Server :: Possible To Use Kerberos For Samba Authentication Without A Domain?
Oct 14, 2010
I have a samba server for company file shares but we do not use domain services or active directory service. Each workstation is its own standalone system. (And we want to keep it this way.) I would like to have some centralized authentication though, and it looks like Kerberos will provide that. After a lot of searching though, I can't find any instructions for setting up samba to authenticate users using kerberos without an ADS (active directory service) or domain. Is this possible?
View 1 Replies
ADVERTISEMENT
Apr 20, 2010
I've been working for hours with Samba on Ubuntu Server 9.10 (Samba version 3.4.0), trying to get it setup simply as a fileserver that performs authentication to an NT 4 server (yes, I know, old and out of date). After much struggling, I finally realized that my configuration *was* working when the clients connecting (from XP, and Win2k clients, mostly) were actually joined to the domain (where the PDC is the NT 4 Server) and logged into the domain.For various reasons, many of the Windows clients at this location don't actually log into the domain, even though they have login/passwords that are valid users on the domain and they'll typically have some drives mapped to the PDC.
By the way, I have this working on another Linux box running Samba 3.0.28, so I'm sure it's possible, I'm just lost as to how to do it.I can provide plenty more information if it would help diagnose the situation. Does anyone have an idea of how I can get this to work? I'm sure it's possible, since the exact scenario worked in a recent version of Samba.
View 1 Replies
View Related
Feb 25, 2011
I have the following version of centos,kerbose and samba (Samba version 3.0.33-3.29.el5_5.1, krb5-libs-1.6.1-36.el5_5.5 , krb5-workstation-1.6.1-36.el5_5.5 , centos-release-5-5.el5.centos) i have configured it and qhw i givit give me the following error Failed to set password for machine account NT_STATUS_ACCESS_DENIED) Failed to join domain: Access denied
[Code]...
View 10 Replies
View Related
Jun 16, 2011
Pretty much as described in the thread title. I'm running RHEL6 on both the server and the client.I followed Red Hat's own instructions to set the kdc upI have a user called krb, that has been added to the KDC and I can get a ticket from the KDC, by using
Code:
kinit -p krb
If I then try to log in to the KDC, from the KDC, with
[code]...
View 4 Replies
View Related
Apr 14, 2010
So I was trying to configure my CUPS server and checked the box marked "Use Kerberos Authentication." Now, I cannot change anything and get an unauthorized error every time I try. How can I remove Kerberos? I have access to the local computer as root and can use sudo.
View 2 Replies
View Related
Jul 17, 2010
Is it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.
View 1 Replies
View Related
Jun 27, 2011
i need to allow window domain controller user to use file share of linux.windows DC user can see the share file and directories of linux file server but not able to access.
below is brief--
I have a Linux machine which is on my network but not on my domain. I have configured SAMBA FILESERVER for file sharing purpose. I have a Windows XP PC which is on the domain(windows server) that I am trying to connect to a share on the Linux box. I supply my credentials but regardless of which login I use I always get Logon Failure. I have created an account on the Linux machine with the same user name and password as my domain account but so far no luck. Can I connect from a domain PC to a non-domain Linux box? Is there something else I should be checking?
View 14 Replies
View Related
May 13, 2010
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
View 9 Replies
View Related
Feb 13, 2011
Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.
I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.
When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.
View 3 Replies
View Related
Oct 8, 2009
I have to rename a group of machines in my little samba domain (tbd backend) but there is an ugly bug that makes this impossible. have set 'rename user script' variable corectly, also checked all configurations.When i change computer name in my windows box, it shows an error saying something like "Error calling remote procedure"Looking on server side, username for the machine gets correctly changed in /usr/passwd, and also in samba database.But samba log says:
===============================================================
[2009/10/08 11:10:32, 0] lib/fault.c:fault_report(42)
INTERNAL ERROR: Signal 11 in pid 11052 (3.0.33-3.7.el5_3.1)
[code]....
View 3 Replies
View Related
Jun 15, 2011
I am looking for some links to configure kerberos authentication for ssh.I did tried google-ing it, but could not found any good link to go ahead with it.
View 1 Replies
View Related
Sep 9, 2010
I recently upgraded my video card from a GeForce4 MX 440 AGP 8X to a GeForce FX 5500 AGP 8X. After that my 1360x768 monitor was stuck on a 1024x768 resolution. I ran system-config-display and under Hardware tab I changed the monitor setting from "Generic LCD Screen" to "1360x768 LCD Screen" with the acknowledgment that /etc/X11/xorg.conf file was been modified. After reboot the boot process stuck on:tarting kojid: Kerberos authentication failed. "Resource temporary unavailable" (11) [FAILED]I tried that with both 2.6.34.6-54 and 2.6.34.6-47 kernels available on my system.I use the latest KDE version available for Fedora.
