i have 2 machines:
first machine: Samba
second machine: LDAP + Kerberos
I found to many tutorials that samba is installed on the same machine as LDAP + Kerberos. is there like a tutorial how samba can be integrated with kerberos from different machine?
I have the following version of centos,kerbose and samba (Samba version 3.0.33-3.29.el5_5.1, krb5-libs-1.6.1-36.el5_5.5 , krb5-workstation-1.6.1-36.el5_5.5 , centos-release-5-5.el5.centos) i have configured it and qhw i givit give me the following error Failed to set password for machine account NT_STATUS_ACCESS_DENIED) Failed to join domain: Access denied
[Code]...
I am unable to join a W2K or XP machine to a Samba PDC. I have tried to make this work on both 8.04 LTS and 10.04 LTS without success. Everything else works but I cannot add machine accounts "on the fly" using the "add machine script" as provided in the server guide. I have been able to make it work by enabling the root user but not as a user with admin privileges and sudo in the script. Despite multiple attempts including a new 10.04 install and following the instructions (in the 9.10 server guide) to the letter. Does anyone out there have a samba PDC actually running on Ubuntu and able to add machines on the fly without enabling the root account (i.e using SUDO in the script and a user from the admin group)?
View 1 Replies View RelatedIt takes 45min to transfer 10MB from my laptop to my replacement server. It takes 1minute to transfer the same 10MB from my laptop to the old server.
All connections are equal. Both servers are plugged to the same router.
Details: I have decided to migrate away from my Proliant 1600 to a slightly newer less complex piece of hardware.
Both machines are LAMP installs. Both are setup to be maintained headless 99% of the time and gnome is launched from the command line only when it is needed.
The older machine has more things running on it than the replacement. The replacement has nothing running that the older machine does not have.
Old box runs Ubuntu 6.06 but was fully updated a month ago. Replacement box runs Ubuntu 10.10 and was fully updated just last night.
smb.conf was the same on both boxes other than the share locations. Reading trying to fix it myself, I did put some known speedup lines into the new box's smb.conf, but it did not make a noticeable difference.
Hardware:
Old box,
Proliant 1600 = 1998 small server tech. (weighs 50lbs w/o drives)
single 500mhz xeon (upgradable to 2 600mhz, though they are hard to find reasonably priced)
1GB SDRAM with ECC
[Code].....
It does not matter what share/drive/partition I transfer to on either machine. The result is always the same.
On the newer computer CPU usage rarely goes over 50% and it has not had to go into swap at all yet.
I have an Ubuntu server that's part of a Windows domain and requires Kerberos authentication when connecting to its Samba shares.I have an Ubuntu desktop machine that is capable of obtaining Kerberos tickets via kinit and can successfully connect to the Samba share on my Ubuntu server using Kerberos authentication via smbclient.
View 2 Replies View RelatedIm having trouble setting my SAMBA server correctly. I have two Win machines, one with WIN7 and one with XP. I have one Ubuntu machine and Ubuntu Server 10.04. My problem is that I can only acess files from the Win 7 Machine. When I try to map out the shared dirs on my serverI get asked for user and password, when I enter my creditensials it dosent help.. What to do? I used the sample smb.conf file and open for no restrictions..
[Code]....
How to install kerberos on a local machine ?
View 10 Replies View RelatedIs it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.
View 1 Replies View RelatedI have a samba server for company file shares but we do not use domain services or active directory service. Each workstation is its own standalone system. (And we want to keep it this way.) I would like to have some centralized authentication though, and it looks like Kerberos will provide that. After a lot of searching though, I can't find any instructions for setting up samba to authenticate users using kerberos without an ADS (active directory service) or domain. Is this possible?
View 1 Replies View RelatedTrying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.
I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.
When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.
I've currently got Ubuntu server configured so that clients can login using LDAP user accounts that I've created using ldapadduser (from the ldapscripts package).
I've also got NFS exports working so that /home can be exported to clients. Kerberos authentication is enabled for NFS and clients require a nfs/clienthostname.domain principal to be able to mount the NFS share.
However, I now realise that for LDAP users to be able to access the mount they need their own Kerberos principal. If I run kinit dan@DANBISHOP.ORG then I can access /home/dan as user dan otherwise I get permission denied.
My question then is how best to proceed... is there a way to configure the client/server so that once a client has mounted the nfs share using Kerberos, all users can access it without their own principal?
It seems more usual to create kerberos principles for all users, but then how does one manage users? Using ldapscripts is very easy, but if the admin then has to manually create kerberos principals everytime, it could become very tedious. Furthermore how do users change their password if kerberos is used for authentication?
