers and mixed in posixGroup
and gidNumber using samba-tool group add as a basis.
It works, e.g. when I added an existing user to the group:
getent group suseusers
suseusers:*:2000:
and
getent passwd steve4
steve4:x:319:2000:steve4:/home/CACTUS/st
Hi
In this example,
wbinfo -i steve
CACTUS\steve:*:319:100:steve4:/home/CACTUS/steve4:/bin/bash
where is the '100' stored?
Thanks,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
2012-02-01 19:07 keltezéssel, steve írta:
> On 01/09/2012 08:42 AM, steve wrote:
>> Hi
>> I have a Linux client running XFCE and authenticating against Samba
>> 4. When trying to return to the session after xscreensaver has kicked
>> in, authentication fails.
>
> Sorry to bump, but I've just seen t
On 01/09/2012 08:42 AM, steve wrote:
Hi
I have a Linux client running XFCE and authenticating against Samba 4.
When trying to return to the session after xscreensaver has kicked in,
authentication fails.
Sorry to bump, but I've just seen this in the xscreensaver doco:
XScreenSaver Dependenci
On Fri, 2012-01-27 at 08:40 +0100, steve wrote:
> On 01/27/2012 05:37 AM, Andrew Bartlett wrote:
> > On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
> >
> >> even though I've made a ldap/hh3.site principal:
> >> hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator
> >> hh3:/tmp # samba-tool do
On 01/27/2012 05:37 AM, Andrew Bartlett wrote:
On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
even though I've made a ldap/hh3.site principal:
hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator
hh3:/tmp # samba-tool domain exportkeytab /etc/ldap.keytab
--principal=ldap/hh3.site
Why do
On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
> even though I've made a ldap/hh3.site principal:
> hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator
> hh3:/tmp # samba-tool domain exportkeytab /etc/ldap.keytab
> --principal=ldap/hh3.site
>
> Why do I get the
> Decrypt integrity check f
Thanks Volker I'll gine that a shot.
Regards
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Tue, Jan 24, 2012 at 10:53 PM, Andrew Bartlett wrote:
> On Mon, 2012-01-23 at 14:44 -0500, Charles Tryon wrote:
> > On Fri, Jan 20, 2012 at 3:56 AM, Michael Wood
> wrote:
> >
> > > Hi
> > >
> > > On 20 January 2012 09:16, Matthieu Patou wrote:
> > > >
> > > >> Perhaps upgradeprovision should
On Mon, 2012-01-23 at 14:44 -0500, Charles Tryon wrote:
> On Fri, Jan 20, 2012 at 3:56 AM, Michael Wood wrote:
>
> > Hi
> >
> > On 20 January 2012 09:16, Matthieu Patou wrote:
> > >
> > >> Perhaps upgradeprovision should just print a warning at the end to
> > >> check that the path to dlz_bind.s
On Fri, Jan 20, 2012 at 3:56 AM, Michael Wood wrote:
> Hi
>
> On 20 January 2012 09:16, Matthieu Patou wrote:
> >
> >> Perhaps upgradeprovision should just print a warning at the end to
> >> check that the path to dlz_bind.so is correct.
> >
> > Please refrain from using upgradeprovision until i
On 23/01/12 15:37, Raffael Sahli wrote:
On 01/23/2012 02:24 PM, steve wrote:
Hi
Same checkout, same provision, same machine.
openSUSE
samba --version
Version 4.0.0alpha18-GIT-c3a7573
hh3:/home/steve # ldapsearch -H ldap://192.168.1.3 cn=steve2 -b
"dc=hh3,dc=site" -Y GSSAPI
SASL/GSSAPI authen
On 01/23/2012 02:24 PM, steve wrote:
Hi
Same checkout, same provision, same machine.
openSUSE
samba --version
Version 4.0.0alpha18-GIT-c3a7573
hh3:/home/steve # ldapsearch -H ldap://192.168.1.3 cn=steve2 -b
"dc=hh3,dc=site" -Y GSSAPI
SASL/GSSAPI authentication started
and all is OK.
Ubuntu
Hi
Same checkout, same provision, same machine.
openSUSE
samba --version
Version 4.0.0alpha18-GIT-c3a7573
hh3:/home/steve # ldapsearch -H ldap://192.168.1.3 cn=steve2 -b
"dc=hh3,dc=site" -Y GSSAPI
SASL/GSSAPI authentication started
and all is OK.
