Displaying 20 results from an estimated 1000 matches similar to: "pam_winbind causing local user login failures on 3.0.23c ... and a couple of other things"
2006 Apr 09
1
Can pam_winbind be configured to issue Kerberos tickets on user validation?
Hi
I have Samba 3 running on Fedora 4, configured to use pam_winbind to
validate user logins against my W2K ADS. Logins are fully functional using
names such as adsdomain.adsuser (I have the fullstop character configured as
my winbind seperator).
This is all working fine.
What I would now like to do, is to have a Kerberos ticket from the ADS
Kerberos realm issued to the user that has just
2006 Apr 10
0
Can pam_winbind be configured to issue Kerberos tickets onuser validation?
> -----Original Message-----
>
> I've tried to use the pam_krb5 module, but as pam modules
> validate the user as given, pam_krb5 is trying to match the
> password to adsdomain.adsuser@ADSDOMAIN.REALM.... so it fails.
>
Pam_krb5 can be configured to convert winbind usernames back into
principal names, by means of some regexp matching and template filling
magic. It it
2005 Sep 19
0
Re-2: rid_idmap problem
That's good, but i believe that the "allow trusted domains" must be
set to "No" when using idmap_rid backend.
See:
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/
idmapper.html#id2587685
On Sep 19, 2005, at 10:41 AM, stefanke@micodat.com wrote:
> I have fixed my problem. I do not have configured a range for the
> BUILTIN domain! So the following
2005 Feb 22
2
Corrupt Database and couldn't map SID.
I'm running Samba 3.0.11. Compiled with:
./configure '--with-ads' '--with-pam' '--with-winbind' '--with-smbmount' '--with-shared-modules=idmap_rid'
It configured, make and make installed fine. I configured the idmap_rid using the following directives in the smb.conf.
; IDMap Stuff
idmap backend = idmap_rid:<DOMAINNAME>=500-100000000
2017 Nov 01
0
Winbind, Kerberos, SSH and Single Sign On
I can suggest a few things.
krb5.conf ( if you use nfsv4 with kerberized mounts _
[libdefaults]
ignore_k5login = true in
But, it does not look like it in you logs your useing kerberized mounts.
Im missing in SSHD_config :
UseDNS yes
And the defaults :
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
Are sufficient for a normal ssh kerberized login.
Optional,
2017 Nov 02
2
Winbind, Kerberos, SSH and Single Sign On
Hi,
thanks for your hints. DNS, /etc/resolf.conf, /ets/hosts seem to be
correct. I'm able to do a kerberized ssh with a user from
subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE) But I'm
not able to do the same with a user from example.de (user1 at EXAMPLE.DE).
--
Regards,
Andreas
Am 01.11.2017 um 10:51 schrieb L.P.H. van Belle via samba:
> I can suggest a few
2004 Feb 02
0
ADS winbind/krb5 error
Hi all.
Pretty new in Linux side of the world. I'm trying to run Samba 3.x on Fedora-core-1 in an ADS environment,
with krb5 authentication. Installed Samba 3.0.2rc2 from source, installed the required libraries for
kerberos MIT, configured smb.conf and krb5.conf.
Run net ads join -U administrator and it worked, i can see the machine account in the active directory. From
my linux box I
2005 Mar 04
0
Winbind Daemon dying
Samba 3.0.11 on SLES8 on z/VM
The system will be running fine then every few days the Winbind daemon
will stop. Below are the last lines of the log file.
[2005/03/03 14:15:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(475)
rid_idmap_get_id_from_sid: no suitable range available for sid:
S-1-5-32-545
[2005/03/03 14:15:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(475)
2017 Nov 01
2
Winbind, Kerberos, SSH and Single Sign On
Hi,
at first I'm not sure if this is the correct list to ask this question.
But since I'm using winbind I hope you can help me.
I try to realize a kerberized ssh from one client to another. Both
clients are member of subdom2.subdom1.example.de and joined to it. The
users are from example.de, where subdom1.example.de is a subdomain
(bidirectional trust) of example.de and
2002 Dec 05
1
Samba 2.2.7 - client computer can NOT log IN.
Hello All!
Any of our workstations who try and log into the domain receive the
following Windows error: "The system cannot log you on to this domain
because the system's computer account in its primary domain is missing
or the password on that account is incorrect". Ok, good enough...