I try to access my ubuntu machine via my Windows Machine (Samba Server on Ubuntu Machine). Anytime I try to access the machine it asks me for my password...I enter it but it says it is invalid....is there anyway to reset it? I have already tried to remove and purge everything Samba related and then tried reinstalling, but that still didn't do anything
View 2 Replies View RelatedI have installed servers(10.04 LTS Server) with Kerberos + LDAP, now I can ssh to all those servers and login with kerberos principle. But when I want to change password, I got such error:
Code:
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
Password change rejected: Password not changed.
Kerberos database constraints violated while trying to change password.
passwd: Authentication token manipulation error
passwd: password unchanged
I have search this issue but cannot any useful information. Would someone give me a direction?
I can't open 754/tcp por for kerberos propagation, the service is krb_prop.The file /etc/xinetd.conf:
Code:
defaults
{
[code]....
I am having trouble with setting up BIND9 for 6 virtual servers that use ubuntu x64 v10.10. I have main server running ubuntu as well. host name is xeonserver I would like to explain my setup first.
my router ip: 192.168.1.1/24 host server for VMs ip: 192.168.1.2/24 Then on qemu my virtual machines are in 10.0.0.0/24 network, gateway to my router is 10.0.0.1
1. kerberos.xeonserver (not configured yet) 10.0.0.2
2. dns.xeonserver (the one I have trouble with) 10.0.0.3
3. mysql.xeonserver (not configured yet) 10.0.0.4
4. apache.xeonserver (not configured yet) 10.0.0.5
5. ftp.xeonserver (not configured yet) 10.0.0.6
6. mail.xeonserver (not configured yet) 10.0.0.7
To configure it I followed instructions found on [URL]
[Code]...
I have set up a 389 DS server and a kdc. However there is not a howto or any document concerning setting up the DS as a Kerberos database back-end. Nor is there a 389 DS forum, so I am asking here and hopefully some of you could possibly help or throw in some light as to this kind of setup.I have read the 389 DS features page and the Redhat documents but there is no reference to this feature.
View 3 Replies View RelatedI am trying to configure windbind and kerberos on my Fedora 15 to connet to my Windows 2003 server environment. But I keep getting this message:
Code:
libads/kerberos.c:333(ads_kinit_password)
kerberos_kinit_password ECP01BCA$@MSA.MDSA.NET failed: Client not found in Kerberos database
Heres my krb5.conf:
Code:
[logging]
default = FILE10000:/var/log/krb5lib.log
[Code]...
I wish to prevent the samba messages (mainly nmbd and winbindd) from appearing in the system log (/var/log/messages). I want to allow samba logging to the standard samba logfiles, but prevent the syslog getting clogged up by samba. I added syslog = 0 to smb.conf and reloaded the config but the messages were still appearing. I also tried the following (and restarted the syslog via /sbin/service syslog restart) # Suppress messages from samba.
nmbd.* /dev/null
smbd.* /dev/null
winbindd.* /dev/null
For interests sake the messages I'm getting are below (I'm not concerned about the messages themselves, I can chase them up at my leisure via the samba logs) Mar 18 09:58:29 SERVER nmbd[3808]: query_name_response: Multiple (2) responses received for a query on subnet xx.yy.z.zz for name DOMAIN<1d>. Mar 18 09:58:29 SERVER nmbd[3808]: This response was from IP xx.yy.z.zz, reporting an IP address of xx.yy.z.zz.
this is my output when I try to compile samba 4.0.0 alpha 7 in Ubuntu using the spec file provided in the samba packages:
bin/mergedobj/samba-util.o: In function `file_lines_parse':
(.text+0x595c): undefined reference to `_talloc_steal'
bin/mergedobj/samba-util.o: In function `data_blob_talloc_named':[code]....
I recently upgraded from 9.04 to 9.10 and have been pulling my hair out because of it. I can't get samba 3 back on the machine. It has samba4 and it wont understand my smb.conf. All i want is samba3 back but thats not working.
View 1 Replies View RelatedI'm trying to set up a fileserver on my 10.04 machine, and access the files from Windows 7 via wifi. I can see everything alright, but the transfer speed to Windows never gets higher than 70KBps. Both computers can access the web at 800+KBps. I've also checked with an OS X machine on the same network, which was also extremely slow, so I'm fairly sure that the problem is on the server's side.
