Displaying 13 results from an estimated 13 matches for "ldap_force_upper_case_realm".
2016 Sep 02
3
Samba4 and sssd authentication not working due "Transport encryption required."
...er
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_group_search_base = dc=xx,dc=xx
ldap_group_object_class = group
ldap_group_member = memberOf
access_provider = simple
simple_allow_groups = IT
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true
[domain/default]
cache_credentials = False
2016 Sep 02
4
Samba4 and sssd authentication not working due "Transport encryption required."
...c=xx
> > ldap_group_object_class = group
> > ldap_group_member = memberOf
> > access_provider = simple
> >
> >
> >
> > simple_allow_groups = IT
> >
> >
> > ldap_access_order = expire
> > ldap_account_expire_policy = ad
> > ldap_force_upper_case_realm = true
> > [domain/default]
> > cache_credentials = False
> >
>
> The error message is pretty clear. Samba now requires SSL/TLS for LDAP
> binds. Once you have enabled TLS in sssd, everything should work.
> While you can turn off the requirement in Samba, it's a...
2014 Jul 23
1
sssd problems after dc1 is no longer online
...d.conf:
[sssd]
services = nss, pam
config_file_version = 2
domains = default
# enable or disable the below
# debug_level = 3
# debug_level = 5
debug_level = 8
[nss]
[pam]
[domain/default]
debug_level = 8
ldap_schema = rfc2307bis
id_provider = ldap
access_provider = simple
ldap_referrals = false
ldap_force_upper_case_realm = true
# on large directories, you may want to disable enumeration for
performance reasons
# enumerate = true
auth_provider = krb5
chpass_provider = krb5
ldap_sasl_mech = gssapi
ldap_sasl_authid = EPO$@SAMBA.COMPANY.COM
krb5_realm = SAMBA.COMPANY.COM
#krb5_server = dc2.samba.company.com, dc3.sam...
2016 Sep 03
1
Samba4 and sssd authentication not working due "Transport encryption required."
...mber = memberOf
>>>> access_provider = simple
>>>>
>>>>
>>>>
>>>> simple_allow_groups = IT
>>>>
>>>>
>>>> ldap_access_order = expire
>>>> ldap_account_expire_policy = ad
>>>> ldap_force_upper_case_realm = true
>>>> [domain/default]
>>>> cache_credentials = False
>>>>
>>>
>>> The error message is pretty clear. Samba now requires SSL/TLS for LDAP
>>> binds. Once you have enabled TLS in sssd, everything should work.
>>> While y...
2016 Sep 02
0
Samba4 and sssd authentication not working due "Transport encryption required."
...al = userPrincipalName
> ldap_group_search_base = dc=xx,dc=xx
> ldap_group_object_class = group
> ldap_group_member = memberOf
> access_provider = simple
>
>
>
> simple_allow_groups = IT
>
>
> ldap_access_order = expire
> ldap_account_expire_policy = ad
> ldap_force_upper_case_realm = true
> [domain/default]
> cache_credentials = False
>
The error message is pretty clear. Samba now requires SSL/TLS for LDAP
binds. Once you have enabled TLS in sssd, everything should work. While
you can turn off the requirement in Samba, it's a bad idea, as it'll
result in un...
2014 Jul 28
0
[sssd] Not seeing Secondary Groups
...ase = CN=automount,dc=example,dc=com
## Domain Configurations
[domain/example.com]
debug_level = 9
id_provider = ldap
access_provider = ldap
auth_provider = krb5
ldap_uri = ldap://ad.example.com
ldap_tls_reqcert = allow
ldap_schema = rfc2307bis
ldap_referrals = false
ldap_disable_referrals = true
ldap_force_upper_case_realm = true
ldap_page_size = 4000
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_default_bind_dn = CN=LINUXAUTH,DC=EXAMPLE,DC=COM
ldap_id_mapping = False
ldap_search_base = DC=EXAMPLE,DC=COM
ldap_user_search_base = DC=EXAMPLE,DC=COM?subtree?&(objectclass=user)(uidnumber=*)
ldap_use...
2024 Nov 29
2
pam_winbind Appears to need a Network Connection to Succeed at Offline Authentication
Mandi! John R. Graham via samba
In chel di` si favelave...
