similar to: offline logon with AD

On Thu, 28 Dec 2023 19:08:45 +0000 bd730c5053df9efb via samba <samba at lists.samba.org> wrote: > > > > > > # here are the per-package modules (the "Primary" block) > > > auth [success=2 default=ignore] pam_unix.so nullok > > > auth [success=1 default=ignore] pam_winbind.so cached_login > > > krb5_auth krb5_ccache_type=FILE

Sent with Proton Mail secure email. On Thursday, December 28th, 2023 at 15:59, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Thu, 28 Dec 2023 18:18:22 +0000 > bd730c5053df9efb via samba samba at lists.samba.org wrote: > > > Hi all! > > > > As a die hard slackware user and as a part of my learning pam process > > I installed debian

On Thu, 28 Dec 2023 18:18:22 +0000 bd730c5053df9efb via samba <samba at lists.samba.org> wrote: > Hi all! > > As a die hard slackware user and as a part of my learning pam process > I installed debian bookworm (12.4.0) in a vm and setup a domain > member server per the instructions in the wiki trying to figure out > how debian does it so I can correct some issues I have

Having issues adapting our 3.4 configuration that worked very well using idmap rid in 3.3. It seems like winbind does not cache the credentials despite all of the settings being present. I can set winbind offline via smbcontrol and have it work, but if I reboot the machine (important for my laptops) off the network winbind complains that it can't find the logon server. When disconnected and

Hi all! As a die hard slackware user and as a part of my learning pam process I installed debian bookworm (12.4.0) in a vm and setup a domain member server per the instructions in the wiki trying to figure out how debian does it so I can correct some issues I have with how it's done in slackware. Everything seems to be working fine except for the winbind offline logons, what I tried was to

Hello, I'd like to have more information about the winbind offline logon. Could I for example use pam_winbind on a linux system (domain member) for ssh, this works fine (the PDC is samba also). What I understood is that if I stop my PDC, I should still be able to connect with ssh as it uses pam_winbind. But that doesn't work :( thx fred

We have our linux servers setup to authenticate against Windows AD using idmap config DOMAIN: backend = RID When a domain user logins to the system, all works fine, if its their first time loggin in then their home directory is created, and by using RID backend, all UIDs are consistent across all Linux servers. If we stop winbind, processes running under the username no longer show username, but

Hello, Is there any way to reliably setup winbind user and group resolution (in either smb.conf or nsswitch.conf) so that domain controller's unavailability doesn't cause slowdown of the whole system? That slowdown applies to every program trying to fetch some user information even when it doesn't need domain users. I have winbind cache time = 1800 in smb.conf but it doesn't

Hi, I try to setup a two-way interdomain trust relationship between Samba 3.2.4 and W2003 ADS in native mode (not mixed-mode). I follow this Samba HOWTO without success: http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html All is working fine if i use a Windows NT4 Server instead of W2003 ADS. Is there something to do on Samba or ADS so that it works ? Security

Hi, I have a question about Winbinds offline logon capabilities. We are working on integration of laptops with winbind in to our Linux Workstation Managment System, but have some difficulties to verify the desired functionality. For that we are running the latest samba (currently 3.0.25rc1) . Authentication is setup against Windows AD 2003 with R2 extensions (rfc2703bis) . Smb.conf:

Hi all, I have a problem in libpam-winbind: offline logon doesn't seems to work. The first version of samba in which I have found the problem is 4.1 and the last is 4.7 but I fear that newer version are affected too. Hopefully there is a workaround: you have to remove krb5_ccache_type=FILE from /etc/pam.d/common-auth I have opened a bug report[¹] where you can find more details. Any one

Hi All, I have recently successfully configured Samba 3.3.15 and OpenLDAP as my offices PDC. I would like to disable the roaming profiles capability but it appears that no matter what I said, it is being ignored by Samba. First is my relevant snippet for the Logon Path and Logon Home being empty as described in the documentation. Then, following that, is my entire smb.conf -- please let me

On Mon, 28 Jan 2019 12:52:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' > > > one (seems to me)? > > The problem is (for myself anyway), I do not understand the >

Hi I configured samba as a PDC and I could successfully register my windows xp sp3 client to my domain controller. When I login locally to the client (XP) and I browse my network I see my domain and I can browse the network shared (if I need to login, the password is accepted) Now when I try to login via the PDC I get the following error: "the system cannot log you on due to the

Mandi! Rowland penny via samba In chel di` si favelave... > No, if you have 'winbind offline logon = yes' set that is it as far as Samba > is concerned, you also have to set up PAM to use cached logins. > Winbind caches the users passwd etc, but renews it if the cache time has > been exceeded unless an AD DC cannot be contacted i.e. they are all offline. Speaking simply

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

Hello All, I am at the switch from sssd to winbind based samba domain members (Debian 9 stretch). I am using Samba 4.10.2 packages from Louis ( http://apt.van-belle.nl/ ) and rid backend for idmap. *My problem:* I am able to logon to my domain members using winbind_pam as long as my client is connected to a network where a domain controller is reachable. As soon as I shutdown and connect a

Mandi! Rowland Penny via samba In chel di` si favelave... Sorry for the late answer. > I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works > for myself. Exactly the same, but on a real hardware. > Had the user 'gaio' logged in previously, it will not work if the user > hasn't logged in at least once before the network has disconnected. Sure!

Hi Rowland, Yes, Joined to the domain, ftp uses pam authentication. After upgrading samba On Fri, Oct 9, 2015 at 8:08 PM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote: > On 09/10/15 15:28, VigneshDhanraj G wrote: > >> Hi Rowland, >> >> I updated samba from 40.25 to 4.1.20, now ftp is not working. >> >> > Very cryptic, why isn't ftp

On Thu, 8 Dec 2016 13:03:49 -0500 lingpanda101 via samba <samba at lists.samba.org> wrote: > On 12/8/2016 12:52 PM, Rowland Penny via samba wrote: > > On Thu, 8 Dec 2016 12:27:20 -0500 > > lingpanda101 via samba <samba at lists.samba.org> wrote: > > > >> I think I have a issue with ldconfig not finding winbind. I create > >> the sym links and