similar to: Winbind authenticating its default domain but not trusted domains

Hi, I have installed samba 3.5.4 on Centos 6 and have set it up to authenticate to a Windows 2008 Domain Controller. When I do a "su - some-domain-user", the home directory gets created. However, I want the home directory to be created when a user accesses the samba shares(no shell access). Following are the relevant configurations. What are the PAM changes I need to make? Help is much

Hello Andrew, I'm a little stuck with my login authentication for my Samba 3 box. With the new features in Samba 3 - Should I be able to provide username@domain & password at login that would authenticate me against our W2K ADS PDC and obtain my kerberos ticket? Please advise on the suggested way to authenticate against our Active Directory domain at login if I'm way off base on

Hi all I'm actually trying to setup an AD authentication on linux workstations. - I've setup an windows AD 2003 server, which work fine. - I've setup linux redhat 4 enterprise server (used as a workstation for the moment) - On the redhat, I already have setup smb.conf, krb5.conf, nsswitch.conf, pam.d/login, pam.d/system_auth. I have pasted all these files below. ==> I get

So I have Samba 3.5 set up to use pam to authenticate against kerberos. This seems to be working fine when I connect to the from a linux system using smbclient. However, when I try to connect from a windows system, it fails. I cranked up the debug level, but I'm unable to figure why this does not work. I feel I'm missing a component to this. I use samba on a handful of our servers,

I'm running CentOS 4.3 with the most recent samba-client and samba-common rpms. I've managed to configure samba/winbind to allow me to join the box to the AD, create the UID and GID mappings, etc. However, when I try to connect via ssh, the account cannot log in. /var/log/messages says the following: Sep 5 17:15:25 kdcdmz sshd[6263]: error: Could not get shadow information for

Having issues adapting our 3.4 configuration that worked very well using idmap rid in 3.3. It seems like winbind does not cache the credentials despite all of the settings being present. I can set winbind offline via smbcontrol and have it work, but if I reboot the machine (important for my laptops) off the network winbind complains that it can't find the logon server. When disconnected and

Hi all, I am a bit confused about the usage of pam_mount. Here is my /etc/pam.d/system-auth: auth required pam_env.so auth required pam_mount.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account

Hi, I have these following configurations: Active Directory 1 = DomainA.com AD1 Primary Group = Domain Users AD1 Group 1 = Linux (member: DomainB\ad2testuser1) Server joined = linux1.DomainA.com (configured Kerberos and Winbind Samba4 from sernet) Active Directory 2 = DomainB.com AD2 Primary Group = Domain Users (member: DomainB\ad2testuser1) AD2 User 1 = ad2testuser1 note: (1)

Hello Samba List, I am struggling with connecting samba to our AD servers. Thought it will be easy as before but I was wrong. DCs: Windows Server 2012 (2x) with AD Domain Forest/Level 2003 NATIVE. + SBS 2003 (will be removed, migrating from SBS AD to new 2012 servers) -standard AD schema with exchange attributes DID NOT INSTALL UNIX attributes. This is required for SSSD. Thought i would go

Hi, I've successfully joined a CentOS server to our AD domain: AD: Windows Server 2008 RC2 with Windows Services for UNIX AD member: CentOS 6.6, sernet-samba-4.1.14-9, authentication via Kerberos and Winbind >From time to time the following entries show up in the messages file: Apr 2 11:54:15 barbarella nss_wins[4254]: [2015/04/02 11:54:15.339983, 0]

So I have this centos 5.10 box which authenticates network users against ldap(authorizing)+kerberos(authentication). And I now would like to have sudo be able to allow admins (netgroup chinbeards) to sudo about. I am not using sssd though (yet). Here is the output of me trying sudo (debug on): [raub at centos5-x64 ~]$ sudo pwd LDAP Config Summary =================== uri

Hello everyone I have reached the end of my rope and desperately need help. I recently installed two Samba4 Active Directory Domain Controllers on CentOS 6.3 which are working perfectly, and I had joined a Samba3 Server to this domain and everything went well. I could authenticate users on samba3 server and could see all the groups in the domain, but I was having permissions problem accessing the

Hi all, I've got a Dovecot v2.3.3 IMAP with GSSAPI auth set up. This server is in main domain, 'contoso.com'. I also have several subdomains. My problem is usernames with GSSAPI authentication: When I try to login as 'user' or as 'user at CONTOSO.COM' - everything works. But, 'user at contoso.com' auth fails. But when I try to login as subdomain user,

Tried single quotes on Domain Admins in the pam.d file as well as a backslash on the space with no effect. I've found several references that just say "no spaces in group names." Is there really no way to do this? Also, most references I find to using these lines in pam.d say that "sufficient" should work, but I'm finding that users in the named group can then log in

Hi, Iam trying to setup Samba version 3.2.3 on Redhat (RHEL5) server to use Active Directory for authentication. I followed the instructions from article in following website: http://technet.microsoft.com/en-au/magazine/dd228986.aspx Setup Winbind + Samba + Kerberos and it seems to work fine. I can see the users in Active Directory through winbind as well as authenticate users using NTLM

Dear all, I guess there were a lot of posts about this subject, but Im really stuck & prefer start a new thread hoping that some of you won't mind re-posting to help the Samba NewBie that I am. well, here is my situation: - more than 1000 users on a hetegenous network, One Domain & the need to keep only one. - I need my Linux Boxes' users to get authenticated against a single

I'm trying to do something fairly simple: login to a Linux box using a Windows AD-based account. I've followed the various recipes available online for configuring Linux (winbind, PAM, etc.) to this send, and I've got it working ... almost. I'm able to authenticate an AD-based user immediately after bringing up the Linux box, but a short time later (roughly 5 minutes, but it

Good Day, I am testing, in a lab environment, samba shares with ad authentication for access. My setup is as follows : * Windows 2008 RC2 * RHEL 5.9 * Windows 7 * Windows XP SP3 * Samba 3.0.33-3.39.el5_8 All machines, including the RHEL Server having been added to the Domain running on the Windows 2008 RC2 Server. As per the subject, when trying to connect, from XP or Win 7, to the shares I

Dear all, I have a linux server that uses redhat AS4.I want to make a samba file server.Because we have a windows 2003 domain,I must use "security = ADS".The samba version is samba-3.0.10-1.4E.9. The samba server joined windows 2003 domain successful.I can find samba server in the "network neighborhood".Client PC access samba server must confirms with PDC.The domain member

On Tue, 19 Jan 2016 15:15:15 Rowland penny <rpenny at samba.org> wrote: > I have attached a new version of change_AD_pass, would you like to test it ? Yes, I will give it a shot! > I am also wondering if there is a need for a script that would change a > users password and at the same time set the unixUserPassword ? My domain users do not have a local Unix entry in /etc/passwd,