search for: detertj

When winbind is configured without the 'winbind nss info =' statement (i.e. such that winbind maintains its own local map of SIDs -> UID/GIDs), the following works fine: # cd ~detertj # getent passwd detertj detertj:x:10008:10000:detertj:/home/MSOE/detertj:/bin/bash but when i try to make winbind use sfu for the mapping of SID -> UID/GID, username lookups are failing: # cd ~detertj -bash: cd: ~detertj: No such file or directory # geten...

...hat 'SATURN' is the netbios name of the win2k client machine? I'm not real clear on how this works with win2k clients... You SHOULD be able to have these clients connect by specifying in the username and password window that comes up when you fail to attach initally the username: MSOE\detertj (in your example) with the appropriate password for the detertj user account in the MSOE domain. But if you want to avoid this entirely, then you probably SHOULD add your win2k clients to the MSOE domain (if they are regular users of resources in this domain...) Hope this helps, Don -----Original...

...on pam stuff: session required pam_unix.so samba logs (debuglevel = 2)for successful connect via smbclient: ---------------------------------------------------------------- [2006/01/20 15:54:39, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [detertj] -> [detertj] -> [MSOE+detertj] succeeded [2006/01/20 15:54:39, 1] smbd/service.c:make_connection_snum(666) carlisle (155.92.193.21) connect to service detertj initially as user MSOE+detertj (uid=10008, gid=10000) (pid 7892) samba logs (degublevel=3) for failed 'net use' on...

with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD by using winbind for authentication as well as for the source of nss info. When winbind is configured to use its own local id maps, everything works fine. But when i configure winbind to use 'ad' as the source of nss info, authentication fails, 'getent' commands return no results, and 'wbinfo -r

...account required pam_winbind.so debug .htaccess file: AuthName SDLplanRealm AuthType Basic require group sdl -------------------------------------------------------- Symptoms: --------- /var/log/auth.log winbbindd entries say : pam_winbind[29410]: user 'detertj' granted access but /var/log/apache2/ssl_error_log entries say: GROUP: detertj not in required group(s). Conclusion: ----------- any suggestions as to what to try, where to look, next? Thanks -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 10...

Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the

...to a "workgroup" named "MSOE", are unable to authenticate. The /var/log/samba/log.%m file on the linux box says this: [2001/04/23 13:39:52, 0] smbd/password.c:domain_client_validate(1470) domain_client_validate: unable to validate password for user detertj in domain SATURN to Domain controller JUPITER. Error was NT_STATUS_NO_SUCH_USER. I assume that the problem is that the client says it's in the "SATURN" domain rather than the "MSOE" domain (which is the domain that JUPITER is PDC for). Any idea how to f...

I'm using winbind v3.0.22 on Debian Linux as a source for nss info. I have a group that was once known by winbind, but is no more: ------ beging shell except ------ # ls -ld ./ drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./ # ------ end shell except ------ It must have been known, as I was the one who chgrp'ed the dir originally. I know what the group name is

suggestion for minor improvement of the smb.conf manpage in the context of the 'idmap backend' parameter. At least as of v3.0.22 the manpage says: Finally, using the idmap_ad module, the UID and GID can directly be retrieved from an Active Directory LDAP Server that supports an RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"

The setting is Debian with winbind v3.0.22. The pertinent bit of winbind configuration is as follows: winbind nss info = sfu idmap backend = ad winbind enum groups = yes winbind cache time = 1800 The problem is that once in a while, typically when either: a) an ls command is given for the 1st time in a login shell session or

I've got samba v3.0.21 on server 'RELIANT' with security=ADS I want MsWin XP clients, that have logged into Microsoft AD domain 'MYDOMAIN' to be able to map a drive to 'RELIANT', and to do so without having to authenticate again. I haven't been able to do so. Here's what happens: the XP client doesn't prompt for authentication (which is good,

I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes to auth against MsA.D. and get all their user info from MsA.D. I recently discovered that winbind can accomplish the same without Mssfu, as long as I'm content to be limitted by the winbind config directives 'template shell' and 'template homedir'. I'd like to drop sfu if I can. The 'template