similar to: winbind idmap using active directory as ldap backend

Hi Folks, Hopefully an easy question. I've scoured FAQs, books and documentation and managed to get the above configuration working, but only by straying from the documentation in Chapter 14, example 14.4 of the Samba HOWTO: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id369912 Can someone confirm for me that when Samba is only an Active Directory domain

I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema extensions applied. I've successfully configured Fedora to do auth through winbind with the normal backend (using uid/gid mappings). Now I'd like to reconfig to use AD as the backend. I was able to do this against a pre-R2 Win2k3 server with

Hi, there's a bug on bugzilla.samba.org that I'd like to comment on but it's not letting me. It's bug #242, titled "Retrieving UNIX UID/GID directly through Active Directory from schema extension" The person who posted the request talks about using AD4Unix, but I've installed Microsoft's Services for Unix and it made similar schema changes. Specifically, it

hi, first of all - I am very sorry if this topic turned up in the mailing list before - I really did have a look at the archive and couldn't find anything like it. Here's the problem. I set up an idmapping using the rid facility. It is working smoothly. I do have a question though. I logged some packets and realized the ldap queries are not encrypted. I wonder why since all the

I have been digging around for information on this in either online and published books, but I haven't yet found the answer. I am interested in AD connective through AD Kerberos/LDAP/SFU or AD Kerberos/LDAP/AD4Unix. I have a pure win2k3 environment, so there is no backwards support via PDC emulator. Published books document older NT-like environments. *cries* If there are any documents,

Hello, I have a configuration with dovecot-ldap working with openldap (on FreebSD 5.4 Release). Now I'm trying to do the same thing with an Active Directory (win2k3). I have installed an properly configured SFU. Via nss_ldap-pam_ldap is working fine (FreeBSD 6.2 Release). Because nss_ldap is reported broken with dovecot I'm trying to use dovecot-ldap for both passdb and userdb. My

Hi, Let me know if this scenario is possible: I want a samba server authenticating on OpenLDAP with IDMAP, without creating any local user on server. My environment is: many linux clients, a OpenLDAP server and some services authenticating against it. We don't use Active Directory nor we have any Windows server or client. I don't know if this is possible and i've searched a lot

I am trying to increase my understanding of samba. I am running a FreeBSD server with Samba 4.1.12 configured as a standalone server in a testing environment. The documentation here indicates that winbind / the idmap facility is of little or no use on a standalone server: https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604490 Is this still the case in Samba4? My

hi, can somebody explain, how the idmap backend with ldap works exactly. sorry for that stupid questions, but the docu is not clear for me. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ idmapper.html#id2588292 i understand the idmap topic/difficulty, why i need this, but how the ldap get filled with idmap entries? automatically/dynamically if winbind is running? or

I am trying to have user logon used winbindd for user directory information and krb auth. The kerber logon works when NIS or /etc/password is used for user info. The only difference I see is winbind return a * in the password field. My understanding is * will prevent logons and x will allow the user to logon using /etc/shadow or krb auth in this case. Is there a way to change what winbind

I'm hoping somebody can point me to the right documentation for setting up the following scenario. Earlier this year I had Samba 3.0.28a working as a member server of a (Windows Server 2003) AD domain, using Solaris 10 and Heimdal Kerberos. I was able to log into the server using AD accounts, getent passwd worked, etc. I was using "secruity=ads" with these settings (among other):

Everything that I have read about 'idmap backend' describes it being used with a standalone LDAP server. Is it possible though to configure Samba to store idmaps directly in an Active Directory LDAP using 'idmap backend'? This would obviously involve some schema changes to Active Directory, but other than that I can't think of any technical reasons why this would not be

Thanks for the feedback. With the modifications you specified I have this smb.conf, however it cannot be accessed?; " [global] netbios name = FILESERVER-001 security = ADS workgroup = CORP realm = CORP.INBAYTECH.COM log file = /var/log/samba/%m.log log level = 1 idmap config *: backend = tdb

Running Sun OS 5.10 sparc. OK, I am trying to establish an Active Directory connection from my Sun Solaris box and am trying to utilize Samba to accomplish this task. I've installed OpenLDAP & Samba, but when I run a few checks, it appears that Samba is not seeing KRB or ADS, but is seeing LDAP & WINBIND. (This is Samba 3.3.3) # cd /usr/local/samba/sbin # smbd -b|grep LDAP

Red Hat Enterprise Linux Server release 5.2 (Tikanga) - x86_64 Samba - 3.0.28-0.el5.8 Objective: To have samba authenticate against AD and utilize the values set for the AD rfc2307 schema. Problem: Values stored in AD are not being used. The samba server has successfully joined the AD, but when I do a getent passwd | grep <user> the uid, none of the values returned match what is stored in

Hi, I'm using samba 3.0.23c, and having a bit of trouble getting it to play nice with my active directory. I'm using Windows Small Business Server 2003 with the SFU 3.5 NIS server/schema extensions installed. I have samba configured to use ad as the idmap backend, and sfu for nss info. When running getent passwd, only a few active directory users show up, and I get lots of errors

Hello all, I'm following the howto <http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO> http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO to integrate FreeRadius with Microsoft's AD. The first steps are to make the linux box integrate with MS Active Directory, using some of the samba tools. While working on this, I experienced some

Hello Samba Gurus, Is using the winbind name service required in order to get authentication AND authorization via ADS? I'll explain further. Goal: create samba share for which clients are authenticated via native ADS and access is based on ADS group membership. I've actually done this in the old Windows NT world. Worked okay. It's wasn't too hard, except for the winbind

Hello everybody, I'm looking for some suggestion how to kerberize SAMBA, let me explain I have a Windows 2008 Enterprise Server (will be used as terminal server) and a Samba Server as PDC. What I want to do is logon to the terminal server using samba, I've already put the win server into the samba domain and everything is working; but I want to kerberize samba to avoid different

Hello All, I'm trying to set up linux ssh/shell authentication on a CentOS_6.2 server running smbd version 3.5.10-114 using winbind/smb/pam. We've done this successfully using the tdb backend but wanted users to get the same UID/GID on every machine. Switched to rid for the backend but users still got a foreign number for UID and their default group was always Domain Users. So I'm