Ubuntu
samba --version
Version 4.0.0alpha18-G
On Mon, Jan 23, 2012 at 03:55:26AM -0800, Juan Pablo Lorier wrote:
> I've posted a couple of times in the list with pour
> results. Maybe I'm not in the right place.
Maybe samba-techni...@samba.org is the more appropriate
forum for Samba4 questions.
With best regards,
Volker Lendecke
--
SerNet
Hi,
I've posted a couple of times in the list with pour results. Maybe I'm not in
the right place.
If this is the place then I'm copying the text of my first post:
Hi there,
I'm a newy at samba 4 and I'm trying to joing a samba 4
alpha 17 box to our domain as a DC so I can "drain" the domain i
On 20/01/12 18:19, steve wrote:
On 01/20/2012 04:09 PM, Michael Wood wrote:
On 20 January 2012 15:23, steve wrote:
On 20/01/12 12:41, Michael Wood wrote:
[...]
I did this:
samba-tool user add nslcd-service
New Password:
User 'nslcd-service' created successfully
kinit nslcd-service
Passwor
On 22/01/12 10:19, Gémes Géza wrote:
2012-01-21 09:42 keltezéssel, steve írta:
Version 4.0.0alpha18-GIT-957ec28 with dns hh3.site realm SITE
After starting samba -i -d3,
wbinfo -i someuser
gives this:
ldb_wrap open of secrets.ldb
using SPNEGO
Selected protocol [8][NT LANMAN 1.0]
Cannot reach a
2012-01-21 09:42 keltezéssel, steve írta:
> Version 4.0.0alpha18-GIT-957ec28 with dns hh3.site realm SITE
> After starting samba -i -d3,
> wbinfo -i someuser
> gives this:
>
> ldb_wrap open of secrets.ldb
> using SPNEGO
> Selected protocol [8][NT LANMAN 1.0]
> Cannot reach a KDC we require to conta
Version 4.0.0alpha18-GIT-957ec28 with dns hh3.site realm SITE
After starting samba -i -d3,
wbinfo -i someuser
gives this:
ldb_wrap open of secrets.ldb
using SPNEGO
Selected protocol [8][NT LANMAN 1.0]
Cannot reach a KDC we require to contact cifs/hh3.site@SITE : kinit for
HH3$@SITE failed (Canno
On 01/20/2012 04:09 PM, Michael Wood wrote:
On 20 January 2012 15:23, steve wrote:
On 20/01/12 12:41, Michael Wood wrote:
[...]
I did this:
samba-tool user add nslcd-service
New Password:
User 'nslcd-service' created successfully
kinit nslcd-service
Password for nslcd-service@SITE:
Warning
On 20 January 2012 15:23, steve wrote:
> On 20/01/12 12:41, Michael Wood wrote:
[...]
> I did this:
>
> samba-tool user add nslcd-service
> New Password:
> User 'nslcd-service' created successfully
> kinit nslcd-service
> Password for nslcd-service@SITE:
> Warning: Your password will expire in 41
I can't find k5start for openSUSE. I'll ask the guys over
at the suse list for that one.
Otherwise you could probably compile it yourself.
If I get time, I'll go through this on Ubuntu (where Geza pointed me to
k5start).
Thanks again.
Steve
Got an old k5start from the openSUSE vaults and
On 20/01/12 12:41, Michael Wood wrote:
Michael. Thanks for your comments. Getting there slowly but surely. Have
made some adjustments as in-line.
wbinfo -i steve2
CACTUS\steve2:*:300:100::/home/CACTUS/steve2:/bin/bash
Optimistically:
getent passwd steve2
_nothing_!
But nslcd-user can't rea
Hi
On 20 January 2012 12:19, steve wrote:
[...]
> OK. Start from nothing. New checkout, /usr/local/samba deleted, keytabs
> gone. . . Nothing.
>
> ./source4/setup/provision --realm=site --domain=CACTUS --adminpass=abc@1234
> --server-role='domain controller'
>
> kinit Administrator
[...]
> hh3:/
On 20/01/12 07:55, steve wrote:
Hi,
Even if you are scared of death of samba-technical I'm posting it
there
as well, maybe someone can answer the questions which arise when I
tried
to check out your use case.
