Hi,
I am trying to configure the nslcd service on an Ubuntu client for kerberos
authentication against samba4. My /etc/nslcd.conf contains the following:
uid nslcd
gid nslcd
uri ldapi:///cofil01.mydomain.net
base dc=mydomain,dc=net
sasl_mech GSSAPI
krb5_ccname FILE:/tmp/host.tkt
I have added
I have finally found out that my problems had to do with wrong certificates.
The commands I used to generate the certificates where taken from
http://k5wiki.kerberos.org/wiki/Pkinit_configuration
I downloaded and built heimdal 1.5.2 (I couldn't find hxtool in samba 4,
that's why I used the
ok, I did a simple GSSAPI test on the client with ldapsearch using
ldapsearch -Y GSSAPI and I get Server not found in Kerberos database.
In log.samba on the server, it gives:
Kerberos: TGS-REQ user @ MYDOMAIN.NET from ipv4:10.45.1.55:48879 for ldap/
ubuntu-test.mydomain.net @ MYDOMAIN.NET
Hi,
I think it is great that samba4 has a single sign on solution for Windows
platforms and it seems to work well too, but I am wondering is it possible
to do the same for a Linux environment? I have been studying how to
implement single sign on using the Ubuntu way through this document:
Hi,
I am running such a setup for over 2 years now. Samba4 acting as AD for
the Windows Clients and LDAP/Kerberos for Linux and Solars clients. All
users are stored centrally and no local users on the clients.
I'd have to dig for more information on the setup though, as it's been a
while since I
That sounds great! I think the Ubuntu SSO will work too but I am still
trying to implement it - I have run into some hiccups such as nslcd
complaining about Client not found in Kerberos database but I think it is
because samba4 is running in a multi-homed environment and someone on the
Kerberos
On 12/07/12 14:05, Quinn Plattel wrote:
while since I implemented it.
http://phaedrus77.blogspot.de/2010/04/samba4-ad-domain-controller-to-serve.html?showComment=190497132#c1731870195842128401
has my notes on setting up the Solaris clients. Linux was mostly similar
enough with further
On 12/07/12 10:41, Quinn Plattel wrote:
Hi,
I am trying to configure the nslcd service on an Ubuntu client for kerberos
authentication against samba4. My /etc/nslcd.conf contains the following:
uid nslcd
gid nslcd
uri ldapi:///cofil01.mydomain.net
base dc=mydomain,dc=net
sasl_mech GSSAPI
Hi there,
I have a samba server (version 3.6) named 'lnbxservcid' which is already
a member of a domain whose PDC is another samba server (version 3.4).
I'm using the standard samba3 packages from centos and from servnet (as
CentOS.4 comes with only samba 3.0.x, but later CentOS releases came
On Thursday 12 July 2012 1:31:06 am Gémes Géza wrote:
Hi Miklos,
Hello Geza,
I stand chastised and apologize. I didn't mean to hijack someone's
thread. I also didn't plan to ask for help in Hungarian, and this is just
a coincidence.
However, if you can help me I'll take whatever I
yes, i found your windows/linux setup via google earlier, but the setup was
based on OpenSuse which made it a little difficult in some areas when it
comes to Ubuntu - particularly the nfs server setup section.
But thanks for the info! :-)
br,
Quinn
On Thu, Jul 12, 2012 at 2:23 PM, steve
On 12/07/12 17:07, Quinn Plattel wrote:
yes, i found your windows/linux setup via google earlier, but the setup
was based on OpenSuse which made it a little difficult in some areas
when it comes to Ubuntu - particularly the nfs server setup section.
But thanks for the info! :-)
There's an
I have been using them on servers, so there are no KDE/Gnome specific stuff
there. They work fine, although I haven't tested them in GUI environment.
Probably, samba packages could be uninstalled with `--nodeps` flag and then
replaced with the SerNet ones.
