Displaying 20 results from an estimated 67 matches for "auth_provider".
2016 Sep 02
4
Samba4 and sssd authentication not working due "Transport encryption required."
..., pam
> > debug_level = 5
> >
> >
> > [nss]
> >
> >
> > [pam]
> >
> >
> > [domain/xxx.xx]
> > ldap_referrals = false
> > enumerate = true
> >
> > id_provider = ldap
> > #access_provider = ldap
> > auth_provider = ldap
> > ldap_uri = ldap://xxx-DC-A.xxx.xxx:389
> > ldap_id_use_start_tls = False
> > ldap_auth_disable_tls_never_use_in_production = true
> > ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx
> > ldap_default_authtok_type = password
> > ldap_default_a...
2013 Apr 14
1
sssd getent problem with Samba 4.0
...e.
/etc/nsswitch.conf
passwd: compat sss
group: compat sss
/etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = default
[nss]
[pam]
[domain/default]
access_provider = simple
#simple_allow_users = myuser
enumerate = false
cache_credentials = True
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
krb5_realm = HH3.SITE
krb5_server = hh16.hh3.site
krb5_kpasswd = hh16.hh3.site
ldap_uri = ldap://hh16.hh3.site/
ldap_search_base = dc=hh3,dc=site
ldap_tls_cacertdir = /usr/local/samba/private/tls
ldap_id_use_start_tls = False
ldap_default_bind_dn = cn=lynn2,cn=Users,dc...
2016 Sep 03
1
Samba4 and sssd authentication not working due "Transport encryption required."
...default when i installed samba4 , did it create any
> .crt file , if yes where? which i can use in sssd tls authenticaiton ?
> Thanks for the help
>
>
> # A native LDAP domain
> [domain/LDAP]
> enumerate = true
> cache_credentials = TRUE
>
> id_provider = ldap
> auth_provider = ldap
> chpass_provider = ldap
>
> ldap_uri = ldap://ldap.mydomain.org
> ldap_search_base = dc=mydomain,dc=org
> tls_reqcert = demand
> ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
>
>
>
> On Fri, Sep 2, 2016 at 10:09 PM, Rowland Penny via samba <
> sa...
2016 Sep 02
3
Samba4 and sssd authentication not working due "Transport encryption required."
...]]] [be_run_offline_cb] (3):
Going offline. Running callbacks.
my sssd configuation is bellow
[sssd]
config_file_version = 2
domains = xxx.xxx
services = nss, pam
debug_level = 5
[nss]
[pam]
[domain/xxx.xx]
ldap_referrals = false
enumerate = true
id_provider = ldap
#access_provider = ldap
auth_provider = ldap
ldap_uri = ldap://xxx-DC-A.xxx.xxx:389
ldap_id_use_start_tls = False
ldap_auth_disable_tls_never_use_in_production = true
ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx
ldap_default_authtok_type = password
ldap_default_authtok = xxxxxxxx
ldap_schema = rfc2307bis
ldap_user_searc...
2015 May 11
2
sssd on a DC
...now identical across these two machines.
In case anyone needs it, my sssd.conf is very simple. I'm using the
standard sssd that comes with CentOS 6.6 (which is 1.11.6). Conf file
is:
[sssd]
config_file_version = 2
domains = domain.tld
services = nss, pam
[domain/domain.tld]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
ldap_id_mapping = True
ldap_schema = ad
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
--
"If we knew what it was we were doing, it would not be called
research, would it?"
- Albert Einstein
2023 Nov 24
1
Sudoers in Samba LDAP
Hi,
I have a DC on samba 4.17.12
I want store sudoers in LDAP, and use sssd for get rules from LDAP.
I was configured sssd.conf
[sssd]
config_file_version = 2
services = nss, pam, sudo
user = _sssd
domains = TEST.ALT
[nss]
[sudo]
[pam]
[domain/TEST.TLD]
dyndns_update = true
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
debug_level = 0
ad_gpo_ignore_unreadable = true
ad_gpo_access_control = permissive
ad_update_samba_machine_account_password = true
cache_credentials = false
sudo_provider = ad
ldap_sudo_search_ba...
