search for: lookupnames

...ot@wolf # sh /rbin/test --- w2kdomain == dom w2kpdc == e231pdc sambahost == wolf winbind separator == + winbind use default domain == no --- => getent group dom+e231 DOM+e231:x:24006:DOM+pichwo,DOM+atest -> rpcclient e231pdc cmd = lookupnames e231 e231 S-1-5-21-507921405-1957994488-839522115-1109 (2) --> rpcclient wolf cmd = lookupnames e231 result was NT_STATUS_NONE_MAPPED -> rpcclient e231pdc cmd = lookupnames dom\e231 dom\e231 S-1-5-21-507921405-1957994488-839522115-1109 (2) --> rpcclient wolf cmd = lookupnames dom\e231 resu...

Hi We have a few Linux samba servers that authenticate against our Active Directory domain (Small Business Server 2000). I've added a couple of disks to a FreeBSD 6.1 server in our office and I'm trying to achieve the same but not having much luck. I'm new to all this... I'm not our network admin, but he is BSD-phobic so I thought it was safer to do it myself.

I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd

Hi i see on my log, two informations : 1- Into my log, i see a very big quantity of : [19391]: lookupname ECTPP/root [2005/12/09 14:28:46, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupname(695) [19391]: lookupname ECTPP/root [2005/12/09 14:28:46, 3] nsswitch/winbindd_async.c:winbindd_dual_lookupname(695) 10x per s .... 600x/minutes .. it's very very big no ? It's possible

I have winbind & samba (2.2.5) set up to provide home shares to users of our Windows NT domain. I have also gotten pam_mkhomedir to work properly to automatically create their home directory. Connecting to \\sambaserver\homes works well for this. However, I have a problem if an NT Domain username contains a space. I cannot figure out how to work around this. Their home directory gets

Hello Samba folks, I have recently begun seeing some disturbing behavior from winbind. Winbind will fail to look up users and groups. Examples: The machine is configured to use winbind as a nss module. "getent passwd <username>" will yield no results. "wbinfo -n <username>" will yield "Could not lookup name <username>" "wbinfo -g"

. DOMAIN_ADMIN_PASSWD.sh echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN} echo -n > /etc/ntfs-3g.usermap for DOMAIN_USER in $(wbinfo -u);do RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && [ "${RPCLOOKUPID:0:7}" != "Failed " ];then SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap fi done for DOMA...

Hello all Im using a linux box running CentOS 4.1 as a proxy server with user auth with an AD Its working for a long time, but suddenly this weekend the users cant authenticate anymore looking on logs i obtain this Oct 10 08:29:59 sol (ntlm_auth): [2005/10/10 08:29:59, 0] utils/ntlm_auth.c:get_require_membership_sid(237) Oct 10 08:29:59 sol (ntlm_auth): Winbindd lookupname failed to resolve

Hi All, I'm having issues getting Samba/Winbind to work with a domain that is lowercase. I have read on some sites that it won't work, is this the case? system is Debian lenny, samba 3.2.5-4. Windows server is 2003 running AD in 2000 native mode. I've done everything I would normally do that my running samba/ad authing servers do, and wbinfo -u + wbinfo -g work fine, as do the

Hello I'm preparing a new fileserver, based on jessie + sernet 4.2.10 packages. the server is bound to a forest, "AD" where users account are stored, and subdomains "PSI" for computers and some local accounts The Active directory forest is managed by 2008R2 servers, with rfc2307 attributs filled for accounts. I'm using "winbind use default domain" because

Hil list! I'm trying to authenticate Active Directory Users via freeradius. I can do it in a general case (user and domain) without problem. Now I have to do it restricting the authentication to the members of a group. I can exect the script (as is put in radiusd.conf) correct from the command line: Deb:~# /usr/bin/ntlm_auth --username=javi2 --require-membership-of='AAMM\MyGroup'

I can get authentication to work on linux 7.1 with samba 3.0alpha15 if I make valid users = @"INS+Domain Users", but if I try to set valid users to just a single user: valid users = INS+DavidSha, it fails to give me access. I see the following in log.winbindd. It looks like it is looking for a domain called DavidSha?!? My winbindd separator is +. Can somebody please respond to this.

