Displaying 20 results from an estimated 110 matches similar to: "Local groups with ADS users"
2010 Apr 29
1
Samba and Active directory groups
Hi list,
I have successfully authenticated active directory users with samba. Now I need to create some Active directory security groups and authenticate and redirect those users to a specific directory.
Ex:
IT_GROUP - user x , user y
FIN_group - user a, user b
If the user x , access the samba server, that user will be redirected to the specific directory (that's in the samba stanza).
This
2015 Apr 16
2
Group Mapping: All Users from a Domain group should be able to write to a local group
Hello Mailinglist,
I have created a local user "localuser" who is in the local group
"localgroup"
$ id
uid=1001(localuser) gid=1001(localgroup) groups=1001(localgroup)
My machine authenticates against Active Directory - works
The AD-User "aduser" belongs to a domain group "adgroup"
$ id
uid=6161(aduser) gid=5513(dom?nen-benutzer)
2019 Feb 08
2
Permission issue
Hi,
We did a classicupgrade of our Ubuntu Server (4.3.11, TDB), the server DC5 also host shares. Post the migration we are seeing some permission issues.
When trying to give permission to a domain group/user to folder/file we get the following
chown "LIN\\myadmin:LIN\\adgroup" adtest/
chown: invalid user: 'LIN\\myadmin:LIN\\adgroup'
wbinfo --ping-dc : checking the NETLOGON
2019 Feb 08
0
Permission issue
On Fri, 8 Feb 2019 06:22:05 +0000
Praveen Ghimire via samba <samba at lists.samba.org> wrote:
> Hi,
>
> We did a classicupgrade of our Ubuntu Server (4.3.11, TDB), the
> server DC5 also host shares. Post the migration we are seeing some
> permission issues.
>
> When trying to give permission to a domain group/user to folder/file
> we get the following
>
>
2007 Mar 28
0
Active Directory Groups within /etc/group
I apologize if I'm going down the wrong avenue here...
I have Samba/Winbind working to authenticate AD accounts to my Linux
server. I can perform getent passwd ADUser and view the user
credentials as well as using getent group ADGroup to view AD groups.
When I modify /etc/group I can add ADUser to the file and the ADUser
will have the security desired. However when I add an ADGroup to
2013 May 06
0
net rpc group add & by/pass the group scope value
Hi folks,
Does anyone have a clue of how to by/pass the group scope value when creating a group in AD by using the net tools?
I can delete an AD group, add/remove members from a group but I can't create a group. I reckon it's because of the group scope value (even Power Shell/New-ADGroup prompts for it)
$ net -U $ADMIN_USER -S $DC_ADDRESS rpc group add $GROUP_NAME -c $OU
Error
2015 Apr 05
0
Samba as AD member can not validate domain user
On 05/04/15 19:42, jd at ionica.lv wrote:
> I am sorry for many P.S.
>
>>> When domain user tries to access file server (samba4, member of AD
>>> domain)
>>> server logs such error:
>>>
>>> 2015/04/05 21:13:01.095178, 1]
>>> ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
>>> Username DOMAINwusername is invalid on
2019 Feb 08
4
Permission issue
Hi Rowland,
The user's ID range would have been below 3600, the current max rid is 3506
The links have been setup following this link, then restarted the samba-ad-dc service
https://wiki.samba.org/index.php/Libnss_winbind_Links
I followed the following to configure the winbindd stuff,
https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
template shell = /bin/bash
2004 Oct 22
0
share permissions for AD groups
Hello,
We have following environment
Win2k AD with "endless" number of groups (should be more then 1000) , on the
other site solaris9 samba3.0.7 compiled with all relevant optins , winbind ,
ads and so on , installations is ok , we joined AD domain w.o problems ,
getent * shows all like expected
same for wbinfo
The big problem remaining is , we want to restrict access to shares to
2004 Oct 22
0
AW: share permissions for AD groups
> Hello,
>
> We have following environment
>
> Win2k AD with "endless" number of groups (should be more then 1000) , on
> the other site solaris9 samba3.0.7 compiled with all relevant optins ,
> winbind , ads and so on , installations is ok , we joined AD domain w.o
> problems , getent * shows all like expected
> same for wbinfo
>
> The big problem
2015 Jan 29
0
rfc2307 deprecated in Windows 2012 R2?
