similar to: winbind can see some groups but not others

When winbind is configured without the 'winbind nss info =' statement (i.e. such that winbind maintains its own local map of SIDs -> UID/GIDs), the following works fine: # cd ~detertj # getent passwd detertj detertj:x:10008:10000:detertj:/home/MSOE/detertj:/bin/bash but when i try to make winbind use sfu for the mapping of SID -> UID/GID, username lookups are

with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD by using winbind for authentication as well as for the source of nss info. When winbind is configured to use its own local id maps, everything works fine. But when i configure winbind to use 'ad' as the source of nss info, authentication fails, 'getent' commands return no results, and 'wbinfo -r

Hi Jonathan, Yep, samba sends the domain name as well as the username to the domain controller, and what I think happens is the NT controller sees that the domainname passed is NOT his domain, checks his list of trusted domains, doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is the netbios name of the win2k client machine? I'm not real clear on how this

I'm using winbind v3.0.22 on Debian Linux as a source for nss info. I have a group that was once known by winbind, but is no more: ------ beging shell except ------ # ls -ld ./ drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./ # ------ end shell except ------ It must have been known, as I was the one who chgrp'ed the dir originally. I know what the group name is

I have winbind v3.0.26a running on ubuntu server v7.10 (gutsy). I intend to get user & group info from MsActiveDirectory. However, when I type: getent passwd somerandomuser I get the uid and gid for the user, as recorded in the msad schema by virtue of sfu, but the homedir and loginshell that are returned are like what "winbind nss info = template" would return by default:

I've got samba v3.0.21 on server 'RELIANT' with security=ADS I want MsWin XP clients, that have logged into Microsoft AD domain 'MYDOMAIN' to be able to map a drive to 'RELIANT', and to do so without having to authenticate again. I haven't been able to do so. Here's what happens: the XP client doesn't prompt for authentication (which is good,

Hello, I've got a linux box running smbd & nmbd versions 2.0.6 with security = DOMAIN, and an NT4 box as the password server. The sole domain controlled by that NT4 box is named "MSOE". All is well with win98 clients. However, Win2k clients that are not part of an NT domain, but simply belong to a "workgroup" named "MSOE", are unable to authenticate. The

new installation of samba v3.0.21 on debian. Joined the samba box to an ActiveDirectory domain. Can enumerate users/groups with wbinfo run locally on the samba box. Can connect remotely to samba box via smbclient Version 3.0.10-Ubuntu linux. Can create new files via 'put' cmd within smbclient. Can login remotely to samba box with ssh client on linux box. Can _NOT_ map a drive to samba

I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes to auth against MsA.D. and get all their user info from MsA.D. I recently discovered that winbind can accomplish the same without Mssfu, as long as I'm content to be limitted by the winbind config directives 'template shell' and 'template homedir'. I'd like to drop sfu if I can. The 'template

Hi all, Where i want to arrive: 1) having two storage server replicating partition with DRBD 2) exporting via GNBD from the primary server the drbd with GFS2 3) inporting the GNBD on some nodes and mount it with GFS2 Assuming no logical error are done in the last points logic this is the situation: Server 1: LogVol09, DRDB configured as /dev/drbd0 replicated to Server 2. DRBD seems to work

Hello fellows, I have a problem with a 2 node RHCS cluster (CentOS 4) where node 1 failed and node 2 became active. That happened already last year and due to holidays the customer didn't recognize it. The cluster is just a failover for Apache and has no shared storage space. Customer now saw the situation, tried to fix it by rebooting node 1, which then failed to come back up. As

Hi, We are using keycloak with our samba-4.4.4 AD environment. (an ldaps client application) Keycloak is able to ask users to change their passwords, when the checkbox "require password change upon next logon" is set in ADUC. However, in our environment (samba-4.4.4) keycloak simply refuses the logons when tht checkbox is set. ("bad username or password") RedHat

Hi, I''m using xen on two-node redhat cluster (CVS devel version), using lvm as storage backend. redhat cluster is used to synchronize LVM metadata (using clvmd) and as storage for domain configs and dom-U kernels (with gfs). Latest version of redhat cluster works with xen-2.0.4, but not with xen-2.0-testing. ccsd failed to start on 2.0-testing. Anyone knows what the problem is? I

I thought I've installed the clustering tools, but when I attempt to run clustat, it says it doesn't exist. When I installed the suite, I ran: yum install -y GFS GFS-kernel-smp magma-plugins fence dlm dlm-kernel-smp gulm cman cman-kernel-smp CCSD is running and when I "cat /proc/cluster/nodes", I see my three nodes. Does anyone see the package that I missed for

Hi Andrew and Rowland, Two replies, so quickly! I'm impressed :-) On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote: > And a very interesting one at that. I'm glad to see someone has taken > on some of the ADFS capability I hear folks ask for regularly. Yes I agree, keycloak is very cool. I have found the following samba bug report:

Hi everyone, I came across this issue today while upgrading a samba4 AD. The forest/domain level is 2008R2, however the schema partition is actually missing the msDS-isRODC attribute (and probably a few others). It makes the ADUC console to failed on that entry below. Here is the samba log message (which is quite explicit :-) Sep 28 16:55:36 srvads samba[27900]: [2016/09/28 16:55:36.819666,

On 11/20/2015 10:17 AM, mathias dufresne wrote: > > > 2015-11-20 15:11 GMT+01:00 James <lingpanda101 at gmail.com > <mailto:lingpanda101 at gmail.com>>: > > On 11/20/2015 7:40 AM, Ole Traupe wrote: > > > > Am 20.11.2015 um 11:54 schrieb mathias dufresne: > > Hi Ole, > > I'm still not answering your issue

Hi everyone, after a classicupgrade from a samba3 domain to a samba4, I have a weird issue related to DCOM and named pipes. The switch to samba4 went fine and everything works perfectly except one old software that uses Windows named pipes and DCOM for client-server communication. When trying to access the DCOM server the software fails. The failure can be easily reproduced with a simple

this problem might be more to do with apache than winbind, but I'll start here anyway... Problem: can't get apache httpauth to work with nested groups, though ssh auth (also using pam) to same box does Config: -------------------------------------------------------- software: apache 2.0.55, libapache2-mod-auth-pam 1.1.1, and winbind 3.0.22 pertinent apache config:

On Fri, 27 Jan 2017 10:30:22 +0100 mj via samba <samba at lists.samba.org> wrote: > Hi, > > We are using keycloak with our samba-4.4.4 AD environment. (an ldaps > client application) > > Keycloak is able to ask users to change their passwords, when the > checkbox "require password change upon next logon" is set in ADUC. > > However, in our