similar to: winbind offline logon

On Thu, 28 Dec 2023 19:08:45 +0000 bd730c5053df9efb via samba <samba at lists.samba.org> wrote: > > > > > > # here are the per-package modules (the "Primary" block) > > > auth [success=2 default=ignore] pam_unix.so nullok > > > auth [success=1 default=ignore] pam_winbind.so cached_login > > > krb5_auth krb5_ccache_type=FILE

Sent with Proton Mail secure email. On Thursday, December 28th, 2023 at 15:59, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Thu, 28 Dec 2023 18:18:22 +0000 > bd730c5053df9efb via samba samba at lists.samba.org wrote: > > > Hi all! > > > > As a die hard slackware user and as a part of my learning pam process > > I installed debian

On Thu, 28 Dec 2023 18:18:22 +0000 bd730c5053df9efb via samba <samba at lists.samba.org> wrote: > Hi all! > > As a die hard slackware user and as a part of my learning pam process > I installed debian bookworm (12.4.0) in a vm and setup a domain > member server per the instructions in the wiki trying to figure out > how debian does it so I can correct some issues I have

Having issues adapting our 3.4 configuration that worked very well using idmap rid in 3.3. It seems like winbind does not cache the credentials despite all of the settings being present. I can set winbind offline via smbcontrol and have it work, but if I reboot the machine (important for my laptops) off the network winbind complains that it can't find the logon server. When disconnected and

Hi all! As a die hard slackware user and as a part of my learning pam process I installed debian bookworm (12.4.0) in a vm and setup a domain member server per the instructions in the wiki trying to figure out how debian does it so I can correct some issues I have with how it's done in slackware. Everything seems to be working fine except for the winbind offline logons, what I tried was to

We have our linux servers setup to authenticate against Windows AD using idmap config DOMAIN: backend = RID When a domain user logins to the system, all works fine, if its their first time loggin in then their home directory is created, and by using RID backend, all UIDs are consistent across all Linux servers. If we stop winbind, processes running under the username no longer show username, but

Hi yesterday I configured my laptop to login via AD usernames/passwords. This was working finally with using the sadms. Now I want to enable login when the user is not connected to the network. I found that you need to enable "winbind offline logon = yes" in the smb.conf. But actually this is not working. I'm using ubuntu 11.10 and whenever I logon via the desktop i get

Hi, I have a question about Winbinds offline logon capabilities. We are working on integration of laptops with winbind in to our Linux Workstation Managment System, but have some difficulties to verify the desired functionality. For that we are running the latest samba (currently 3.0.25rc1) . Authentication is setup against Windows AD 2003 with R2 extensions (rfc2703bis) . Smb.conf:

Hi all, I have a problem in libpam-winbind: offline logon doesn't seems to work. The first version of samba in which I have found the problem is 4.1 and the last is 4.7 but I fear that newer version are affected too. Hopefully there is a workaround: you have to remove krb5_ccache_type=FILE from /etc/pam.d/common-auth I have opened a bug report[¹] where you can find more details. Any one

On Mon, 28 Jan 2019 12:52:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' > > > one (seems to me)? > > The problem is (for myself anyway), I do not understand the >

Mandi! Rowland penny via samba In chel di` si favelave... > No, if you have 'winbind offline logon = yes' set that is it as far as Samba > is concerned, you also have to set up PAM to use cached logins. > Winbind caches the users passwd etc, but renews it if the cache time has > been exceeded unless an AD DC cannot be contacted i.e. they are all offline. Speaking simply

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

Hello All, I am at the switch from sssd to winbind based samba domain members (Debian 9 stretch). I am using Samba 4.10.2 packages from Louis ( http://apt.van-belle.nl/ ) and rid backend for idmap. *My problem:* I am able to logon to my domain members using winbind_pam as long as my client is connected to a network where a domain controller is reachable. As soon as I shutdown and connect a

Mandi! Rowland Penny via samba In chel di` si favelave... Sorry for the late answer. > I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works > for myself. Exactly the same, but on a real hardware. > Had the user 'gaio' logged in previously, it will not work if the user > hasn't logged in at least once before the network has disconnected. Sure!

Hi Rowland, Yes, Joined to the domain, ftp uses pam authentication. After upgrading samba On Fri, Oct 9, 2015 at 8:08 PM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote: > On 09/10/15 15:28, VigneshDhanraj G wrote: > >> Hi Rowland, >> >> I updated samba from 40.25 to 4.1.20, now ftp is not working. >> >> > Very cryptic, why isn't ftp

On Thu, 8 Dec 2016 13:03:49 -0500 lingpanda101 via samba <samba at lists.samba.org> wrote: > On 12/8/2016 12:52 PM, Rowland Penny via samba wrote: > > On Thu, 8 Dec 2016 12:27:20 -0500 > > lingpanda101 via samba <samba at lists.samba.org> wrote: > > > >> I think I have a issue with ldconfig not finding winbind. I create > >> the sym links and

On Fri, 30 Sep 2016 13:32:18 +0200 Oliver Werner <oliver.werner at kontrast.de> wrote: > the interface part is ok. eth0 has another IP as eth0:35 > > DCs show me the profiles > > unix authentication > register user session in the systemd…. > inheritable capabilities management > OLIVER WERNER > Systemadministrator > I use Devuan and I get: Kerberos

On 01/04/2020 12:20, L.P.H. van Belle via samba wrote: > For that to work, you need to add the CIFS/hostname.fqdn at REALM to the host your logging in. > The COMPUTER$ should hold it. > Allow the computer to delegate the cifs service. ( or all ) Thing is, the OP is trying to use a users ticket to mount, but seems to be doing it as root, which isn't going to work, mainly because

On 09/01/15 17:26, Bob of Donelson Trophy wrote: > > > On 2015-01-09 10:23, Rowland Penny wrote: > >> On 09/01/15 15:47, Bob of Donelson Trophy wrote: >> >> On 2015-01-09 09:27, Rowland Penny wrote: >> >> On 09/01/15 15:00, Bob of Donelson Trophy wrote: >> On 2015-01-09 08:44, Rowland Penny wrote: W7 client "Preferred DNS server" is set

Hi list,I want to make winbind kerberos ticket refresh work but I couldn't do it with configuration below: ------ smb.conf ------security = ADS workgroup = MYDOMAINrealm = MYDOMAIN.ORG log file = /var/log/samba/%m.loglog level = 6enable core files = no idmap config * : backend = tdbidmap config * : range = 3000-7999idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range =