@Hans-Kristian:
I'd like to see it. How did you automate this?
@Andrew:
In another thread I suggested to set the rfc2307 info automatically when a domain is provisioned with --use-rfc2307. Possibly by an additional parameter.
This would make things easier in my eyes.
Thanks
Tim
Am 29. Januar 2015 22:02:14 MEZ, schrieb Hans-Kristian Bakke <hkbakke at gmail.com>:
>It is actually
2015 Jan 29
3
rfc2307 deprecated in Windows 2012 R2?
It is actually rather easy to set the attributes via powershell, and
that is probably the best way to add them in a Server 2012 R2
environment.
I wrote a powershell script to do this automatically for users and
groups in an entire domain that should be pretty generic to be reused.
It also mirrors the logic used in automatic winbind UID/GID generation
to be able to coexist in an environment where
2015 Jan 29
0
rfc2307 deprecated in Windows 2012 R2?
Something went wrong and the message got sent before it was finished.
Here is the complete one:
Ok, it's here: http://pastebin.com/JEnr5wUq
The id_offset is that value because i initially didn't use rfc2307
attributes, but instead had
idmap config EXAMPLE : range = 300000-499999
in smb.conf.
To get identical uid/gids have to start with the same offset. If you
have a fresh domain and
2015 Jan 29
2
rfc2307 deprecated in Windows 2012 R2?
Ok, it's here: http://pastebin.com/JEnr5wUq
The id_offset is that value because i initially didn't use rfc2307
attributes, but instead
On 29 January 2015 at 23:27, Tim <lists at kiuni.de> wrote:
> @Hans-Kristian:
> I'd like to see it. How did you automate this?
>
> @Andrew:
> In another thread I suggested to set the rfc2307 info automatically when a
> domain
2015 Jan 30
0
rfc2307 deprecated in Windows 2012 R2?
I do not understand the point about issues with administrator beeing
mapped to a "random" rfc2307 UID. You need to explain the details
surrounding that part to me as my experience is that this is OK and
even necessary.
The only reason for not giving Administrator a "random" UID/GID that I
can think of is perhaps if you are doing some mapping of Administrator
to root, something
2015 Jan 30
3
rfc2307 deprecated in Windows 2012 R2?
On 29/01/15 22:56, Hans-Kristian Bakke wrote:
> Something went wrong and the message got sent before it was finished.
> Here is the complete one:
>
> Ok, it's here: http://pastebin.com/JEnr5wUq
>
> The id_offset is that value because i initially didn't use rfc2307
> attributes, but instead had
>
> idmap config EXAMPLE : range = 300000-499999
>
> in
2017 Aug 10
0
getent group adgroup not showing members
Hello,
I'm bringing up a AD domain member server on RHEL 7.4 which provides
packages with samba 4.6.2. I've joined the domain and cannot seem to get
this command to provide a list of group members:
getent group adgroupname
what comes back is just
adgroupname:x:gid:
On another machine running RHEL 6.8, the same getent returns a full listing:
adgroupname:*:gid:user1,user2,user3,etc
id
2017 Nov 06
1
ntfs user mappings?
On Sun, 5 Nov 2017 16:14:33 -0700
Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> Not bad but I wanted an ldap version because I was having issues
> running ldbsearch as a normal user.
>
I had another thought, why am I reinventing the wheel, so came up with
this:
#!/bin/bash
echo "#######################################################"
echo "#
2015 Apr 05
2
Samba as AD member can not validate domain user
I am sorry for many P.S.
>> When domain user tries to access file server (samba4, member of AD domain)
>> server logs such error:
>>
>> 2015/04/05 21:13:01.095178, 1]
>> ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info)
>> Username DOMAINwusername is invalid on this system
>>
>> [2015/04/05 21:13:01.095200, 1]
>>
2020 Nov 18
2
samba / debian 10 / security=ads
Hi all
I'm looking for some help on winbind/idmap for a new host
The debian version is new on this host : debian 10 buster so samba is
> root at homedir10:~# samba --version
> Version 4.9.5-Debian
We want to use security=ads so we join this host to the domain
No problem for windows clients : they can mount shares that are
accessible to their primary unix group and secondary unix