similar to: problem using 'winbind nss info =' statement

Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the

new installation of samba v3.0.21 on debian. Joined the samba box to an ActiveDirectory domain. Can enumerate users/groups with wbinfo run locally on the samba box. Can connect remotely to samba box via smbclient Version 3.0.10-Ubuntu linux. Can create new files via 'put' cmd within smbclient. Can login remotely to samba box with ssh client on linux box. Can _NOT_ map a drive to samba

I've got samba v3.0.21 on server 'RELIANT' with security=ADS I want MsWin XP clients, that have logged into Microsoft AD domain 'MYDOMAIN' to be able to map a drive to 'RELIANT', and to do so without having to authenticate again. I haven't been able to do so. Here's what happens: the XP client doesn't prompt for authentication (which is good,

Hi Jonathan, Yep, samba sends the domain name as well as the username to the domain controller, and what I think happens is the NT controller sees that the domainname passed is NOT his domain, checks his list of trusted domains, doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is the netbios name of the win2k client machine? I'm not real clear on how this

I have winbind v3.0.26a running on ubuntu server v7.10 (gutsy). I intend to get user & group info from MsActiveDirectory. However, when I type: getent passwd somerandomuser I get the uid and gid for the user, as recorded in the msad schema by virtue of sfu, but the homedir and loginshell that are returned are like what "winbind nss info = template" would return by default:

Hello, I've got a linux box running smbd & nmbd versions 2.0.6 with security = DOMAIN, and an NT4 box as the password server. The sole domain controlled by that NT4 box is named "MSOE". All is well with win98 clients. However, Win2k clients that are not part of an NT domain, but simply belong to a "workgroup" named "MSOE", are unable to authenticate. The

I'm using winbind v3.0.22 on Debian Linux as a source for nss info. I have a group that was once known by winbind, but is no more: ------ beging shell except ------ # ls -ld ./ drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./ # ------ end shell except ------ It must have been known, as I was the one who chgrp'ed the dir originally. I know what the group name is

with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD by using winbind for authentication as well as for the source of nss info. When winbind is configured to use its own local id maps, everything works fine. But when i configure winbind to use 'ad' as the source of nss info, authentication fails, 'getent' commands return no results, and 'wbinfo -r

this problem might be more to do with apache than winbind, but I'll start here anyway... Problem: can't get apache httpauth to work with nested groups, though ssh auth (also using pam) to same box does Config: -------------------------------------------------------- software: apache 2.0.55, libapache2-mod-auth-pam 1.1.1, and winbind 3.0.22 pertinent apache config:

I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes to auth against MsA.D. and get all their user info from MsA.D. I recently discovered that winbind can accomplish the same without Mssfu, as long as I'm content to be limitted by the winbind config directives 'template shell' and 'template homedir'. I'd like to drop sfu if I can. The 'template

Suppose I want to upgrade a bunch of packages on a system, but in case the upgrade produces unexpected, undesired results, I want to be able to rollback the system to its original state. What is the best way to do that? Often, I won't have, or be able to find, packages for the current installed versions. I.e. If I haven't upgraded postgres for 2 years, it may be that I can no longer

I have recently compiled and install samba 2.0.7 on a Alpha server running Tru64 5.1 . I do have SWAT install ed as well and i have modified both /etc/services and /etc/inetd.conf to include the configs for swat. I then point the browser at localhost:901 and it prompts for a login. I login in as root, and give the correct password, but it will not authenticate me. I can (via command line) add

On Fri, 27 Jan 2017 10:30:22 +0100 mj via samba <samba at lists.samba.org> wrote: > Hi, > > We are using keycloak with our samba-4.4.4 AD environment. (an ldaps > client application) > > Keycloak is able to ask users to change their passwords, when the > checkbox "require password change upon next logon" is set in ADUC. > > However, in our

On Fri, 2017-01-27 at 10:30 +0100, mj via samba wrote: > Hi, > > We are using keycloak with our samba-4.4.4 AD environment. (an ldaps  > client application) And a very interesting one at that. I'm glad to see someone has taken on some of the ADFS capability I hear folks ask for regularly. > Keycloak is able to ask users to change their passwords, when the  > checkbox

Hi, We are using keycloak with our samba-4.4.4 AD environment. (an ldaps client application) Keycloak is able to ask users to change their passwords, when the checkbox "require password change upon next logon" is set in ADUC. However, in our environment (samba-4.4.4) keycloak simply refuses the logons when tht checkbox is set. ("bad username or password") RedHat

Hi Andrew and Rowland, Two replies, so quickly! I'm impressed :-) On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote: > And a very interesting one at that. I'm glad to see someone has taken > on some of the ADFS capability I hear folks ask for regularly. Yes I agree, keycloak is very cool. I have found the following samba bug report:

On most of the CentOS 5 machines I manage, if I run "yum list installed" the third column just says "installed" for all packages. But on one machine, some lines show instead a repo name preceded by an @ sign. Apparently the repo from which the package was installed, which would be immensely useful. Two questions: 1. Can I have that feature on the other CentOS 5 machines too?

I started with one dc, 'dc1', running samba v4.0.21, in subnet1. I successfully added two more dc's, 'dc2' and 'dc3', both running samba v4.0.24, both in subnet2. There are several firewalls between subnets 1 & 2. I continued to make firewall holes on behalf of msad after I added dc's 2 & 3. I.e. when they were added, there were patterns of communication

Hi John, > I understand that Samba doesn't support domain renaming, which is why > I'm looking for a way to export the data from one domain and import it > into a new one. Passwords and machine accounts are not a problem and can > be ignored for this exercise. The key things I need to copy across are > user accounts and groups, as they would be an absolute pain in the rear

Another, but more recent problem, I am having is Live365. I haven't done much work with it, but can you relay to Live365 properly? They give me an ip and it works, but I don't show up in their listings, and the song title doesn't show up in the client's mp3player. (whereas if someone listens to the local broadcast they do get the song titles). Using latest, from CVS, Icecast