similar to: local or LDAP passdb for AD member servers?

Hi list, If I have multiple Samba member servers in a domain can I store the groupmap data in LDAP? When I try this I get this error # net groupmap add ntgroup=Everyone unixgroup=nobody No rid or sid specified, choosing algorithmic mapping adding entry for group nobody failed! But this works correctly (creates account in LDAP server) smbpasswd -a username password the LDAP config in my

Hi All, I have a problem with permissions following a migration from tdbsam to LDAP. As I understand it from the documentation, each member server on the domain needs to have 2 SIDs, a domain SID and a local machine SID. After migrating the server to ldap, users can still login and desktops and servers can still connect so the machine accounts are fine but I've lost access to shares on

Just a quick question, it may sound a bit stupid but I just want to make sure. I have a Solaris 9 machine running winbind, the backend is an OpenLDAP database running on a RedHat 9 machine. My question is, apart from the 'smbpasswd -w' command and the obvious stuff in smb.conf, do I have to set up the LDAP client on Solaris for Samba to be able to put new mappings into the LDAP database?

I've seen this posting before but I need to get a grasp on this. I am using winbindd for users that don't have a local account on a Linux box. I thought that placing the entries below in the smb.conf would create users in ou=Idmap. Instead the ou=Idmap increments the uidNumber with every user that is added,but the user ID mappings are stored in /usr/local/var/locks/winbindd_idmap.tdb. What

hello list, Without going into details I cannot currently use winbind for AD group data with Samba 3.0.x running on Solaris. I Would like to use winbindd for reading user accounts from AD and then have those AD accounts as members of local (LDAP eventually) groups. I have taken a test user "UserAW6" which is visible to Solaris via winbind and added them to a group "PrnAdm"

Hi all, anyone able to point out why I'm not able to get samba 3.0.0 to update my LDAP server with any idmap data? I'm using SunOne DS 5.2 LDAP server and the following entries in my smb.conf file, ldap admin dn = "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot" ldap ssl = off ; ldap suffix = "dc=testlan,dc=bbc,dc=co,dc=uk" ** have tried with this

>Folks, > >I've gone and screwed something up, and I cannot add users to passdb database. > >I've set passdb backend to tdbsam in my [global]. I've added users >to passwd (useradd -m <user>). However, when I try to add smb >users, I get errors and failures to add the users. > > smbpasswd -a root (and supply the password in response to >

Hi All, I'm having a strange pronlem with winbind. For users it seems to be working fine but for groups its not enumerating most of the groups! A getent group produces only 325 lines of domain groups whereas wbinfo -g produces 2839 lines of groups. I'm not seeing any errors logged and all commands are exiting with status 0. Winbind related sections of smb.conf are shown below,

Hi All, can anyone make any sense of the error below, please advise if I need to log this as a bug but I'm not sure how to further diagnose what is happening. This is from my winbindd log file, thanks Andy. [2003/11/07 17:47:59, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0 started. Copyright The Samba Team 2000-2003 [2003/11/07 17:48:00, 1]

Hello, on domain member idmap against ldap is not working. I tryed to dump network communication between MEMBER and ldap server, but Ethereal (0.10.0a) says packets (3 pieces at all) are corrupted and can not be analysed (I have ldap ssl = off). Our setup: Samba domain seems to be working, WinXP logons to domain and users did not report any problems. Server is PDC on samba (3.0.2 on linux

Everytime I add or remove some samba shares, I must restart smb service to take effect. Is there anyway to reconfig it without restart?

Hi, I have a CentOS 4.1 box at work running Samba 3 which I have added as a domain member to an existing Windows domain with a Windows PDC. The box running Samba has no local unix users and groups except for root and the other builtin accounts. All user authentication is done through pam_winbind and user information is handled by winbind. What I would like to do is have users that are members of

Can anyone tell me if I can configure Samba 3.x to rely only on Kerberos authentication (in an AD domain)? Ideally I'd like to use local UNIX accounts, not winbind, and negate the need for me to add an entry to passdb, then the account must exist in AD and locally on each Samba member server for authentication to work. If there is any info held in passdb, other than the NTLM coded password,

Hi All, I have a problem following the migration of my PDC's backend from tdbsam to LDAP. We started out with a PDC called SMB1 which ran with a tdbsam backend. I used pdbedit to convert it to LDAP and built a new server onto which the LDIF file was loaded. Samba was then setup to use the LDAP server as a backend. So far so good, Samba runs against LDAP and I was able to add 60 new XP

On Mon, 11 Feb 2019 15:40:02 +0100 Matthias Leopold via samba <samba at lists.samba.org> wrote: > > > Am 11.02.19 um 14:22 schrieb Rowland Penny via samba: > > On Mon, 11 Feb 2019 13:46:05 +0100 > > Matthias Leopold via samba <samba at lists.samba.org> wrote: > > > >> > >> > >> Am 11.02.19 um 13:22 schrieb Rowland Penny via

Dear aarumuga I've been reading your questions in Samba mailing list about SMB & Sun LDAP. I'm working with a same project and I would like to know only if is it posible or have you achieved your goal to link samba and Sun LDAP? Thanks in advance and excuse me for my english. Best regards, Ramon Aznar

I can't say I've tested this in any depth. Where multiple LDAP servers are listed as the LDAP backend is the behaviour of Samba that if it fails to contact the first listed server it will try the second and so on? If that's the case Samba should only ever try and update the password on a single LDAP server which would then replicate the change to any other master and slave LDAP servers

Hi list, I'm trying to compile samba 3.0.1 rc1 with --enable-dmalloc switch because I have been asked to provide more information on a winbindd panic on a Solaris server. However the configure fails with the error shown below, config.status: creating include/config.h Note: The dmalloc debug library will be included. To turn it on use ./configure: command substitution: line 3: syntax error:

well, they both have the same sid, for some bizarre reason. net groupmap list -s /etc/samba/smb.ldap |grep "Admin" Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> 512 Administrators (S-1-5-21-4070452498-3149834983-2923667569-544) -> 544 Domain Admins (S-1-5-21-4070452498-3149834983-2923667569-512) -> ntadmin and see, it has a posixgroup entry? # LDIF Export

This was blocked with both good and bad log output due to the size limit on attachments so I've removed the log from the successfull authentication. I think its pretty obvious whats going on from the failed log, thanks Andy. -----Original Message----- From: ww m-pubsyssamba Sent: 06 May 2004 10:32 To: 'Jeremy Allison'; 'samba@lists.samba.org' Subject: RE: [Samba] Kerberos