search for: gidnumer

Hi everyone, I know this one has been addressed before. I have had so much trouble getting the IDEALX scripts to work that I set about writing my own and they almost work. The trouble is with the add machine script. The first time I do the join, I get an access denied error message on WinXP. I have verified that an entry for the machine was successfully created in ldap. Then, I try again

I've been trying to do this for days, and I think I'm really close. It's become one of those so-close-yet-so-far sorts of things. I'm running Gentoo -- all sync'ed up and current as of a week ago -- with the following package versions: openldap-2.1.30-r5 pam_ldap-178-r1 nss_ldap-239-r1 smbldap-tools-0.9.1-r1 phpldapadmin-0.9.5 (very cool, I must say!) samba-3.0.14a-r2

...ied". Creating folders within the share and changing ACLs for these works without issues, it's just the root folder of the share I have problems with. I chose to go with the ad IDMAP backend. Of course, all recommendations are followed: - Administrator and Domain Admins have no uidNumber/gidNumer set, all others do. Though that shouldn't be relevant at this point since I'm only accessing the shares from Windows. - Administrator is mapped to root in user.map - SeDiskOperatorPrivilege was given to new group "Unix Admins" which owns the shares, together with root. Which still...

Hi all, Just a quick question about login scripts for a large number of users who change rooms a lot. I have several rooms each with a printer, and nearly a thousand users divided into two main groups - pupils and teachers who change rooms on a routine basis. Is it possible to set up multiple login scripts that would be executed in sequence i.e. run by user is %u, and machine is %m is it

...EGO login failed: NT_STATUS_LOGON_FAILURE Some additional notes: I do not have winbind running. It was my understanding that sssd and winbind do not play well together: is it one or the other in this case? The AD user objects have the four linux attributes specified above populated. AD groups have gidNumer populated. I do not have selinux or firewalld running. Kinit ?k CENTOS0000$ returns fine Can perform id lookups on active directory users. Regards, Zach My current configuration is as follows: cat /etc/sssd/conf.d/100_ad.conf [domain/ad_domain] ad_server = dc1, dc2 ad_domain = DOMAIN.COM krb5_re...

...n the share and changing > ACLs for these works without issues, it's just the root folder of the share > I have problems with. > > I chose to go with the ad IDMAP backend. Of course, all recommendations are > followed: > > - Administrator and Domain Admins have no uidNumber/gidNumer set, all > others do. Though that shouldn't be relevant at this point since I'm only > accessing the shares from Windows. > - Administrator is mapped to root in user.map > - SeDiskOperatorPrivilege was given to new group "Unix Admins" which owns > the shares, togeth...

...hese works without issues, it's just the root folder of the > share > > I have problems with. > > > > I chose to go with the ad IDMAP backend. Of course, all recommendations > are > > followed: > > > > - Administrator and Domain Admins have no uidNumber/gidNumer set, all > > others do. Though that shouldn't be relevant at this point since I'm only > > accessing the shares from Windows. > > - Administrator is mapped to root in user.map > > - SeDiskOperatorPrivilege was given to new group "Unix Admins" which owns &gt...

...r running CentOS 7.9 with the system provided Samba packages (4.10.16-24.el7_9). It is joined to an Active Directory domain and acting as a member server. The active Directory domain has a user object with among others, the following attributes defined sAMAccountName = m12345678 gecos = Zach Detest gidNumer = 12345678 uid = zach_detest uidNumer = 12345678 unixHomeDirectory = /home/m12345678 userPrincipalName = zach_destest at domain.tld The smb.conf on the server looks like this: [global] additional dns hostnames = dct-hanas-2.domain.tld debug class = Yes debug pid = Yes...

...T_STATUS_LOGON_FAILURE > > Some additional notes: > I do not have winbind running. It was my understanding that sssd and winbind do not play well together: is it one or the other in this case? > The AD user objects have the four linux attributes specified above populated. AD groups have gidNumer populated. > I do not have selinux or firewalld running. > Kinit ?k CENTOS0000$ returns fine > Can perform id lookups on active directory users. > > Regards, > Zach > > My current configuration is as follows: > > cat /etc/sssd/conf.d/100_ad.conf > [domain/ad_domain]...

...ept the group 'domain users' > with gid of 60001). > > The following output shows the current mapping from the AD DC:: > > # getent group > root:x:0: > ... > SAMDOM \domain admins:x:3000008: This shows that 'Domain Admins' doesn't have a 'gidNumer' attribute > SAMDOM \domain users:x:60001: Whilst 'Domain Users' does > > # getent passwd > SAMDOM\user1:*:30002:60001::/home/SAMDOM/user1:/bin/bash > SAMDOM\user2:*:30007:60001::/home/SAMDOM/user2:/bin/bash > SAMDOM\user3:*:30008:60001::/home/SAMDOM/use...

...RE > > > > Some additional notes: > > I do not have winbind running. It was my understanding that sssd and winbind do not play well together: is it one or the other in this case? > > The AD user objects have the four linux attributes specified above populated. AD groups have gidNumer populated. > > I do not have selinux or firewalld running. > > Kinit ?k CENTOS0000$ returns fine > > Can perform id lookups on active directory users. > > > > Regards, > > Zach > > > > My current configuration is as follows: > > > > cat /e...

I've spent some time updating, upgrading and generally consolidating an old Samba AD. I've managed to remove a very old unsupported (4.2) Samba AD DC following migration to a couple of new DC's - that seems to have worked out OK. Workstation logons and GPO's working fine. I'm now left with one problem after joining a new Samba (4.5.12) member server to the domain for file

A problem here getting winbind traffic to be encrypted using Kerberos. I have set up a test environment with a pair of servers (actually lxc containers): - samba server (ubuntu 16.04, stock samba 4.3.11) - client machine (ubuntu 16.04) joined with "net ads join" and winbind The client machine has the following in /etc/samba/smb.conf: ------- [global] #netbios name = client-ad