Displaying 15 results from an estimated 15 matches for "humgen".
2016 Aug 12
2
WINBIND: UID and GID false mappings on domain member
...uld find.
I've said I'm desperate...
Please see the configs and the tests. May the force be with you :)
Many thanks in advance!
Environment: Ubuntu Server 16.04.1 + Samba 4.3.9
### DOMAIN CONTROLLER
root at hg-dc1:/etc/samba# cat smb.conf
# Global parameters
[global]
workgroup = HUMGEN
realm = HUMGEN.0ZONE
netbios name = HG-DC1
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc
idmap_ldb:use rfc2307 = yes
dns-nameservers 127.0.0.1
tls...
2016 Aug 12
0
WINBIND: UID and GID false mappings on domain member
...se see the configs and the tests. May the force be with you :)
>
> Many thanks in advance!
>
> Environment: Ubuntu Server 16.04.1 + Samba 4.3.9
>
> ### DOMAIN CONTROLLER
> root at hg-dc1:/etc/samba# cat smb.conf
> # Global parameters
> [global]
> workgroup = HUMGEN
> realm = HUMGEN.0ZONE
> netbios name = HG-DC1
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc
>
> idmap_ldb:use rfc2307 = yes
>...
2017 Jan 17
2
SOLVED(aproximative?): Difficulties with Windows XP: failed to find cifs/fileserver.y.z@Y.Z in keytab (arcfour-hmac-md5)
...amba - General mailing list wrote
>> >> [2017/01/11 16:42:34.522067, 1]
>> >> ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token)
>> >> gss_accept_sec_context failed with [ Miscellaneous failure (see
>> >> text): Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1)
>> >> in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>> >> [2017/01/11 16:42:34.522095, 1]
>> >> ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
>> >> SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STAT...
2017 Jan 12
2
Difficulties with Windows XP: failed to find cifs/fileserver.y.z@Y.Z in keytab (arcfour-hmac-md5)
...error on the
domain_member_file_server in the file <IP-address-of-client.log> saying:
>>>
[2017/01/11 16:42:34.522067, 1]
../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text):
Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) in keytab
MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
[2017/01/11 16:42:34.522095, 1]
../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
[2017/01/11 16:42:34.525704, 1]
../lib/param/loadparm....
2017 Jan 17
2
SOLVED(aproximative?): Difficulties with Windows XP: failed to find cifs/fileserver.y.z@Y.Z in keytab (arcfour-hmac-md5)
...ogons = NO" and this is default.
>> Please note also the behavior of "hosts allow ... except" on the AD-DC
>>
>> here it comes...
>>
>> root at hg-dc1:/etc/samba# cat smb.conf
>> ## Global parameters
>> [global]
>> workgroup = HUMGEN
>> realm = HUMGEN.0ZONE
>> netbios name = HG-DC1
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc
>> #dnsupdate
>> ## all dns...
2017 Jan 16
4
SOLVED(I hope): Difficulties with Windows XP: failed to find cifs/fileserver.y.z@Y.Z in keytab (arcfour-hmac-md5)
Samba - General mailing list wrote
>> [2017/01/11 16:42:34.522067, 1]
>> ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token)
>> gss_accept_sec_context failed with [ Miscellaneous failure (see text):
>> Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) in keytab
>> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>> [2017/01/11 16:42:34.522095, 1]
>> ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
>> SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
>
> Looks li...
2017 Jan 17
0
SOLVED(aproximative?): Difficulties with Windows XP: failed to find cifs/fileserver.y.z@Y.Z in keytab (arcfour-hmac-md5)
...NO", if "domain
> logons = NO" and this is default.
> Please note also the behavior of "hosts allow ... except" on the AD-DC
>
> here it comes...
>
> root at hg-dc1:/etc/samba# cat smb.conf
> ## Global parameters
> [global]
> workgroup = HUMGEN
> realm = HUMGEN.0ZONE
> netbios name = HG-DC1
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc
> #dnsupdate
> ## all dns and dhcp is static for humg...
2017 Jan 17
0
SOLVED(aproximative?): Difficulties with Windows XP: failed to find cifs/fileserver.y.z@Y.Z in keytab (arcfour-hmac-md5)
...ease note also the behavior of "hosts allow ... except" on the
> >> AD-DC
> >>
> >> here it comes...
> >>
> >> root at hg-dc1:/etc/samba# cat smb.conf
> >> ## Global parameters
> >> [global]
> >> workgroup = HUMGEN
> >> realm = HUMGEN.0ZONE
> >> netbios name = HG-DC1
> >> server role = active directory domain controller
> >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> >> drepl, winbindd, ntp_signd, kcc
> >>...
