Displaying 20 results from an estimated 3000 matches similar to: "Domain trusts "forgetting" trusted users"
2009 Nov 17
1
Samba trusts, mapping issue, and pam crap domain
I am running Samba ver 3.0.37 on Solaris 10 (sparc) as a PDC with LDAP for
the backend for both samba and unix accounts. Assume the samba SMBPDC is
called "PDC."
I have also set up a trust with an Windows domain- lets call it
WINDOMAIN- (the PDC for the Windows domain is Win 2003 but is in mixed mode
for backwards compat.) The SAMBA domain trusts the WINDOWS domain, not not
vice
2011 Jan 05
2
Domain trust between a Samba PDC domain and W2K ADdomain
SNIP
>
> Hi people.
>
> I'm working on a trust relation between Samba 3.3.X and Windows 2003
> AD mixed mode.
>
> I have read the doc about this but for some reason wont work, my
> PDC+LDAP is working but I still cannot make this 2 servers share
> users.
In my experience, it is fairly straightforward to get AD users trusted
by the Samba controlled Domain, although
2010 May 05
2
samba 3.4.5 idmap alloc broken - more details
There may be several parts to the problem:
1. Winbind on Samba 3.4.x seems unable to allocate idmap entries
(UID/SID or GID/SID) , whether or not the backend is LDAP or TDB.
Winbind on Samba 3.0.x is able to create idmap allocation mappings with
an LDAP backend. The two problems with Samba 3.0.x are as follows
- "getent" would stop showing trusted users once the cache period
2010 Oct 26
4
Winbind behaviour odd in 3.4.9 and 3.5.6 vs 3.2.14 (Samba domain with Samba member servers)
Hi,
I have recently upgraded a system with a Samba BDC, PDC and a couple of
member servers from 3.2.14 to 3.4.9 (and also tested with 3.5.6).
There appears to be some problem with Winbind (we need to run it on all
servers as we have a trust relationship to a domain at another office).
I have an Idmap range set up in our LDAP database.
With 3.2.14, all worked well. The Idmap ou would be
2015 Feb 10
1
3.6.6 map untrusted to domain does not work if winbind is running
Hi all,
I have a domain member server 3.6.6 running on debian7, authenticating
against another debian7 + samba 3.6.6 in DC-mode. Both servers have
user-accounts and groups on LDAP and resolve posix users using libnss-ldap.
The groupmap is living on LDAP as well.
The domain member server serves a share with ACL enabled. I got the upgrade
to 3.6.X and idmap-updates working, but the old
2016 Dec 13
2
wbinfo -u does not listed trusted users, wbinfo -n works
Running a mix of samba versions (3.6.25 and 4.5.1) in two domains- one
"classic" (with samba domain controllers) and one AD (with windows
domain controllers.) The eventual goal is to drop the classic domain
in favor of the AD domain. Also trying to move from samba 3.x to 4.x
since Samba 3 is EOL'd.
the "wbinfo -u" command will list users in the servers domain
2011 Mar 17
1
Samba 3.4.7 can't retrieve idmap infor from ldap
I am running Samba 3.4.7on Fedora Core 11 Linux. This is a domain member.
My PDC is Samba 3.4.9 on Solaris 10. I have LDAP as a backend
(Sun/Oracle Directory Server 6.) I have an OU for user accounts, and
an OU for idmap entries. The PDC has already populated some idmap entries.
An idmap entry looks like
dn: sambaSID=S-1-5-21-xxxxxxxxxxxxxxx-1121,ou=mydomain,ou
=idmap,o=mycomany.com
2009 Nov 02
1
Samba 3.4.2 Trusted Domain Logon gives: "Conflicting domain portions are not supported for NETLOGON calls"
Hi,
I'm specifically have a problem with idmap entries not being created in
my LDAP backend for trusted domain logons - Local accounts appear to be
fine.
I have installed the Sernet enterprise packages from:
http://ftp.sernet.de/pub/samba/experimental/rhel/5/i386/
I'm preparing the server as follows:
1. smbpasswd -w '<password>'
2. net rpc trustdom establish SANDBOX
2013 Feb 04
1
Trust problems after upgrade from 3.5 to 3.6
Hello.
My setup:
_ one Samba 3.5 domain (XXXXXXXX), with a PDC and a BDC, both running
FreeBSD;
_ one AD domain (YYYYYYYY) running on two Windows 2003 DCs;
_ bidirectional trust between the two domains.
Everything used to work until I moved the PDC from Samba 3.5 (EOL'ed) to
3.6; now, users from domain YYYYYYYY cannot access the PDC's shares.
I used to have in smb.conf:
>
2010 Feb 11
1
issue with mapping BUILTIN on ADS member server
Hello list,
Quick summary of the issue (repeated below after the details): Running
'wbinfo --user-info=markc' on either smb ads member server will return
identical info. Running 'wbinfo --group-info=BUILTIN\\Users' returns
different information on each server. I'd like to make mappings for
BUILTIN consistent in case I ever use them.
