similar to: would like to use samba3 pdc, no ldap account backend db, but use ldap for authN

I started with one dc, 'dc1', running samba v4.0.21, in subnet1. I successfully added two more dc's, 'dc2' and 'dc3', both running samba v4.0.24, both in subnet2. There are several firewalls between subnets 1 & 2. I continued to make firewall holes on behalf of msad after I added dc's 2 & 3. I.e. when they were added, there were patterns of communication

My company uses 389-ds for its LDAP service, and all services are configured to use that LDAP for authentication. I'd like to start using Samba4 as an AD DC, in order to control/manage MsWin computers. It was simplest to me to install Samba4 configured to use its own internal LDAP server, rather than make it use my existing 389-ds LDAP server. However, I want Samba4 to authenticate to the

Suppose I want to upgrade a bunch of packages on a system, but in case the upgrade produces unexpected, undesired results, I want to be able to rollback the system to its original state. What is the best way to do that? Often, I won't have, or be able to find, packages for the current installed versions. I.e. If I haven't upgraded postgres for 2 years, it may be that I can no longer

Two related questions about the minor release numbers (e.g. the 'x' in 5.x or 6.x) : 1) What constitutes the o.s. being at a particluar minor release? Typically, when you install you are getting a package set available from a specific minor release number. But what minor release is the o.s. at if I just update the centos-release package, and no other package? Typically, a 'yum

Talking to myself again ;-) Samba-tool is working a little bit different then the silo/policy management on a Windows-DC. On a Windows-DC after assigning the user and host to the silo you have to assign the silo to the user and the host. When assigning the user and host to the silo with samba-tool, the assignment to the user and the host will be done at the same time. So now my policy looks

Hi Stefan, We had a long weekend in New Zealand, I'm catching up now to your emails. Some of the slight differences between Windows tools I've already picked up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm always open to learning what things are missing or different etc. On 23/10/23 02:58, Stefan Kania via samba wrote: > Talking to myself again ;-) > >

Thanks Rob for chiming in. Stefan, I do want to be very clear, one of the big challanges that we as developers face building these kind of tools is that we don't run AD domains day-to-day. So we really value good feedback on the ergonomics. If you can test with our work in progress, we are keen to adapt the tooling where possible to be more in line with what is 'naturally expected, so

Hi Jonathan, Yep, samba sends the domain name as well as the username to the domain controller, and what I think happens is the NT controller sees that the domainname passed is NOT his domain, checks his list of trusted domains, doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is the netbios name of the win2k client machine? I'm not real clear on how this

Hello, I can't join a winxp box to my samba domain. I just have one samba server, meant to act as a PDC for domain='CHI'. Any ideas how to troubleshoot and/or remedy? Thanks, Jon Context: ------------ samba v3.3.8 on CentOS v5.5, using ldapsam backend. Domainname ='CHI'. smbldap-tools v0.9.6. I 'populated' the ldap with 'smbldap-populate'. I try to join

I'm using winbind v3.0.22 on Debian Linux as a source for nss info. I have a group that was once known by winbind, but is no more: ------ beging shell except ------ # ls -ld ./ drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./ # ------ end shell except ------ It must have been known, as I was the one who chgrp'ed the dir originally. I know what the group name is

There is an instance of Ms.Active Directory that has had the 'Services For Unix' applied. I use winbind v3.0.24 to get user/group info from that Ms.Active directory instance like so: -------- begin smb.conf snippet: ------------ security = ADS realm = mydomain.com workgroup = MYDOMAIN winbind enum groups = yes winbind enum users = yes winbind nested groups = yes winbind nss info = sfu

Hello, I want to use samba v3.3.x to implement an NT4/Win2k style domain: a samba PDC and a samba BDC, using ldapsam for the 'passdb backend'. I plan to use RedHat Directory Server v8.2 as the ldap server. I'm trying to sort out how user/group management and nss will work. I'm confused about how/when the samba-supplied ldap schema is used (I mean the schema that's in the

Hi, I hava a Samba4 file server joined to a Samba4 domain. I made a share for all members of the INFINITY domain 'Domain Users' group to access: [demoshare] comment = Test share path = /usr/local/samba/demoshare read only = no valid users = @"INFINITY+Domain Users" but no group member can access it. Any ideas what is wrong? It works if I change the group to

I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes to auth against MsA.D. and get all their user info from MsA.D. I recently discovered that winbind can accomplish the same without Mssfu, as long as I'm content to be limitted by the winbind config directives 'template shell' and 'template homedir'. I'd like to drop sfu if I can. The 'template

with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD by using winbind for authentication as well as for the source of nss info. When winbind is configured to use its own local id maps, everything works fine. But when i configure winbind to use 'ad' as the source of nss info, authentication fails, 'getent' commands return no results, and 'wbinfo -r

Been using Samba since the early days and it's always worked terrifically. Install it from RPM or apt or yum, make a few tweaks to the smb.conf and I'm off and running without fail. So to run into a situation where I'm getting denied has really stumped me. I dialed up logging to try and get a peek into what's failing and things start falling apart around NT_STATUS_ACCESS_DENIED

suggestion for minor improvement of the smb.conf manpage in the context of the 'idmap backend' parameter. At least as of v3.0.22 the manpage says: Finally, using the idmap_ad module, the UID and GID can directly be retrieved from an Active Directory LDAP Server that supports an RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"

Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the

Hello all, I am trying to understand how SAMBA finds nearest Domain Controller when configured to use Active Directory for AuthN. There are some great articles and wikis about how to configure SAMBA against AD, but couldn't find much on what I was looking for. For example 1. Does Samba have built in dc locator functionality like windows clients ? 2. What is the default authN it uses, NTLM

On 24/09/2020 03:23, Chris Olive via samba wrote: > Been using Samba since the early days and it's always worked terrifically. > Install it from RPM or apt or yum, make a few tweaks to the smb.conf and > I'm off and running without fail. > > So to run into a situation where I'm getting denied has really stumped me. > I dialed up logging to try and get a peek into