similar to: LDAP IDMAP not working

Hello list, Due to problems with winbind on Solaris I cannot use winbind. Instead I need to get Kerberos authentication from ADS working with a Samba member server with local UNIX user accounts. So to briefly describe my configuration, I have an account in AD and a duplicate account locally on my Samba server which has been initialised with "smbpasswd -a user password". My Samba server

Hi list, If I have multiple Samba member servers in a domain can I store the groupmap data in LDAP? When I try this I get this error # net groupmap add ntgroup=Everyone unixgroup=nobody No rid or sid specified, choosing algorithmic mapping adding entry for group nobody failed! But this works correctly (creates account in LDAP server) smbpasswd -a username password the LDAP config in my

Turned out the whole install was broken when not using winbind, don't know why!?! Uninstalled Samba 3.0.1, re-compiled from scratch Samba 3.0.2a and everything works as expected :-) >> Further to this problem I have found it impossible to get any syntax to succesfully mount a Samba 3.0.2 share with Kerberos authentication using the BSD "mount_smbfs" (on Mac OS X), where

I've seen this posting before but I need to get a grasp on this. I am using winbindd for users that don't have a local account on a Linux box. I thought that placing the entries below in the smb.conf would create users in ou=Idmap. Instead the ou=Idmap increments the uidNumber with every user that is added,but the user ID mappings are stored in /usr/local/var/locks/winbindd_idmap.tdb. What

Hi sorry if this is the wrong place to post but I'm not sure where to go to and I'm a bit desperate. We just brought our Sunfire 6800 server and Storedge 9960 RAID array Solaris 8 back up after some maintenance and everything came back up 'clean' but I cannot get our SAMBA software to recognise any users or directories when logging in remotely from an apple or windows box.

I can't say I've tested this in any depth. Where multiple LDAP servers are listed as the LDAP backend is the behaviour of Samba that if it fails to contact the first listed server it will try the second and so on? If that's the case Samba should only ever try and update the password on a single LDAP server which would then replicate the change to any other master and slave LDAP servers

Just a quick question, it may sound a bit stupid but I just want to make sure. I have a Solaris 9 machine running winbind, the backend is an OpenLDAP database running on a RedHat 9 machine. My question is, apart from the 'smbpasswd -w' command and the obvious stuff in smb.conf, do I have to set up the LDAP client on Solaris for Samba to be able to put new mappings into the LDAP database?

Hi Folks, I'm having a little trouble to put dovecot authenticating in ldap. My postfix and saslauthd are authenticating fine. Here is what I have in my main.cf: # Accounts accounts_server_host = $ldap_server_host accounts_search_base = $ldap_search_base accounts_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(acco

Hi All, I'm having a strange pronlem with winbind. For users it seems to be working fine but for groups its not enumerating most of the groups! A getent group produces only 325 lines of domain groups whereas wbinfo -g produces 2839 lines of groups. I'm not seeing any errors logged and all commands are exiting with status 0. Winbind related sections of smb.conf are shown below,

Hi All, can anyone make any sense of the error below, please advise if I need to log this as a bug but I'm not sure how to further diagnose what is happening. This is from my winbindd log file, thanks Andy. [2003/11/07 17:47:59, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0 started. Copyright The Samba Team 2000-2003 [2003/11/07 17:48:00, 1]

Hi list, I'm trying to compile samba 3.0.1 rc1 with --enable-dmalloc switch because I have been asked to provide more information on a winbindd panic on a Solaris server. However the configure fails with the error shown below, config.status: creating include/config.h Note: The dmalloc debug library will be included. To turn it on use ./configure: command substitution: line 3: syntax error:

Hi, I'm a bit confused over the whole "dn" concept .... various documentation states that I should create new samba-entries with dn: uid=user,ou=<user-org>,dc=<domain> and other states that i should do it with dn: cn=user,ou=<user-org>,dc=<domain> Right now i have a few entries, created both ways... and since i'm not quite home in ldap, I haven't

Hello Folks, I've my dovecot working well and authenticating in my ldap servers. But I'd like configure my users to authenticate in two ways. One is just submitting the username and the other one is providing user at domain.com . I'm moving from a cyrus-imap solution to dovecot and I've implemented it with VD domains. But nowadays I still have one domain at my servers.

As Samba 3.x does not work with the Kerberos included with Solaris (it has no headers) I have to remove it and replace it with MIT kerberos. Does anyone know if Solaris kerberised services will still work normally (without modification) such as kerberised NFS? I briefly tested this and couldn't het it to work, but if someone has a definative answer it might save me a lot of trouble, thanks

Hi All, can someone elaborate on the cause of my problem mentioned below? Service records exist for DC's only on DNS servers in that domain (ie DNS server in domain X has service records only for all DC's in domain X and so on for each domain), should normal DNS forwarding not allow a client in one domain to read the service record data from another? Normal host records for all domains

Dear All, I am trying to get SSL working with Samba 3.0. My set up is Samba 3.0 as a USER server in its own Workgroup (will eventually be part of a domain). My platform is Solaris 9 and the ldap service I am using is iPlanet directory server 5.2. I can get users to log in to the server using their ldap account and password but not over SSL. The iPlanet directory has a certificate on it (self

Can anyone tell me if I can configure Samba 3.x to rely only on Kerberos authentication (in an AD domain)? Ideally I'd like to use local UNIX accounts, not winbind, and negate the need for me to add an entry to passdb, then the account must exist in AD and locally on each Samba member server for authentication to work. If there is any info held in passdb, other than the NTLM coded password,

Everytime I add or remove some samba shares, I must restart smb service to take effect. Is there anyway to reconfig it without restart?

I am having problems with the configuration of samba 3.0.1 on a Solaris 2.6 box. This box has no previous samba versions installed. When I try to configure samba I get the following error. # cd samba-3.0.1/source #./configure -with-ads 2>&1 |tree config.new.log fails with the following error:- checking for LDAP support... auto checking ldap.h usability... no checking ldap.h

Hi everyone, I'm using the production release of 3.0.0 and can not join a W2003 domain: [printsrv4] /spool/samba-3.0.0/bin $ ./net -d 10 ads join -Uhumpty_dumpty [2003/10/29 15:35:39, 3] libads/sasl.c:ads_sasl_spnego_bind(191) got principal=adc1$@WIN.DESY.DE [2003/10/29 15:35:39, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found)