So I've tried first:
# ldapsearch -H ldap://samba4.kzsdabas.hu cn=Administrator -LLL
Hi
On 20 January 2012 09:16, Matthieu Patou wrote:
>
>> Perhaps upgradeprovision should just print a warning at the end to
>> check that the path to dlz_bind.so is correct.
>
> Please refrain from using upgradeprovision until it's 100% fixed.
Sorry, I should have mentioned that you told me recen
Hi,
Even if you are scared of death of samba-technical I'm posting it there
as well, maybe someone can answer the questions which arise when I tried
to check out your use case.
So I've tried first:
# ldapsearch -H ldap://samba4.kzsdabas.hu cn=Administrator -LLL -Y GSSAPI
gives:
SASL/GSSAPI authe
On 19 January 2012 21:50, Charles Tryon wrote:
> I just tried again this morning, and other than needing to clean up some of
> the mess I made thrashing around the past couple of days, it appears to be
> fixed.
>
> **THANKS!!**
I suppose you should thank metze for that :)
> One oddity is that, t
2012-01-20 06:03 keltezéssel, Andrew Bartlett írta:
> On Thu, 2012-01-19 at 18:35 +0100, Gémes Géza wrote:
>>> Progress:
>>> klist -k /etc/krb5.keytab | grep host-account
>>>1 host-acco...@hh3.site
>>>1 host-acco...@hh3.site
>>>1 host-acco...@hh3.site
>>>
>>> cat /etc/default/nslcd
>>>
On Thu, 2012-01-19 at 18:35 +0100, Gémes Géza wrote:
>
> > Progress:
> > klist -k /etc/krb5.keytab | grep host-account
> >1 host-acco...@hh3.site
> >1 host-acco...@hh3.site
> >1 host-acco...@hh3.site
> >
> > cat /etc/default/nslcd
> > K5START_START="yes"
> > # Options for k5start.
> >
Hi everyone
I'm using nslcd to connect to Samba 4 LDAP. If I specify the binddn and
bindpw in /etc/nslcd.conf no problem getent passwd works and everything
is mapped just fine.
But when I try try to do a kerberized bind to Samba 4 LDAP, I get this:
ldb_wrap open of secrets.ldb
Kerberos: TGS-R
On 19/01/12 19:11, steve wrote:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#badpass
I'm working as client and host on the same box here. Could this be the
cause of the
Decrypt integrity check failed
??
Cheers
Steve
Just to confirm:
samba-tool spn delete host
samba-tool spn
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#badpass
I'm working as client and host on the same box here. Could this be the
cause of the
Decrypt integrity check failed
??
Cheers
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://
On 19/01/12 18:35, Gémes Géza wrote:
Progress:
klist -k /etc/krb5.keytab | grep host-account
1 host-acco...@hh3.site
1 host-acco...@hh3.site
1 host-acco...@hh3.site
cat /etc/default/nslcd
K5START_START="yes"
# Options for k5start.
K5START_BIN=/usr/bin/k5start
K5START_KEYTAB=/etc/
> Progress:
> klist -k /etc/krb5.keytab | grep host-account
>1 host-acco...@hh3.site
>1 host-acco...@hh3.site
>1 host-acco...@hh3.site
>
> cat /etc/default/nslcd
> K5START_START="yes"
> # Options for k5start.
> K5START_BIN=/usr/bin/k5start
> K5START_KEYTAB=/etc/krb5.keytab
> K5START_
Hi
I'm using Samba 4 to serve Linux and win 7 clients.
I'd like to use GSSAPI to bind to the Samba 4 LDAP to extract the
attributes I've added for the Linux clients. nslcd advertises such
support, but keeps telling me 'Unknown authentication method'. As a
workaround I've done this:
I'm usi
All OK for me:
samba --version
Version 4.0.0alpha18-GIT-95c514a
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On 01/18/2012 09:56 PM, Gémes Géza wrote:
2012-01-18 12:12 keltezéssel, steve írta:
On 01/17/2012 09:40 PM, Gémes Géza wrote:
Hi,
See comments inline:
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password i
On 01/19/2012 09:23 AM, Michael Wood wrote:
On 19 January 2012 10:05, steve wrote:
Hi everyone
I've marked the thread as URGENT. Another post has reported similar during
provisioning.
