search for: rfc2307bis

...ds Hansjörg Maurer   --- itsystems Deutschland AG -- Sorglos und leise. So geht IT     -----Ursprüngliche Nachricht----- Von: Christian Naumer via samba <samba at lists.samba.org> Gesendet: Die 18 Oktober 2016 11:44 An: samba at lists.samba.org Betreff: [Samba] classic upgrade with rfc2307bis We are in the process of testing an upgrade of our NT-style domain on samba 3.6 and ldap backend to an AD on samba 4.4. The classic upgrade works fine so far the only problem we have is that all our groups are migrated without members. I think this is because we use rfc2307bis in our schema which...

We are in the process of testing an upgrade of our NT-style domain on samba 3.6 and ldap backend to an AD on samba 4.4. The classic upgrade works fine so far the only problem we have is that all our groups are migrated without members. I think this is because we use rfc2307bis in our schema which uses "uniqueMember" instead of "memberUid" to link groups to users. Is there an option to the classic upgrade script to tell it to use uniqueMember ? Regards Christian

Hi, I have setup samba 3.6.6 witch openldap (rfc2307bis schema). My problem is that samba do not recognise groups members from member attribure. when I setup members into memberuid atribute all works corect. how can I instruct samba to use member atribute? -- Alexandr Seidl

...ovider = ldap auth_provider = ldap ldap_uri = ldap://xxx-DC-A.xxx.xxx:389 ldap_id_use_start_tls = False ldap_auth_disable_tls_never_use_in_production = true ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx ldap_default_authtok_type = password ldap_default_authtok = xxxxxxxx ldap_schema = rfc2307bis ldap_user_search_base = dc=xx,dc=xx ldap_user_object_class = user ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_group_search_base = dc=xx,dc=xx ldap_group_object_class = group ldap_group_member = memberOf access_provider = simple simple_allow_groups =...

...anagement is part of the free version. > You just need to enable the module in your server profile (Account > modules). > > https://www.ldap-account-manager.org/static/doc/manual/ch04s02.html#idm1666 > > > Best regards > > Roland > I think he is referring to 'rfc2307bis' (which Samba AD doesn't use). If this is the case, the only GUI available is ADUC on Windows. Rowland

...gs more on another list, please let me know. I am trying to get Autofs configured to use LDAP on CentOS5.3, but am running into an inconsitency. On CentOS5.3, the openldap server is installed with an extra schema/redhat/autofs.schema file. From what I can tell, that schema file seems to follow RFC2307bis. In the schema, it uses cn and ou. However, in all docs I can find for RHEL5, everything indicates that I should be using automountMapName and automountKey as the Map attribute and the Entry Attribute. I am very confused. Which is the "right" one to use? If I follow the RHEL docs and...

Hi list, I'm trying to set up an OpenLDAP server to provide the goodies for samba and postfix running on the same box - SUSE 9.2 Pro The trouble start fairly early, unfortunately. I'm following the idealx.org documentation, which suggest using samba.schema as well as inetorgperson.schema and nis.schema. (John Terpstra's book suggest this as well). There seems to be a conflict

...ST ( cn $ automountInformation ) objectclass ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' SUP top STRUCTURAL DESC 'An group of related automount objects' 4425955 4 -rw-r--r-- 1 root root 748 Nov 10 04:30 ./redhat/autofs.schema [root at loa schema]# The docs say RFC2307bis is the most recently established schema, but as far as I can tell, it has expired. I've found several references on line about nisMapName vs automountMapName, but I'd like to stay with what's documented. Am I missing something? We're trying to setup a server to use for both Lin...

...le. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/yast.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/yast.schema # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Lo...

...389 > > ldap_id_use_start_tls = False > > ldap_auth_disable_tls_never_use_in_production = true > > ldap_default_bind_dn = CN=ldapadmin,cn=Users,dc=xxx,dc=xxx > > ldap_default_authtok_type = password > > ldap_default_authtok = xxxxxxxx > > > > ldap_schema = rfc2307bis > > > > ldap_user_search_base = dc=xx,dc=xx > > ldap_user_object_class = user > > ldap_user_home_directory = unixHomeDirectory > > ldap_user_principal = userPrincipalName > > ldap_group_search_base = dc=xx,dc=xx > > ldap_group_object_class = group > &gt...