2014 Jul 23
1
sssd problems after dc1 is no longer online
...5
debug_level = 8
[nss]
[pam]
[domain/default]
debug_level = 8
ldap_schema = rfc2307bis
id_provider = ldap
access_provider = simple
ldap_referrals = false
ldap_force_upper_case_realm = true
# on large directories, you may want to disable enumeration for
performance reasons
# enumerate = true
auth_provider = krb5
chpass_provider = krb5
ldap_sasl_mech = gssapi
ldap_sasl_authid = EPO$@SAMBA.COMPANY.COM
krb5_realm = SAMBA.COMPANY.COM
#krb5_server = dc2.samba.company.com, dc3.samba.company.com
krb5_server = x.y.143.15, x.y.143.16
#krb5_kpasswd = dc2.samba.company.com, dc3.samba.company.com
krb5_kpasswd =...
2016 Sep 03
0
Samba4 and sssd authentication not working due "Transport encryption required."
...see that sshd has this option, can
you just tell me by default when i installed samba4 , did it create any
.crt file , if yes where? which i can use in sssd tls authenticaiton ?
Thanks for the help
# A native LDAP domain
[domain/LDAP]
enumerate = true
cache_credentials = TRUE
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://ldap.mydomain.org
ldap_search_base = dc=mydomain,dc=org
tls_reqcert = demand
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
On Fri, Sep 2, 2016 at 10:09 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 2 Sep 2...
2023 Nov 24
1
Sudoers in Samba LDAP
...et rules from LDAP.
>
> I was configured sssd.conf
>
> [sssd]
> config_file_version = 2
> services = nss, pam, sudo
> user = _sssd
> domains = TEST.ALT
>
> [nss]
> [sudo]
> [pam]
>
> [domain/TEST.TLD]
> dyndns_update = true
> id_provider = ad
> auth_provider = ad
> chpass_provider = ad
> access_provider = ad
> default_shell = /bin/bash
> fallback_homedir = /home/%d/%u
> debug_level = 0
> ad_gpo_ignore_unreadable = true
> ad_gpo_access_control = permissive
> ad_update_samba_machine_account_password = true
> cache_credentials =...
2015 Jul 02
2
Secondary groups not recognized by Samba
...sssd.conf
#!==============================================================
[sssd]
domains = mydomain.com
config_file_version = 2
services = nss, pam, pac
[domain/mydomain.com]
ad_server = dc01.mydomain.com
ad_domain = mydomain.com
krb5_realm = MYDOMAIN.COM
cache_credentials = True
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
ldap_schema = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = False
fallback_homedir = /home/%d/%u
ldap_search_base = dc=mydomain,dc=com?subtree?
ldap_group_search_base = dc=mydomain,dc=com?subtree?(objectClass=grou...
2023 Nov 24
1
Sudoers in Samba LDAP
...>>
>> [sssd]
>> config_file_version = 2
>> services = nss, pam, sudo
>> user = _sssd
>> domains = TEST.ALT
>>
>> [nss]
>> [sudo]
>> [pam]
>>
>> [domain/TEST.TLD]
>> dyndns_update = true
>> id_provider = ad
>> auth_provider = ad
>> chpass_provider = ad
>> access_provider = ad
>> default_shell = /bin/bash
>> fallback_homedir = /home/%d/%u
>> debug_level = 0
>> ad_gpo_ignore_unreadable = true
>> ad_gpo_access_control = permissive
>> ad_update_samba_machine_account_password...
2013 Oct 01
1
Should I forget sssd ?
...gt; [domain/radiodjiido.nc]
> dyndns_update = false
> ad_hostname = serveur.radiodjiido.nc
> ad_server = serveur.radiodjiido.nc
> ad_domain = radiodjiido.nc
> ldap_schema = ad
> id_provider = ad
> access_provider = simple
> enumerate = true
> cache_credentials = true
> auth_provider = krb5
> chpass_provider = krb5
> krb5_realm = RADIODJIIDO.NC
> krb5_server = serveur.radiodjiido.nc
> krb5_kpasswd = serveur.radiodjiido.nc
> #next line only lists users with uidNumber/gidNumber entered via ldbedit
> ldap_id_mapping = false
> ldap_referrals = false
> ldap_u...
