search for: ad_domain

...e run 3 x SLES9 SP3 and the same problem occurs in all three environments, the backtraces for panic'd smbd processes of all three hosts are essentially the same as what I posted before. Kernel: 2.6.5-7.97-bigsmp and Samba: Version 3.0.24-SerNet-SuSE. SMB.conf inline below (I've swapped <ad_domain> for our dom.tld): ------------------------------------- [global] workgroup = <ad_domain> domain master = no local master = no preferred master = no os level = 0 username map = /etc/samba/smbusers map to guest = Bad User logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile...

...2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2014/09/18 11:20:26.973284, 1] smbd/service.c:1114(make_connection_snum) xxx.xx.xxx.xxx (xxx.xx.xxx.xxx) connect to service topfolder initially as user AD_DOMAIN\testuser (uid=71691, gid=70513) (pid 2757) [2014/09/18 11:20:26.973753, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client xxx.xx.xxx.xxx read error = NT_STATUS_CONNECTION_RESET. [2014/09/18 11:20:26.973914, 1] smbd/service.c:1378(close_cnum) xxx.xx.xxx.xx...

...h someotheruser:x:15008:10011::/home/UNICITY/someotheruser:/bin/bash yetanotheruser:x:15009:10011::/home/UNICITY/yetanotheruser:/bin/bash .... # getent group Domain Guests:x:10020: Domain Users:x:10011: Schema Admins:x:10015: Kinit doesn't work quite right: # kinit Password for administrator@AD_DOMAIN: (Works) # kinit -k kinit(v5): Client not found in Kerberos database while getting initial credentials (Obviously doesn't) The biggest issue appears to be with PAM. Local and ssh logins using AD_DOMAIN accounts. Neither work and fail without notification to the user, but the following appe...

...14 15:38:32 sambaserver smbd[1778]: [2007/06/14 15:38:32, 0] lib/util.c:smb_panic(1607) Jun 14 15:38:32 sambaserver smbd[1778]: smb_panic(): calling panic action [/bin/sleep 90000] Versions Distro: SLES9 (SP3) Kernel: 2.6.5-7.97-bigsmp Samba: Version 3.0.24-SerNet-SuSE Samba config below (<ad_domain> changed, but orig followed sub.dom.tld format): ---------------------------- [global] workgroup = <ad_domain> domain master = no local master = no preferred master = no os level = 0 username map = /etc/samba/smbusers map to guest = Bad User logon path = \\%L\profil...

...attributes specified above populated. AD groups have gidNumer populated. I do not have selinux or firewalld running. Kinit ?k CENTOS0000$ returns fine Can perform id lookups on active directory users. Regards, Zach My current configuration is as follows: cat /etc/sssd/conf.d/100_ad.conf [domain/ad_domain] ad_server = dc1, dc2 ad_domain = DOMAIN.COM krb5_realm = DOMAIN.COM dyndns_update = false id_provider = ad auth_provider = ad access_provider = ad cache_credentials = True ad_access_filter = (uidNumber=*) ldap_id_mapping = False ldap_sudo_search_base = OU=Linux,DC=domain,DC=com debug_level = 8 [s...

...clear: What I am trying to understand here is why there have to be a few failures after the service restart. After the first privilege has eventually been set successfully, all the others go through just fine. Here is the content of the files: ******** /etc/resolv.conf nameserver 127.0.0.1 search ad_domain.main_domain main_domain ******** /etc/hostname dc1 ******** /etc/hosts 127.0.0.1       localhost public_ip       dc1.ad_domain.main_domain dc1 # The following lines are desirable for IPv6 capable hosts ::1     ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-...

...e gidNumer populated. > I do not have selinux or firewalld running. > Kinit ?k CENTOS0000$ returns fine > Can perform id lookups on active directory users. > > Regards, > Zach > > My current configuration is as follows: > > cat /etc/sssd/conf.d/100_ad.conf > [domain/ad_domain] > ad_server = dc1, dc2 > ad_domain = DOMAIN.COM > krb5_realm = DOMAIN.COM > dyndns_update = false > id_provider = ad > auth_provider = ad > access_provider = ad > cache_credentials = True > ad_access_filter = (uidNumber=*) > ldap_id_mapping = False > ldap_sudo_sear...

...true # Uncomment if the client machine hostname doesn't match the computer object on the DC. #ad_hostname = invisad.invis-ad.loc # Uncomment if DNS SRV resolution is not working #ad_server = invisad.invis-ad.loc # Uncomment if the domain section is named differently than your Samba domain #ad_domain = invis-ad.loc # Enumeration is discouraged for performance reasons. enumerate = true ----------------------------------------------------- With "ldap_id_mapping = true" everything works, getent passwd / group gets the user and group entries from our AD. But we want to use the sfu at...

...ample: - Use DC1 to create keytab: "samba-tool domain exportkeytab /etc/krb5.sssd.keytab --principal=dc1$" - configure sssd to point to DC2 on FS1: [sssd] config_file_version = 2 domains = DOMAIN.COM services = nss, pam debug_level=6 [domain/DOMAIN.COM] enumerate = true ad_domain = DOMAIN.COM krb5_realm = DOMAIN.COM cache_credentials = True id_provider = ad ad_hostname = dc2.domain.com ad_server = dc2.domain.com ad_domain = domain.com ldap_id_mapping = False access_provider = ad krb5_keytab=/etc/krb5.sssd.keytab debug_level=6 - service sssd restart - Now,...

