Displaying 20 results from an estimated 5000 matches similar to: "would like to use samba3 pdc, no ldap account backend db, but use ldap for authN"
2015 Feb 25
2
replication problems in samba4 ad domain
I started with one dc, 'dc1', running samba v4.0.21, in subnet1.
I successfully added two more dc's, 'dc2' and 'dc3', both running samba v4.0.24, both in subnet2.
There are several firewalls between subnets 1 & 2.
I continued to make firewall holes on behalf of msad after I added dc's 2 & 3. I.e. when they were added, there were patterns of communication
2013 May 06
1
Is it possible to make Samba4 use an external LDAP server for authN, and its own internal LDAP server for all other LDAP purposes?
My company uses 389-ds for its LDAP service, and all services are configured to use that LDAP for authentication.
I'd like to start using Samba4 as an AD DC, in order to control/manage MsWin computers.
It was simplest to me to install Samba4 configured to use its own internal LDAP server, rather than make it use my existing 389-ds LDAP server.
However, I want Samba4 to authenticate to the
2012 Aug 15
2
how best to rollback from a yum update?
Suppose I want to upgrade a bunch of packages on a system, but in case the upgrade produces unexpected, undesired results, I want to be able to rollback the system to its original state. What is the best way to do that?
Often, I won't have, or be able to find, packages for the current installed versions. I.e. If I haven't upgraded postgres for 2 years, it may be that I can no longer
2012 May 10
2
when is the o.s. considered to be at a certain minor version? Or, is it safe to apply only certain package updates from the next release version?
Two related questions about the minor release numbers (e.g. the 'x' in 5.x or 6.x) :
1) What constitutes the o.s. being at a particluar minor release? Typically, when you install you are getting a package set available from a specific minor release number. But what minor release is the o.s. at if I just update the centos-release package, and no other package? Typically, a 'yum
2023 Oct 22
1
Question about silos and Authentication policies
Talking to myself again ;-)
Samba-tool is working a little bit different then the silo/policy
management on a Windows-DC.
On a Windows-DC after assigning the user and host to the silo you have
to assign the silo to the user and the host. When assigning the user and
host to the silo with samba-tool, the assignment to the user and the
host will be done at the same time. So now my policy looks
2023 Oct 23
2
Question about silos and Authentication policies
Hi Stefan,
We had a long weekend in New Zealand, I'm catching up now to your emails.
Some of the slight differences between Windows tools I've already picked
up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm
always open to learning what things are missing or different etc.
On 23/10/23 02:58, Stefan Kania via samba wrote:
> Talking to myself again ;-)
>
>
2023 Oct 23
2
Question about silos and Authentication policies
Thanks Rob for chiming in.
Stefan,
I do want to be very clear, one of the big challanges that we as
developers face building these kind of tools is that we don't run AD
domains day-to-day. So we really value good feedback on the
ergonomics.
If you can test with our work in progress, we are keen to adapt the
tooling where possible to be more in line with what is 'naturally
expected, so
2001 Apr 23
1
win2k domain-less client failing to authenticate when securit y=domain
Hi Jonathan,
Yep, samba sends the domain name as well as the username to the domain
controller, and what I think happens is the NT controller sees that the
domainname passed is NOT his domain, checks his list of trusted domains,
doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is
the netbios name of the win2k client machine? I'm not real clear on how
this
2011 Feb 21
2
problem joining WinXP machine to samba PDC+LDAP environment
Hello,
I can't join a winxp box to my samba domain. I just have one samba
server, meant to act as a PDC for domain='CHI'.
Any ideas how to troubleshoot and/or remedy?
Thanks,
Jon
Context:
------------
samba v3.3.8 on CentOS v5.5, using ldapsam backend. Domainname ='CHI'.
smbldap-tools v0.9.6.
I 'populated' the ldap with 'smbldap-populate'.
I try to join
2006 Aug 10
1
winbind: group name doesn't map to a SID, but gid does
I'm using winbind v3.0.22 on Debian Linux as a source for nss info.
I have a group that was once known by winbind, but is no more:
------ beging shell except ------
# ls -ld ./
drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./
#
------ end shell except ------
It must have been known, as I was the one who chgrp'ed the dir
originally.