...filter_users = root filter_groups = root reconnection_retries = 3 [pam] reconnection_retries = 3 offline_credentials_expiration = 0 [domain/EXAMPLE] entry_cache_timeout = 600 entry_cache_group_timeout = 600 min_id = 1000 id_provider = ldap auth_provider = krb5 chpass_provider = krb5 ldap_schema = rfc2307bis ldap_uri = ldap://smbad.intra.example.com:390/ ldap_search_base = dc=intra,dc=example,dc=com cache_credentials = true krb5_server = smbad.intra.example.com:8880 krb5_realm= INTRA.EXAMPLE.COM ldap_default_bind_dn = cn=admin,dc=intra,dc=example,dc=com ldap_default_authtok_type = password ldap_defau...

...PGP SIGNED MESSAGE----- Hash: SHA1 LDAP Account Manager (LAM) 2.5.0 - January 21th, 2009 ===================================================== LAM is a web frontend for managing accounts stored in an LDAP directory. Announcement: - ------------- LAM Pro now allows you to manage groups with the rfc2307bis schema and aliases (object class alias). The Samba module is able to manage more password options and the DHCP extension was enhanced for better stability. Full changelog: http://lam.sourceforge.net/changelog/index.htm Features: - --------- * management of Unix user and group accounts (posixAcc...

Hi, I have tested winbind in samba-3.0.25-pre2 and encountered some problems. We have a working config with Linux samba-3.0.23d and W2k3 AD R2 rfc2307bis, but when I switch to 3.0.25 it stopped working. I am not quite familiar with the new configuration directives for idmap, but the old config did not work either with 3.0.25, so I tried to use the new ones. Is there apparent errors in my config ? BR, Anders Error from log.winbindd-idmap: Fo...

Is there a good guide for how to set up a Samba based AD domain controller with RFC2307 attributes so I can experiment... I can't get the Windows guys in my company to do anything Microsoft don't provide a check box for, unless I can teach them how to do it... but I've not used any of these Windows technologies for a very long time... At least if I can show a working system then

So, I have a test domain set up with rfc2307 = yes . Now I'm trying to figure out if a) my nfs automount data came over from OpenLDAP, and b) if not, how to get it into samba 4's ldap, or something else??? Do I need to rethink my approach? Mount locations are pretty consistent based on primary group/userid Needs to work on Linux. Existing entries look like this... # /u,

...s '-'? See http://procps.sf.net/faq.html 4788 pts/2 S+ 0:00 grep lapd my sldap.conf: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/yast.schema include /etc/openldap/schema/nis.schemas pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args database ldbm suffix "dc=samba,dc=juni...

We have a environment that the we cannot(don't want to) use winbind to join samba server to the win2003 AD(with LDAP RFC2307bis Schema and uid/gid setup for users). We managed to get the linux (CentOS) to accept windows domain user ssh to it(with nss/nslcd/kerberos settings). But couldn't make samba server to use the same way to serve windows domain users. Found this page: https://www.samba.org/samba/docs/man/Samba-HOW...

...gt; > my /etc/openldap/ldap.conf: > BASE o=XXX > URI ldap://myldapserver.com/ > TLS_CACERTDIR /etc/ssl/certs > SASL_NOCANON on > > My /etc/sssd/sssd.conf: > [domain/default] > ldap_uri = ldap://myldapserver.com/ > ldap_search_base = ou=YYY,o=XXX > ldap_schema = rfc2307bis > id_provider = ldap > ldap_user_uuid = entryuuid > ldap_group_uuid = entryuuid > ldap_id_use_start_tls = True > enumerate = False > cache_credentials = False > ldap_tls_cacertdir = /etc/openldap/cacerts/ > chpass_provider = ldap > auth_provider = ldap > ldap_tls_reqce...

Quick-n-easy questions: Let's say user raub is added to group nosy using smbldap-groupmod smbldap-groupmod -m raub nosy Now, according to ol' ldapsearch, ldapsearch -vvv -H "ldaps://ldap.example.com" -D "uid=admin,ou=People,dc=example,dc=com" -W -b "dc=example,dc=com" -s sub "(cn-nosy)" group nosy has a dn attribute that looks like this dn:

...tication service cannot retrieve authentication info) Finally, here is my sssd.conf: [sssd] services = nss, pam config_file_version = 2 domains = default # enable or disable the below # debug_level = 3 # debug_level = 5 debug_level = 8 [nss] [pam] [domain/default] debug_level = 8 ldap_schema = rfc2307bis id_provider = ldap access_provider = simple ldap_referrals = false ldap_force_upper_case_realm = true # on large directories, you may want to disable enumeration for performance reasons # enumerate = true auth_provider = krb5 chpass_provider = krb5 ldap_sasl_mech = gssapi ldap_sasl_authid = EPO$...