search for: adsdomain

...hare. Here is the scenario as I experienced it (names have been changed to protect the innocent): Configuration: - Samba 3.0.21b as a member server in a real NT4 domain (security = domain) called 'NTDOMAIN' - NTDOMAIN has a two-way trust with Windows 2003 Active Directory domain 'ADSDOMAIN' - User 'fred' has an account on NTDOMAIN (NTDOMAIN+fred) and is a member of the 'sales' group on NTDOMAIN (@NTDOMAIN+sales) - User 'wilma' has an account on ADSDOMAIN (ADSDOMAIN+wilma) and is a member of the 'sales' group on ADSDOMAIN (@ADSDOMAIN+sales) If...

Hello, Now, I'm faced with a problem: I need to be able to login using the same username that I bind against using ldapsearch, and not the sAMAccountName given to me via winbind. ie. to login using one of my AD usernames right now, I issue: su - ADSDOMAIN+username1 but the binddn I use to search the ldap directory is, say, username2: ldapsearch -x -W -D"username2" samaccountname=bla I'd like to be able to do: su - ADSDOMAIN+username2 and for winbind to recognize username1 and username2 as the same user account, and authenti...

...n explicitly set "valid user" can access the share. It should be accessible to "sambausers", but that doesn't work. I can also logon as ADS-user on the samba box and get a shell. In smb.conf: [p] comment = Documents path = /home/samba/p read only = No valid users = @"ADSDOMAIN\sambausers" # valid users = @"LIHH\SambaUsers" (doesn't work either) # valid users = ADSDOMAIN+username (this works) create mask = 0750 browsable = Yes I the log file /var/log/samba/log.xpclient I always get: user 'ADSDOMAIN+username' (from session setup) not permitted...

Hi I have Samba 3 running on Fedora 4, configured to use pam_winbind to validate user logins against my W2K ADS. Logins are fully functional using names such as adsdomain.adsuser (I have the fullstop character configured as my winbind seperator). This is all working fine. What I would now like to do, is to have a Kerberos ticket from the ADS Kerberos realm issued to the user that has just logged in, without the user having to re-validate themselves using kinit....

> -----Original Message----- > > I've tried to use the pam_krb5 module, but as pam modules > validate the user as given, pam_krb5 is trying to match the > password to adsdomain.adsuser@ADSDOMAIN.REALM.... so it fails. > Pam_krb5 can be configured to convert winbind usernames back into principal names, by means of some regexp matching and template filling magic. It it 'underdocumented' - perhaps you even need to grab the source RPM and look there? I can'...

...o go to the Samba server from Win2k/XP clients, no problem, fully authenticated by the ADS infrastructure. Then I realized that the "winbind trusted domains only" function didn't actually seem to be working -- my understanding is that if I have it enabled, and two users such as "ADSDOMAIN.COM+joeuser" and a Unix user "joeuser (@uid: 513)", then as soon as "joeuser" trys to connect from his XP desktop to the Samba server, it should say "aha! - we already have a Unix joeuser @ uid 513, so I'll automap ADSDOMAIN.COM+joeuser to uid 513 (not some random...