Could someone on samba-technical send a copy there too?
It's been mentioned on samba-technical and I believe
On 19 January 2012 10:05, steve wrote:
> Hi everyone
>
> I've marked the thread as URGENT. Another post has reported similar during
> provisioning.
> Could someone on samba-technical send a copy there too?
It's been mentioned on samba-technical and I believe a fix was
committed yesterday/last nig
Hi everyone
I've marked the thread as URGENT. Another post has reported similar
during provisioning.
Could someone on samba-technical send a copy there too?
Thanks,
Steve
On 01/18/2012 08:40 PM, Charles Tryon wrote:
Ummm... no, unless it's with using ANY external bind rather than the
int
2012-01-18 12:12 keltezéssel, steve írta:
> On 01/17/2012 09:40 PM, Gémes Géza wrote:
>> Hi,
>>
>> See comments inline:
>>> Hi everyone
>>>
>>> I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
>>> moment, I authenticate by specifying the binddn and password in
>>> /etc/nslcd.conf
Ummm... no, unless it's with using ANY external bind rather than the
internal one. I'm now finding that ALL the test systems that I have tried
to update to the latest GIT repository are failing.
I'm dead in the water. =8-0
On Wed, Jan 18, 2012 at 1:48 PM, steve wrote:
> Hi
> I couldn't get a
Hi
I couldn't get any bind to work for Ubuntu on previous checkouts except
9.9.0b1
Have modified source4/dns_server/dlz_minimal.h
Is bind the prob? If so how do I use the internal bind?
Thanks
Steve
On 01/18/2012 07:31 PM, Charles Tryon wrote:
Are you using bind9.8, 9.7 or the internal bind se
Are you using bind9.8, 9.7 or the internal bind server?
On Wed, Jan 18, 2012 at 11:21 AM, steve wrote:
> Version 4.0.0alpha18-GIT-e75c436
> Ubuntu 11.10 Built now with
>
> make clean
> ./configure.developer
> make
> make install
>
> samba -i -d3 gives this:
>
> ldb: unable to stat module ${PREF
Version 4.0.0alpha18-GIT-e75c436
Ubuntu 11.10 Built now with
make clean
./configure.developer
make
make install
samba -i -d3 gives this:
ldb: unable to stat module ${PREFIX}/modules/ldb : No such file or directory
ldb_wrap open of privilege.ldb
samba: using 'standard' process model
Unknown proc
On 01/17/2012 09:40 PM, Gémes Géza wrote:
Hi,
See comments inline:
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
That should
On 18/01/12 04:54, Andrew Bartlett wrote:
On Sun, 2012-01-15 at 14:49 +0100, steve wrote:
Hi everyone
Version 4.0.0alpha18-GIT-bfc7481
I'm using nslcd to map Samba 4 users to uid:gid and home directory. At
startup I get this:
Why are you not using nss_winbind?
I know the Samba4 winbindd (star
On Sun, 2012-01-15 at 14:49 +0100, steve wrote:
> Hi everyone
> Version 4.0.0alpha18-GIT-bfc7481
>
> I'm using nslcd to map Samba 4 users to uid:gid and home directory. At
> startup I get this:
Why are you not using nss_winbind?
I know the Samba4 winbindd (started as a component of 'samba') isn
Hi,
See comments inline:
> Hi everyone
>
> I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
> moment, I authenticate by specifying the binddn and password in
> /etc/nslcd.conf and all works fine
>
> If I add the line:
> sasl_mech GSSAPI
That should suffice, but please note, that
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
to /etc/nslcd.conf
and restart nslcd, no one can connect to the database. Nothi
> ERROR(runtime): uncaught exception - Key table entry not found
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 167, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
> line 88, in ru
(apology. forgot to send only to list)
On 01/16/2012 07:18 PM, steve wrote:
Well, either it will need to have the password hard coded in the
config file like you have it at the moment, I believe, or it will need
a ticket to access the directory.
Anyway, I've a 10 hour experiment in progress a
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Administrator,cn=Users,dc=hh3,dc=site
I think you want CN=nslcd-user,CN=Users,DC=hh3,DC=site here.