View 1 Replies
View Related
Apr 15, 2009
I've configured kerberos authentication on my centos 5.2 box. When I kinit with a username in AD and not on the centos box, I get a TGT. However, I cannot log into the centos box as any of the AD users. This is probably a stupid question but do I also need to create the account's on the centos box that I have in AD? If so, does that mean i can then use pam to authenticate users on my cyrus imap process running on the centos box?
View 2 Replies
View Related
Mar 2, 2011
I am running Red Hat Enterprise Server 6.0 I am having issues getting kerberos configured as a client to join a domain. Im getting below error message. "Failed to join domain: failed to connect to AD: KDC has no support for encryption type"
View 9 Replies
View Related
Jun 3, 2010
I have installed keberos on my suse machine, but after installation now I am not able to login in it even with the root password. I search over the internet but could not find the solution. What to do now and how to configure Kerberos on a local machine with only local users authentication. I mean client and server both are on the same machine.
View 2 Replies
View Related
Jun 8, 2011
I have set up my KDC and telnet in the same server.
I am trying to telnet from a local PC . This is the output I am getting ..
[sudip@kdcclient root]$ telnet -a -F -x kdc
Trying 192.168.1.3...
Connected to kdc.example.local (192.168.1.3).
Escape character is '^]'.
[Code]....
So why it is asking for password ? What I am missing here ?
View 3 Replies
View Related
May 18, 2010
I had a working client installation with CentOS 5.4, using kerberos and PAM to authenticate. After an upgrade to 5.5, logins for users are no longer possible. Instead I get this:
/var/log/messages: gdm: Couldn't set acct. mgmt for <user> /var/log/secure: gdm: pam_krb5: authentication fails for '<user>': (<user@domain>): Authentication failure (Cannot read password) gdm: pam_krb5: account checks fail for '<user>': unknown reason -1765328254 (Cannot read password) gdm: pam:krb5: User not known to the underlying authentication module (Client not found in Kerberos database) "kinit <user>" still works as expected, and <user> has no problems logging in from other types of clients. Something kerberos-related apparently broke in CentOS 5.5,
View 2 Replies
View Related
Jul 28, 2010
I am not able to connect samba server from other linux pc giving error: NT Authentication Failure
But am able to access through anonymous login from linux Same is working fine will all smb users through windows. I am using rhel 5.
View 3 Replies
View Related
Mar 15, 2010
I've been fighting with the Samba server for a while and I'm a bit frustrated at this point. When I try to add machines to my domain I get the "The username could not be found error" here is my smb.conf...
Code:
[global]
workgroup = INMANONE
netbios name = PDC
server string = Inman Domain Controller
os level = 64
security = user
passdb backend = tdbsam
domain logons = yes
domain master = yes
local master = yes .....
View 3 Replies
View Related
Sep 21, 2010
I want to set a log off script for samba domain users. Actually I am facing a huge temp files related problem. So I want to set a batch file which will run when domain user log off. When user logout then batch file run and delete all temp files.I have already set batch file local group policy and it works for me, but I wants to set it from server side.
View 1 Replies
View Related
Feb 1, 2011
I'm configuring a classroom based on Linux (just Linux, without Windows) with user mobility. What I want is that any student will use its own 'username/password' on whatever computer getting its own data and without having to define every user on every computer. As far as Samba is very useful, even when I don't need Windows support I decided to base the solution on Samba. Right now I still have some problems and the solution doesn't work in my test environment. I defined a PDC (Samba 3.5 Domain Controller) on a Fedora 13 with 'homes', starting nmb and smb and it seems to work. On a Ubuntu 10.10 Workstation I built a Samba 'Domain Member Server' starting nmb, smb and winbind.
First question: should I define 'homes' on this server or not? I assumed 'not' as the 'homes' you have to use are the ones defined on the PDC, not on the DMS.
Second question: does winbind run just on DMS? Not on the PDC too?
I defined the DMS 'machine' and some domain users on the PDC and I could 'join' the DMS to the PDC without any problem (join rpc ...) From the workstation I can use smbclient seeing a domain with two servers, one of which is the controller. I can connect to the home shares using the domain users which are authorized by the PDC. On the DMS I paid attention on nsswitch.conf and pam file running 'pam-auth-update'. So 'webinfo -u' provides a list of users on the domain, local users and domain users. The problem arrives when I try to connect from the session login screen on the workstation to 'mydomainmyuser'. PDC validates the user, if the password is right, and I get connected but not to my PDC homes.
Instead I get some errors starting with:
'could not update ICEAuthoriy file /home/mydomain/myuser/.ICEAuthority'
It seems I'm in an empty space in an open but useless session which I can close later on.
Hereafter you will see the short smb.conf reported by testparm:
PDC
[global]
workgroup = TESO-DOM
server string = Samba Server Version %v
interfaces = lo, wlan0
bind interfaces only = Yes .....