> When I put winbindd in offline mode,
RFC2307? A known bug:
https://bugzilla.samba.org/show_bug.cgi?id=15405
--
2016 Feb 02
3
Mac OS X and ACL's
...-----------------------------------------------
[sssd] services = nss, pam config_file_version = 2 domains = default [nss] [pam] [domain/default] id_provider = ldap ldap_schema = rfc2307bis ldap_referrals = false ldap_uri = ldap://dc01.auth.domain.com ldap_search_base = dc=auth,dc=domain,dc=com ldap_force_upper_case_realm = true # See man sssd-simple access_provider = simple # Uncomment to check for account expiration in DC # access_provider = ldap # ldap_access_order = expire # ldap_account_expire_policy = ad # Enumeration is discouraged for performance reasons. # enumerate = true auth_provider = krb5 chpass_provid...
2016 Sep 03
0
Samba4 and sssd authentication not working due "Transport encryption required."
...; > > ldap_group_member = memberOf
> > > access_provider = simple
> > >
> > >
> > >
> > > simple_allow_groups = IT
> > >
> > >
> > > ldap_access_order = expire
> > > ldap_account_expire_policy = ad
> > > ldap_force_upper_case_realm = true
> > > [domain/default]
> > > cache_credentials = False
> > >
> >
> > The error message is pretty clear. Samba now requires SSL/TLS for LDAP
> > binds. Once you have enabled TLS in sssd, everything should work.
> > While you can turn off the...
2013 Apr 14
1
sssd getent problem with Samba 4.0
Version 4.0.6-GIT-4bebda4
Hi
I have sssd up and running. It works fine except that getent only
returns domain users if I specify the object e.g.
getent passwd
and
getent group
return only local users
but
getent passwd steve2
steve2:*:3000034:20513:steve2:/home/users/steve2:/bin/bash
and
getent group Domain\ Users
Domain Users:*:20513:
work fine.
/etc/nsswitch.conf
passwd: compat sss
group:
2016 Feb 02
0
Mac OS X and ACL's
...----------------------------------
>
>
> [sssd] services = nss, pam config_file_version = 2 domains = default [nss] [pam] [domain/default] id_provider = ldap ldap_schema = rfc2307bis ldap_referrals = false ldap_uri = ldap://dc01.auth.domain.com ldap_search_base = dc=auth,dc=domain,dc=com ldap_force_upper_case_realm = true # See man sssd-simple access_provider = simple # Uncomment to check for account expiration in DC # access_provider = ldap # ldap_access_order = expire # ldap_account_expire_policy = ad # Enumeration is discouraged for performance reasons. # enumerate = true auth_provider = krb5 chpass_provid...
2016 Feb 02
2
Mac OS X and ACL's
...-------------------------------
>
>
> [sssd] services = nss, pam config_file_version = 2 domains = default [nss] [pam] [domain/default] id_provider = ldap ldap_schema = rfc2307bis ldap_referrals = false ldap_uri = ldap://dc01.auth.domain.com ldap_search_base = dc=auth,dc=domain,dc=com ldap_force_upper_case_realm = true # See man sssd-simple access_provider = simple # Uncomment to check for account expiration in DC # access_provider = ldap # ldap_access_order = expire # ldap_account_expire_policy = ad # Enumeration is discouraged for performance reasons. # enumerate = true auth_provider = krb5 chpass_provid...
2018 Jul 20
2
SSSD on CentOS 7 failing to start when connecting to 4.8.3 AD via LDAP
...der = ldap
#auth_provider = ldap
ldap_schema = rfc2307bis
ldap_user_principal = userPrincipalName
ldap_user_fullname = displayName
ldap_user_name = sAMAccountName
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
ldap_group_object_class = group
ldap_force_upper_case_realm = True
ldap_uri = ldap://192.168.192.50
ldap_search_base = dc=ad,dc=company,dc=com
ldap_id_use_start_tls = false
ldap_tls_reqcert = never
ldap_tls_cacert = /etc/sssd/ca.company.com.crt
access_provider = ldap
ldap_access_filter =
memberOf=cn=ServerAdmins,ou=Groups,dc=ad,dc=company,dc=com
ldap_de...