similar to: Winbind local idmap and cache database security concerns

Displaying 20 results from an estimated 4000 matches similar to: "Winbind local idmap and cache database security concerns"

2004 Jan 21
3
Winbind local idmap/cache database security concerns
I am currently working on implementing unified logons between linux and win computers on an NT4 domain. I have a samba test server with winbind working properly. All is going well, except that I am concerned about the winbind idmap database stored on the local linux workstations. My current understanding of winbind is that it must be on every machine, unless an winbind samba ldap
2005 Mar 07
1
winbind_idmap.tdb not being updated
A few days ago I upgraded from 3.0.2 to 3.0.9, and since the upgrade, the winbindd_idmap.tdb has not ever been modified, even after several restarts of samba, and reboots of the system in question. It appears that the UID mapping is still correct on the samba server, but I am just concerned that new user additions etc are not being stored to the tdb files. winbind_cache.tdb is being updated with
2004 Mar 11
6
Trouble mounting a windows share from Linux
I have Fedora Core 1 workstations configured with winbind logging onto our NT domain. Everything is going well except that I cannot seem to figure out how to connect to a windows home directory on a Win2000 server. Here is the scenario: W2K server with home directories for each user: Each user has modify permissions to their share Administrator has full control First off, I need to somehow
2014 Aug 06
1
Samba 4 AD share: Access denied
On 21:52:01 wrote Ryan Ashley: > Alright, I already gave every group a gIDNumber using the "advanced > features" option via the "Attribute Editor". Each group has a unique > ID. There are 16 built-in groups (domain admins, domain users, etc) > and five I have. My last group ended with 10021. The first group was > 10001. I then stopped S4 on my print-server,
2010 Jan 24
0
Winbind confused or corrupt
While investigating an unrelated issue I discovered that winbind is completely confused or corrupt on one machine, a domain member server running Samba 3.0.34: # wbinfo -u NAS\backup-private NAS\backup-public ... administrator guest michaell ... administrator administrator michaell ... administrator administrator guest Segmentation fault NAS is the name of the domain member server; the name of
2010 Feb 10
0
Users created after certain date are not cached by winbind
It seems that I have some users that winbind refuses to find. As far as I can tell, all of these users were created or re-enabled (had their expiration date reset) after a certain date. I have cleared my winbind_cache.tdb and winbind_idmap.tdb to no avail. Curiously, I also noticed that even when I removed the idmap, it still came back with the original mappings. In my winbind.log, I see numerous
2016 Jan 11
2
Security permissions issues after changing idmap backend from RID to AUTORID
On 2016-01-10 at 17:58 +0000, Rowland penny wrote: > On 10/01/16 17:05, Partha Sarathi wrote: > > > > > This could have a lot to do with the fact that idmap_rid & > > > idmap_autorid calculate the uids differently i.e if you have RID > > > '2025000', autorid would calculate this as '1102500000' , rid > > > would calculate this as
2006 May 17
1
Multiple Clients, Winbind and idmap in LDAP, documentation incorrect?
Hi! I have a setup with several Linux machines running samba-3.0.22-10.1.17 (from SuSE 10 OSS), authenticating against an AD. Since one of the machines is exporting an NFS share mounted by the rest of the machines, I need SID <-> uid/gid mapping to be shared between all Linux machines, which led me into using an OpenLDAP server as idmap backend. My smb.conf is found at the end of this mail.
2010 Aug 27
0
net idmap restore
Hi, I am currently using Samba 3.5.4 with ADS domain (tdbsam backend). I want to change uid mapping for one of my users. I prepared file that I subsequently imported via command: net idmap restore < filename.txt Next, I checked 'getent passwd username' command and unfortunately uid for this user was not changed. I noticed that in winbind_idmap.tdb file (using tdbtool command)
2016 Oct 05
3
winbindd losing track of RFC2307 UIDs
Am 05.10.2016 um 22:12 schrieb Rob via samba: > On Tue, 4 Oct 2016, Rowland Penny wrote: > >> This is very strange, have you tried running 'net cache flush' on the >> domain member ? >> >> Have you compared the users AD objects ? > > Running 'net cache flush' on the member does fix things, albeit only > for a while: > > # wbinfo -i
2016 Jan 11
0
Security permissions issues after changing idmap backend from RID to AUTORID
Thanks Michael, Please see the inline answers. > On Jan 10, 2016, at 5:16 PM, Michael Adam <obnox at samba.org> wrote: > > On 2016-01-10 at 17:58 +0000, Rowland penny wrote: >> On 10/01/16 17:05, Partha Sarathi wrote: >>> >>>> This could have a lot to do with the fact that idmap_rid & >>>> idmap_autorid calculate the uids differently
2012 Mar 21
1
IDMAP dump and restore for second server.
