[Samba] samba-tool and --kerberos

Stefan Kania stefan at kania-online.de
Mon Oct 19 12:48:54 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

smbclient is an executable so you just need "-k". Samba-tool ist
Python-stuff and an option neeeds an Argument so you have to use "-k yes
"

Am 19.10.15 um 14:27 schrieb mathias dufresne:
> You're right, but I tried successfully -k only with smbclient which
> accept -U and -k together (now I'm here I must say smbclient uses
> -k without argument).
> 
> For net command I was not able to make -k nor "--kerberos yes" 
> m707:~# net rpc service list  --kerberos=yes Could not connect to
> server 127.0.0.1 The username or password was not correct. 
> Connection failed: NT_STATUS_LOGON_FAILURE
> 
> m707:~# net rpc service list -S m707 -k=yes
> 
> Invalid option -k=yes: unknown option Usage: Use 'net help rpc' to
> get more extensive information about 'net rpc' commands. Use 'net
> help rap' to get more extensive information about 'net rap' 
> commands. ....
> 
> m707:~# net rpc service list -S m707 --kerberos yes Usage: net rpc
> service list
> 
> 
> Only "--kerberos=yes" seems to work: m707:~# *net rpc service list
> --kerberos=yes -S <DCname>* Spooler                 "Print
> Spooler" NETLOGON                "Net Logon" RemoteRegistry
> "Remote Registry Service" WINS                    "Windows Internet
> Name Service (WINS)"
> 
> I'll try to propose some modification of associated man pages but
> I'm quiet lazy...
> 
> 2015-10-19 13:57 GMT+02:00 Stefan Kania <stefan at kania-online.de>:
> 
> Am 19.10.15 um 13:05 schrieb mathias dufresne:
>>>> Hi Stefan,
>>>> 
>>>> Thank you a lot for that, it helped me much.
>>>> 
>>>> To be a bit more precise, thanks again to your example, to 
>>>> authenticate samba-tool command using --kerberos: syntax is
>>>> "-k yes" or "--kerberos=yes" or "--kerberos yes" AND -U
>>>> username must not be present.
> You are using Kerberos because you don't want to use "-U 
> administrator" :-)
>>>> "-k=yes" is not working.
> No
>>>> 
>>>> 2015-10-19 11:59 GMT+02:00 Stefan Kania
>>>> <stefan at kania-online.de>:
>>>> 
>>>> You have to use "-k yes" for example:
>>>> 
>>>> samba-tool user list -k yes
>>>> 
>>>> Bevor you can use it, you must get a Ticket with "kinit 
>>>> administrator"
>>>> 
>>>> Stefan
>>>> 
>>>> Am 19.10.15 um 10:49 schrieb mathias dufresne:
>>>>>>> Hi all,
>>>>>>> 
>>>>>>> I recently tried to use --kerberos switch in addition
>>>>>>> to some samba-tool command (mainly samba-tool user
>>>>>>> create) without any success. The man page of samba-tool
>>>>>>> is quiet shy on that subject: -k
>>>>>>> KERBEROS|--kerberos=KERBEROS Use Kerberos
>>>>>>> 
>>>>>>> Looking into samba-tool python script, in fact into 
>>>>>>> /usr/lib64/python2.7/site-packages/samba/netcmd/user.py,
>>>>>>> I can't find any reference to kerberos. Perhaps the
>>>>>>> piece of --help telling we can use that switch comes
>>>>>>> from other script (samba-tool itself?) and not related
>>>>>>> to samba-tool user command, in that case inclusion of
>>>>>>> that piece of help should be reviewed.
>>>>>>> 
>>>>>>> Anyone knows how to use --kerberos successfully with 
>>>>>>> samba-tool?
>>>>>>> 
>>>>>>> Best regards,
>>>>>>> 
>>>>>>> mathias
>>>>>>> 
>>>> 
>>>> 
>>>>> 
>>>>> -- To unsubscribe from this list go to the following URL
>>>>> and read the instructions:
>>>>> https://lists.samba.org/mailman/options/samba
>>>>> 
> 
>> 
>> -- To unsubscribe from this list go to the following URL and read
>> the instructions:  https://lists.samba.org/mailman/options/samba
>> 

- -- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iEYEARECAAYFAlYk5rYACgkQ2JOGcNAHDTaipACg0GCmKE5y9JJiF5joJ+jepSN1
j28AoJ7G2Udh80LjTt7PbJgfeQdItW1l
=wN4f
-----END PGP SIGNATURE-----



More information about the samba mailing list