# The credentials to bind with.
# Optional: default is no credentials.
# Note that if
On 01/15/2012 10:23 PM, Michael Wood wrote:
On 15 January 2012 18:32, steve wrote:
On 01/15/2012 04:04 PM, Michael Wood wrote:
On 14 January 2012 12:52, steve wrote:
On 14/01/12 03:19, Michael Wood wrote:
On 14 January 2012 01:24, steve wrote:
[...]
drwxr-xr-x 118 root root 12288 Ja
Sorry, forgot to copy the list.
On 15 January 2012 18:32, steve wrote:
> On 01/15/2012 04:04 PM, Michael Wood wrote:
>>
>> On 14 January 2012 12:52, steve wrote:
>>>
>>> On 14/01/12 03:19, Michael Wood wrote:
On 14 January 2012 01:24, steve wrote:
>>
>> [...]
>
> drwxr-xr-x
#sasl_mech GSSAPI
sasl_realm HH3.SITE
#krb5_ccname /tmp/krb5cc_0
Try using /var/run/nslcd/nslcd.tkt after exporting the nslcd-user's
SPN to it and making sure nslcd can read it.
On openSUSE, /var/run/nslcd is deleted on stopping nslcd so it would
have to go somewhere else. (On Ubuntu, it surviv
On 01/15/2012 04:04 PM, Michael Wood wrote:
On 14 January 2012 12:52, steve wrote:
On 14/01/12 03:19, Michael Wood wrote:
On 14 January 2012 01:24, stevewrote:
[...]
drwxr-xr-x 118 root root 12288 Jan 13 23:55 etc
-rw--- 1 root root 1225 Jan 13 12:12 krb5.keytab
That's fine, but is
On 01/15/2012 04:17 PM, Michael Wood wrote:
Hi
On 15 January 2012 15:49, steve wrote:
Hi everyone
Version 4.0.0alpha18-GIT-bfc7481
I'm using nslcd to map Samba 4 users to uid:gid and home directory. At
startup I get this:
ldb_wrap open of secrets.ldb
WARNING: no socket to connect to
and /va
Hi
On 15 January 2012 15:49, steve wrote:
> Hi everyone
> Version 4.0.0alpha18-GIT-bfc7481
>
> I'm using nslcd to map Samba 4 users to uid:gid and home directory. At
> startup I get this:
>
> ldb_wrap open of secrets.ldb
> WARNING: no socket to connect to
>
> and /var/log/messages shows:
>
> Jan
On 14 January 2012 12:52, steve wrote:
> On 14/01/12 03:19, Michael Wood wrote:
>>
>> On 14 January 2012 01:24, steve wrote:
[...]
>>> drwxr-xr-x 118 root root 12288 Jan 13 23:55 etc
>>> -rw--- 1 root root 1225 Jan 13 12:12 krb5.keytab
>>
>> That's fine, but is that what nslcd is using?
>
>
Hi everyone
Version 4.0.0alpha18-GIT-bfc7481
I'm using nslcd to map Samba 4 users to uid:gid and home directory. At
startup I get this:
ldb_wrap open of secrets.ldb
WARNING: no socket to connect to
and /var/log/messages shows:
Jan 15 14:20:13 hh3 nslcd[2425]: [334873] failed to bind to LDAP
Hi everyone
I asked a while ago about screenshots, and in an effort to move Samba 4
away from the realms (geddit?) of 'rocket scientists only need apply',
I've made some screenshots. Hope you like them.
http://linuxcostablanca.blogspot.com/2012/01/samba-4-screenshots.html
Cheers,
Steve
--
T
On 14 January 2012 01:24, steve wrote:
> On 13/01/12 23:46, Michael Wood wrote:
>>
>> On 13 January 2012 14:00, steve wrote:
>> [...]
>>>
>>> OK
>>> Getting somewhere. I've got rid of the Kerberos: Server not found in
>>> database: krbtgt/s...@hh3.site error.
>>>
>>> Now samba 4 is giving me this
On 14 January 2012 01:28, steve wrote:
> On 13/01/12 23:36, Michael Wood wrote:
>>
>> On 14 January 2012 00:01, steve wrote:
>>>
>>> On 13/01/12 19:22, Gémes Géza wrote:
>>
>> [...]
It doesn't need to have anything to do with the host principal. You
could have a very unique nslcd s
On 13 January 2012 14:00, steve wrote:
[...]
