** Merge proposal unlinked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/348424
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] s
** Merge proposal unlinked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/348424
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] s
** Merge proposal unlinked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/348424
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] s
** Merge proposal unlinked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/348424
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] s
For the release team: this fixes a crash bug, but in a not very common
scenario: domain was joined via sssd and not samba's net join command,
and the config tells samba to look first at the secrets database which
is only populated via net join.
The MP at
https://code.launchpad.net/~ahasenack/ubunt
** Merge proposal unlinked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/343606
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] s
** Changed in: samba (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: samba (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs.la
After a lot of experimentation, I got my samba server, with "security =
ads" but no winbind and no "net ads join" command, to authenticate an AD
user using kerberos.
What nailed it was to use setspn on the windows side to add
cifs/ to the computer account, like this (for a "bionic-sssd"
computer a
Packages from https://launchpad.net/~ahasenack/+archive/ubuntu/samba-
kerberos-method-1761737 have the patch and fix the crash test case.
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/176173
I have it building in a ppa and will try shortly
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] samba PANIC, INTERNAL ERROR: Signal 11
To manage notifications abou
The "kerberos method" options that were tried are in
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1761737/comments/16.
There is no crash when it's set to "system keytab" or "dedicated keytab"
plus pointing the keytab at /etc/krb5.keytab
--
You received this bug notification because you ar
(sorry if I'm telling you something you already know: the text below is
also for my own benefit and thought process)
Joining a domain means basically creating a computer account in the AD.
That is what allows the computer to query the domain for information
like usernames, uid numbers, and even au
Ok
The smb.conf(5) manpage does state that for "security = ads" or "server
role = member server" to work, the machine must have been joined to the
domain via "net ads join". This is what creates the necessary secrets in
the local secrets tdb database.
My hypothesis is that there was a change in 4
What happens in terms of accessing the share in the 18.04 server when
you use these settings:
a)
kerberos method = system keytab
b)
kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5.keytab
c) kerberos method = default
--
You received this bug notification because you are a m
Ok, so to summarize:
- sssd is providing user and groups from AD (via /etc/nsswitch.conf)
- realmd was used to join the machine to AD for the above
- local user authentication is done via pam_sss and using kerberos. Shell users
get a ticket upon login
- samba is not using winbind
I have a feeling
After changing security to ADS, did you join the realm/domain again? You
might have some incorrect local databases. Can you start fresh with
4.7.6 on this box?
Also, even on a fresh 4.7.6, I couldn't get "kerberos method = secrets
and keytab" to work without crashing, that's the samba bug I filed
** Bug watch added: Samba Bugzilla #13376
https://bugzilla.samba.org/show_bug.cgi?id=13376
** Also affects: samba via
https://bugzilla.samba.org/show_bug.cgi?id=13376
Importance: Unknown
Status: Unknown
** Changed in: samba (Ubuntu)
Status: Incomplete => Triaged
** Changed
Can you elaborate on how this 18.04 machine is supposed to authenticate
users and give them access or not to a share, since it's not part of the
AD realm, at least according to smb.conf? In the meantime I'll check
with upstream.
--
You received this bug notification because you are a member of Ub
Ok, I can reproduce this with a simple "smbclient -L localhost -N" and
this smb.conf:
[global]
dns proxy = No
domain master = No
kerberos method = secrets and keytab
local master = No
log file = /var/log/samba/log.%m
map to guest = Bad User
Was this 18.04 box a fresh install of samba 4.7.6, or did you at some
point have 4.7.4 or earlier and upgrade?
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] samba
The smb.conf file for the 18.04 box shows it as being a standalone
server, not a domain member. Is that expected? Are you managing its
users locally via smbpasswd?
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.
https://bugs
21 matches
Mail list logo