search for: ad4unix

...of using nss_ldap? -----Original Message----- From: samba-bounces+letz_samba=realmspace.com@lists.samba.org [mailto:samba-bounces+letz_samba=realmspace.com@lists.samba.org] On Behalf Of markus Sent: Tuesday, November 29, 2005 11:56 PM To: Jason Gerfen Cc: samba@lists.samba.org Subject: Re: [Samba] AD4Unix & Samba-3.0.20b+winbind (UPDATE) Hi Jason, I don't really understand, why you are extending your schema with AD4Unix whilst using winbind. You don't need to. If your are using nss_ldap your schema needs some more entries to fetch unix related data like gid, uid and so on. Winbind i...

Scenario: Samba-3.0.20b domain member server on SuSE 9.3 (w/ all available patches applied) providing kerberos authentication through a Windows 2000 domain with AD4Unix services installed. Problem(s): 1. Can only view users from one OU in Active Directory (default is: CN=Users, problem container is: OU=authenticated) 2. According to log.winbind and log.smbd authentication fails with error: check_ntlm_password: Authentication for user [testj] -> [testj] F...

I have been digging around for information on this in either online and published books, but I haven't yet found the answer. I am interested in AD connective through AD Kerberos/LDAP/SFU or AD Kerberos/LDAP/AD4Unix. I have a pure win2k3 environment, so there is no backwards support via PDC emulator. Published books document older NT-like environments. *cries* If there are any documents, how-tos, etc, I would appreciate any pointers... Questions: - Is anything needed on the client configuration for Kerber...

Hi, there's a bug on bugzilla.samba.org that I'd like to comment on but it's not letting me. It's bug #242, titled "Retrieving UNIX UID/GID directly through Active Directory from schema extension" The person who posted the request talks about using AD4Unix, but I've installed Microsoft's Services for Unix and it made similar schema changes. Specifically, it added uid, gid, shell, and home directory objects, plus a nice new tab called UNIX Attributes to the user properties window of the Active Directory Users and Computers MMC. So for inst...

...s and ACLs should still work from windows. The UNIX clients don't have any users either, because all user information is taken from an AD. The setup is the following: Samba 3rc1 fileserver Win2k3 AD Server + Win2k clients and Linux clients Basically the win2k3 AD schema has been updated with AD4Unix, because we want to control gid and uid mappings manually. Then we have all linux clients mount the home directories via NFS, while windows clients do it via Samba. Linux clients use kerberos for authentication and nss_ldap for mapping uids and gids to their respective usernames and groups. This w...

Hello, I've a small Linux network, NFS amd NIS server with three clients. Each machine is running winbind to connect to a windows 2000 domain. All is working fine, I just have a problem synchronizing the uids generated by the winbind to a windows user that logs on to the Linux network. For example, on one machine a user can get uid 10000 and on another machine the same user can have uid

Hi, I've a linux client (RH8) and a MS W2K with Active Directory server. I can login from a linux agains AD with the extension schema (AD4Unix installed). I can obtain a kerberos ticket and when i use smbclient //server/share -k (kerberos authentication) all is OK, but..... When i try to mount a directory with smbmount or with mount all is ok but i've noted that the security of W2k are not respected from "linux user". In oth...

...y much much more simpler than having conversion algorithms and using tables and stuff like that. The reason why everything works this way is that we have both unix and windows servers and desktops and each share the same users. The users are really stored on a windows server, but we use nssldap and ad4unix to manually give an UID to users that require unix access. The point is that I don't need winbindd to do anything, but it seems like I have to run it to get AD to work. Regards, Edvard Fagerholm

...g on these clients (clearcase related). I have started working with winbind and reached to a point when I Joined the domain,got details using wbinfo -u/-g and su <domain user> works fine. Next stage was to be able to get same UID/GID on all clients,so after some reading I have installed AD4Unix on the DC in order to extend the AD schema to hold unix accounts details,and planned to use ldap to reach it from the clients.so far so good. My problem is that I could not get the samba/pam.d/nsswitch/kerb5 configuration to work with ldap.I am not able to su to a <domain user> as it is...

