Displaying 20 results from an estimated 2000 matches similar to: "confusion about using samba as NT4 PDC with ldapsam backend"
2015 Feb 25
2
replication problems in samba4 ad domain
I started with one dc, 'dc1', running samba v4.0.21, in subnet1.
I successfully added two more dc's, 'dc2' and 'dc3', both running samba v4.0.24, both in subnet2.
There are several firewalls between subnets 1 & 2.
I continued to make firewall holes on behalf of msad after I added dc's 2 & 3. I.e. when they were added, there were patterns of communication
2012 Aug 15
2
how best to rollback from a yum update?
Suppose I want to upgrade a bunch of packages on a system, but in case the upgrade produces unexpected, undesired results, I want to be able to rollback the system to its original state. What is the best way to do that?
Often, I won't have, or be able to find, packages for the current installed versions. I.e. If I haven't upgraded postgres for 2 years, it may be that I can no longer
2011 Feb 21
2
problem joining WinXP machine to samba PDC+LDAP environment
Hello,
I can't join a winxp box to my samba domain. I just have one samba
server, meant to act as a PDC for domain='CHI'.
Any ideas how to troubleshoot and/or remedy?
Thanks,
Jon
Context:
------------
samba v3.3.8 on CentOS v5.5, using ldapsam backend. Domainname ='CHI'.
smbldap-tools v0.9.6.
I 'populated' the ldap with 'smbldap-populate'.
I try to join
2011 Jan 18
3
confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
Hello,
I'm trying to use samba v3.3.8 on Centos 5.5 to act as a PDC, using ldap as
the backend for users, groups, and computers. The ldap I'm using is Centos
Directory Server v8.1.
The setting is a new, never used before, installation of samba and ldap.
There are no users other than what exists by default after a Centos
install. The smb.conf contains what is my best guess for the
2014 Jun 03
1
How to grant access to file shares by AD groups that have spaces in their name?
Hi,
I hava a Samba4 file server joined to a Samba4 domain.
I made a share for all members of the INFINITY domain 'Domain Users' group to access:
[demoshare]
comment = Test share
path = /usr/local/samba/demoshare
read only = no
valid users = @"INFINITY+Domain Users"
but no group member can access it. Any ideas what is wrong?
It works if I change the group to
2013 Apr 05
2
ClassicUpgrade => EpicFail
ClassicUpgrade of my samba3 data to samba4 fails, with this error:
ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid
Full log of the classicupgrade is at the end of this email.
Project member on this list, Andrew Barlett, wrote that the issue is probably that my Samba 3 passdb was passable in an NT 4 DC mode, but is actually 'invalid' :
2013 Mar 19
1
samba-tool classicupgrade (from v3 to v4) aborts with "Unable to get id for sid"
I'm trying to upgrade from samba3 -> 4. I ran this command:
WORKDIR=/usr/local/mobius
/usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=$WORKDIR/var --use-xattrs=yes --realm=infinityhealthcare.com $WORKDIR/smb.conf
but it failed with the error given in this email's subject. What does it mean, and how do I fix it?
This is just another is a growing line of errors that
2008 Jun 25
2
CentOS roadmap/EPEL
There are lots of exciting things happening in the CentOS ecosystem at
the moment, by which I mean "upstream" or "across stream" in Fedora and
RHEL.
I'm thinking of projects that equip RH-like EL in general for serious
entry into the enterprise, things like the Fedora Directory Server, and
RedHat's Emerging Technologies projects such as Cobbler, FreeIPA and
Ovirt.
2008 Apr 15
1
how to make 'winbind nss info = sfu' work in v >= 3.0.26a
There is an instance of Ms.Active Directory that has had the 'Services
For Unix' applied.
I use winbind v3.0.24 to get user/group info from that Ms.Active directory
instance like so:
-------- begin smb.conf snippet: ------------
security = ADS
realm = mydomain.com
workgroup = MYDOMAIN
winbind enum groups = yes
winbind enum users = yes
winbind nested groups = yes
winbind nss info = sfu
2006 Aug 10
1
winbind: group name doesn't map to a SID, but gid does
I'm using winbind v3.0.22 on Debian Linux as a source for nss info.
