search for: _active_directory_

...at ldap.mydomain.com for UID, GID, and UNIX groups. 5. Given information returned from step 4, check user authorization against share definition requirements and permit access for user with UID and GID set as per LDAP lookup. And it's essentially just: https://wiki.samba.org/index.php/Samba,_Active_Directory_%26_LDAP that works with Samba 4.8.0 and winbindd instead of relying on the old Samba fallback mechanism. How can this be accomplished with winbind? Kind regards, Ryan P.S. This may be a fairly common use case, since each large organization may deploy Kerberos authentication via AD but relative...

...dows 7 clients to authenticate using their domain login credentials (winbindd and Active Directory) but be authorized (i.e. perform user/group lookup) against a separate OpenLDAP server? This was easy in previous versions of Samba with the fallback mechanism (https://wiki.samba.org/index.php/Samba,_Active_Directory_%26_LDAP). It seems to be more complicated once winbind must be involved. LONG VERSION It seems like SSSD, and people bringing it up, isn't very popular on the lists. Despite its mention below, I am happy with a solution that involves it or not, and I can work out how to modify it after I get s...

...ace, you need to ask on the sssd-users mailing list. > After reading a lot about idmap conf and idmap backends, I'm thinking that what I've been doing is not expressible with idmap. What I need is what is described, much better than I did, here: https://wiki.samba.org/index.php/Samba,_Active_Directory_%26_LDAP That is: Samba will authenticate against AD, and then utilize the normal 'getent' system calls to gather the uid/gid numbers, and those will come from OpenLDAP, and/or the local system files as configured within the nsswitch.conf file. Is this type of setup still possible? --...

...ailing list. > > > > After reading a lot about idmap conf and idmap backends, I'm thinking > that what I've been doing is not expressible with idmap. > > What I need is what is described, much better than I did, here: > > https://wiki.samba.org/index.php/Samba,_Active_Directory_%26_LDAP > > That is: > > Samba will authenticate against AD, and then utilize the normal > 'getent' system calls to gather the uid/gid numbers, and those will > come from OpenLDAP, and/or the local system files as configured > within the nsswitch.conf file. > >...

...ticate using their domain login credentials (winbindd and Active > Directory) but be authorized (i.e. perform user/group lookup) against > a separate OpenLDAP server? > > This was easy in previous versions of Samba with the fallback > mechanism (https://wiki.samba.org/index.php/Samba,_Active_Directory_%26_LDAP). > It seems to be more complicated once winbind must be involved. > > LONG VERSION > It seems like SSSD, and people bringing it up, isn't very popular on > the lists. Its not that it isn't popular, it is that Samba cannot support it because Samba does not produce it...

...ive > > > Directory) but be authorized (i.e. perform user/group lookup) against > > > a separate OpenLDAP server? > > > > > > This was easy in previous versions of Samba with the fallback > > > mechanism ( > > https://wiki.samba.org/index.php/Samba,_Active_Directory_%26_LDAP). > > > It seems to be more complicated once winbind must be involved. > > > > > > LONG VERSION > > > It seems like SSSD, and people bringing it up, isn't very popular on > > > the lists. > > Its not that it isn't popular, it is tha...

...your member server. > 5. Given information returned from step 4, check user authorization against > share definition requirements and permit access for user with UID and GID > set as per LDAP lookup. > > And it's essentially just: > > https://wiki.samba.org/index.php/Samba,_Active_Directory_%26_LDAP I'd say it isn't, in the sense that you want to have share definition authorization, which are enforced by Samba (which then would require Samba to know about group membership et al.). If you don't have any share authorization, then UI guess you should be able to use filesys...

I've just updated my samba 2.4.6 to samba 2.4.7 via updating Fedora 26 to 27 System was working in F26. But in F27 users cannot connect to the service definitions: $ smbclient //turing/ngaywood Enter UNE\ngaywood's password: Anonymous login successful tree connect failed: NT_STATUS_ACCESS_DENIED The server system is configured as (testparm output): [global] auth methods = guest