...d Linux samba file server (RedHat 7.1). The services on Linux box (imap, ftp, ssh) are configured to use pam_ldap and nss_ldap, so 'getent passwd' works fine and gets accounts from both /etc/passwd (root and a couple of accounts) and AD using LDAPS (Active Directory schema is extended with AD4Unix, so each user in AD has a valid 'Unix setting': uid/gid (1000-10000) and a '/home/%u' for a shell). I tried to configure samba to talk to AD, specifying the ldap server and 'ldap admin dn' and it even connects to AD server when I execute 'smbclient' locally on Linux...

Hi all We have the following environement: Microsoft ADS for Windows Users, NIS for Un*x Users. Samba 3.x Fileservers. Win2k/XP Clients which use CIFS to connect to the Fileserver. FreeBSD/Linux Clients which use NFS to connect to the Fileserver. For the moment, Windows User authenticate against the ADS and Un*x users authenticate against a NIS Server. Everything runs fine. But we would like

Hi there ! This is my first post and I really would like to have this stuff working ... if not, I should go to Win2k3 server .... please help me to avoid it !!!! I've been trying to integrate Mac OS X (10.3) clients to my Samba server through the Active Directory Plugin with no success. This PDC is currently working for 90 PC's with XP SP2. My server is well configured from the DNS (or

...onths ago based on RH8 which authenticate and mount homes from an AD server... The Linux stuff was straigt forward - using LibNSS/LDAP and LibPAM/{LDAP,Krb5} for authentication and samba (2.x something) to mount the home directories. Unfortunatly, this required the SFU (M$ 'version' of the AD4UNIX). This was proven to be _EXTREAMLY_ unstable! We managed to get it working, but as a long-time Linux/UNIX administrator, all I can do is shrug my sholders for the stability of this system.... It sucks, to be frank. But it's not much I can do about this. Windows clients are a majority, only som...

...h .conf file is used by which daemon (seems stupid)... use winbind the ldap.conf ? to hard stuff, so i want to use winbind instead of LDAP. LDAP is much more difficult than winbind... could test it in a few days with an standalone LDAP server/client solution. What i've done: w2k: installed ad4unix to get the new sheme there. installed SSL Cert, ad an AD-user account with the netbiosname as Name, but for logon-name linux . Then export and transfer the kerberos keytab to the linux. i could use net ads join without any problems. winbind works fine, testet with getent passwd and also wbinfo...

Hi- I'm deploying a fileserver running Samba 3.0.2a in an environment that contains NT and UNIX users. I'd like to have my fileserver set up as follows: - Users connecting to the fileserver from NT boxes are authenticated against the Win2K ADS Domain Controller. - Users connecting to the fileserver from other UNIX boxes are authenticated locally using NIS and access the shared volume

I may have a deficiency in understanding the procedure for ADS authentication with samba, but most of the server setup works so far. I have bound a Red Hat Enterprise 5 server to our windows domain, it shows up in DNS and ADS, I can ping it, but I can't get samba shares to be accessible to users, or even get the smbclient to return shares properly. wbinfo -g returns the domain groups

In reading the documentation I havn't found anything that covers the use of winbindd when authenticating against one domain (lets call it 'A') while also allowing users from a domain trusted by A (lets call it 'B'). My linux box is a member server in domain A which is a new domain we are working on transitioning to. We are not renaming because 2k server doesn't have that

Hi, I have been trying to join a Samba Domain member server to the AD and use LDAP for IDMAP storage. I have run into many strange issues and I was hoping someone can please take time to clarify things for me. I have read quite a bit (I own both the Samba books by Terpstra) and done a lot of Google searching. I think part of my problem is the unusual setup I have, as all the examples in the