If I check the smbpasswd file I can see the machine account and it is
also in passwd. So I
2005 Feb 07
1
how to add a windows share
I have a msaccess program that is hard linked to a windows computer on
the network (and I am not allowed to change the source :-( )
In some parts it seeks its files in \\computer1\c\Program Files\Program
I have mounted computer1 using samba to ~/computer1 (with full
read/write access)
I have made a symbolic link in ~/.wine/dosdevices/unc according the
winehq documentation. But I can't
2003 Dec 16
3
Tinc on windows XP Problem?
Hello All , I installed tinc for windows. But it doesn't seem to work.
I want to connect two computers(for testing purposes)
computer1(webdev) and computer2(gis) I have installed the tap-win32 on both
of them.
Both computers are windows XP. Also I don't have a router.
Computer1:webdev
-----------------------
C:\Program Files\tinc\vpn1\tinc.conf
Name = webdev
ConnectTo = office
2005 Feb 01
2
Auth failing - idmap_rid?
The samba server is FC3 / samba 3.0.10 (Fedora package w/ idmap_rid
compiled)
The samba server shows up in the browse list, but when you select it
from an XP machine windows spits up "\\ server is not accessable" yada
yada "The user name could not be found" The following shows up twice in
/var/log/samba/winbindd:
[2005/02/01 14:00:27, 0]
2006 Jan 04
5
Error when migrating from 3.0.20b to 3.0.21x
Hi,
I migrated from samba 3.0.20b PDC to 3.0.21x using the rpm -Uvh and
now I get these errors:
[2006/01/04 19:48:08, 0] libsmb/credentials.c:creds_server_check(159)
creds_server_check: credentials check failed.
[2006/01/04 19:48:08, 0] rpc_server/srv_netlog_nt.c:_net_sam_logon(667)
_net_sam_logon: creds_server_step failed. Rejecting auth request from
client COMPUTER1 machine account
2007 May 02
1
duplicate group in NET GROUPMAP LIST
Hi List
I'm experiencing a strange behaviour on my samba server
the group "Domain Users" (and other builtin groups from my AD servers)
appear to have a duplicated SID
here is the output of
mail# > net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1
Replicators (S-1-5-32-552) -> -1
Domain Users
2004 Sep 04
4
masquerade and mac problem
Hello guys
I don''t know if this thing has been posted before (if it was , please forgive me).
I have 7 computers at home and I want all of them to have access to the internet. In order to do that , I set up a linux router (2 network cards) as a usual router (eth0 : 82.77.69.75 - internet connection ; eth1 : 192.168.10.1 - local network) . The other computers have ips ranging from
2002 Jul 21
2
Samba & XP PRO
Please forgive is this has been posted, but without a good search
function the archives are hard to search.
Have a home network - two laptops XP PRO, one Linux RH 7.3 and one NT
box. All in the workgroup named workgroup.
I would like to rid myself of the NT box as all it does is spool a
printer and a USB Hard drive for backup purposes.
Network hooked to a Linksys Cabel Modem router, So NAT
2004 May 21
0
Samba 3.0.4: some problems with SWAT/STATUS and smbstatus
Hi,
I just installed Samba 3.0.4 on a Solaris 2.6 server. I had no
problem compiling, intalling and configuring it, and everything seems to go
OK. People can connect to all the configured shares without any problem.
But I have some problems when getting server status either via
SWAT/STATUS or using smbstatus:
First, in the "Client" field of the SWAT/STATUS report I have
problems
2007 Feb 12
1
AD integration: "getent passwd" can't see *new* users, but "wbinfo -u" can
I have two different systems (on different networks) showing this
behavior. Both are running Ubuntu Dapper/606.1 LTS with samba version
3.0.22 and windows 2003 sp1 servers (not R2). AD integration is done
via winbind, with nss using winbind. At some point in time (which is
unknown to me), the samba server stopped seeing new users, groups,
machines which are added to AD.
scenario:
I add a new
2005 May 10
0
rid_idmap_get_id_from_sid: no suitable range available for sid
Hello,
I have the following message posted on the linux.samba newsgroup, but so far
no response. Therefore I try again in this group, hoping that there are
other people reading this group, and yes, that hopefully somebody can help
me with my samba winbind problems.
John Knappers
Hello,
"John" <jknappers@nospam.hotmail.com> schreef in bericht