search for: trusteddomains

On both Samba 4.5.1 member server and Samba 3.6.25 member server I tried the following command wbinfo –set-uid-mapping=35049,S-1-5-21-xx-xx-xxx-xxx this should have created a mapping entry consistent with the one on the domain controller for a trusted user But I got the following error failed to call wbcSetUidMapping: WBC_ERR_NOT_IMPLEMENTED As far as I can tell from network

Running a mix of samba versions (3.6.25 and 4.5.1) in two domains- one "classic" (with samba domain controllers) and one AD (with windows domain controllers.) The eventual goal is to drop the classic domain in favor of the AD domain. Also trying to move from samba 3.x to 4.x since Samba 3 is EOL'd. the "wbinfo -u" command will list users in the servers domain

On a samba 4.5.1 domain controllers (PDC and BDC), classic domain , LDAP is used as the backend for both user accounts AND for the idmapping of trusted domains . Partial smb.conf below workgroup = THISDOMAIN security = user passdb backend = ldapsam:ldap://xxxxxxxxxxxxxxxxx idmap config * : backend = tdb idmap config * : range = 5000-6000 idmap config THISDOMAIN :

...ntation about idmap_nss but I'm still not sure if this is needed for my setup. Will using idmap_nss in addition to idmap_ldap result in any benefit (e.g. when mapping local, non-ldap unix users)? I am thinking of a setup like: -------------------- 8< -------------------- idmap domains = NSS TRUSTEDDOMAINS # <is this needed?> idmap config NSS:backend = nss idmap config NSS:readonly = yes # </is this needed?> idmap config TRUSTEDDOMAINS:default = yes idmap config TRUSTEDDOMAINS:backend = ldap idmap config TRUSTEDDOMAINS:readonly = no idmap config TRUSTEDDOMAINS:ldap_url = ldap://127.0...

...ng out user information with wbinfo using the idmap/rid module. The tdb module works without crash (tested by exchanging the uncommented and commented lines in the following fragment from smb.conf). I configured rid as follows: [global] # idmap uid=1000-60000 # idmap gid=1000-60000 idmap domains=TRUSTEDDOMAINS idmap config TRUSTEDDOMAINS:readonly=yes idmap config TRUSTEDDOMAINS:backend=rid idmap config TRUSTEDDOMAINS:default=yes idmap config TRUSTEDDOMAINS:base rid=1000 idmap config TRUSTEDDOMAINS:range=1000 - 60000 In the log (level 10) I find the last lines before winbindd dies: [2007/10/26 12:50:27,...

Hi Guys, I am attempting to configure AC:L's I have enabled it in smb.conf for my share and remounted my fs with acl enabled. However if I attempt to edit security permissions for the group "Domain Users" it creates two more group "CREATOR GROUP" and "CREATOR OWNER" and refreshes the security properties and then just resets the tick boxes i had selected. I

I have some users I was to allow access to a dir, I know I will need to setup ACL's however when this is done can I add users to dirs like I can in windows? Thanks

...ironment ? Details / Versions pls see below. thx Micha Versions: SLES 11 SP1: -------------------------------- samba-client-3.4.3-1.17.2 samba-winbind-3.2.7-11.6 samba-3.4.3-1.17.2 smb.conf: workgroup = CAD realm = CAD.SITE.NET security = ADS idmap domains = CAD TRUSTEDDOMAINS idmap config CAD:backend = ad idmap config CAD:readonly = yes idmap config CAD:range = 300 - 1000000 idmap config TRUSTEDDOMAINS:backend = tdb idmap config TRUSTEDDOMAINS:default = yes idmap config TRUSTEDDOMAINS:range = 1000001 - 1999999...

Does anyone know if interdomain trusts work in samba at all and what versions they do? I am trying to get a 1 way trust working between two domains and DOM A (which samba is joined to works in mapping users via winbind) just not the one way trust for the other domain.... DOM B Samba is just a joined member of the domain A with security = ads with nothing more than winbind id rid maps for both

Hi I'm trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong

Hi I'm trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong

On 10/09/2019 04:57, Jeremy via samba wrote: > Hi all, > > I have an question about getting child domain users on Samba 4.10.7. > 1. I have the command net ads search '(objectCategory=trustedDomain)' -P > and already get the info below: > objectClass: top > objectClass: leaf > objectClass: trustedDomain > cn: hardware.qsan.ad.com > distinguishedName:

Hi everyone I'm trying to use kerberos to authenticate to Samba 4 ldap. At the moment, I authenticate by specifying the binddn and password in /etc/nslcd.conf and all works fine If I add the line: sasl_mech GSSAPI to /etc/nslcd.conf and restart nslcd, no one can connect to the database. Nothing works. ldapsearch and getent passwd draw a blank. ldapsearch -x -b '' -sbase

Hi all, I have an question about getting child domain users on Samba 4.10.7. 1. I have the command net ads search '(objectCategory=trustedDomain)' -P and already get the info below: objectClass: top objectClass: leaf objectClass: trustedDomain cn: hardware.qsan.ad.com distinguishedName: CN=hardware.qsan.ad.com,CN=System,DC=qsan,DC=ad,DC=com instanceType: 4 whenCreated: 20180611041431.0Z

Hi all, I was hoping to setup a realm trust between a Samba AD domain and a kerberos realm running mit-krb5, however it looks like that isn't currently supported. Is that correct, or am I missing something (I'm running Samba 4.9.4)? Having noticed that "samba-tool domain trust" only seems to cater for trusts involving other AD domains, I tried to workaround that (in the

Now I have a some time to answer, maybe a few of your questions. Am 26.02.19 um 20:59 schrieb lists via samba: > Hi, > > No replies unfortunately. Unsure why. There are still a lot of questions open and I think a lot of things have to be done. > > We searched the list, and we found little discussion on the subject of > trusts. We see occasional questions, but they are often

Hi, Having read the release notes on the status of trusts within samba, we see for 4.9 > "improved support for trusted domains" but we also always see these messages: > "Both sides of the trust need to fully trust each other!" and > "DCs of domain A can grant domain admin rights in domain B" What we would like to achieve is a one-way incoming trust

Hi I have Samba 3.6.24 domain controller, on Solaris 10 x64, configured as a primary domain controller for a classic domain. It has a domain trust configured with a Windows 2003 Active Directory domain. Winbind is running . The "wbinfo -u" command on the samba PDC properly shows both local and trusted users. On the member server, which is Samba 3.6.24 on Solaris 11 x64,

I have Samba 2.2.5 on two Red Hat 8 systems in an environment of NT 4.0 machines where all PDC's/BDC's are NT machines. We have 2 trusted domains (also NT PDC's). Samba/winbind work great locally, but the trusted accounts are not working. Here's a run down of what works and what doesn't: wbinfo -m #shows trusted domains wbinfo -a TRUSTEDDOMAIN+user%pass #successful

Hi everyone I'm using nslcd to connect to Samba 4 LDAP. If I specify the binddn and bindpw in /etc/nslcd.conf no problem getent passwd works and everything is mapped just fine. But when I try try to do a kerberized bind to Samba 4 LDAP, I get this: ldb_wrap open of secrets.ldb Kerberos: TGS-REQ host-account at HH3.SITE from ipv4:192.168.1.3:33002 for ldap/hh3.site at HH3.SITE