...n't you get my offlist message ? Yes, I did get it, but due to labyrinthine .procmailrc settings, it did not go to the mailbox in which I normally read the sambalist messages! Checking my offline mailbox ... in that email, you suggest (expanded): $ /usr/bin/rpcclient -U "" -c "lookupnames $USER" mail Enter 's password: So, it *still* asks for a password, and the user's ID in the prompt is empty (from the empty -U?). If I leave off the -U it asks for mark's password. Am I doing something wrong? Once I enter the password, the rest of your script ultimately does get...

Hi Guys, i have a problem getting id mapping to work as it should. My setup is as follows: Samba 3.0.22 on Debian Sarge 3.1 . I 've got SFU 3.5 installed on a W2K3 DC with SP1. I 'm using winbindd in "idmap proxy only" mode. Here 's my generic smb.conf: workgroup = METADS realm = META.XXX.XX "it 's not the real realm, of course !" security = ADS

Hai marco, More info on squid config might help here and no smb.conf.. Ahead of things... And you better use something like this, change to negotiate auth. ( and use SSO ). auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.internal.domain.tld at REALM \ #Or if you dont have the SPN set. --kerberos

...s an unmapped group, so where has the correct SID gone ? > Is 10513 the uidNumber for Domain Users ? > > I suggest you check the AD database, if only to rule it out. > > Try running this: > > rpcclient localhost -U'arbeitsgruppe\administrator%xxxxxxxxxx' > -c 'lookupnames "ARBEITSGRUPPE\Domain Users"' gives me: ARBEITSGRUPPE\Domain Users S-1-5-21-2777655458-4002997014-749295002-513 (Domain Group: 2) in the meantime I reset iptables with (from ubuntu wiki ...): iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptab...

...017 at 4:42 PM, Jeff Sadowski > <jeff.sadowski at gmail.com> wrote: > > . DOMAIN_ADMIN_PASSWD.sh > > echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN} > > echo -n > /etc/ntfs-3g.usermap > > for DOMAIN_USER in $(wbinfo -u);do > > RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}" > > ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] && > > [ "${RPCLOOKUPID:0:7}" != "Failed " ];then > > SID=$(echo ${RPCLOOKUPID}|awk '{print $2}') > > echo ${DOMAIN_USER}::${SID} >>...

...atabase on the new server with the exact same usernames and SIDs and hashes that are in use on the old server. (I may clean up the UIDs, though.) However, I've noticed something odd: /etc/samba/smbpasswd on 2.2.7 doesn't contain any RIDs or SIDs. And yet, if I run rpcclient and do "lookupnames lshaw" against the 2.x server, I can see that my (lshaw's) SID is formed of the domain SID plus some RID that comes from somewhere. But, *where* is that RID coming from? I presume it is some sort of persistent mapping, but what stores it? It's not in smbpasswd, because it doesn'...

...my Domain from NT4 to AD. Domain SID is a different one. I try to set this to the new one. old pdc: net getdomainsid new dc1: stop samba ; net setdomainsid [copy-from old]; start samba Domain SID is still the "new one". User SID are also different when I look with "rpcclient $> lookupnames". Can this be a Problem, when I unjoin and rejoin all workstations to Domain?

We have Samba 3.2.4 on two SLES 10 (one is SP1, the other SP2 64bit) machines. Both are member servers in our ADS, which was over the past month given some additional DCs, new IPs for all DCs, and upgraded to Windows 2008 (from win2003). The krb5.conf and nsswitch.conf files on the two machines are identical; the smb.conf files are *nearly* identical in their common section; the filewall rules