search for: enablekrb5

On 21/06/2019 15:39, Edouard Guign? via samba wrote: > Hello, > > I am facing 2 issues now. > The first one is the more critical for me... > > 1. When I switch from sssd to winbind with : > # authconfig --enablekrb5 --enablewinbind --enablewinbindauth > --enablemkhomedir --update > > My sftp access did not work. Does it change the way to pass the login ? > I used to connect in sftp with userlogin / userpassword > > //var/log/secure :// > / > > /Jun 21 11:08:31 [localhost] sshd[17379...

...; >>>> >>>> Who is responsible for the developpement of the "Winbind plug-in" >>>> used for accessing SMB shares from SSSD clients ? >>>> Samba team or RHEL SSSD team ? > > Make sure smb.conf is set up correctly > > authconfig --enablekrb5 --enablewinbind --enablewinbindauth > --enablemkhomedir --update > > Check that the passwd, group and shadow lines in /etc/nsswitch.conf > look like this: > > passwd:???? files winbind > group:????? files winbind > > shadow:?? files > > yum remove sssd* > >...

Hi I read and used the article http://blog.wazollc.com/Lists/Posts/Post.aspx?ID=2 to authenticate my ad accounts when logging on to cent 5...however, once I edit the nsswitch.conf file, I can't even log on as root or any local users anymore. Kinit seems to initialize fine doing a kinit username at MYDOMAIN.COM , however doing a getent passwd adusername ....it just sits there in the shell and

The company where I work is mostly a Windows shop, but I run a few CentOS servers and desktops. I have configured my systems as follows with Kickstart: authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX \ --nisserver=nis1.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \ --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com The /etc/nsswitch.conf file looks like this: passwd: files nis shadow: files nis group: files nis The NIS services are provided by the Windows Domain controllers using Windows Unix Services (or somet...

oups.. that was the reason # authconfig --disablesssd --disablesssdauth --enablekrb5 --enablewinbind --enablewinbindauth --enablemkhomedir --update ssh sftp works now Thank you very much Rowland. Le 21/06/2019 ? 12:57, Rowland penny via samba a ?crit?: > On 21/06/2019 16:49, Edouard Guign? via samba wrote: >> Yes, I have only one domain. >> >> Even after ad...

...iled password for usertest from x.x.x.x port 44090 ssh2// //Jun 21 12:43:59 [localhost] sshd[5938]: fatal: Access denied for user usertest by PAM account configuration [preauth]/ The system seem to look first for sssd (pam_sss) and then for pam_winbind, even if I perform before : # authconfig --enablekrb5 --enablewinbind --enablewinbindauth --enablemkhomedir --update Edouard Le 21/06/2019 ? 12:21, Rowland penny via samba a ?crit?: > On 21/06/2019 15:39, Edouard Guign? via samba wrote: >> Hello, >> >> I am facing 2 issues now. >> The first one is the more critical for me...

...configuration files to work with CentOS 6 and am most of the way there integrating a CentOS 6 system into our LDAP/NIS environment. My authconfig line in the kickstart file is as follows: authconfig --enablemd5 --passalgo=sha512 --enablenis --nisdomain=XXX --nisserver=nis.XXX.com --useshadow --enablekrb5 --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com This is virtually identical to the authconfig line I was using in CentOS 5. My issue is that users cannot log in with their network (NIS) usernames and passwords. If I log in as root, I can do a "su - username" a...

I found what I needed to do DOMAIN=MIND.UNM.EDU SHORT=MIND authconfig --enablekrb5 --krb5kdc=${DOMAIN} --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} --smbservers=${DOMAIN} --smbworkgroup=${SHORT} --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash --enablemkhomedir --enablewinbinduse...

My idea is to replace default "cifs_idmap_sss.so" plugin by "idmapwb.so" winbind plugin, in order to SSSD becomes a client of winbind. To avoid to change nsswitch.conf : passwd:???? files sss shadow:???? files sss group:????? files sss into passwd:???? files winbind shadow:???? files winbind group:????? files winbind because I need an other access in sftp, this is using

Hello, I am facing 2 issues now. The first one is the more critical for me... 1. When I switch from sssd to winbind with : # authconfig --enablekrb5 --enablewinbind --enablewinbindauth --enablemkhomedir --update My sftp access did not work. Does it change the way to pass the login ? I used to connect in sftp with userlogin / userpassword //var/log/secure :// / /Jun 21 11:08:31 [localhost] sshd[17379]: Invalid user sftpuser from x.x.x.x por...