...r firewalld running. > > Kinit ?k CENTOS0000$ returns fine > > Can perform id lookups on active directory users. > > > > Regards, > > Zach > > > > My current configuration is as follows: > > > > cat /etc/sssd/conf.d/100_ad.conf > > [domain/ad_domain] > > ad_server = dc1, dc2 > > ad_domain = DOMAIN.COM > > krb5_realm = DOMAIN.COM > > dyndns_update = false > > id_provider = ad > > auth_provider = ad > > access_provider = ad > > cache_credentials = True > > ad_access_filter = (uidNumber=*) &gt...

...! :) Configs are below: #!============================================================== sssd.conf #!============================================================== [sssd] domains = mydomain.com config_file_version = 2 services = nss, pam, pac [domain/mydomain.com] ad_server = dc01.mydomain.com ad_domain = mydomain.com krb5_realm = MYDOMAIN.COM cache_credentials = True id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad ldap_schema = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = False fallback_homedir = /home/%d/%u ldap_search_base =...

Shifting from a v2 samba server to v3 - Read documentation and googled LOTS but can't seem to find the bits that apply to my simple(?) server with regards to groups. # rpm -qi samba Version : 3.0.28 Vendor: Red Hat, Inc. Release : 1.el5_2.1 Source RPM: samba-3.0.28-1.el5_2.1.src.rpm Samba on server (Red Hat Enterprise Linux 5.2) IS MOSTLY WORKING... home directories

...spnego = yes kerberos method = secrets and keytab realm = EXAMPLE.DOMAIN.COM security = ads /etc/sssd/sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = EXAMPLE.DOMAIN.COM [nss] [pam] [domain/EXAMPLE.DOMAIN.COM] id_provider = ad access_provider = ad ad_domain = example.domain.com ad_server = dc01.example.domain.com, dc02.example.domain.com, dc03.example.domain.com default_shell = /bin/bash override_homedir = /home/%u

...: 1) > sudo cat /etc/sssd/sssd.conf > [sssd] > services = nss, pam > config_file_version = 2 > domains = radiodjiido.nc > [nss] > [pam] > [domain/radiodjiido.nc] > dyndns_update = false > ad_hostname = serveur.radiodjiido.nc > ad_server = serveur.radiodjiido.nc > ad_domain = radiodjiido.nc > ldap_schema = ad > id_provider = ad > access_provider = simple > enumerate = true > cache_credentials = true > auth_provider = krb5 > chpass_provider = krb5 > krb5_realm = RADIODJIIDO.NC > krb5_server = serveur.radiodjiido.nc > krb5_kpasswd = serveur...

...ocal/samba/var/locks/sysvol/XXXXXX/scripts > read only = No > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No *sssd.conf* from client [sssd] > domains = xxxx > config_file_version = 2 > services = nss, pam > [domain/xxxx] > ad_domain = xxxx > krb5_realm = XXXX > realmd_tags = manages-system joined-with-samba > cache_credentials = True > id_provider = ad > krb5_store_password_if_offline = True > default_shell = /bin/bash > ldap_id_mapping = True > use_fully_qualified_names = False > fallback_homedir =...

...1 browseable = yes writeable = yes guest ok = no public = yes wide links = yes Finally, the sssd.conf: [sssd] config_file_version = 2 domains = ad.adtest.de services = nss, pam [domain/ad.adtest.de] id_provider = ad auth_provider = ad access_provider = ad ad_domain = ad.adtest.de krb5_realm = ad.adtest.de realmd_tags = manages-system joined-with-samba cache_credentials = True krb5_store_password_if_offline = True default_shell = /bin/bash # ldap_id_mapping = True use_fully_qualified_names = False fallback_homedir = /home/%u@%d ldap_user_name = userPrincipalNa...

Am 29.04.2018 um 12:35 schrieb Zdravko Zdravkov via samba: > [sssd] >> domains = xxxx >> config_file_version = 2 >> services = nss, pam >> [domain/xxxx] >> ad_domain = xxxx >> krb5_realm = XXXX >> realmd_tags = manages-system joined-with-samba >> cache_credentials = True >> id_provider = ad >> krb5_store_password_if_offline = True >> default_shell = /bin/bash >> ldap_id_mapping = True This I think is you problem. &gt...

It looks to me like the 'winbind nss info' parameter is designed to be a space-separated list of values. I say this because: 1) i gave it two values, separated by spaces, and testparm(1) did not complain; 2) the man page ( http://www.die.net/doc/linux/man/man5/smb.conf.5.html ) gives an example of two values. Assuming that's true, how do the multiple values work together? Is order

...> > domains = EXAMPLE.DOMAIN.COM > > > > [nss] > > > > [pam] > > > > [domain/EXAMPLE.DOMAIN.COM] > > id_provider = ad > > access_provider = ad > > ad_domain = example.domain.com > > ad_server = dc01.example.domain.com, dc02.example.domain.com, > dc03.example.domain.com > > > > default_shell = /bin/bash > > override_homedir = /home/%u > Can I point out that because you...

...sswd and getent groups returns nothing. Below is my config: [sssd] services = nss, pam config_file_version = 2 domains = default [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] [domain/default] ad_hostname = bubba3-one.earth.local ad_server = bubba3-one.earth.local ad_domain = earth.local ldap_schema = rfc2307bis id_provider = ldap access_provider = simple # on large directories, you may want to disable enumeration for performance reasons enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = bubba3-one$@EARTH.LOCAL k...