Anyway, rebuilding yourself from SRPMS
2012-07-12 10:47 keltezéssel, Charalampos Anargyrou írta:
I have finally found out that my problems had to do with wrong
certificates.
The commands I used to generate the certificates where taken from
http://k5wiki.kerberos.org/wiki/Pkinit_configuration
I downloaded and built heimdal 1.5.2
With help from members here I've successfully installed 3.6.6 to a test
machine and reproduced the same problem as with 3.5. So now I'm back to
trying to install 3.4.8 to see if the problem exists there.
Any guidance on a failure for the compiled binaries to launch with no clues
in any log?
Or a
I read the bugreport that Dale linked and ended up using the workaround listed
there.
Changes made to '/etc/samba/smb.conf' follow:
@@ -28,9 +28,12 @@
winbind enum users = Yes
winbind enum groups = Yes
panic action = /usr/share/samba/panic-action %d
-idmap config
Hi Steve,
Thanks for the info - that helps a lot!
I can see that the /etc/init.d/nslcd script in Ubuntu needs modifying in
order for k5start to work. It uses -u to specify an alternate principal
which you don't use in your example.
The script uses host/client.example.com as an alternate
You would better consult the Samba Core Team about this particular issue.
Maybe that feature is broken in recent releases.
---
wbr, Denis.
On Thu, Jul 12, 2012 at 11:40 PM, Randy Rue randy...@gmail.com wrote:
With help from members here I've successfully installed 3.6.6 to a test
machine and
On 12/07/12 20:30, Quinn Plattel wrote:
Hi Steve,
Thanks for the info - that helps a lot!
I can see that the /etc/init.d/nslcd script in Ubuntu needs modifying in
order for k5start to work. It uses -u to specify an alternate principal
which you don't use in your example.
The script uses
From the same source as the 3.6 rpms I've installed 3.4.17. It works,
almost. I can log in using an AD account, and the user has a UID matching
the AD Unix Attribute UID and a GID matching that of the Unix Attributes
Primary Group. The only weird part is that on login I get an error id:
cannot
I am trying to install Exchange 2010 with Samba. I am able to install the
Management tools but setup of the Mailbox role fails. Is this known to
work with Samba 4.0 beta 3? The release notes mention that Samba beta 3 is
able to handle installation of exchange but some issues prevent run-time
I think you might be missing some stuff in the prior config you had.
The following works for me with Samba 3.6.6:
idmap config * : backend = tdb
idmap config * : range = 100-199
idmap config MYDOMAIN : backend = rid
idmap config MYDOMAIN : range = 1000-99
idmap
How is Samba 3.6 against ADS broken? I have Samba 3.6.6 on SL6.2 with
ADS and it's running great...
In fact on my Windows 7 laptop, with my SSH client, I can SSH in with
kerberos, no password entering is needed. :-)Same with Linux to Linux.
If you really have to install Samba 3.4 against
If you configure PAM and kerberos properly, you do not need to do a
kinit first. I get them automatically when I login. They automatically
renew when I type my password into the GNOME screensaver.
Btw, I am also using Samba 3, not Samba4.
On 07/11/2012 03:07 AM, Quinn Plattel wrote:
Btw,
What is the lwopen idmap backend? First I've heard of that one:-)
Also, why are you setting your homedir template as /dev/null, and yet
shell as /bin/true? That's pretty goofy..=-O
On 07/10/2012 07:20 AM, velusamy Krishnan wrote:
Hi,
I have followed the all the steps given, in
I'm pretty sure that would be samba3x, not samba3 for RHEL/CentOS 5.
On 06/06/2012 09:07 AM, John Doe wrote:
From: Hoover, Tony hoo...@sal.ksu.edu
CentOS 5 does have a newer samba available. To get it:
yum remove samba
yum install samba3
or to get really fresh samba, use the SerNet repos.
Is it possible to build samba without waf?
It has slowed down my local samba builds by a factor of 5-10x -- it
seems to lack
any parallelism, and on a 12 core machine, that really sucks.