View 2 Replies View RelatedI'd like to access a samba/SSH server which itself is connected to a VPN Server, therefore acting as a VPN Client. As soon as the VPN Connection is established, samba and ssh connections to this VPN Client get a timeout. But not all of them.
To get a better understanding I made an overview. The first one is a general network overview, without any VPN Connection, the second one with the VPN Connection established.
Network Overview without VPN
I can access the server in several ways:
*From the router via ssh (router runs ipcop with busybox)
*From the laptop via ssh (putty via Windows 7)
*From the laptop via samba
*From the internet via ssh (port forwarding to the ssh server)
Everything is working as it should.
Now the server that runs ssh and samba service connects to a VPN Server on the Internet, this is also working fine. Now it gets weird. The only samba/SSH connection that is still working is ssh directly from the router to the server. Everything else gets a timeout:
*From the laptop via ssh (putty via Windows 7)
*From the laptop via samba
*From the internet via ssh (port forwarding to the ssh server)
Network Overview with VPN active
Why is that? It seems from the little understanding I have of vpn and networking, that incoming packages (like samba request from the laptop) don't get send directly back over eth0 but over the vpn connection. This seems somewhat logic, BUT ssh from the router is still working. Why from the router and not from the laptop? I really can't get my head around it.
Configuration Overview
tldr; One Client acts as VPN Client and samba/SSH Server. As soon as the VPN Connection is established samba/SSH stop working, but only partially.
I am trying to see share files on my windows machine to my linux machine. I would like an answer to how to fix the problem. This is where i am at i am using my own network to learn who to use nmap properly. I ping my whole network with nmap -sS -O. Then i used nmblookup -a which gave me the infromation i needed. Then i run smbclient -L computername -I ip address -N
This will not show me the windows os this only show me my laptop. What can i change for this to show me the other computer on this network. The port i am wanting is open. I want to be able to mount the share files and move them to my computer i am going to use the commands put and get to move the files when i am able to get to the smb: >
[Code]...
Come back to forum after long gap, after using Ubuntu for the last few years i finally move to fedora again with Fedora 15. I like this version of Fedora, it's clean & simple. But i'm having few problems as well. I want to share some folder of my fedora machine with a windows machine of my home, so that my younger brother can access those folders from his windows machine & copy files to his computer. for this i need to setup samba, i already install samba related packages. but can't start system-config-samba from Application Menu. When i go to start this, it asking for authentication & after giving password nothing happend at all! i try to start this from Command line with-
[Code]....
at present, i can browse shared folders from other machine of my home network, but my fedora machine is absent in list of machines, so my brother can't access shared folders of my machine. how can i setup samba share in my fedora machine? so that i can easily share folders with other machine just like ubuntu.
I am facing a problem which joining my linux machine to SAMBA Primary Domain Controller (Running on Centos 5). I am able to join Windows XP machine to the domain, but i have no idea how to do it on Linux Client.
View 1 Replies View RelatedI have Samba shares on a Red Hat server vmware virtual machine. We just upgraded our vmware tools and vmware hardware to vsphere and now I can't authenticate to the samba shares. It prompts for credentials, but it won't take the login. Has anyone seen this or have any idea how to fix this?
View 1 Replies View RelatedI'm running Ubuntu Server 10.04 and have a secure (SSL/TLS) FTP server on it. However, I'd like to use this FTP server to update programs I made using Microsoft Visual Studio. Unfortunately, in Microsoft's infinite wisdom, secure FTP servers cannot be used. Rather than use an insecure FTP server, I want to set up my secure FTP server to be able to access whatever I need to on the machine, and then add an insecure FTP server that only has access to the directory where I put my update files. I am currently using vsftpd as my FTP server. Is there any way that I can set up two FTP servers on this single machine?
View 6 Replies View RelatedI am unable to access samba share from my windows machine. I am getting the following error
View 9 Replies View RelatedI set up a Samba server on my openSuSE 11.2 machine and I can connect to it locally with the local ip and with my actuall ip. My friend however cannot. I tried to have him ping my ip and that wouldn't even work. I'm confused and wondering why it doesn't work. We share a lot of files and this would make both of our lives much easier.
View 9 Replies View RelatedIt took me a while..But I finally got samba to be a pdc. I was able to join a test xp machine to the new domain samba made. That part worked well. In my Swat I added a samba new user and password. restarted samba etc.. Then tried to log in from the xp with the new user name as the password. As I hit enter im waiting for it to log in..the XP machine reboots. It seems to do that ever time I try. Im sure theres something not qit right in samba.conf or is it something else.
View 9 Replies View Related