View 6 Replies
View Related
Feb 13, 2010
i have configured samba as file server in fedora 11,it works fine for both windows and linux machines .but i want to configure ldap and samba as domain controller. Googled a lot on internet every thing is confusing me .
View 2 Replies
View Related
May 3, 2010
We're still using an NT Domain Server, and Samba is already configured properly. But the problem is if the shared folder is configured in samba to be accessed by group and not the domain username, authentication fails even if the user is member of the group.
Example#1: (authentication successful)
[sharedfolder]
valid users = domain+username
Example#2:
[sharedfolder] (authentication fails)
valid users = @domaingroup
Samba version is samba-3.0.33
View 2 Replies
View Related
Feb 27, 2011
My Windows 2003 domain has three domain controllers. All of them are configured as global catalog servers, but my krb.conf and krb5.conf only contain a reference to one of them. What if the DC referenced is down? Should my files reference the other DCs? The contents of my files follow...
krb.conf
--------
MYDOMAIN.COM dc01.MYDOMAIN.COM:88
MYDOMAIN.COM dc01.MYDOMAIN.COM:749 admin server[code]...........
View 1 Replies
View Related
Jul 25, 2010
Install and configure Samba as a primary domain controller with LDAP on Linux.i setup it step by step following article without error until step 10.i want to join windows client when press user name and password for domain then display message:The following error occurred attempting to join the domain BIGTIME:
The network path was not found.
View 3 Replies
View Related
Mar 2, 2011
How do I configure samba such that AD authentication still works when a DC is down? Do I need multiple kdc, admin_server, and kpasswd_server entries in krb5.conf?
View 3 Replies
View Related
Aug 26, 2010
One of our servers crashed due to hard drive problems. We were able restore data from backups; however the only info on the samba PDC portion of the server we have are the local and domain SIDs. Armed with only this info; is there a way to recreate the previous domain so the users and machine accounts could recognize it?
View 1 Replies
View Related
Jul 5, 2010
I'm setting up a PDC Samba server on centos5.4. All tasks are well done but on adding new machine in my domain I have a this error message: Error occurred when attempt to join your machine in domain "invalid user name".
samba.log
Code:
[2010/07/05 12:34:55, 2] smbd/sesssetup.c:setup_new_vc_session(1212)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2010/07/05 12:34:55, 2] smbd/sesssetup.c:setup_new_vc_session(1212)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2010/07/05 12:34:55, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded
[2010/07/05 12:34:55, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2919)
Returning domain sid for domain RAPHAELLO -> S-1-5-21-3852106609-489253481-401883016
smb.conf .....
I think that the machine account is missed or miss matched.
View 1 Replies
View Related
Oct 21, 2010
CentoS 5.5
[root@osra ~]# rpm -q samba3x
samba3x-3.3.8-0.52.el5_5.2
[root@osra ~]# rpm -q krb5-workstation
krb5-workstation-1.6.1-36.el5_5.5
Domain controller windows 2k3 sp3
I follow those guides: [URL] and [URL]. I join the domain, I can test the user
[root@osra ~]# wbinfo -a mbottalico%
plaintext password authentication succeeded
challenge/response password authentication succeeded
[root@osra ~]# wbinfo -u
administrator
guest
krbtgt
[root@osra ~]# wbinfo -g
utenti wins
dhcp users
dhcp administrators
computer del dominio
controller di dominio
getent passwd and group ok without "DOMAIN+"
kinit e klist ok.
I can browser the samba server, but I can enter on "temp", but not in "test" (access denied)
[root@osra ~]# smbclient \\osra\test -U administrator
Enter administrator's password:
Domain=[DOMAINSHORT] OS=[Unix] Server=[Samba 3.3.8-0.52.el5_5.2]
smb: > ls
NT_STATUS_NETWORK_ACCESS_DENIED listing * (I noticed only writing this message)
[root@osra ~]# smbclient \\osra\tmp -U administrator
Enter administrator's password:
Domain=[DOMAINSHORT] OS=[Unix] Server=[Samba 3.3.8-0.52.el5_5.2]
smb: > dir .....
53488 blocks of size 2097152. 49908 blocks available
smb: > q
0 blocks of size 0. 511 blocks available .....
View 2 Replies
View Related
Aug 26, 2010
I use OpenSuse 11.3 and I successfully built a samba/openldap server. However the raoming profiles were not working so I removed the roaming profile part of the samba and the openldap using ldap account manager. I also rejoined a couple of the computers back to the domain successfully (it was not an instaneous join, it took a good minute or 2 to join each pc). Now I cannot cannot login to any of these computers with the domain credentials. I can share using the UNC path no problem and this was working find about 1 week ago.
On 1 of the computers Iw as able to finally get a log file saying this:
View 2 Replies
View Related