I have a group that was once known by winbind, but is no more:
------ beging shell except ------
# ls -ld ./
drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./
#
------ end shell except ------
It must have been known, as I was the one who chgrp'ed the dir
originally.
I know what the group name is
2015 Mar 09
2
ad dc demotion fails trying to use non-existent dc as 'partner server for the4 demontion'
I'm trying to demote dc3 from msad dc service.
As the root user, I type this command:
samba-tool domain demote -Uadministrator
which fails with this error:
"Using dc2.infinity.local as partner server for the demotion"
The problem is that dc2 was demoted some weeks ago, and is no longer running samba4.
Is there a way I can force dc3 to use a different dc as the
2006 Apr 27
2
winbind nss info = sfu is not so much working
with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD
by using winbind for authentication as well as for the source of nss info.
When winbind is configured to use its own local id maps, everything
works fine.
But when i configure winbind to use 'ad' as the source of nss info,
authentication fails, 'getent' commands return no results, and
'wbinfo -r
2001 Apr 23
1
win2k domain-less client failing to authenticate when securit y=domain
Hi Jonathan,
Yep, samba sends the domain name as well as the username to the domain
controller, and what I think happens is the NT controller sees that the
domainname passed is NOT his domain, checks his list of trusted domains,
doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is
the netbios name of the win2k client machine? I'm not real clear on how
this
2011 Sep 20
3
selinux policy remnant according to /bin/ls on CentOS 6.0 box
I installed CentOS 6.0 on 2 different x86_64 boxen. Both originally had selinux installed and enabled. I never touched selinux other than to remove as much of it as I could via rpm -e. As far as I can tell, here are the remaining packages that have something to do with it:
# rpm -qa | grep -iE 'sel|pol'
checkpolicy-2.0.22-1.el6.x86_64
libselinux-2.0.94-2.el6.x86_64
2006 Jan 31
1
windbind, 'template homedir', and macros
I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes
to auth against MsA.D. and get all their user info from MsA.D.
I recently discovered that winbind can accomplish the same without
Mssfu, as long as I'm content to be limitted by the winbind config
directives 'template shell' and 'template homedir'. I'd like to drop
sfu if I can.
The 'template
2012 May 10
2
when is the o.s. considered to be at a certain minor version? Or, is it safe to apply only certain package updates from the next release version?
Two related questions about the minor release numbers (e.g. the 'x' in 5.x or 6.x) :
1) What constitutes the o.s. being at a particluar minor release? Typically, when you install you are getting a package set available from a specific minor release number. But what minor release is the o.s. at if I just update the centos-release package, and no other package? Typically, a 'yum
2006 Apr 28
1
smb.conf(5) manpage suggestion re. idmap backend
suggestion for minor improvement of the smb.conf manpage in the context
of the 'idmap backend' parameter. At least as of v3.0.22 the manpage says:
Finally, using the idmap_ad module, the UID and GID can directly be
retrieved from an Active Directory LDAP Server that supports an
RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"
2012 May 15
1
would like to use samba3 pdc, no ldap account backend db, but use ldap for authN
I'd like to:
1) use samba3 as a PDC, and
2) not use LDAP as the account backend database, and
3) specify samba to use but use "encrypt passwords = true", and
4) use an ldap server as the authentication source for samba.
Is that possible?
I'd assumed it would be given that samba is pam-aware, and I can tell pam to use ldap for authN.
However, the man page for smb.conf seems to
2014 May 09
1
How to do basic task: add samba4 member server to samba4 ad dc?
I want to add a samba4 server to a samba4 AD domain, and serve file-shares from it.
The closest URL I found is this:
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
However, it is not enough. Would some one please point me to better documentation, or tell me how to go about this?
Problems I have with the above url:
1) I don't have users/groups in schema rfc2307. Is this
2006 Feb 08
1
winbind can see some groups but not others
Hello,
I followed the steps at
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
for adding a v3.0.21a samba and winbindd server to a MsAD domain and
configuring nsswitch.conf to find passwd and group info from winbind.
This seems to have worked out fine, except that I can't 'see' or
'recognize' certain groups via getent or via wbinfo -g.
E.g. I can see the