similar to: Authenticate users through an AD trust

I have a problem that recently appeared with ADS authentication. I have a samba server that is an AD member on our domain, ourdomain.edu. We are under a domain that is an empty root, call it 'theirdomain.net'. Also under this root is another domain, call it 'theirdomain.edu. I have found that RPC access has been disabled on the DC's in theirdomain.edu and my samba server can no

We have an urgent problem that we've been spending hours on to no avail. We have a RHEL 5.2 server that is running Samba 3.2.8 and was set up for domain authentication against our PDC. It was running fine until I decided to try and change it to "ads" authentication. I then realized that we needed to keep it on "domain" because of the version of Clearcase we have on the

Dear Samba community, We run two Samba server in a CTDB cluster in a small group withing a bigger company. We use Winbind to authenicate and authorize against a company-wide active directory (using `security = ads` and `idmap config OURDOMAIN : backend = ad`, resp., among others). So, if I understand this correctly authentication is done via Kerberos and authorization via LDAP. Unfortunately (but

I am not sure if this first post made it to the list, but I wanted to post the resolution, which was very simple and something I had documented but buried and I had forgotten about it. All these problems went away when I joined the domain using Samba's version of "net", not Redhat's. If you use Redhat's version, it looks like it joins the domain but it really doesn't

Winbind works very well for most of the domains with which we have trusts. But for one domain, 'groups DOMAIN\user' returns only gid 0, and I see kerberos errors in winbind logs: [2008/01/31 13:51:12, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602) ads_krb5_mk_req: krb5_get_credentials failed for foo$@THEIRDOMAIN (Server not found in Kerberos database) [2008/01/31 13:51:12, 1]

Hi there, I have a Samba PDC and BDC migrated from NT4 using ldapsam with an interdomain trust to a 2k3 domain. The trust is established both ways and was made from the pdc. Using samba 3.0.14a-sernet on Suse 9.1 The trust is working. I can pull users from the trusted domain and apply them to acls on my samba DMS. Winbind adds the idmap entry correctly. What is not working, is authentication from

I have some data that looks like this: > dataP input output corpusFreq pvolOT pvolRatioOT 1 give(my sister, the old book) P 47.0 56016 0.1543651 5 donate(her, the book) P 48.7 68928 0.1899471 9 give(my sister, the book) P 73.4 80136 0.2208333 13 donate(my sister, the old book) P

I've been following the forums on this subject. I am still having problems implimenting this at my site. I am trying to replace a Novell 5 file server doing single server signon(workstation manager) with a linux/samba server and a W2K ADS server. I tried this with slackware 10.0, samba 3.0.10, MIT krb5 v 3.1 5, openldap-2.1.22 and got it pretty close (could login wihtout password) but had

I've set up the following and can open a home share for me (sylveg). I've created a group on W2KADS and on OURSAMBALINUX called oadmin and added me as a member in both. I created a samba share called o_drive (see smb.conf below) w/ the linux dir /home/o_drive and valid users = %D+oadmnin. The /home dir is: drwxr-xr-x 2 root root 4096 2004-09-03 15:16 ftp/ drwx------ 2 root root

I've got three 7960s running v6 SIP firmware. My Asterisk setup has worked fine with grandstream devices, and basically, we're just upgrading to use nicer phones. Whilst I can make/receive calls from the 7960 to/from gossiptel). When I try to place a call, I get the following Jan 21 11:09:23 NOTICE[19688]: chan_sip.c:7271 handle_request: Failed to authenticate user "30"

>>>> Set >>>> >>>> ssl_client_ca_file=/path/to/cacert.pem to validate the certificate >>> >>> Can this be the Lets Encrypt cert that we already have? In other words we have: >>> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem >>> ssl_key = </etc/pki/dovecot/private/dovecot.pem >>> >>> Can those be

Am still having problems getting Samba/W2K ADS to work w/MIT-KRB5. Fresh install of following: Slackware 10.1 Openldap 2.2.23 MIT krb5 1.4 Samba 3.0.11 (with clitar patch) Following "http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member" I get to: kinit administrator@OURORG.OURDOMAIN.ORG (comes back to prompt after password, no error. klist -e gives:

Hello, Sometime when we receive a spam or virus that is detected as it, mailer daemon send a reply to the sender to inform that the message is a spam or content viruses. The problem is that the sender of the spam as something like voicemail at ourdomain.fr ( the user voicemail doesn't exist in our database ) And sometimes dovecot create the directory and store the reply 's mail...

Hi Louis, answers are inline ... On 03/24/2015 03:48 PM, L.P.H. van Belle wrote: > Realm is advices to use UPPERCASE.. not obligated. ( but very advices yes ) I changed the config to uppercase and rebooted, no change in the logfiles. > > check the following outputs and post them back in the list ( if needed anonymized ) > > hostname -i 192.168.1.235 > hostname -s the-ad-hostname

Hello, I've been trying to figure this out for some time and can't quite nail it down, despite searching the internet, and a couple of samba books. Here goes: I'm running "Version 3.4.3-3.3.1-2341-SUSE-SL11.2" of Samba on OpenSUSE 11.2. Here are some relevant excerpts from my smb.conf file: [global] ... security = ADS ... winbind separator = + ... log level = 2 ...

Hello, I've been trying to figure this out for some time and can't quite nail it down, despite searching the internet, and a couple of samba books. Here goes: I'm running "Version 3.4.3-3.3.1-2341-SUSE-SL11.2" of Samba on OpenSUSE 11.2. Here are some relevant excerpts from my smb.conf file: [global] ... security = ADS ... winbind separator = + ... log level = 2 ...

On Tue, 15 Jan 2019 17:09:00 +0000 Howard Coles <hcoles at dollargeneral.com> wrote: > Here is the smb.conf made generic to pass on. The share I’m > concerned with at the moment is the "appprt" share, it's simple > enough but it's not recognizing that primary local group.: > > # Samba config file created using SWAT > # Date: 2007/09/26 11:03:44 >

Hello. I'm facing an seemingly unsolvable problem on the Samba servers I administer (on Debian stable). Those servers are registered on a AD domain. They only serve files and are not registered as domain controllers. For some idendified users (always the same), Winbind periodically (but unpredicably) becomes unable to resolve their names, making their shares unavailable. A "net cache

Found the problem. There is a DNS Problem on one machine. This happend because I was testing some samba AD settings in a virtual machine, without knowing that NAT isn't shielding this properly - this vm propagated the "new" IP to one of the dcs. DC04> ping DC03 gives wrong IP! This should be fixable with the samba-tool dns update? On 03/27/2015 01:14 PM, Johannes Amorosa |

Hi, we've got a samba-3.0.21a-1 systems that's set up w/ winbind to query AD to authenticate users w/out Unix accts. The system is also set up to support our LDAP'd UNIX accts. After setting the [global] section like this: [global] realm = WIN.OURDOMAIN.COM security = ads password server = thebes balsam encrypt passwords = yes log file = /var/log/samba/log.%m