Displaying 20 results from an estimated 1100 matches similar to: "How to keep idmapping, when Samba servers becomes part of a Windows AD from a larger organisation."
2013 Dec 06
1
adding AD domain users in local Linux group for acces to share
Hello,
It seems that domain user can access share when they are specified in "valid list" but not when
"valid list" use local group definition.
First if added the domain user "duser" to the group "lgroup" in /etc/group
Then i defined a samba share and add the domain user "duser in the "valid list"
[lgroup]
comment =
2013 Nov 27
0
Sharing group definitions between some server members and workstations but not with AD
Hi,
My departemental PDC/BDCs will be removed and the remaining linux file servers and workstations will joined the institutional Windows AD as member servers and workstations. I have the rights to add workstations and servers to the AD, but I will lost users administration. All that is Ok. Nervertheless, groups administration at the departement level is still usefull for me and my
2015 Nov 20
4
Authentication to Secondary Domain Controller initially fails when PDC is offline
On 11/20/2015 10:17 AM, mathias dufresne wrote:
>
>
> 2015-11-20 15:11 GMT+01:00 James <lingpanda101 at gmail.com
> <mailto:lingpanda101 at gmail.com>>:
>
> On 11/20/2015 7:40 AM, Ole Traupe wrote:
>
>
>
> Am 20.11.2015 um 11:54 schrieb mathias dufresne:
>
> Hi Ole,
>
> I'm still not answering your issue
2017 Jan 27
4
pwdLastSet, password required to change (samba vs MSAD)
Hi,
We are using keycloak with our samba-4.4.4 AD environment. (an ldaps
client application)
Keycloak is able to ask users to change their passwords, when the
checkbox "require password change upon next logon" is set in ADUC.
However, in our environment (samba-4.4.4) keycloak simply refuses the
logons when tht checkbox is set. ("bad username or password")
RedHat
2017 Jan 27
1
pwdLastSet, password required to change (samba vs MSAD)
Hi Andrew and Rowland,
Two replies, so quickly! I'm impressed :-)
On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote:
> And a very interesting one at that. I'm glad to see someone has taken
> on some of the ADFS capability I hear folks ask for regularly.
Yes I agree, keycloak is very cool.
I have found the following samba bug report:
2007 Apr 23
3
Link AD to pre-existing UNIX accounts
I'm trying to use winbindd to enumerate and link AD users to their pre-
existing UNIX accounts. Right now, winbindd creates new "users" for UNIX based
on windows username and groups.
What I can't figure out is how to explicitly map the AD users to their pre-
existing UNIX accounts. I'd like the users to be able to access their UNIX
accounts with their UNIX authentication
2006 Feb 08
1
winbind can see some groups but not others
Hello,
I followed the steps at
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
for adding a v3.0.21a samba and winbindd server to a MsAD domain and
configuring nsswitch.conf to find passwd and group info from winbind.
This seems to have worked out fine, except that I can't 'see' or
'recognize' certain groups via getent or via wbinfo -g.
E.g. I can see the
2016 Sep 28
2
ad2003 schema while forest/domain at 2008R2 level
Hi everyone,
I came across this issue today while upgrading a samba4 AD. The
forest/domain level is 2008R2, however the schema partition is actually
missing the msDS-isRODC attribute (and probably a few others). It makes
the ADUC console to failed on that entry below. Here is the samba log
message (which is quite explicit :-)
Sep 28 16:55:36 srvads samba[27900]: [2016/09/28 16:55:36.819666,
2016 Aug 29
2
We need to change our AD domain
Hi Andrew,
I understand that Samba doesn't support domain renaming, which is why
I'm looking for a way to export the data from one domain and import it
into a new one. Passwords and machine accounts are not a problem and can
be ignored for this exercise. The key things I need to copy across are
user accounts and groups, as they would be an absolute pain in the rear
end to redo from
2006 Aug 10
1
winbind: group name doesn't map to a SID, but gid does
I'm using winbind v3.0.22 on Debian Linux as a source for nss info.