I know what the group name is
2008 Apr 15
1
how to make 'winbind nss info = sfu' work in v >= 3.0.26a
There is an instance of Ms.Active Directory that has had the 'Services
For Unix' applied.
I use winbind v3.0.24 to get user/group info from that Ms.Active directory
instance like so:
-------- begin smb.conf snippet: ------------
security = ADS
realm = mydomain.com
workgroup = MYDOMAIN
winbind enum groups = yes
winbind enum users = yes
winbind nested groups = yes
winbind nss info = sfu
2010 Dec 29
1
confusion about using samba as NT4 PDC with ldapsam backend
Hello,
I want to use samba v3.3.x to implement an NT4/Win2k style domain:
a samba PDC and a samba BDC, using ldapsam for the 'passdb backend'. I plan
to use RedHat Directory Server v8.2 as the ldap server.
I'm trying to sort out how user/group management and nss will work.
I'm confused about how/when the samba-supplied ldap schema is used (I mean
the schema that's in the
2014 Jun 03
1
How to grant access to file shares by AD groups that have spaces in their name?
Hi,
I hava a Samba4 file server joined to a Samba4 domain.
I made a share for all members of the INFINITY domain 'Domain Users' group to access:
[demoshare]
comment = Test share
path = /usr/local/samba/demoshare
read only = no
valid users = @"INFINITY+Domain Users"
but no group member can access it. Any ideas what is wrong?
It works if I change the group to
2006 Jan 31
1
windbind, 'template homedir', and macros
I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes
to auth against MsA.D. and get all their user info from MsA.D.
I recently discovered that winbind can accomplish the same without
Mssfu, as long as I'm content to be limitted by the winbind config
directives 'template shell' and 'template homedir'. I'd like to drop
sfu if I can.
The 'template
2006 Apr 27
2
winbind nss info = sfu is not so much working
with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD
by using winbind for authentication as well as for the source of nss info.
When winbind is configured to use its own local id maps, everything
works fine.
But when i configure winbind to use 'ad' as the source of nss info,
authentication fails, 'getent' commands return no results, and
'wbinfo -r
2020 Sep 24
2
Can't connect after AuthN: NT_STATUS_ACCESS_DENIED
Been using Samba since the early days and it's always worked terrifically.
Install it from RPM or apt or yum, make a few tweaks to the smb.conf and
I'm off and running without fail.
So to run into a situation where I'm getting denied has really stumped me.
I dialed up logging to try and get a peek into what's failing and things
start falling apart around NT_STATUS_ACCESS_DENIED
2006 Apr 28
1
smb.conf(5) manpage suggestion re. idmap backend
suggestion for minor improvement of the smb.conf manpage in the context
of the 'idmap backend' parameter. At least as of v3.0.22 the manpage says:
Finally, using the idmap_ad module, the UID and GID can directly be
retrieved from an Active Directory LDAP Server that supports an
RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"
2006 Feb 08
1
winbind can see some groups but not others
Hello,
I followed the steps at
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
for adding a v3.0.21a samba and winbindd server to a MsAD domain and
configuring nsswitch.conf to find passwd and group info from winbind.
This seems to have worked out fine, except that I can't 'see' or
'recognize' certain groups via getent or via wbinfo -g.
E.g. I can see the
2012 May 09
2
AD and SAMBA
Hello all,
I am trying to understand how SAMBA finds nearest Domain Controller when
configured to use Active Directory for AuthN.
There are some great articles and wikis about how to configure SAMBA
against AD, but couldn't find much on what I was looking for.
For example
1. Does Samba have built in dc locator functionality like windows
clients ?
2. What is the default authN it uses, NTLM
2020 Sep 24
0
Can't connect after AuthN: NT_STATUS_ACCESS_DENIED
On 24/09/2020 03:23, Chris Olive via samba wrote:
> Been using Samba since the early days and it's always worked terrifically.
> Install it from RPM or apt or yum, make a few tweaks to the smb.conf and
> I'm off and running without fail.
>
> So to run into a situation where I'm getting denied has really stumped me.
> I dialed up logging to try and get a peek into