On Fri, 2012-01-27 at 08:40 +0100, steve wrote:
On 01/27/2012 05:37 AM, Andrew Bartlett wrote:
On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
even though I've made a ldap/hh3.site principal:
hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator
hh3:/tmp # samba-tool domain
On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
even though I've made a ldap/hh3.site principal:
hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator
hh3:/tmp # samba-tool domain exportkeytab /etc/ldap.keytab
--principal=ldap/hh3.site
Why do I get the
Decrypt integrity check failed
On 01/27/2012 05:37 AM, Andrew Bartlett wrote:
On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
even though I've made a ldap/hh3.site principal:
hh3:/tmp # samba-tool spn add ldap/hh3.site Administrator
hh3:/tmp # samba-tool domain exportkeytab /etc/ldap.keytab
--principal=ldap/hh3.site
Why do
On 20/01/12 18:19, steve wrote:
On 01/20/2012 04:09 PM, Michael Wood wrote:
On 20 January 2012 15:23, stevest...@steve-ss.com wrote:
On 20/01/12 12:41, Michael Wood wrote:
[...]
I did this:
samba-tool user add nslcd-service
New Password:
User 'nslcd-service' created successfully
kinit
On 20/01/12 07:55, steve wrote:
Hi,
Even if you are scared of death of samba-technical I'm posting it
there
as well, maybe someone can answer the questions which arise when I
tried
to check out your use case.
So I've tried first:
# ldapsearch -H ldap://samba4.kzsdabas.hu cn=Administrator
Hi
On 20 January 2012 12:19, steve st...@steve-ss.com wrote:
[...]
OK. Start from nothing. New checkout, /usr/local/samba deleted, keytabs
gone. . . Nothing.
./source4/setup/provision --realm=site --domain=CACTUS --adminpass=abc@1234
--server-role='domain controller'
kinit Administrator
On 20/01/12 12:41, Michael Wood wrote:
Michael. Thanks for your comments. Getting there slowly but surely. Have
made some adjustments as in-line.
wbinfo -i steve2
CACTUS\steve2:*:300:100::/home/CACTUS/steve2:/bin/bash
Optimistically:
getent passwd steve2
_nothing_!
But nslcd-user can't
I can't find k5start for openSUSE. I'll ask the guys over
at the suse list for that one.
Otherwise you could probably compile it yourself.
If I get time, I'll go through this on Ubuntu (where Geza pointed me to
k5start).
Thanks again.
Steve
Got an old k5start from the openSUSE vaults
On 20 January 2012 15:23, steve st...@steve-ss.com wrote:
On 20/01/12 12:41, Michael Wood wrote:
[...]
I did this:
samba-tool user add nslcd-service
New Password:
User 'nslcd-service' created successfully
kinit nslcd-service
Password for nslcd-service@SITE:
Warning: Your password will
On 01/20/2012 04:09 PM, Michael Wood wrote:
On 20 January 2012 15:23, stevest...@steve-ss.com wrote:
On 20/01/12 12:41, Michael Wood wrote:
[...]
I did this:
samba-tool user add nslcd-service
New Password:
User 'nslcd-service' created successfully
kinit nslcd-service
Password for
On 01/18/2012 09:56 PM, Gémes Géza wrote:
2012-01-18 12:12 keltezéssel, steve írta:
On 01/17/2012 09:40 PM, Gémes Géza wrote:
Hi,
See comments inline:
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password
Progress:
klist -k /etc/krb5.keytab | grep host-account
1 host-acco...@hh3.site
1 host-acco...@hh3.site
1 host-acco...@hh3.site
cat /etc/default/nslcd
K5START_START=yes
# Options for k5start.
K5START_BIN=/usr/bin/k5start
K5START_KEYTAB=/etc/krb5.keytab
K5START_CCREFRESH=60
On 19/01/12 18:35, Gémes Géza wrote:
Progress:
klist -k /etc/krb5.keytab | grep host-account
1 host-acco...@hh3.site
1 host-acco...@hh3.site
1 host-acco...@hh3.site
cat /etc/default/nslcd
K5START_START=yes
# Options for k5start.
K5START_BIN=/usr/bin/k5start
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#badpass
I'm working as client and host on the same box here. Could this be the
cause of the
Decrypt integrity check failed
??
Cheers
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:
On 19/01/12 19:11, steve wrote:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#badpass
I'm working as client and host on the same box here. Could this be the
cause of the
Decrypt integrity check failed
??
Cheers
Steve
Just to confirm:
samba-tool spn delete host
samba-tool
On Thu, 2012-01-19 at 18:35 +0100, Gémes Géza wrote:
Progress:
klist -k /etc/krb5.keytab | grep host-account
1 host-acco...@hh3.site
1 host-acco...@hh3.site
1 host-acco...@hh3.site
cat /etc/default/nslcd
K5START_START=yes
# Options for k5start.
2012-01-20 06:03 keltezéssel, Andrew Bartlett írta:
On Thu, 2012-01-19 at 18:35 +0100, Gémes Géza wrote:
Progress:
klist -k /etc/krb5.keytab | grep host-account
1 host-acco...@hh3.site
1 host-acco...@hh3.site
1 host-acco...@hh3.site
cat /etc/default/nslcd
K5START_START=yes
#
Hi,
Even if you are scared of death of samba-technical I'm posting it there
as well, maybe someone can answer the questions which arise when I tried
to check out your use case.
So I've tried first:
# ldapsearch -H ldap://samba4.kzsdabas.hu cn=Administrator -LLL -Y GSSAPI
gives:
SASL/GSSAPI
On 01/17/2012 09:40 PM, Gémes Géza wrote:
Hi,
See comments inline:
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
That
2012-01-18 12:12 keltezéssel, steve írta:
On 01/17/2012 09:40 PM, Gémes Géza wrote:
Hi,
See comments inline:
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
to /etc/nslcd.conf
and restart nslcd, no one can connect to the database.
Hi,
See comments inline:
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
That should suffice, but please note, that nslcd
22 matches
Mail list logo