similar to: How to keep idmapping, when Samba servers becomes part of a Windows AD from a larger organisation.

Hello, It seems that domain user can access share when they are specified in "valid list" but not when "valid list" use local group definition. First if added the domain user "duser" to the group "lgroup" in /etc/group Then i defined a samba share and add the domain user "duser in the "valid list" [lgroup] comment =

Hi, My departemental PDC/BDCs will be removed and the remaining linux file servers and workstations will joined the institutional Windows AD as member servers and workstations. I have the rights to add workstations and servers to the AD, but I will lost users administration. All that is Ok. Nervertheless, groups administration at the departement level is still usefull for me and my

On 11/20/2015 10:17 AM, mathias dufresne wrote: > > > 2015-11-20 15:11 GMT+01:00 James <lingpanda101 at gmail.com > <mailto:lingpanda101 at gmail.com>>: > > On 11/20/2015 7:40 AM, Ole Traupe wrote: > > > > Am 20.11.2015 um 11:54 schrieb mathias dufresne: > > Hi Ole, > > I'm still not answering your issue

Hi, We are using keycloak with our samba-4.4.4 AD environment. (an ldaps client application) Keycloak is able to ask users to change their passwords, when the checkbox "require password change upon next logon" is set in ADUC. However, in our environment (samba-4.4.4) keycloak simply refuses the logons when tht checkbox is set. ("bad username or password") RedHat

Hi Andrew and Rowland, Two replies, so quickly! I'm impressed :-) On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote: > And a very interesting one at that. I'm glad to see someone has taken > on some of the ADFS capability I hear folks ask for regularly. Yes I agree, keycloak is very cool. I have found the following samba bug report:

I'm trying to use winbindd to enumerate and link AD users to their pre- existing UNIX accounts. Right now, winbindd creates new "users" for UNIX based on windows username and groups. What I can't figure out is how to explicitly map the AD users to their pre- existing UNIX accounts. I'd like the users to be able to access their UNIX accounts with their UNIX authentication

Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the

Hi everyone, I came across this issue today while upgrading a samba4 AD. The forest/domain level is 2008R2, however the schema partition is actually missing the msDS-isRODC attribute (and probably a few others). It makes the ADUC console to failed on that entry below. Here is the samba log message (which is quite explicit :-) Sep 28 16:55:36 srvads samba[27900]: [2016/09/28 16:55:36.819666,

Hi Andrew, I understand that Samba doesn't support domain renaming, which is why I'm looking for a way to export the data from one domain and import it into a new one. Passwords and machine accounts are not a problem and can be ignored for this exercise. The key things I need to copy across are user accounts and groups, as they would be an absolute pain in the rear end to redo from

I'm using winbind v3.0.22 on Debian Linux as a source for nss info. I have a group that was once known by winbind, but is no more: ------ beging shell except ------ # ls -ld ./ drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./ # ------ end shell except ------ It must have been known, as I was the one who chgrp'ed the dir originally. I know what the group name is

Hi everyone, after a classicupgrade from a samba3 domain to a samba4, I have a weird issue related to DCOM and named pipes. The switch to samba4 went fine and everything works perfectly except one old software that uses Windows named pipes and DCOM for client-server communication. When trying to access the DCOM server the software fails. The failure can be easily reproduced with a simple

I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes to auth against MsA.D. and get all their user info from MsA.D. I recently discovered that winbind can accomplish the same without Mssfu, as long as I'm content to be limitted by the winbind config directives 'template shell' and 'template homedir'. I'd like to drop sfu if I can. The 'template

Hi, I'm attempting to join a Windows Server 2022 to an existing domain Im running into issues as I am trying to migrate away from Samba DCs (:sad:) I've been able to successfully join a Windows Server 2022 to a fresh domain without much trouble after following tranquil.it<https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html>'s guide as

Hey everyone - I have a career-related question for you all. I currently work full time as a Sr. Sys Admin, and have been doing systems work for about 9 years. I have been doing web development work on and off during this time, and have written quite a few internal applications and scripts for several companies I worked for. I have never worked in the full time capacity of a software developer

I am considering which DNS implementation and cannot determine exactly when someone should use the Bind9 manner with BIND9_DLZ Module. For my purposes, I will have AD and non-AD nodes on the network using either DHCP or static IP addresses. Some will be Windows & Linux clients joined on the Samba AD domain for logins. Some will be Windows & Linux clients that are standalone using

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi all, What would be the recommended way to remove an old offline DC from Samba4? I searched in samba-tool for a way to do this, but didn't find any. Tried using the Windows tools to manage AD Users & Computers -> Domain Controllers -> The DC & then hit delete, however this gives an error 'cannot find specified module'.

Hello, I tried to find a way to having the setup of cups printing working for windows client. I end up now with "cupsaddsmb -v -a -U root" finishing by "Printer Driver mesange successfully installed. Running command: rpcclient localhost -N -U'root%xxxxxxxx' -c 'setdriver mesange mesange' cmd = setdriver mesange mesange result was NT_STATUS_UNSUCCESSFUL" My

I'm in the process of updating my GSSAPI patches to the 2.9 release. However, I've run into a slight problem with managing to get user options to play nicely with the way that the kex code is now organised. With the GSS kex its possible for the user to specify whether they want to delegate their credentials to the server or not. This option is used only on the client side (and so is

Hi everyone, I have a licencing question : do one need to buy CAL for every user in a Samba4 domain when there is a Windows Server as a domain member, knowing that the Windows server will be accessed using SMB by Windows workstations? As per http://www.samba.org/samba/docs/using_samba/ch01.html and many other web sites, one of the main advantage of samba is that no user CALs are required. And I

Hello, I am working on migrating from OpenLDAP using the inetOrgPerson schema to Samba4. I would like to continue to provide backwards compatibility with our existing authentication service. In OpenLDAP, users are all contained inside the People organizational unit and referenced by uid, for example: dn: uid=myuser,ou=People,dc=example,dc=com When using samba-tool to add a user, it places the