similar to: Winbind local idmap and cache database security concerns

I am currently working on implementing unified logons between linux and win computers on an NT4 domain. I have a samba test server with winbind working properly. All is going well, except that I am concerned about the winbind idmap database stored on the local linux workstations. My current understanding of winbind is that it must be on every machine, unless an winbind samba ldap

A few days ago I upgraded from 3.0.2 to 3.0.9, and since the upgrade, the winbindd_idmap.tdb has not ever been modified, even after several restarts of samba, and reboots of the system in question. It appears that the UID mapping is still correct on the samba server, but I am just concerned that new user additions etc are not being stored to the tdb files. winbind_cache.tdb is being updated with

I have Fedora Core 1 workstations configured with winbind logging onto our NT domain. Everything is going well except that I cannot seem to figure out how to connect to a windows home directory on a Win2000 server. Here is the scenario: W2K server with home directories for each user: Each user has modify permissions to their share Administrator has full control First off, I need to somehow

On 21:52:01 wrote Ryan Ashley: > Alright, I already gave every group a gIDNumber using the "advanced > features" option via the "Attribute Editor". Each group has a unique > ID. There are 16 built-in groups (domain admins, domain users, etc) > and five I have. My last group ended with 10021. The first group was > 10001. I then stopped S4 on my print-server,

While investigating an unrelated issue I discovered that winbind is completely confused or corrupt on one machine, a domain member server running Samba 3.0.34: # wbinfo -u NAS\backup-private NAS\backup-public ... administrator guest michaell ... administrator administrator michaell ... administrator administrator guest Segmentation fault NAS is the name of the domain member server; the name of

It seems that I have some users that winbind refuses to find. As far as I can tell, all of these users were created or re-enabled (had their expiration date reset) after a certain date. I have cleared my winbind_cache.tdb and winbind_idmap.tdb to no avail. Curiously, I also noticed that even when I removed the idmap, it still came back with the original mappings. In my winbind.log, I see numerous

On 2016-01-10 at 17:58 +0000, Rowland penny wrote: > On 10/01/16 17:05, Partha Sarathi wrote: > > > > > This could have a lot to do with the fact that idmap_rid & > > > idmap_autorid calculate the uids differently i.e if you have RID > > > '2025000', autorid would calculate this as '1102500000' , rid > > > would calculate this as

Hi! I have a setup with several Linux machines running samba-3.0.22-10.1.17 (from SuSE 10 OSS), authenticating against an AD. Since one of the machines is exporting an NFS share mounted by the rest of the machines, I need SID <-> uid/gid mapping to be shared between all Linux machines, which led me into using an OpenLDAP server as idmap backend. My smb.conf is found at the end of this mail.

Hi, I am currently using Samba 3.5.4 with ADS domain (tdbsam backend). I want to change uid mapping for one of my users. I prepared file that I subsequently imported via command: net idmap restore < filename.txt Next, I checked 'getent passwd username' command and unfortunately uid for this user was not changed. I noticed that in winbind_idmap.tdb file (using tdbtool command)

Am 05.10.2016 um 22:12 schrieb Rob via samba: > On Tue, 4 Oct 2016, Rowland Penny wrote: > >> This is very strange, have you tried running 'net cache flush' on the >> domain member ? >> >> Have you compared the users AD objects ? > > Running 'net cache flush' on the member does fix things, albeit only > for a while: > > # wbinfo -i

Thanks Michael, Please see the inline answers. > On Jan 10, 2016, at 5:16 PM, Michael Adam <obnox at samba.org> wrote: > > On 2016-01-10 at 17:58 +0000, Rowland penny wrote: >> On 10/01/16 17:05, Partha Sarathi wrote: >>> >>>> This could have a lot to do with the fact that idmap_rid & >>>> idmap_autorid calculate the uids differently

Hello all. I use Samba 3.6.3 on FreeBSD in combination with ZFS, and it all works fine. I use zfs send to receive my store on a backup machine and i want the users id to be the same as on the master server so to say. Keeps my backups easy accessable with samba! Now i know i can dump the IDMAP database using the following: net idmap dump. I expect a whole bunch of lines,but i get the following,

Hello everybody, had anyone of you problems with winbind and tdbfiles, when upgrading from 3.0.14a to 3.0.20a? The Symptom was: After upgrading to 3.0.20a the idmapping was corrupt. Although 3.0.20a runs fine, none of the idmaping was resolved correctly. Downgrading to 3.0.14a "restored" the idmaps. tdbdump showed me the same idmappings, therefor i think winbind wasn't able

Hello all, I'd like to know how to clear winbind cache. The problem is that we have decided to change uid and gid mapping range, but changing smb.conf accordingly didn't help. We use ldap as backend. After deleting all idmap entries in ldap nothing changed. If we disable winbindd caching with -n switch we receive desired effect - users get mapped to new uids and gids. Restarting winbindd

I have an interresting situation that I am searching for a solution. I want to use pam_smb for authenticating SSH connections to a remote server. The Domain Controller I want to authenticate against is a Win NT 4.0 box located on our internal lan. An idea was given to me to set up an SSH tunnel and forward the relative ports across the internet to a local machine. All of my machines are RedHat

Am 05.10.2016 um 22:31 schrieb Achim Gottinger via samba: > > > Am 05.10.2016 um 22:12 schrieb Rob via samba: >> On Tue, 4 Oct 2016, Rowland Penny wrote: >> >>> This is very strange, have you tried running 'net cache flush' on the >>> domain member ? >>> >>> Have you compared the users AD objects ? >> >> Running 'net

I am appending some documentation by my colleague Bill Eldridge that was actually written for our dial-up service, but should work for you purposes as well. A couple notes. 1.)The user must exist in /etc/passwd on the Samba machine or login to the Samba box will fail. 2.)In the example, we don't set up home directories for the users, we are using it for dial in and they usually want to

Version 1.0 of my CIFS based NT authentication system for PAM is available from http://www.csn.ul.ie/~airlied/pam_smb/pam_smb-1.0.tar.gz or ftp://ftp.csn.ul.ie/pub/linux/pam/pam_smb/pam_smb-1.0.tar.gz This release has now gotten GNU configure support and should work reliably on Linux RH4.2, RH 5.0 and Solaris 2.6.... If anyone has another platform with PAM could they try it out ... It is also

On 10/01/16 17:05, Partha Sarathi wrote: > Thanks for the reply. Now we end-up with mix uid/gid from both ranges > in cache TDBs. Few user logins are denied with below error in smbd.log, > > *[2016/01/07 11:39:44.475960, 1, pid=5202] > ../source3/auth/token_util.c:430(add_local_groups > * > ** SID S-1-5-21-3082371790-1274690562-2878062458-5771 -> > getpwuid(10005771)

Thanks for the reply. Now we end-up with mix uid/gid from both ranges in cache TDBs. Few user logins are denied with below error in smbd.log, *[2016/01/07 11:39:44.475960, 1, pid=5202] ../source3/auth/token_util.c:430(add_local_groups* ** SID S-1-5-21-3082371790-1274690562-2878062458-5771 -> getpwuid(10005771) failed** wbinfo --user-info=mariond mariond:*:10015138:110000513:Marion,