similar to: apache, apache's mod-auth-pam, and pam_winbind : no nested groups

When winbind is configured without the 'winbind nss info =' statement (i.e. such that winbind maintains its own local map of SIDs -> UID/GIDs), the following works fine: # cd ~detertj # getent passwd detertj detertj:x:10008:10000:detertj:/home/MSOE/detertj:/bin/bash but when i try to make winbind use sfu for the mapping of SID -> UID/GID, username lookups are

We would like to have our Apache Linux-based web server use our existing NT domain to authenticate some of our web pages. We are using the Apache module mod_auth_pam to use pam-based authentication and then the winbind pam module to do the actual authentication. We have gotten to the point where we can authenticate using NT _users_, but we have not been able to authenticate using _groups_. For

On my web server, I have a .htaccess file set up to restrict access to a folder for specific Active Directory users. The Active Directory domain is imaginatively called "AD". Using 'require user ad\brian.cochrane' in .htaccess works great. 'require group "ad\domain users"' also works. However, 'require group "ad\_it"' does not work. The

I sent this message to the list yesterday, but I believe it was before I had fully joined the list...so I'm not sure if it got through. My apologies if this is a repeat. On my web server, I have a .htaccess file set up to restrict access to a folder for specific Active Directory users. The Active Directory domain is imaginatively called "AD". Using 'require user

new installation of samba v3.0.21 on debian. Joined the samba box to an ActiveDirectory domain. Can enumerate users/groups with wbinfo run locally on the samba box. Can connect remotely to samba box via smbclient Version 3.0.10-Ubuntu linux. Can create new files via 'put' cmd within smbclient. Can login remotely to samba box with ssh client on linux box. Can _NOT_ map a drive to samba

Hi Jonathan, Yep, samba sends the domain name as well as the username to the domain controller, and what I think happens is the NT controller sees that the domainname passed is NOT his domain, checks his list of trusted domains, doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is the netbios name of the win2k client machine? I'm not real clear on how this

Hi, I have exactly the same problem with my web server ... Linux/redhat 9.0 / kernel 2.4.20-20.9.1 (+ Acl patches) Samba 3.0.2a / compiles with winbind and Acl options Apache 2.0.40 / with mod_auth_pam 2.xx included Authentication to samba share from a windows workstation using Acl + winbind + "Nt domain groups" works fine. But I gave some problems when I want to use NT domain

Yo all, All I want to accomplish at this moment in time is simple password protection around a rails application in development using WEBrick on a custom port. Just one account would be fine. I have done an extensive Google hunt for an example, but I all find are code chunks for starting WEBrick such as: realm = "Gnome realm" start_webrick {|server| htpasswd

Dear list, I would like to call a Kerberos-authenticated web-service from within R. Curl can do it: $ curl --negotiate -u : "http://my.web.service/" so I would expect that RCurl also has the capability, but I have not been able to find the correct options to set. listCurlOptions() does not return anything with negotiate, and searching the source of RCurl, the only thing I found was

Hello, I've got a linux box running smbd & nmbd versions 2.0.6 with security = DOMAIN, and an NT4 box as the password server. The sole domain controlled by that NT4 box is named "MSOE". All is well with win98 clients. However, Win2k clients that are not part of an NT domain, but simply belong to a "workgroup" named "MSOE", are unable to authenticate. The

Hi, My doubt is about Idmap + LDAP + winbind, related do BDC + PDC. We are using Samba 3.0.33 (Slackware 12.0.0). Our layout is almost like this one http://us1.samba.org/samba/docs/man/Samba-Guide/images/chap6-net.png, but we have more BLDGn than this example. Actually, we are taking ideas from http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html and from

with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD by using winbind for authentication as well as for the source of nss info. When winbind is configured to use its own local id maps, everything works fine. But when i configure winbind to use 'ad' as the source of nss info, authentication fails, 'getent' commands return no results, and 'wbinfo -r

Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the

I'm setting up a dedicated database server, and since this will be a central service to my various web servers I wanted it to be as secure as possible...so I am leaving SELinux enabled. However I'm having trouble getting Apache to use mod_auth_pam. I also now can't get setroubleshootd working to send me notifications of the denials and provide tips to solve the problem. The Apache

I'm using winbind v3.0.22 on Debian Linux as a source for nss info. I have a group that was once known by winbind, but is no more: ------ beging shell except ------ # ls -ld ./ drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./ # ------ end shell except ------ It must have been known, as I was the one who chgrp'ed the dir originally. I know what the group name is

Hi, I could not find any reference if the version of apache compiled for centos 5.x has support for more than 256 clients in apache's maxclients. If that is not the case how can I recompile the package with such support? Regards. -------------- next part -------------- An HTML attachment was scrubbed... URL:

I've got samba v3.0.21 on server 'RELIANT' with security=ADS I want MsWin XP clients, that have logged into Microsoft AD domain 'MYDOMAIN' to be able to map a drive to 'RELIANT', and to do so without having to authenticate again. I haven't been able to do so. Here's what happens: the XP client doesn't prompt for authentication (which is good,

I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes to auth against MsA.D. and get all their user info from MsA.D. I recently discovered that winbind can accomplish the same without Mssfu, as long as I'm content to be limitted by the winbind config directives 'template shell' and 'template homedir'. I'd like to drop sfu if I can. The 'template

suggestion for minor improvement of the smb.conf manpage in the context of the 'idmap backend' parameter. At least as of v3.0.22 the manpage says: Finally, using the idmap_ad module, the UID and GID can directly be retrieved from an Active Directory LDAP Server that supports an RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"

The setting is Debian with winbind v3.0.22. The pertinent bit of winbind configuration is as follows: winbind nss info = sfu idmap backend = ad winbind enum groups = yes winbind cache time = 1800 The problem is that once in a while, typically when either: a) an ls command is given for the 1st time in a login shell session or