similar to: Samba4: winbind does not grant kerberos authentication

I'm working on a PAM setup that will ignore winbind/AD completely for users listed in /etc/passwd, and do the samba thing for all other users. Mostly it seems to work, but there's one weird side-effect. For non-AD users (only), an AD group "BUILTIN+users" is being added as a secondary group. If I kill winbind, it still gets added, although only the gid is available (no name).

Hi I have a Samba4 AD running samba and a Samba3 machine joined to the domain as a file server. I have smbd and winbind running on the samba3 box. Samba4: hh30.hh3.site Samba3: hh32.hh3.site I can browse the shares (netlogon and sysvol) on the S4 machine by typing \\hh30 into explorer but if I type \\hh32 I get: Windows cannot find '\\hh32'. Check the spelling. . .etc. When I start

Hi I have Samba 4 installed and working. I recently changed FQDN to dns name hh3.hh3.site. It works OK and e.g. on a windows 7 box which joined the domain, users can logon. But I have a mess in the keytab: klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 HH3$@HH3.HH1.SITE 2

Hi everybody, we try to migrate our IMAP service from uw-imap to dovecot because of horrible server slowdown when a lot of people poking in theirs huge imap folders. So, I try to run testing instance of dovecot on different imap port (12143) I have trouble with authentication by PAM module of MIT Kerberos. It successfuly works for authentificate users of wu-imap but not for dovecot. I see in

Hi When I add the posixGroup class to an AD group, add a user to the group and set their primaryGroupID, I can add members to the group: samba-tool group addmembers debusers lynn2 ERROR(ldb): Failed to add members "lynn2" to group "debusers" - samldb: member CN=lynn2,CN=Users,DC=hh3,DC=site already set via primaryGroupID 1106 where lynn2 is a user who has been added to

Hi, I am unable to login to a samba system that uses kerberos to authenticate to ADS if the users password has expired on the ADS system or if "User must change password at next login" is checked on the ADS.. I get a "login incorrect" message on the linux system and the log file gives the following error: pam_winbind[3647]: request failed: Must change password, PAM error

Hi Lubuntu 14.04 with bind9 and the samba 4.1.8 tarball All seems well. However, 2 errors: 1. upon starting samba: samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. 2. samba_dnsupdate - error from samba: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT - error whilst running samba_dnsupdate: Looking for DNS

Hi 2 node ctdb 2.5.3 on Ubuntu 14.04 nodes apparmor teardown and firewall and stopped dead The IP takeover is working fine between the nodes: Jul 21 14:12:03 uc1 ctdbd: recoverd:Trigger takeoverrun Jul 21 14:12:03 uc1 ctdbd: recoverd:Takeover run starting Jul 21 14:12:04 uc1 ctdbd: Takeover of IP 192.168.1.81/24 on interface bond0 Jul 21 14:12:04 uc1 ctdbd: Takeover of IP 192.168.1.80/24 on

4.0.6 file server for a 4.0.6 domain, reproducible with a 3.6.12, and 3.6.15 file server. File created in a share are created according to the acl set, but not when mounted by cifs: Here is a share [test] read only = No path = /home/test Here is the acl: getfacl test # file: test # owner: root # group: staff2 # flags: -s- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx

I've added the pam changes that use winbind to authenticate users against the domain controller. I see all of the domain users in the graphical login, but when a user logs in who hasn't logged in before, the new home directory (/etc/DOMAIN/<userid>) isn't either being created or it's being created with permissions that don't allow files to be written under the user id.

Hi I have joined a win 7 computer to my samba domain. Logging in gives me: 'There are currently no logon servers available to service the logon request.' The win 7 machine is called S-PC and getent passwd gives me: S-PC$:x:1002:100:Machine:/var/lib/nobody:/bin/false lynn2:*:1001:1001:l:/home/lynn2:/bin/bash lynn2 is an ldap user who can login OK. I see that /var/lib/samba(netlogon is

Hi S4 DC with S3 fileserver. smb.conf on the fileserver: [global] workgroup = ALTEA realm = HH3.SITE security = ADS kerberos method = secrets and keytab winbind enum users = Yes winbind enum groups = Yes idmap config *:backend = tdb idmap config *:range = 3000-4000 idmap config ALTEA:backend = ad idmap config ALTEA:range = 20000-40000000 idmap config ALTEA:schema_mode = rfc2307

Hi all, I am having a problem with pam_winbind.so. Is there any documentation that tells exactly what each module with pam_winbind.so does? In other words, what does the auth section do, what does the account section do??? When I try to authenticate, the auth section in login pam seems to pass successfully, but the account section seems to fail. Here is my login module auth required

Hi, we are running Samba 2.2.5 using LDAP und pam_ldap (pam_unix2 with auth+account+password=use_ldap) as PDC out of the SuSE 8.1 distribution. It runs very well: Login f?r Unix&Samba ok, Passwort-Change for Samba via smbpasswd Ok and we are able to manipulate the Linux Password in LDAP using the GQ Client. The only thing that doesn't work is "passwd" itself: venezuela:/home/tdm

ubuntu 14.04 DCs DC1 with fsmo resolve_lmhosts: Attempting lmhosts lookup for name 51755e44-0a78-4ab8-8206-b4ae8a09c172._msdcs.altea.site<0x20> dns child failed to find name '51755e44-0a78-4ab8-8206-b4ae8a09c172._msdcs.altea.site' of type A DC2 /usr/local/samba/sbin/samba_dnsupdate: update failed: NOTAUTH resolve_lmhosts: Attempting lmhosts lookup for name

On 3/27/2018 6:37 AM, Erdei Miklos via samba wrote: > Hi, > > I have a test AD running Samba on Ubuntu that I sometimes poke with Sysinternal's ADExplorer. > A few days ago I tried connecting to it, but got a short reply of "The directory service is not available." > As it was working earlier, I tried finding the problem. > After installing a few older releases, I

Hi All, I am trying to get authentication against AD using Winbind and Samba 3. We use Kerberos 5 as well. I know that winbind is running properly because when I run wbinfo -a, I get success messages. The problem seems to be when I try to play with the pam modules. For kicks, here is the pam module for sshd: #%PAM-1.0 auth sufficient pam_winbind.so debug auth sufficient pam_unix2.so # set_secrpc

On 14/06/2019 07:40, Praveen Ghimire wrote: > Hi Rowland, > > I've added the bit to the pam.d and rebooted the server but still no go > > The following is from the log file for the machine (user is testhome2) > > adding home's share [VM-WIN7-01$] for user 'LIN\VM-WIN7-01$' at '/home/%U/samba' > > get_auth_event_server: Failed to find

Hi, On 3/27/2018 6:37 AM, Erdei Miklos via samba wrote: &gt; Hi, &gt; &gt; I have a test AD running Samba on Ubuntu that I sometimes poke with Sysinternal's ADExplorer. &gt; A few days ago I tried connecting to it, but got a short reply of "The directory service is not available." &gt; As it was working earlier, I tried finding the problem. &gt; After

Hi Rowland, I've added the bit to the pam.d and rebooted the server but still no go The following is from the log file for the machine (user is testhome2) adding home's share [VM-WIN7-01$] for user 'LIN\VM-WIN7-01$' at '/home/%U/samba' get_auth_event_server: Failed to find 'auth_event' registered on the message bus to send JSON authentication events to: