On Fri, 2012-01-27 at 08:40 +0100, steve wrote:
> On 01/27/2012 05:37 AM, Andrew Bartlett wrote:
> > On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
> >
> >> even though I've made a ldap/hh3.site principal:
> >> hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator
> >> hh3:/tmp # samba-tool do
On 01/27/2012 05:37 AM, Andrew Bartlett wrote:
On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
even though I've made a ldap/hh3.site principal:
hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator
hh3:/tmp # samba-tool domain exportkeytab /etc/ldap.keytab
--principal=ldap/hh3.site
Why do
On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
> even though I've made a ldap/hh3.site principal:
> hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator
> hh3:/tmp # samba-tool domain exportkeytab /etc/ldap.keytab
> --principal=ldap/hh3.site
>
> Why do I get the
> Decrypt integrity check f
On 20/01/12 18:19, steve wrote:
On 01/20/2012 04:09 PM, Michael Wood wrote:
On 20 January 2012 15:23, steve wrote:
On 20/01/12 12:41, Michael Wood wrote:
[...]
I did this:
samba-tool user add nslcd-service
New Password:
User 'nslcd-service' created successfully
kinit nslcd-service
Passwor
On 01/20/2012 04:09 PM, Michael Wood wrote:
On 20 January 2012 15:23, steve wrote:
On 20/01/12 12:41, Michael Wood wrote:
[...]
I did this:
samba-tool user add nslcd-service
New Password:
User 'nslcd-service' created successfully
kinit nslcd-service
Password for nslcd-service@SITE:
Warning
On 20 January 2012 15:23, steve wrote:
> On 20/01/12 12:41, Michael Wood wrote:
[...]
> I did this:
>
> samba-tool user add nslcd-service
> New Password:
> User 'nslcd-service' created successfully
> kinit nslcd-service
> Password for nslcd-service@SITE:
> Warning: Your password will expire in 41
I can't find k5start for openSUSE. I'll ask the guys over
at the suse list for that one.
Otherwise you could probably compile it yourself.
If I get time, I'll go through this on Ubuntu (where Geza pointed me to
k5start).
Thanks again.
Steve
Got an old k5start from the openSUSE vaults and
On 20/01/12 12:41, Michael Wood wrote:
Michael. Thanks for your comments. Getting there slowly but surely. Have
made some adjustments as in-line.
wbinfo -i steve2
CACTUS\steve2:*:300:100::/home/CACTUS/steve2:/bin/bash
Optimistically:
getent passwd steve2
_nothing_!
But nslcd-user can't rea
Hi
On 20 January 2012 12:19, steve wrote:
[...]
> OK. Start from nothing. New checkout, /usr/local/samba deleted, keytabs
> gone. . . Nothing.
>
> ./source4/setup/provision --realm=site --domain=CACTUS --adminpass=abc@1234
> --server-role='domain controller'
>
> kinit Administrator
[...]
> hh3:/
On 20/01/12 07:55, steve wrote:
Hi,
Even if you are scared of death of samba-technical I'm posting it
there
as well, maybe someone can answer the questions which arise when I
tried
to check out your use case.
So I've tried first:
# ldapsearch -H ldap://samba4.kzsdabas.hu cn=Administrator -LLL
Hi,
Even if you are scared of death of samba-technical I'm posting it there
as well, maybe someone can answer the questions which arise when I tried
to check out your use case.
So I've tried first:
# ldapsearch -H ldap://samba4.kzsdabas.hu cn=Administrator -LLL -Y GSSAPI
gives:
SASL/GSSAPI authe
2012-01-20 06:03 keltezéssel, Andrew Bartlett írta:
> On Thu, 2012-01-19 at 18:35 +0100, Gémes Géza wrote:
>>> Progress:
>>> klist -k /etc/krb5.keytab | grep host-account
>>>1 host-acco...@hh3.site
>>>1 host-acco...@hh3.site
>>>1 host-acco...@hh3.site
>>>
>>> cat /etc/default/nslcd
>>>
On Thu, 2012-01-19 at 18:35 +0100, Gémes Géza wrote:
>
> > Progress:
> > klist -k /etc/krb5.keytab | grep host-account
> >1 host-acco...@hh3.site
> >1 host-acco...@hh3.site
> >1 host-acco...@hh3.site
> >
> > cat /etc/default/nslcd
> > K5START_START="yes"
> > # Options for k5start.
> >
On 19/01/12 19:11, steve wrote:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#badpass
I'm working as client and host on the same box here. Could this be the
cause of the
Decrypt integrity check failed
??
Cheers
Steve
Just to confirm:
samba-tool spn delete host
samba-tool spn
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#badpass
I'm working as client and host on the same box here. Could this be the
cause of the
Decrypt integrity check failed
??
Cheers
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://
On 19/01/12 18:35, Gémes Géza wrote:
Progress:
klist -k /etc/krb5.keytab | grep host-account
1 host-acco...@hh3.site
1 host-acco...@hh3.site
1 host-acco...@hh3.site
cat /etc/default/nslcd
K5START_START="yes"
# Options for k5start.
K5START_BIN=/usr/bin/k5start
K5START_KEYTAB=/etc/
> Progress:
> klist -k /etc/krb5.keytab | grep host-account
>1 host-acco...@hh3.site
>1 host-acco...@hh3.site
>1 host-acco...@hh3.site
>
> cat /etc/default/nslcd
> K5START_START="yes"
> # Options for k5start.
> K5START_BIN=/usr/bin/k5start
> K5START_KEYTAB=/etc/krb5.keytab
> K5START_
On 01/18/2012 09:56 PM, Gémes Géza wrote:
2012-01-18 12:12 keltezéssel, steve írta:
On 01/17/2012 09:40 PM, Gémes Géza wrote:
Hi,
See comments inline:
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password i
2012-01-18 12:12 keltezéssel, steve írta:
> On 01/17/2012 09:40 PM, Gémes Géza wrote:
>> Hi,
>>
>> See comments inline:
>>> Hi everyone
>>>
>>> I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
>>> moment, I authenticate by specifying the binddn and password in
>>> /etc/nslcd.conf
On 01/17/2012 09:40 PM, Gémes Géza wrote:
Hi,
See comments inline:
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
That should
Hi,
See comments inline:
> Hi everyone
>
> I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
> moment, I authenticate by specifying the binddn and password in
> /etc/nslcd.conf and all works fine
>
> If I add the line:
> sasl_mech GSSAPI
That should suffice, but please note, that
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
to /etc/nslcd.conf
and restart nslcd, no one can connect to the database. Nothi
22 matches
Mail list logo