...passwd: files nis shadow: files nis group: files nis Our systems are configured using something similar to the following in our Kickstart config file: authconfig --enablemd5 --passalgo=sha512 --enablenis ?nisdomain=XXX \ --nisserver=nis.XXX.com,nis2.XXX.com --useshadow --enablekrb5 \ --krb5realm=XXX.COM --krb5kdc=ldap.XXX.com --krb5adminserver=ldap.XXX.com <http://ldap.xxx.com/> where nis1 and nis2 are the local AD domain controllers. With this configuration, any user can log into any CentOS system, and their home directory is automatically mounted over NFS with au...

...ff.sadowski at gmail.com> wrote: > fedora's authconfig must edit a bunch of files > > On Mon, Oct 30, 2017 at 10:53 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >> I found what I needed to do >> DOMAIN=MIND.UNM.EDU >> SHORT=MIND >> authconfig --enablekrb5 --krb5kdc=${DOMAIN} >> --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind >> --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} >> --smbservers=${DOMAIN} --smbworkgroup=${SHORT} >> --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash...

...uld use 'root'. Can I suggest you get another DC and upgrade Samba whilst doing so, 4.4.x is EOL as far as Samba is concerned. You can get Centos 4.8.6 packages here: http://www.ezplanet.net/xwiki/bin/view/EzPlanetRepo/ You could try running something like this on your DC: authconfig --enablekrb5 --enablewinbindauth --enablewinbindkrb5 --disablesssd --disablesssdauth --enableforcelegacy --enablemkhomedir --update and restart Samba Rowland

...MB shares from SSSD clients. " >>> >>> Who is responsible for the developpement of the "Winbind plug-in" >>> used for accessing SMB shares from SSSD clients ? >>> Samba team or RHEL SSSD team ? Make sure smb.conf is set up correctly authconfig --enablekrb5 --enablewinbind --enablewinbindauth --enablemkhomedir --update Check that the passwd, group and shadow lines in /etc/nsswitch.conf look like this: passwd:???? files winbind group:????? files winbind shadow:?? files yum remove sssd* You should be good to go

...ince: * I can't use winbind on a DC * I can't use SSSD with the sernet packages it looks like the best thing to use is LDAP. I've configured it with: authconfig --enableldap --enableldapauth --ldapserver=ldap://ad.example.com --ldapbasedn=dc=ad,dc=example,dc=com --enablerfc2307bis --enablekrb5 --update (I get "error reading information on service winbind: No such file or directory" but I just ignore it as it looks like it configured LDAP) and added entries to /etc/pam_ldap.conf so it ends up looking like this: base dc=ad,dc=example,dc=com binddn "CN=Unix LDAP,OU=Servic...

fedora's authconfig must edit a bunch of files On Mon, Oct 30, 2017 at 10:53 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > I found what I needed to do > DOMAIN=MIND.UNM.EDU > SHORT=MIND > authconfig --enablekrb5 --krb5kdc=${DOMAIN} > --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind > --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} > --smbservers=${DOMAIN} --smbworkgroup=${SHORT} > --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash > --enablemkh...

Hello! I have recently gone through the hassle of trying to get a CentOS 5 server (no gui) with Samba to use ADS for security. After several days of googling and trying different howtos I finally got it working, I now want to write a howto for CentOS 5, Samba 3.0 and Windows Server 2003 SP2. Basically it's a combination of http://www.howtoforge.com/samba_ads_security_mode and

It’s Centos 7 and I thought all I had to do was set up nsswitch.conf for it to work. cordially yours, Sina Owolabi Mob: +2348034022578 Skype: darkchild2011 On 9 Nov 2017, 4:24 PM +0100, Rowland Penny via samba <samba at lists.samba.org>, wrote: > On Thu, 9 Nov 2017 15:58:04 +0100 > Sina Owolabi <notify.sina at gmail.com> wrote: > > > Yes I did setup libnss_winbind.

Hi Running Samba 4.9 AD DC on CentOS 7 and would like to join the server to the domain that it serves out. This is to manage user access to roaming profiles. Can anyone advise whether this is 1. Possible 2. Advisable 3. What pitfalls there are Thanks Tony Walsh ************************************************************************************* The information contained

...ointer to a method to set the ldap auth credentials with samba 4.2? Setup: Domain member server 1 – originally setup using SL7.0, samba 4.1, hosting the ldap server, winbind, bound to AD, net idmap secret * worked fine: # yum install samba-winbind samba-winbind-clients pam_krb5 # authconfig --enablekrb5 --krbkdc=dc.domain --krb5adminserver=dc.domain --krb5realm=REALM --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=REALM --smbservers=dc.domain --smbworkgroup=WORKGROUP --winbindtemplatehomedir=/path /%U --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain --update # net...