Displaying 20 results from an estimated 1000 matches similar to: "nslcd service - "Client not found in Kerberos database""
2013 Oct 26
2
lost with AD auth
Hi all,
Well, I'm completely lost with AD authentification ...
server is :
Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu
Samba 4.0.10 installed (and upgraded) via git, setup as unique Active
Directory Domain Controller
( -> how to upgrade to 4.1 via git ?? )
I 'just' would like that the local services (let's say only dovecot and
postfix) can query AD to authentifiate
2013 Aug 28
2
nslcd: kerberos vs. simple bind
Hello,
I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it
was drifting away from it's origin question :-)
I played this afternoon a bit with nslcd and kerberos for extending my
Wiki HowTo. But as more as I read, one question comes bigger and bigger:
What are the advantages of kerberos against simple bind with DN and
password?
Simple bind method: Create a
2012 Jan 17
1
Samba 4 and GSSAPI kerberos ldap connect
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
to /etc/nslcd.conf
and restart nslcd, no one can connect to the database. Nothing works.
ldapsearch and getent passwd draw a blank.
ldapsearch -x -b '' -sbase
2014 Oct 05
1
What is wrong with my nslcd configuration?
I can't get my domain users presented to my local machine with getent
passwd and the wiki
https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
doesn't give me any steps troubleshoot this issue. My best guess it that
I configured the user account incorrectly or I configured nslcd
incorrectly. I can't exactly see what is the problem.
I get these messages from
2012 Jan 11
6
Samba 4 kerberos and kinit
Hi
After starting Samba 4, before anyone can do anything, Administrator has
to do a kinit to get a new ticket. This creates a cache /tmp/krb5cc_0
with an expiry time.
I've created a host principal and put it into the keytab:
samba-tool spn add host someuser
samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE
How can I keep Samba 4 up without having to get a new
2020 Jun 22
2
Winbind help - with domain migration.
Hello guys
I need some lights to migrate a Winbind/Samba share to a new AD.
My scenario is:
I have an old AD running on a Debian 9 and Samba 4.5.16 with many
replication issues.
Then I decided to create a new one from the scratch using Debian 10 and
Samba 4.12.2 (and everything is working perfectly). I have migrated all the
accounts/machines/etc from old to new domain without any problem.
Both the
2012 Jan 15
3
Samba 4 ldb_wrap open of idmap.ldb
Hi everyone
Version 4.0.0alpha18-GIT-bfc7481
I'm using nslcd to map Samba 4 users to uid:gid and home directory. At
startup I get this:
ldb_wrap open of secrets.ldb
WARNING: no socket to connect to
and /var/log/messages shows:
Jan 15 14:20:13 hh3 nslcd[2425]: [334873] failed to bind to LDAP server
ldap://h
h3.site/: Can't contact LDAP server: Transport endpoint is not connected
Jan
2012 May 23
2
multi home dir locations
Hi all,
i've got samba 3.6 joined to a ad domain (s4 in this case)
running winbind
all looks ok, but i ran into a problem (for us that is)
i've got 2 groups (students and employes)
who have there home dirs in 2 different places.
/home/students/<user>
/home/employ/<user>
so far so good, but i can't make the [homes] work for both of them (just
1 group)
in winbind
2012 Jul 09
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?
Hi,
I am doing some kerberos testing with samba4 using ssh. I have setup
samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and
active directory seems to be working both with Windows and Linux clients.
ssh unfortunately is not kerberos authenticating via GSSAPI. The client
krb5.conf contains this:
=====================================================
[libdefaults]
2017 Jul 01
1
integrating samba with pam
On Sat, 1 Jul 2017 19:27:09 +0100, Rowland Penny via samba wrote:
> On Sat, 01 Jul 2017 14:19:13 -0300
> Guido Lorenzutti wrote:
>
>>
We used to hide some information from our windows group, to make acls
only in unix groups. But well.. i think we can start sharing that info
with the domain groups.
>
> You can do something very similar by using
ACLs, create groups in AD,
2019 Apr 12
3
Sudo rules in samba with winbind
Hello All,
I am currently changing my samba linux clients (Debian) from sssd binding
to winbind.