Hello all. I use Samba 3.6.3 on FreeBSD in combination with ZFS, and it all works fine. I use zfs send to receive my store on a backup machine and i want the users id to be the same as on the master server so to say. Keeps my backups easy accessable with samba! Now i know i can dump the IDMAP database using the following: net idmap dump. I expect a whole bunch of lines,but i get the following,
2005 Oct 11
4
WINBIND idmap and tdbfiles while upgrading to 3.0.20a
Hello everybody, had anyone of you problems with winbind and tdbfiles, when upgrading from 3.0.14a to 3.0.20a? The Symptom was: After upgrading to 3.0.20a the idmapping was corrupt. Although 3.0.20a runs fine, none of the idmaping was resolved correctly. Downgrading to 3.0.14a "restored" the idmaps. tdbdump showed me the same idmappings, therefor i think winbind wasn't able
2010 May 04
1
how to clear winbind cache
Hello all, I'd like to know how to clear winbind cache. The problem is that we have decided to change uid and gid mapping range, but changing smb.conf accordingly didn't help. We use ldap as backend. After deleting all idmap entries in ldap nothing changed. If we disable winbindd caching with -n switch we receive desired effect - users get mapped to new uids and gids. Restarting winbindd
2001 Mar 06
0
Samba over SSH and pam_smb
I have an interresting situation that I am searching for a solution. I want to use pam_smb for authenticating SSH connections to a remote server. The Domain Controller I want to authenticate against is a Win NT 4.0 box located on our internal lan. An idea was given to me to set up an SSH tunnel and forward the relative ports across the internet to a local machine. All of my machines are RedHat
2016 Oct 05
0
winbindd losing track of RFC2307 UIDs
Am 05.10.2016 um 22:31 schrieb Achim Gottinger via samba: > > > Am 05.10.2016 um 22:12 schrieb Rob via samba: >> On Tue, 4 Oct 2016, Rowland Penny wrote: >> >>> This is very strange, have you tried running 'net cache flush' on the >>> domain member ? >>> >>> Have you compared the users AD objects ? >> >> Running 'net
1999 Apr 11
0
pam_smb authentication
I am appending some documentation by my colleague Bill Eldridge that was actually written for our dial-up service, but should work for you purposes as well. A couple notes. 1.)The user must exist in /etc/passwd on the Samba machine or login to the Samba box will fail. 2.)In the example, we don't set up home directories for the users, we are using it for dial in and they usually want to
1998 May 11
0
CIFS based NT Authentication for PAM (pam_smb-1.0)
Version 1.0 of my CIFS based NT authentication system for PAM is available from http://www.csn.ul.ie/~airlied/pam_smb/pam_smb-1.0.tar.gz or ftp://ftp.csn.ul.ie/pub/linux/pam/pam_smb/pam_smb-1.0.tar.gz This release has now gotten GNU configure support and should work reliably on Linux RH4.2, RH 5.0 and Solaris 2.6.... If anyone has another platform with PAM could they try it out ... It is also
2016 Jan 10
0
Security permissions issues after changing idmap backend from RID to AUTORID
On 10/01/16 17:05, Partha Sarathi wrote: > Thanks for the reply. Now we end-up with mix uid/gid from both ranges > in cache TDBs. Few user logins are denied with below error in smbd.log, > > *[2016/01/07 11:39:44.475960, 1, pid=5202] > ../source3/auth/token_util.c:430(add_local_groups > * > ** SID S-1-5-21-3082371790-1274690562-2878062458-5771 -> > getpwuid(10005771)
2016 Jan 10
2
Security permissions issues after changing idmap backend from RID to AUTORID
Thanks for the reply. Now we end-up with mix uid/gid from both ranges in cache TDBs. Few user logins are denied with below error in smbd.log, *[2016/01/07 11:39:44.475960, 1, pid=5202] ../source3/auth/token_util.c:430(add_local_groups* ** SID S-1-5-21-3082371790-1274690562-2878062458-5771 -> getpwuid(10005771) failed** wbinfo --user-info=mariond mariond:*:10015138:110000513:Marion,