2015 Jan 07
1
Password Must Change using SSSD in Samba 4.1.10
...ces = nss, pam
domains = EXAMPLE
sbus_timeout = 30
[nss]
filter_users = root
filter_groups = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
offline_credentials_expiration = 0
[domain/EXAMPLE]
entry_cache_timeout = 600
entry_cache_group_timeout = 600
min_id = 1000
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_schema = rfc2307bis
ldap_uri = ldap://smbad.intra.example.com:390/
ldap_search_base = dc=intra,dc=example,dc=com
cache_credentials = true
krb5_server = smbad.intra.example.com:8880
krb5_realm= INTRA.EXAMPLE.COM
ldap_default_bind_dn = cn=admin,dc=intra,dc=example,...
2019 Oct 16
3
Can't setup kerberos auth for samba4 server?
...rvices = nss, pam, autofs
domains = ADA.DE <http://ada.de/>
debug_level = 0x0270
[domain/ADA.DE <http://ada.de/>]
enumerate = true
cache_credentials = True
krb5_realm = ADA.DE <http://ada.de/>
ldap_search_base = dc=ada,dc=de
krb5_server = ad01.ada.de, ad02.ada.de
id_provider = ad
auth_provider = ad
ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/cacerts
debug_level = 0x0270
[nss]
homedir_substring = /home
debug_level = 0x0270
[pam]
debug_level = 0x0270
[sudo]
debug_level = 0x0270
[autofs]
debug_level = 0x0270...
2014 May 20
2
Ubuntu client ddns failure
Hi
I'm trying to get an Ubuntu 14.04 client to update its rr to a working
bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE
clients with sssd 1.11.15
sssd.conf
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
/etc/hosts
127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop
127.0.1.1 localhost
But it is sending a request for the wrong zone:
Kerberos: ENC-TS Pre-authentication succeeded --
LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5
Kerberos: AS-REQ...
2016 Jun 23
2
sssd.conf file missing
...lemkhomedir --enablesssd -update
# chkconfig sssd on
# service sssd restart
Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following:
[<domain>.org]
enumate = true
cache_credentials = TRUE
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://ldap.<domain>.org
ldap_search_base = dc=<domain>,dc=org
tls_reqcert = demand
ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt
If there are any additions or corrections that I need to make, please let me know.
I reran the service sssd re...
2015 May 11
2
ldap host attribute is ignored
...=YYY,o=XXX
> ldap_schema = rfc2307bis
> id_provider = ldap
> ldap_user_uuid = entryuuid
> ldap_group_uuid = entryuuid
> ldap_id_use_start_tls = True
> enumerate = False
> cache_credentials = False
> ldap_tls_cacertdir = /etc/openldap/cacerts/
> chpass_provider = ldap
> auth_provider = ldap
> ldap_tls_reqcert = never
> ldap_user_search_base = ou=YYY,o=XXX
> access_provider = ldap
> ldap_access_order = host
> ldap_user_authorized_host = host
> autofs_provider = ldap
>
> [sssd]
> services = nss, pam, autofs
> config_file_version = 2
> domains = d...
2016 Jun 23
3
sssd.conf file missing
...t;>
>> Initially, I ran into problems because I had not created an sssd.conf file. Eventually I did create one, and its contents are the following:
>>
>> [<domain>.org]
>> enumate = true
>> cache_credentials = TRUE
>>
>> id_provider = ldap
>> auth_provider = ldap
>> chpass_provider = ldap
>>
>> ldap_uri = ldap://ldap.<domain>.org
>> ldap_search_base = dc=<domain>,dc=org tls_reqcert = demand
>> ldap_tls_cacert /etc/pki/tls/certs/ca-bundle.crt
>>
>> If there are any additions or corrections that I...
2014 May 20
1
ddns failure on Ubuntu client
Hi
I'm trying to get an Ubuntu 14.04 client to update its rr to a working
bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE
clients with sssd 1.11.15
sssd.conf
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
/etc/hosts
127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop
127.0.1.1 localhost
But it is sending a request for the wrong zone:
Kerberos: ENC-TS Pre-authentication succeeded --
LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5
Kerberos: AS-REQ...
2015 May 11
3
ldap host attribute is ignored
On 05/09/2015 01:24 PM, Jonathan Billings wrote:
> Is it normal to have pam_unix and pam_sss twice for each each section?
No. See my previous message. I think it's the result of copying
portions of SuSE configurations.