With sssd I had all sudo rules within the samba active directory.
The configuration was based on:
https://lists.samba.org/archive/samba/2016-April/199402.html
Is there some guideline like the one mentioned available/has someone
already experience with this for winbind based clients?
Within the
2015 Mar 04
2
Is there a listprincs equivalent?
I joined a machine. net ads testjoin says OK. The join exported a
keytab, which among others contains MACHINE$@REALM. However, trying
k5start I get "Client not found in Kerberos database". Also kinit -t
/etc/krb5.keytab MACHINE\$@REALM claims that the client was not found.
But then, how did it come into the keytab?
Is there a tool to list the principals in AD?
Kind regards,
-
2017 Jul 01
3
integrating samba with pam
On Sat, 1 Jul 2017 16:30:25 +0100, Rowland Penny via samba wrote:
> On Sat, 01 Jul 2017 11:48:21 -0300
> Guido Lorenzutti via samba
wrote:
>
>> Hi there! I been using samba3 with ldap for years, and now
im about to move to samba4 to leave the slapd.
>
> I take it you mean
that you use Samba as an AD DC
Exactly.
>> I didnt try yet to migrate
the directory from
2012 Jul 12
8
Linux SSO with samba4?
Hi,
I think it is great that samba4 has a single sign on solution for Windows
platforms and it seems to work well too, but I am wondering is it possible
to do the same for a Linux environment? I have been studying how to
implement single sign on using the Ubuntu way through this document:
https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can
do the same with samba4 where the
2014 Nov 08
7
[Bug 2310] New: functionality to start process before ssh and/or to "wrap" such command around ssh
https://bugzilla.mindrot.org/show_bug.cgi?id=2310
Bug ID: 2310
Summary: functionality to start process before ssh and/or to
"wrap" such command around ssh
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2014 Nov 19
1
Cannot bind to AD using nslcd
Hi Again - following on from my last request for help, I'm now attempting to
setup LDAP auth against my working samba4 AD.
Simplistically, I'm trying initially to SSH into my AD server (working)
using nslcd.
I've tried method #1 from
https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns
lcd
My simple config is:
uid nslcd
gid nslcd
uri
2013 Jan 31
1
Strange nslcd error with ldap database
Greetings,
I've got a S4 DC joined to a Windows 2008 R2 DC. I'm using the s4bind scripts to add uidNumber/gidNumber/etc entries to LDAP, and I've got nss-pam-ldap installed on the S4 server. I had this working back in December, but since installing the latest stable build, getent passwd is throwing this error,
[8b4567] <passwd="myuser"> passwd entry
2013 Aug 15
2
Remote linux auth vs samba4: winbind or nslcd + openldap.
I'm lost in documentation.
I setup a samba4 AD, and configured winbind so I can have local
authentification using pam, I can now login to AD users v?a ssh.
I want to achieve the Holy Gria of 1 source of users and password, for
both, linux and windows machines, but I'm lost in documentation.
So far I know:
samba4 cann't use openldap as backend.
samba4 ldap doesn't really is a full
2014 Dec 29
6
Samba4 and sssd, keytab file expires?
Hi all.
I have the following setup:
1st dc is on CentOS 6 with Sernet samba 4.1.13
2nd dc is on Debian 7 with Sernet samba 4.1.13
The 2 dc work as expected.
on CentOS I was able to configure sssd to work
on Debian I'm using winbind
Now I have a 3rd server which is CentOS 7 with samba 4.1.1 from CentOS
repository.
This system serves as a file server and works ok with samba, but I have
a
2020 Jun 22
0
Winbind help - with domain migration.
On 22/06/2020 21:00, Daniel Lopes de Carvalho via samba wrote:
> Hello guys
> I need some lights to migrate a Winbind/Samba share to a new AD.
> My scenario is:
> I have an old AD running on a Debian 9 and Samba 4.5.16 with many
> replication issues.
> Then I decided to create a new one from the scratch using Debian 10 and
> Samba 4.12.2 (and everything is working perfectly).