When going through it's tests, it's noticeably slower than the configure
shell
tests that do the same...
The branch, master has been updated
via 19e8002 s3/torture: adjust dependency to fix build when no winbind
was build before
via b865cdd s3: make log message of FSCTL_IS_VOLUME_DIRTY more clear
via a93f56a test: fix compile warning on test summary
from 2cc38ac
The branch, master has been updated
via 1ee95e4 s3: rename sid_check_is_in_our_domain() to
sid_check_is_in_our_sam()
via c43505b s3: rename sid_check_is_domain() to sid_check_is_our_sam()
via ac2644b s3:passdb: remove commented out pdb_lookup_names code
from 19e8002
The branch, master has been updated
via 622eb59 s3: Make us survive base-delaywrite with aio enabled
via 67e7e14 s3: Factor out mark_file_modified
from 1ee95e4 s3: rename sid_check_is_in_our_domain() to
sid_check_is_in_our_sam()
The branch, master has been updated
via e454681 Linux-specific optimization in aio_open code.
via a7c63ac Set fsp-initial_allocation_size before calling
open_file_ntcreate().
via 775014b Make sure we reset fsp-initial_allocation_size to zero if
we didn't create the file.
The branch, master has been updated
via bf650a1 s4:registry:regdiff: use existing talloc context for the
event context
via 342ab97 s4:registry:regdiff: add TALLOC_CTX * argument to
open_backend()
via 6ee16ce s4:registry: add a TALLOC_CTX argument to reg_open_remote()
The branch, master has been updated
via 5a9ce8b Use HAVE_FSYNC, we bothered to test for it.
from bf650a1 s4:registry:regdiff: use existing talloc context for the
event context
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log
The branch, master has been updated
via d29e1880c8ce7219e065d31b47b0e8ad9e83146d (commit)
from a0a0f5588445aeabe07b0e4d65087db454dc09da (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master
- Log -
commit
The tag, 1.2.40 has been created
at 0a9484c20cb0d3cd58c0ffeabca81c7b9aeca12d (commit)
- Log -
commit 0a9484c20cb0d3cd58c0ffeabca81c7b9aeca12d
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Mon Feb 6 09:22:37 2012
The tag, ctdb-1.0.112 has been created
at 64ae8b0702cfdc44a778e0cc3705dd685f9f6ab0 (commit)
- Log -
commit 64ae8b0702cfdc44a778e0cc3705dd685f9f6ab0
Author: Martin Schwenke mar...@meltin.net
Date: Tue Jan 12 21:07:45 2010
The tag, ctdb-1.2.40 has been created
at 0a9484c20cb0d3cd58c0ffeabca81c7b9aeca12d (commit)
- Log -
commit 0a9484c20cb0d3cd58c0ffeabca81c7b9aeca12d
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Mon Feb 6 09:22:37
The annotated tag, ctdb-1.2.45 has been created
at 0f0cec3f3b87917f13ffe79b7c95b1f3e4ad5f56 (tag)
tagging 95efb0cffb19a4311d706b2fd7031834a2711022 (commit)
replaces ctdb-1.9.1
tagged by Martin Schwenke
on Thu Jul 12 14:06:47 2012 +1000
- Log
The branch, 1.2.40 has been updated
via 95efb0cffb19a4311d706b2fd7031834a2711022 (commit)
via 32d6d39626df46a1c0bb21554497685279ead88a (commit)
via 0c6d9b84b12d32cb8f563f441377eaf2c9648b99 (commit)
via e609b63bc3dd2eb838fbf11997a49730c89a6a5e (commit)
from
The branch, master has been updated
via 15fedb3 s3-auth Remove unused global_machine_account_needs_changing
via d55cde1 s3-auth Remove confusing reference to
global_machine_password_needs_changing
via 70de501 s4-provision: Provide YP/NIS subtree to allow ADUC to see
and
40 matches
Mail list logo