[Samba] samba-tool and --kerberos
Stefan Kania
stefan at kania-online.de
Mon Oct 19 12:48:54 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
smbclient is an executable so you just need "-k". Samba-tool ist
Python-stuff and an option neeeds an Argument so you have to use "-k yes
"
Am 19.10.15 um 14:27 schrieb mathias dufresne:
> You're right, but I tried successfully -k only with smbclient which
> accept -U and -k together (now I'm here I must say smbclient uses
> -k without argument).
>
> For net command I was not able to make -k nor "--kerberos yes"
> m707:~# net rpc service list --kerberos=yes Could not connect to
> server 127.0.0.1 The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
>
> m707:~# net rpc service list -S m707 -k=yes
>
> Invalid option -k=yes: unknown option Usage: Use 'net help rpc' to
> get more extensive information about 'net rpc' commands. Use 'net
> help rap' to get more extensive information about 'net rap'
> commands. ....
>
> m707:~# net rpc service list -S m707 --kerberos yes Usage: net rpc
> service list
>
>
> Only "--kerberos=yes" seems to work: m707:~# *net rpc service list
> --kerberos=yes -S <DCname>* Spooler "Print
> Spooler" NETLOGON "Net Logon" RemoteRegistry
> "Remote Registry Service" WINS "Windows Internet
> Name Service (WINS)"
>
> I'll try to propose some modification of associated man pages but
> I'm quiet lazy...
>
> 2015-10-19 13:57 GMT+02:00 Stefan Kania <stefan at kania-online.de>:
>
> Am 19.10.15 um 13:05 schrieb mathias dufresne:
>>>> Hi Stefan,
>>>>
>>>> Thank you a lot for that, it helped me much.
>>>>
>>>> To be a bit more precise, thanks again to your example, to
>>>> authenticate samba-tool command using --kerberos: syntax is
>>>> "-k yes" or "--kerberos=yes" or "--kerberos yes" AND -U
>>>> username must not be present.
> You are using Kerberos because you don't want to use "-U
> administrator" :-)
>>>> "-k=yes" is not working.
> No
>>>>
>>>> 2015-10-19 11:59 GMT+02:00 Stefan Kania
>>>> <stefan at kania-online.de>:
>>>>
>>>> You have to use "-k yes" for example:
>>>>
>>>> samba-tool user list -k yes
>>>>
>>>> Bevor you can use it, you must get a Ticket with "kinit
>>>> administrator"
>>>>
>>>> Stefan
>>>>
>>>> Am 19.10.15 um 10:49 schrieb mathias dufresne:
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I recently tried to use --kerberos switch in addition
>>>>>>> to some samba-tool command (mainly samba-tool user
>>>>>>> create) without any success. The man page of samba-tool
>>>>>>> is quiet shy on that subject: -k
>>>>>>> KERBEROS|--kerberos=KERBEROS Use Kerberos
>>>>>>>
>>>>>>> Looking into samba-tool python script, in fact into
>>>>>>> /usr/lib64/python2.7/site-packages/samba/netcmd/user.py,
>>>>>>> I can't find any reference to kerberos. Perhaps the
>>>>>>> piece of --help telling we can use that switch comes
>>>>>>> from other script (samba-tool itself?) and not related
>>>>>>> to samba-tool user command, in that case inclusion of
>>>>>>> that piece of help should be reviewed.
>>>>>>>
>>>>>>> Anyone knows how to use --kerberos successfully with
>>>>>>> samba-tool?
>>>>>>>
>>>>>>> Best regards,
>>>>>>>
>>>>>>> mathias
>>>>>>>
>>>>
>>>>
>>>>>
>>>>> -- To unsubscribe from this list go to the following URL
>>>>> and read the instructions:
>>>>> https://lists.samba.org/mailman/options/samba
>>>>>
>
>>
>> -- To unsubscribe from this list go to the following URL and read
>> the instructions: https://lists.samba.org/mailman/options/samba
>>
- --
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org
Mein Schlüssel liegt auf
hkp://subkeys.pgp.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iEYEARECAAYFAlYk5rYACgkQ2JOGcNAHDTaipACg0GCmKE5y9JJiF5joJ+jepSN1
j28AoJ7G2Udh80LjTt7PbJgfeQdItW1l
=wN4f
-----END PGP SIGNATURE-----
More information about the samba
mailing list