search for: nlscd

...; > > > Rowland > > > > Thanks Rowland. As a developer myself, I generally consider my users > problems to be MY problems! > > --Mark > The problem is, the bug report was quickly closed again as 'WONTFIX' so, though I hate saying this, please investigate nlscd use on the DC. Rowland

...rwxr-x. 1 root foo 0 Dec 9 16:26 file2.txt > > drwxrwx---. 2 root bar 36 Dec 9 16:32 restricted > > > > The group "foo" is both filegroup and netgroup, containing the same > > members. Samba version used is 4.2.3 (rhel7.2). > > Are you using sssd or nlscd instead of winbind ? SSSD is running, configured to use an OpenLDAP server (i.e. not AD) as id and auth provider. We're not using nlscd. AD does not have the UNIX extension (or whatever it's called), so UIDs and GIDs will differ between AD and OpenLDAP/SSSD. Samba is the only service that...

...ssh. I want to achieve the Holy Gria of 1 source of users and password, for both, linux and windows machines, but I'm lost in documentation. So far I know: samba4 cann't use openldap as backend. samba4 ldap doesn't really is a full ldap. samba4 provides uid/gid mapping using winbind or nlscd So far, I'm using winbind and I can see the samba ad users added to the password database executing: getenv passwd But, after that, I'm lost. Can I impelement "remote winbind" at remote linux client machines? Do I need to setup a openldap proxy? If I setup an openldap proxy, sho...

...26 file2.txt > >>> drwxrwx---. 2 root bar 36 Dec 9 16:32 restricted > >>> > >>> The group "foo" is both filegroup and netgroup, containing the same > >>> members. Samba version used is 4.2.3 (rhel7.2). > >> Are you using sssd or nlscd instead of winbind ? > > SSSD is running, configured to use an OpenLDAP server (i.e. not AD) as > > id and auth provider. We're not using nlscd. AD does not have the UNIX > > extension (or whatever it's called), so UIDs and GIDs will differ > > between AD and OpenLDA...

...an) server. Its job as AD client > is to get some users information from AD to build system users. I insist on > the fact system users are forged. Purely. > > What is responsible of that forging process? What you declared in > /etc/nsswitch.conf. > Generally it is winbind, sssd or nlscd. > > Each one of these tools comes with its own set of option, tweak and > configuration files to define how to forge users from local system point of > view. > > Each one except for Winbind which forge users as it decide to, no matter > the desires of local system admin. At le...

...D = RID - BASE_RID + LOW_RANGE_ID The BASE_RID is '0' so this becomes: ID = RID + LOW_RANGE_ID So unless you changed the range in smb.conf, your user/group IDs shouldn't change. I still don't understand where your private groups are coming from, unless, are you running sssd or nlscd as well as winbindd ?? Rowland

Hi, I´m have a Samba 4 Domain Member that I use like a Proxy Server. I use Squid with NTLM Athentication and work perfecly. My problem is Squidguard with NTLM Authentication. If I use Samba 4.2.X in my Samba 4 Domain Controler I watch in Squid LOG only the user name but If I use Samba 4.1.x or 4.3.0 in my Domain Controler I watch in Squid LOG domain\\user name and Squidguard Authentication not

...> > Thanks Rowland. As a developer myself, I generally consider my users > > problems to be MY problems! > > > > --Mark > > > > The problem is, the bug report was quickly closed again as 'WONTFIX' > so, though I hate saying this, please investigate nlscd use on the DC. > > Rowland > Yeah, I saw that, and I read the developer's comment. Frankly, I don't get it. Seems to me winbind behaviour should be the same, AD/DC or domain member. And it should deliver to programs the id they expect (w/o domain name), regardless of the use being...

Hi, on my member server it is no problem to login with a domain account because I have set winbind use default domain = yes. But how to do this on a DC? It doesn't matter if winbind use default domain = yes is set. So can I do this? E.g. by using su command? The reason for my question is to run cronjobs by dedicated service accounts. Thanks in advance Tim

...https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO >> >> You are running into one of the problems why it is not recommended to > >> use the DC as a fileserver, you have two choices here, either set up >a >> separate member server to use as a fileserver, or use sssd or nlscd >to >> pull the RFC2307 attributes that you will need to add to the >users/groups. >> >> Whatever you do, you will need to copy idmap.ldb to any secondary >DC's. >> >> Rowland > >Did you search on the samba wiki ???? : >https://wiki.samba.org/in...

