similar to: Restricting logins using pam_winbind require_membership_of ?

Hi All, I have recently successfully configured Samba 3.3.15 and OpenLDAP as my offices PDC. I would like to disable the roaming profiles capability but it appears that no matter what I said, it is being ignored by Samba. First is my relevant snippet for the Logon Path and Logon Home being empty as described in the documentation. Then, following that, is my entire smb.conf -- please let me

My users are having a lot of problems since I upgraded a samba domain member server from samba-3.0.37 to 3.5.X. The main issue seems to be a very long delay loading office files (sometimes minutes if the file loads at all) and a lot of read only errors and users not being able to save. I have found that rebooting the client, restarting samba, or killing the users smbd process regains access to the

I have a RHEL 6.3 machine successfully bound to AD using winbind, and commands like wbinfo -u and wbinfo -g output the users and groups. I can also log in as any AD user. The problem is, I can log on as any AD user. require_membership_of is being ignored. I can put in a valid group with no spaces in the name, a group by SID, and either way, everyone can log in. I've put this option in both

Hi, Confused and bewildered as usual, so ask the guys who know. samba4wins is now implemented and part of the samba4 package? Is there a configuration guide? I guess nbd_server needs to be part of the equation so could you point to some resources on setup as I don't think I have noticed anything in the wiki? Probably just me :) Many Thanks Stuart

Hi, I'm setting up a Gentoo samba server for home directories on a 2003 ADS network. I've decided to use pam_mkhomedir.to have the fileserver automagically create their home when they first log in. But we don't want everyone to log in, just the members of the AD group filesurfer-users. The problem: Regardless of what I put as a require_membership_of= in the samba pam file, any domain

Hi, I have a Debian Stretch system running a self-compiled version 4.7.3 of Samba. Having followed the Samba WiKi to allow AD users to log onto the servers using PAM authentication, I now want to restrict access to specified group(s). So I created a linuxadmins group and made some test users members of the group. Initially I tried to restrict access by modifying /etc/security/access.conf

> -----Original Message----- > From: Rowland Penny [mailto:rpenny at samba.org] > Sent: 01 December 2017 17:40 > To: samba at lists.samba.org > Cc: Roy Eastwood > Subject: Re: [Samba] Restricting AD group logging on to Servers > > On Fri, 1 Dec 2017 17:06:42 -0000 > Roy Eastwood via samba <samba at lists.samba.org> wrote: > > > Hi, > > I have a

Okay, so I have an Active Directory server running on Windows Server 2012 Standard I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC properly. I am able to login with my Active Directory users credentials. When I use the 'require_membership_of' option in pam.d/common-auth for winbind.so using the SID of the group I want to restrict access to, it works like a charm.

Hi all, I've got Samba with Winbind working on AIX 5.3 and 6.1 fairly well with Active Directory 2003. In fact, I'd say short of 2 very important services, it's working almost perfectly. Unfortunately, these 2 services are quite critical, and without them I'm afraid we'll have to resort to some sort of proprietary identity solution like Novell, which I'm not crazy about.

I was looking at the documentation at samba.org and it says the following: require_membership_of=[SID or NAME] If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID can be either a group-SID, a alias-SID or even a user-SID. It is also possible to give a NAME instead of the SID. That name must have the form: /|MYDOMAIN\mygroup|/ or

Hi All, I am using samba-common-3.0.10-1.4E.9 on a RHEL4_U4 x86 machine. The ADS server is WS03 sp1 running in Windows Server 2003 interim mode. In general thing are working well. However, when winbind caching is enabled (default), group membership does not appear to update, i.e. "wbinfo -r bob" and "groups bob" don't reflect changes in ADS group membership.

Yes: # getent group GROUP group:x:17573: # getent group group2 group2:x:11010: # getent group GROUP3 group3:x:21178: # wbinfo --group-info GROUP group:x:17573: # wbinfo -n GROUP S-1-5-21-948789634-15155995-928725530-7573 SID_DOM_GROUP (2)

Hi, I am having problems using pam_winbind to log in as a user in a trusted domain. The arrangement is that Samba is joined to a local domain DOMLOCAL which has a trust setup with DOMREMOTE. getent passwd/group correctly enumerates users and groups from DOMLOCAL. If I try getent passwd for the DOMREMOTE account no result is returned. pam_winbind has a requirement that the user is a member of

Hello! passwd, shadow and group looks as follows in nsswitch.conf: passwd: files winbind shadow: files group: files group What really confuses me is that when my AD server is up and running, root or any local user logs in with no problem. And even when AD server is down, after trying a zillion times, root and other local users login, and then if I log them out and try again a few minutes

Can someone help clear up some confusion in reading memory usage in Top and System monitor. Here is a picture of both. http://s1176.photobucket.com/albums/x327/ionosphere2011/ Why does "System Monitor" show 1.7gb free out of 8gb. While Top shows all 8gb being used? If 1.7gb is free then it should not be using swap space so I assume "System Monitor" is reporting it

Hi everyone, I have a SerNet-Samba 4.3.6-10 AD which works fine. Now I try to implement a fileserver. It is a server with a lot of (old)-users, which have an Unix-Account. On this server are also users who should can login from the Internet over ssh. But now I'm running in trouble with the security of my fileserver. When I would install samba 4.3.6 on it and activate sernet-samba-client

________________________________ From: Uday Mhatre<mailto:uday_mhatre at hotmail.com> Sent: ?05-?12-?2014 12:58 To: Andrea Venturoli<mailto:ml at netfence.it> Subject: RE: [Samba] samba 2.2.7a tech issue Just wondering if these samba versions are backward compatible with fedora14 and other Linux distributions. Regards, Uday ________________________________ From: Uday

Hello I'd like to configure Samba on a test host running Ubuntu so that I have full read/write access from XP to a sub-directory of the root filesystem. The host is located on a LAN behind a firewall, so security is not an issue, ie. I'd like to configure Samba with no/minimal security. Currently, I can read but can't write. Between /etc/passwd, smb.conf, and access rights to the

Hello folks, Been beating my head with an winbind and pam just behaving oddly. I have following various HOW-TO's, wiki's, and docs, and just can't seem to get past a wall. Here a some of the issues: - the 1st attempt at ssh'ing to a server gives me a 'Wrong Password' in the logs. Here's an exact snippet: Aug 6 18:45:40 mia21654bcu001 sshd[5371]: pam_winbind(sshd):

Hi there, I have just purchased a new PC that came with Windows 8 Pro (Shudder...). I have been trying to add this machine to my Samba3 based domain. I'm getting the following error when doing so: The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "<blah>":