search for: somesid

Does anyone know if interdomain trusts work in samba at all and what versions they do? I am trying to get a 1 way trust working between two domains and DOM A (which samba is joined to works in mapping users via winbind) just not the one way trust for the other domain.... DOM B Samba is just a joined member of the domain A with security = ads with nothing more than winbind id rid maps for both

...omain": "WINDOWSDOMAIN", "netlogonComputer": "SOME-HOST", "netlogonTrustAccount": "SOME-HOST$", "netlogonNegotiateFlags": "0x610FFFFF", "netlogonSecureChannelType": 2, "netlogonTrustAccountSid": "somesid, *"passwordType": "MSCHAPv2"*}} Without "--allow-mschapv2" You would see "passwordType":"NTLMv1". Also I have no idea when ntlm_auth --allow-mschapv2 option was added? W dniu 27.03.2018 o 10:06, Rowland Penny via samba pisze: > On Tue, 27 Mar...

...quot;WINDOWSDOMAIN", "netlogonComputer": > "SOME-HOST", "netlogonTrustAccount": "SOME-HOST$", > "netlogonNegotiateFlags": "0x610FFFFF", "netlogonSecureChannelType": > 2, "netlogonTrustAccountSid": "somesid, *"passwordType": "MSCHAPv2"*}} > > Without "--allow-mschapv2" You would see "passwordType":"NTLMv1". > > Also I have no idea when ntlm_auth --allow-mschapv2 option was added? > > W dniu 27.03.2018 o 10:06, Rowland Penny via samba...

Dne 2.1.2019 v 21:54 Gordon Messmer napsal(a): > On 1/2/19 12:09 PM, Miroslav Geisselreiter wrote: >> some parameters from smb.conf: >> [global] >> ??? workgroup = NT4DOMAIN >> ??? netbios name = nt4member >> ??????? security = domain >> ??????? passdb backend = ldapsam:"ldap://ldap1server.intranet.xx >> ldap://ldap2server.intranet.xx" >

...ut understandably), our central IT department recently disable standard LDAP (port 389) in favour of LDAPS (port 636). Since then, I can only authentica user (e.g. `wbinfo -u` and `wbinfo -a someuser` work). But not further authorize them (e.g. `wbinfo -g`, `wbinfo --user-info someuser`, `wbinfo -S somesid` or `id someuser` fail or give no output). Consequently, users can not mount their samba shares anymore. And so far I have not been able to make Winbind working correctly again. According to several older discussions and documentation LDAPS with port 636 is not supported for the ad idmap backend,...

I have started tinkering with samba 4. I have a Windows 2008 active directory domain controller. It is also the main DNS server but is not the wins server. The DNS server does NOT allow DNS registration by client machines. I have a fedora core 19 linux machine with samba 4.1.13 (bundled with Fedora.) smb.conf includes security = ads realm = MYDOMAIN.COM

ok, tested it, and it works. so to summarize: on samba ad 4.7.x  in smb.conf "ntlm auth" is set to "mschapv2-and-ntlmv2-only" fr + samba domain member (4.6 and 4.7) in mods-available/mschap you have to add to ntlm_auth --allow-mschapv2 to the whole string OR just use winbind method, which sets correct flag without explicitly adding it. with those settings ntlmv1 is blocked

...e domain.? See what you get from: > > net rpc info > net rpc testjoin > > If nothing seems relevant, try leaving the domain and re-joining. I had to change in smb.conf client ipc signing = no Than: # net rpc info Enter root's password: Domain Name: NT4DOMAIN Domain SID: S-1-5-21-somesid Sequence number: somenubmer Num users: xxx Num domain groups: xxx Num local groups: xxx # net rpc testjoin Join to 'NT4DOMAIN' is OK Previously I deleted all files from /var/lib/samba, than set ldap admin password: smbpasswd -W Than I re-join DC, it did not help. FYI: I have NT4-style d...