Background and details:
I have a
2009 Dec 03
1
Samba from Sunfreeware and nss_winbind.so
Sunfreeware.com has compiled packages of Samba 3.4.2 with kerberos and
ldap support included (if you also install the ldap and kerberos
packages from sunfreeware.) However it does not include the
nss_winbind.so.* or libnss_winbind.so.* files.
Solaris does include nss_winbind.so already (since it is included with
Samba 3.0.x) or I could compile it from the 3.4.x source code. But
then I
2019 May 26
2
ldapsam cannot find NT password hash
Certainly: https://termbin.com/wr68
Thanks again!
On 5/25/19 2:16 PM, Rowland penny via samba wrote:
> On 25/05/2019 19:29, David Kowis via samba wrote:
>> Hello!
>>
>> Running on FreeNAS 11 and my smb.conf (via testparm -v) is here
>> https://termbin.com/v748
>
> Do you want try again posting the smb.conf, but this time run 'testparm'
> without the
2016 Dec 19
1
wbinfo -u does not listed trusted users, wbinfo -n works, idmap not working
On both Samba 4.5.1 member server and Samba 3.6.25 member server I tried
the following command
wbinfo –set-uid-mapping=35049,S-1-5-21-xx-xx-xxx-xxx
this should have created a mapping entry consistent with the one on the
domain controller for a trusted user
But I got the following error
failed to call wbcSetUidMapping: WBC_ERR_NOT_IMPLEMENTED
As far as I can tell from network
2016 Apr 06
2
Samba (4.1.17) ldap backend create user failed
Hello, I have upgrade my samba PDC from 3.xx (debian lenny) to 4.1 (debian jessie).
ldap and samba shares work all fine.
When I try to add a user I get the following
smbpasswd -a foobar
New SMB password:
Retype new SMB password:
ldapsam_create_user: Unable to allocate a new user id: bailing out!
Failed to add entry for user foobar.
I found this workaround
2009 Sep 01
2
Ignoring unknown parameter "idmap domains"
Dear
according this wiki
http://wiki.samba.org/index.php/Ldapsam_Editposix
i have enable EditPosix extension but i receive this error
Ignoring unknown parameter "idmap domains"
How can i fix it ?
Here it is my smb.conf :
[global]
workgroup = MSHOME
netbios name = PC-DTOUZEAU
server string = %h server
disable netbios =no
syslog = 3
log level = 10
log file = /var/log/samba/log.%m
2018 Oct 03
3
Winbind and nss-ldap
Hi Guys,
Have some issues with winbind and nss-ldap in LDAP based NT4 BDC/fileserver
The DC has the LDAP server role and the BDC connects to it for
authentication.
smb.conf of the BDC
netbios name = TRAC5
local master = no
domain master = no
preferred master = no
domain logons = no
passdb backend = ldapsam:ldap://trac15.ste.com
ldap admin dn = cn=admin,dc=ste,d=com
2012 Apr 14
2
Configuration of idmap_ldap "No backend defined"
Hi list,
I can't make idmap talk to my LDAP server. And I haven't found an updated
howto.
Some entries from log.windbindd-imap:
[2012/04/13 20:05:40.500475, 5] winbindd/idmap.c:153(smb_register_idmap)
Successfully added idmap backend 'ldap'
[2012/04/13 20:05:40.501112, 5] winbindd/idmap.c:153(smb_register_idmap)
Successfully added idmap backend 'tdb'
[2012/04/13
2008 Jul 11
2
Setup of a new PDC with Samba 3.2.0
Hello,
I setting up a new PDC for a new domain using samba 3.2.0
I use LDAP as passwd/idmap backend.
I started from scratch just creating the OU for the
users/groups/machines/idmaps in the ldap directory, + a user used to bind
to ldap.
So from there I started winbind and ran net sam provision, which worked
great.
Now I plan this domain will have a one way trust with one other domain,
and as I
2010 May 18
1
net sam/samba ldap: Failed to add user 'xxx' with error: Group already exists.
Hello,
we are trying to set up Samba with LDAP Backend. Using the Samba
toolchain to add our existing users/groups, the net command seems to get
confused about what users and groups are, if both have the same name and
are used in the same context.
Here is what I tried:
==commandline==
-> Create the Domain Group
# net sam createdomaingroup duplicate -U Administrator%pwd
Created domain group
2018 Jun 15
1
Mounting samba share
Hi,
I was trying to mount a samba share from a host server using pam_mount module. This is my smb.conf for client machine and my pam-mount.conf.xml.
[global]
log level = all:10
security = ads
# auth methods = guest sam winbind:ntdomain
client ldap sasl wrapping = seal
netbios name = STAT1
realm = EXAMPLE.EDU
workgroup = WORKGROUP