> OK
> Getting somewhere. I've got rid of the Kerberos: Server not found in
> database: krbtgt/s...@hh3.site error.
>
> Now samba 4 is giving me this:
>
> ldb_wrap open of secrets.ldb
> Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_
On 14 January 2012 00:01, steve wrote:
> On 13/01/12 19:22, Gémes Géza wrote:
[...]
>> It doesn't need to have anything to do with the host principal. You
>> could have a very unique nslcd service account.
>
> Yes. I have that account: nslcd-user. I can create a keytab for nslcd-user.
> let's say
On 13/01/12 19:22, Gémes Géza wrote:
2012-01-13 13:45 keltezéssel, steve írta:
'I have setup a real user that the daemon will run as, and have given
that user a valid kerberos tgt' and gives this line in /etc/nslcd.conf
krb5_ccname /var/run/nslcd/nslcd.tkt
How has the guy 'given that user a va
2012-01-13 13:45 keltezéssel, steve írta:
>
>> 'I have setup a real user that the daemon will run as, and have given
>> that user a valid kerberos tgt' and gives this line in /etc/nslcd.conf
>>
>> krb5_ccname /var/run/nslcd/nslcd.tkt
>>
>> How has the guy 'given that user a valid kerberos tgt'?
>>
'I have setup a real user that the daemon will run as, and have given
that user a valid kerberos tgt' and gives this line in /etc/nslcd.conf
krb5_ccname /var/run/nslcd/nslcd.tkt
How has the guy 'given that user a valid kerberos tgt'?
IOW, how do _I_ on openSUSE 12.1 get that magic nslcd.tkt
On 13/01/12 04:37, steve wrote:
On 13/01/12 03:06, steve wrote:
On 12/01/12 19:53, Gémes Géza wrote:
2012-01-12 11:16 keltezéssel, steve írta:
On 12/01/12 08:49, Andrew Bartlett wrote:
On Thu, 2012-01-12 at 06:15 +0100, Gémes Géza wrote:
2012-01-11 23:48 keltezéssel, steve írta:
Hi
After st
On 13/01/12 03:06, steve wrote:
On 12/01/12 19:53, Gémes Géza wrote:
2012-01-12 11:16 keltezéssel, steve írta:
On 12/01/12 08:49, Andrew Bartlett wrote:
On Thu, 2012-01-12 at 06:15 +0100, Gémes Géza wrote:
2012-01-11 23:48 keltezéssel, steve írta:
Hi
After starting Samba 4, before anyone can
On 12/01/12 19:53, Gémes Géza wrote:
2012-01-12 11:16 keltezéssel, steve írta:
On 12/01/12 08:49, Andrew Bartlett wrote:
On Thu, 2012-01-12 at 06:15 +0100, Gémes Géza wrote:
2012-01-11 23:48 keltezéssel, steve írta:
Hi
After starting Samba 4, before anyone can do anything, Administrator
has t
2012-01-12 11:16 keltezéssel, steve írta:
> On 12/01/12 08:49, Andrew Bartlett wrote:
>> On Thu, 2012-01-12 at 06:15 +0100, Gémes Géza wrote:
>>> 2012-01-11 23:48 keltezéssel, steve írta:
Hi
After starting Samba 4, before anyone can do anything, Administrator
has to do a kinit to get
On 12/01/12 08:49, Andrew Bartlett wrote:
On Thu, 2012-01-12 at 06:15 +0100, Gémes Géza wrote:
2012-01-11 23:48 keltezéssel, steve írta:
Hi
After starting Samba 4, before anyone can do anything, Administrator
has to do a kinit to get a new ticket. This creates a cache
/tmp/krb5cc_0 with an expi
On 12/01/12 06:15, Gémes Géza wrote:
2012-01-11 23:48 keltezéssel, steve írta:
Hi
After starting Samba 4, before anyone can do anything, Administrator
has to do a kinit to get a new ticket. This creates a cache
/tmp/krb5cc_0 with an expiry time.
I've created a host principal and put it into the
On Thu, 2012-01-12 at 06:15 +0100, Gémes Géza wrote:
> 2012-01-11 23:48 keltezéssel, steve írta:
> > Hi
> > After starting Samba 4, before anyone can do anything, Administrator
> > has to do a kinit to get a new ticket. This creates a cache
> > /tmp/krb5cc_0 with an expiry time.
