similar to: Problem with Winbind/Kerberos authentication against AD 2003R2 RFC2307

Hello list. The issue I have is that with the changes made to the idmap functionality of winbind, as regards the enumeration of rfc2307 users and groups using getent passwd and getent group, only those AD users that are not in the domains included in the "idmap config (domain)" statements (the ones in trusted domains that get their ID mappings auto-assigned by the TDB backend with

I have the following configuration: SuSE Linux Enterprise 11, X86_64 Packages installed with SLES11 or updated from SLES update repo: Samba 3.2.7-11.20.1 MIT Kerberos 5 1.6.3-133.33.1 OpenLDAP 2.4.12-7.18.1 Cyrus SASL 2.1.22-182.20.1 Have one server set up joined to AD (Win2K3 R2) domain as a member server, based primarily on scottlowe's blog instructions. Trying to get a 2nd SLES11

I ran some tests to see why getent passwd was not enumerating my domain users and discovered this: If I getent passwd <username> it returns the user information including the primary group defined in the Unix attributes. If I add a Unix GID in the idmap config range to the domain's Domain Users group and getent passwd, it returns all of my domain users with all of the Unix attributes as

Greetings, I have had Samba/Winbind/Kerberos single-sign-on authentication working for a few years now, for a single domain, and it works great. It pulls the RFC2307 populated attributes just like you'd expect, and people get the IDs mapped according to their attributes in AD. This works for version 3.2.7 and 3.4.3. I had to give the domain's Domain Users group a gid in the range of

Thanks Mike. I'll investigate ssd although it shouldn't be too hard to have sendmail rewrite the userID to remove the domain. I'm investigating this now and will post results. --Mark -----Original Message----- > From: Data Control Systems - Mike Elkevizth <mike at datacontrolsystems.com> > Date: Thu, 21 Jul 2016 12:30:19 -0400 > Subject: Re: [Samba] sendmail getting

I posted my original post to FreeBSD-questions@freebsd.org and since then have had a running dialog with another poster. It now seems I am having trouble with the NSSWITCH function. I am now reporting back to the Samba list in hopes someone can help me out at this point. Can anyone help me out here? ~Doug -----Original Message----- Sent: Friday, September 16, 2005 12:48 PM To: 'Dan

For the past few years, my group in Intel Labs has been working on a project similar to LLVM and C--, and perhaps our experience in handling roots and stack walking could be useful in deciding how LLVM should evolve in the GC area. Our project is called Pillar (you can see our paper "Pillar: A Parallel Implementation Language" in Languages and Compilers for Parallel Computing 2008 for a

Hello all! Is it possible, using winbind (wbinfo, nss_winbind, etc) to enumare the members of an ADS group, with something other than the "id" command for each user, or "getent group"? The "id" works but then I'd have to enumerate ALL users and build the meber list from there (too slow), whereas "getent group" will only list those members of a

Hello When I perform the "net rpc trustdom list" command I get the "couldn't enumerate accounts" error. I use LDAP as passdb backend with approximately 30000 accounts. If I run the command, I can see from my LDAP logs that it tries to list every account on the LDAP server. Therefore the "net rpc trustdom list" command times out. Is this normal behaviour?

Chris and Devang, Before you implement the LoopPassManager class, I'd like to discuss this a little bit. I have a suggestion and a question; we can discuss this now or later, as you wish: 1. The LoopPassManager might become much simpler if the more complex loop passes are given control over how they iterate over the loops, rather always rely on the manager to enumerate the loops in

Hi, I have the exact same problem (described in this archived mail below) but couldn't find any solution in the archives or on google. So far, I have tried renaming one of the "allowed" libraries like ldap and then creating a symlink named nss_ldap.so.1 to point to nss_winbind.so.1 and also tried renaming in different versions of the /etc/nsswitch.conf file before and after

Devang, I read Chris's notes so I got all this information there already. My comments were in response to that. --Vikram http://www.cs.uiuc.edu/~vadve http://llvm.cs.uiuc.edu/ On Nov 7, 2006, at 12:34 PM, Devang Patel wrote: > Hi Vikram, > > On Nov 7, 2006, at 10:19 AM, Vikram Adve wrote: > >> Chris and Devang, >> >> Before you implement the

Hello, I'm having some problems using winbind on Samba 3.0.1 with /etc/nsswitch.conf on a Solaris 8 server. The Solaris 8 release is 10/00. The basic problem that I have is that there are restrictions on what nsswitch.conf can contain if password ageing is used. My setup is that users connecting to shares on the Solaris samba server are authenticated against a accounts on a Windows Active

I have checked in 3 new analyses: 1. IPModRef (analyze -ipmodref): This is a Module pass that computes flow-insensitive context-sensitive interprocedural Mod/Ref information for a program. It uses DS Graphs to track mod/ref info for distinct data structures. 2. MemoryDepAnalysis (analyze -memdep): This is a Module pass (but will eventually be a Function pass) that computes a

Hi Vikram, On Nov 7, 2006, at 10:19 AM, Vikram Adve wrote: > Chris and Devang, > > Before you implement the LoopPassManager class, I'd like to discuss > this a little bit. I have a suggestion and a question; we can > discuss this now or later, as you wish: > > 1. The LoopPassManager might become much simpler if the more complex > loop passes are given control over

Emmanuel Florac via samba wrote: > Unknown parameter encountered: "winbind enumerate users" > Ignoring unknown parameter "winbind enumerate users" > Unknown parameter encountered: "winbind enumerate groups" > Ignoring unknown parameter "winbind enumerate groups" It may be irrelevant, but I have: winbind enum groups = Yes winbind enum users

======================================================= "The most important thing about Spaceship Earth - an instruction book didn't come with it." R. Buckminster Fuller ====================================================== Release Announcements --------------------- This is the latest stable release of Samba 4.3. Changes since 4.3.1:

======================================================= "The most important thing about Spaceship Earth - an instruction book didn't come with it." R. Buckminster Fuller ====================================================== Release Announcements --------------------- This is the latest stable release of Samba 4.3. Changes since 4.3.1:

> apt remove sssd > apt install winbind I need to disable enumerate AD user and group. With tens of thousands of objects in the AD, this makes login very slow. Another internal team already set up sssd on their OS for years. Me suddenly going to winbind would result in different uid and gid without some hacky idmap. > The smbd daemon cannot talk directly to AD, it requires winbind

A few days back, I asked whether it was possible to have winbind co-exist with password aging on a Solaris system. Seems like there is no easy way around this. After a few more days of frantic poking and truss-ing around, I found a crude but seemingly workable workaround. It seems the the library /usr/lib/passwdutil.so.1 is the one responsible for checking that the passwd entry in