We have a environment that the we cannot(don't want to) use winbind to join samba server to the win2003 AD(with LDAP RFC2307bis Schema and uid/gid setup for users). We managed to get the linux (CentOS) to accept windows domain user ssh to it(with nss/nslcd/kerberos settings). But couldn't make samba server to use the same way to serve windows domain users. Found this page:

...ex.php/Samba_AD_DC_HOWTO You are >> running into one of the problems why it is not recommended to >> use the DC as a fileserver, you have two choices here, either >> set up a separate member server to use as a fileserver, or >use >> sssd or nlscd to pull the RFC2307 attributes that you will >> need to add to the users/groups. Whatever you do, you will >> need to copy idmap.ldb to any secondary DC's. Rowland >> >> >> Did you search on the samba wiki ???? : >> >https://wiki.s...

...t; >>>>>>> What is responsible of that forging process? What you >>>>>>> declared >>>>>>> in >>>>>>> /etc/nsswitch.conf. >>>>>>> Generally it is winbind, sssd or nlscd. >>>>>>> >>>>>>> Each one of these tools comes with its own set of option, >>>>>>> tweak and >>>>>>> configuration files to define how to forge users from local >>>>>&...

...root foo 0 Dec 9 16:26 file2.txt >>> drwxrwx---. 2 root bar 36 Dec 9 16:32 restricted >>> >>> The group "foo" is both filegroup and netgroup, containing the same >>> members. Samba version used is 4.2.3 (rhel7.2). >> Are you using sssd or nlscd instead of winbind ? > SSSD is running, configured to use an OpenLDAP server (i.e. not AD) as > id and auth provider. We're not using nlscd. AD does not have the UNIX > extension (or whatever it's called), so UIDs and GIDs will differ > between AD and OpenLDAP/SSSD. Samba is the...

On Tue, 2016-02-09 at 15:17 -0800, Jeremy Allison wrote: > On Mon, Feb 08, 2016 at 01:54:33PM +0100, Trond Hasle Amundsen wrote: > > Hi, > > > > I have an issue with using a UNIX filegroup for access control within a > > share. The situation is like this: > > > > Given a share "test" which exports "/test" to a NIS netgroup

...et some users information from AD to build system > users. I insist on > the fact system users are forged. Purely. > > What is responsible of that forging process? What you declared in > /etc/nsswitch.conf. > Generally it is winbind, sssd or nlscd. > > Each one of these tools comes with its own set of option, > tweak and > configuration files to define how to forge users from local > system point of > view. > > Each one except for Winbind which forge users as it decide t...

...nt is your Squid/Squidguard(ian) server. Its job as AD client is to get some users information from AD to build system users. I insist on the fact system users are forged. Purely. What is responsible of that forging process? What you declared in /etc/nsswitch.conf. Generally it is winbind, sssd or nlscd. Each one of these tools comes with its own set of option, tweak and configuration files to define how to forge users from local system point of view. Each one except for Winbind which forge users as it decide to, no matter the desires of local system admin. At least this is how I understood winb...

...o build system > > users. I insist on > > the fact system users are forged. Purely. > > > > What is responsible of that forging process? What you declared > in > > /etc/nsswitch.conf. > > Generally it is winbind, sssd or nlscd. > > > > Each one of these tools comes with its own set of option, > > tweak and > > configuration files to define how to forge users from local > > system point of > > view. > > > > Each one except for...

...;>> users. I insist on >>> the fact system users are forged. Purely. >>> >>> What is responsible of that forging process? What you declared in >>> /etc/nsswitch.conf. >>> Generally it is winbind, sssd or nlscd. >>> >>> Each one of these tools comes with its own set of option, >>> tweak and >>> configuration files to define how to forge users from local >>> system point of >>> view. >>> >>>...

...benefit for any use of adding the domain to the Id unless > there is some odd circumstance that an installation has more than one > domain and the same user Id -- in which case this should be the > exception rather than the rule. > > Oh well ... > > I'll investigate your nlscd suggestion. > I can sort of understand the decision, you can use trusted domains with Samba and if you use 'winbind use default domain = yes' and you have a user in DOMA called 'fred' and a user in DOMB called 'fred', winbind would treat these as being the same user. Ev...