2016 Aug 17
3
SOLVED: WINBIND: UID and GID false mappings on domain member
...scriptPath was configured:
\\member_server\netlogon\login.bat.
3.
To bind the homeDrive I had to put a colon (:) after the drive letter.
4. (question = how changing/correct surname, givenName?)
wbinfo output is slightly different on ad-dc and domain member with regard
to the Geckos
On the ad-dc:
HUMGEN\test:*:9439:5000: WT. Test --given-name=Want
To:/home/HUMGEN/test:/bin/false
The Geckos on ad-dc are composed from initials + surname + givenName.
On the domain member (real Geckos field or may be description) :
test:*:9439:5000:Want to Test://hg004.humgen.0zone/test/linhome:/bin/bash
The Geckos...
2016 Aug 12
2
WINBIND: UID and GID false mappings on domain member
...ctly.
I will...
> You must be using an old version of samba-tool, it doesn't do that now.
Version 4.3.9 from the last fresh ubuntu LTS.
And I asked on FreeNode, they would not upgrade to the 4.4. branch if 4.3
hasn't bugs...
> No they are not:
>
> dn: CN=test,CN=Users,DC=humgen,DC=0zone
> ......
> primaryGroupID: 513
Oh, I hoped winbind would give me:
uidNumber: 9439
gidNumber: 5001
... from the posix attributes
> This makes the users primary group 'Domain Users' and as such, the
> primary group must have a gidNumber, or all your users will be...
2016 Aug 17
0
SOLVED: WINBIND: UID and GID false mappings on domain member
...colon (:) after the drive letter.
>
> 4. (question = how changing/correct surname, givenName?)
> wbinfo output is slightly different on ad-dc and domain member with
> regard to the Geckos
I think you mean 'gecos', a Gecko is a type of lizard ;-)
>
> On the ad-dc:
> HUMGEN\test:*:9439:5000: WT. Test --given-name=Want
> To:/home/HUMGEN/test:/bin/false
>
> The Geckos on ad-dc are composed from initials + surname + givenName.
>
> On the domain member (real Geckos field or may be description) :
> test:*:9439:5000:Want to
> Test://hg004.humgen.0zone...
2017 Jan 16
0
SOLVED(I hope): Difficulties with Windows XP: failed to find cifs/fileserver.y.z@Y.Z in keytab (arcfour-hmac-md5)
...; wrote:
> Samba - General mailing list wrote
> >> [2017/01/11 16:42:34.522067, 1]
> >> ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token)
> >> gss_accept_sec_context failed with [ Miscellaneous failure (see
> >> text): Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1)
> >> in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
> >> [2017/01/11 16:42:34.522095, 1]
> >> ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
> >> SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE...
2016 Aug 12
2
WINBIND: UID and GID false mappings on domain member
Thank you Rowland for looking into this!
>> WHAT I DO NOT GET CORRECTLY are the UID and GID of users and groups
>> on the domain member (PARTIALLY DEPENDING if I have the lines with
>> "idmap config *:..." or not ??? - see below)
> « [hide part of quote]
>
> Have you added uidNumber & gidNumber attributes to the user &
> groupobjects in AD ?
2016 Aug 12
0
WINBIND: UID and GID false mappings on domain member
...uld not upgrade to the 4.4. branch if
> 4.3 hasn't bugs...
Ubuntu will not want to materially change an LTS version and Samba
changes so fast, in fact version 4.5.0 is slated for release in min
September.
>
>
> > No they are not:
> >
> > dn: CN=test,CN=Users,DC=humgen,DC=0zone
> > ......
> > primaryGroupID: 513
>
> Oh, I hoped winbind would give me:
> uidNumber: 9439
> gidNumber: 5001
> ... from the posix attributes
>
Well, it will use the uidNumber as the users Unix UID, but winbind will
use the gidNumber attribute from '...
2016 Aug 12
0
WINBIND: UID and GID false mappings on domain member
...Number inside the range
> > 5000-30000 ?
>
> No, Domain Users has no GID.
> Until now it was unimportant to me. All my users are in the group
> "hg_allg" with GID 5001. As primary group in unix passwd in the old
> NT domain.
No they are not:
dn: CN=test,CN=Users,DC=humgen,DC=0zone
......
primaryGroupID: 513
This makes the users primary group 'Domain Users' and as such, the
primary group must have a gidNumber, or all your users will be ignored
by winbind. Do not think of changing the users primaryGroupID, windows
expects all users to be members of 'Domai...