I have a group that was once known by winbind, but is no more:
------ beging shell except ------
# ls -ld ./
drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./
#
------ end shell except ------
It must have been known, as I was the one who chgrp'ed the dir
originally.
I know what the group name is
2013 May 02
1
named pipe, dcom and samba4
Hi everyone,
after a classicupgrade from a samba3 domain to a samba4, I have a weird
issue related to DCOM and named pipes.
The switch to samba4 went fine and everything works perfectly except one
old software that uses Windows named pipes and DCOM for client-server
communication.
When trying to access the DCOM server the software fails. The failure
can be easily reproduced with a simple
2006 Jan 31
1
windbind, 'template homedir', and macros
I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes
to auth against MsA.D. and get all their user info from MsA.D.
I recently discovered that winbind can accomplish the same without
Mssfu, as long as I'm content to be limitted by the winbind config
directives 'template shell' and 'template homedir'. I'd like to drop
sfu if I can.
The 'template
2023 May 10
1
Joining Windows Server 2022 to Samba Domain
Hi,
I'm attempting to join a Windows Server 2022 to an existing domain Im running into issues as I am trying to migrate away from Samba DCs (:sad:)
I've been able to successfully join a Windows Server 2022 to a fresh domain without much trouble after following tranquil.it<https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html>'s guide as
2006 Apr 03
8
[OT] - Career Advice
Hey everyone - I have a career-related question for you all.
I currently work full time as a Sr. Sys Admin, and have been doing
systems work for about 9 years. I have been doing web development
work on and off during this time, and have written quite a few
internal applications and scripts for several companies I worked for.
I have never worked in the full time capacity of a software developer
2018 Feb 13
4
Which DNS to use for DHCP hostname/IP updates from non-AD & AD nodes?
I am considering which DNS implementation and cannot determine exactly
when someone should use the Bind9 manner with BIND9_DLZ Module.
For my purposes, I will have AD and non-AD nodes on the network using
either DHCP or static IP addresses. Some will be Windows & Linux clients
joined on the Samba AD domain for logins. Some will be Windows & Linux
clients that are standalone using
2014 Feb 17
2
how to remove an (offline) DC from Samba 4 ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi all,
What would be the recommended way to remove an old offline DC from Samba4?
I searched in samba-tool for a way to do this, but didn't find any.
Tried using the Windows tools to manage AD Users & Computers -> Domain
Controllers -> The DC & then hit delete, however this gives an error 'cannot
find specified module'.
2002 Nov 08
0
cupsaddsmb and samba
Hello,
I tried to find a way to having the setup of cups printing working for
windows client. I end up now with
"cupsaddsmb -v -a -U root" finishing by
"Printer Driver mesange successfully installed.
Running command: rpcclient localhost -N -U'root%xxxxxxxx' -c 'setdriver
mesange mesange'
cmd = setdriver mesange mesange
result was NT_STATUS_UNSUCCESSFUL"
My
2001 May 08
1
New kex organisation and user options.
I'm in the process of updating my GSSAPI patches to the 2.9 release. However,
I've run into a slight problem with managing to get user options to play
nicely with the way that the kex code is now organised.
With the GSS kex its possible for the user to specify whether they want to
delegate their credentials to the server or not. This option is used only on
the client side (and so is
2013 Nov 05
2
Samba4, MS CAL and Windows Server as domain member
Hi everyone,
I have a licencing question : do one need to buy CAL for every user in a Samba4 domain when there is a Windows Server as a domain member, knowing that the Windows server will be accessed using SMB by Windows workstations?
As per http://www.samba.org/samba/docs/using_samba/ch01.html and many other web sites, one of the main advantage of samba is that no user CALs are required. And I
2013 Jan 23
4
Organization of Users in Samba4
Hello,
I am working on migrating from OpenLDAP using the inetOrgPerson schema to Samba4. I would like to continue to provide backwards compatibility with our existing authentication service. In OpenLDAP, users are all contained inside the People organizational unit and referenced by uid, for example:
dn: uid=myuser,ou=People,dc=example,dc=com
When using samba-tool to add a user, it places the