> >
> > I've create
2012-01-11 23:48 keltezéssel, steve írta:
> Hi
> After starting Samba 4, before anyone can do anything, Administrator
> has to do a kinit to get a new ticket. This creates a cache
> /tmp/krb5cc_0 with an expiry time.
>
> I've created a host principal and put it into the keytab:
> samba-tool spn add
Hi
After starting Samba 4, before anyone can do anything, Administrator has
to do a kinit to get a new ticket. This creates a cache /tmp/krb5cc_0
with an expiry time.
I've created a host principal and put it into the keytab:
samba-tool spn add host someuser
samba-tool domain exportkeytab /etc/
On 9 January 2012 14:30, steve wrote:
> On 09/01/12 12:12, Michael Wood wrote:
>>
>> On 9 January 2012 12:56, steve wrote:
[...]
>>> Hi
>>> Rename the keytab, touch /etc/krb5.keytab to start with a blank keytab
>>> and
>>> add only the nfs principal? What about all the other stuff about cifs and
On 9 January 2012 12:56, steve wrote:
> On 01/09/2012 11:50 AM, Michael Wood wrote:
>>
>> On 9 January 2012 12:34, steve wrote:
>>>
>>> On 01/09/2012 09:47 AM, Gémes Géza wrote:
>>
>> [...]
>
> samba-tool user add steve4
> (the spn stuff you mention doesn't seem to be needed?)
> s
On 9 January 2012 12:34, steve wrote:
> On 01/09/2012 09:47 AM, Gémes Géza wrote:
[...]
>>> samba-tool user add steve4
>>> (the spn stuff you mention doesn't seem to be needed?)
>>> samba-tool domain exportkeytab /etc/krb5.keytab --principal=steve4
>>
>> You don't need the last step (see before).
On 01/09/2012 09:47 AM, Gémes Géza wrote:
Hi,
Comments in-line:
On 01/09/2012 07:38 AM, Gémes Géza wrote:
2012-01-08 10:13 keltezéssel, steve írta:
Hi
I have Samba 4 installed and working. I recently changed FQDN to dns
name hh3.hh3.site. It works OK and e.g. on a windows 7 box which
joined t
Hi,
Comments in-line:
On 01/09/2012 07:38 AM, Gémes Géza wrote:
2012-01-08 10:13 keltezéssel, steve írta:
Hi
I have Samba 4 installed and working. I recently changed FQDN to dns
name hh3.hh3.site. It works OK and e.g. on a windows 7 box which
joined the domain, users can logon. But I have a me
On 01/09/2012 07:38 AM, Gémes Géza wrote:
2012-01-08 10:13 keltezéssel, steve írta:
Hi
I have Samba 4 installed and working. I recently changed FQDN to dns
name hh3.hh3.site. It works OK and e.g. on a windows 7 box which
joined the domain, users can logon. But I have a mess in the keytab:
klist
Hi
I have a Linux client running XFCE and authenticating against Samba 4.
When trying to return to the session after xscreensaver has kicked in,
authentication fails.
/etc/pam.d/xscreensaver
#%PAM-1.0
auth includecommon-auth
account includecommon-account
password include
2012-01-08 10:13 keltezéssel, steve írta:
> Hi
> I have Samba 4 installed and working. I recently changed FQDN to dns
> name hh3.hh3.site. It works OK and e.g. on a windows 7 box which
> joined the domain, users can logon. But I have a mess in the keytab:
>
> klist -k /etc/krb5.keytab
> Keytab name
Hi
I have Samba 4 installed and working. I recently changed FQDN to dns
name hh3.hh3.site. It works OK and e.g. on a windows 7 box which joined
the domain, users can logon. But I have a mess in the keytab:
klist -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
2011-12-31 02:36 keltezéssel, steve írta:
> What's the syntax?
>
> I've tried:
> samba-tool spn add nfs/HH3.SITE Administrator
>
> which seems to work, but where do I go from here?
>
> THanks,
> Steve
>
First:
I wouldn't add an nfs spn for the Administrator account, instead would
create a separate
What's the syntax?
I've tried:
samba-tool spn add nfs/HH3.SITE Administrator
which seems to work, but where do I go from here?
THanks,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
501 - 600 of 913 matches
Mail list logo