similar to: Samba as member of multi domain AD (nss/pam)

Hello all. After last update (from winbind-3.5.3 and krb5-1.8.1 to winbind-3.5.10 and krb5-1.9.1) users from a trusted domain can't authenticate any more. Machines are joined to domain PERSONALE, and users from domain STUDENTI aren't recognized. Domains are handled by W2k8 or W2k8r2 (I have no control on these). Last lines from /var/log/samba/log.wb-STUDENTI report: [2012/02/23

Hi all. I'm getting mad at this. I use winbind to authenticate users in multiple domains from AD. The config worked well, before upgrading from 3.5.3 to 3.5.10 in Mandriva. Now, if I 'winbind -i user.name' (so using the joined domain PERSONALE) I get the correct info, but if I do a 'winbind -i STUDENTI\\another.name' the answer is a 'Could not get info for user

Hi all, i've got samba 3.6 joined to a ad domain (s4 in this case) running winbind all looks ok, but i ran into a problem (for us that is) i've got 2 groups (students and employes) who have there home dirs in 2 different places. /home/students/<user> /home/employ/<user> so far so good, but i can't make the [homes] work for both of them (just 1 group) in winbind

Hello again. There are some more issues I still couldn't fix, and can't say if it's only a misunderstanding on my side, something that can't be done or a bug (I doubt). 1) In our organization we have two "primary" domains (a lot of others, but they're not interesting here). I tried changing the default 'PERSONALE' (where machine is joined) to

Hello all. Seems I can't find the root cause of $subj. When I store a file on my "home", it gets chmodded ugo+x ... My smb.conf is: -8<-- [global] workgroup = PERSONALE realm = PERSONALE.EXAMPLE.COM server string = Local shares netbios name = STR00160-SAMBA security = ADS encrypt passwords = true password server =

Hi, Everybody, I have a couple of quick questions that I'm having a little of difficulty with. I'm guessing these will be pretty easy to answer. The first is; 1) Is it possible to deterministically set the domain name that will be used when the "winbind use default domain = Yes" option is configured in /etc/samba/smb.conf? I want to set a default domain, however I do not

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Gordon Messmer > Sent: den 21 januari 2015 05:47 > To: CentOS mailing list > Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd, nss-pam- > ldapd, kerberos, etc) > > On 01/20/2015 05:26 PM, Dan Irwin wrote: > > Before I fire up a

Hi all, Is anyone using C7 in production with LDAP and kerberos? Currently all of my machines run C5 or C6 with nss-pam-ldapd or nss_ldap, with kerberos and pam_krb5 for authentication. Before I fire up a test VM (is it even worth it?) I wanted to check feedback from the community. Cheers! Dan

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Fred Smith > Sent: den 21 januari 2015 15:35 > To: centos at centos.org > Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd, nss-pam- > ldapd, kerberos, etc) > > > > > Before I fire up a test VM (is it even worth it?) I wanted to

I'm revising some docs, and i've returned on the 'offline logon' tema. Looking at: https://wiki.samba.org/index.php/PAM_Offline_Authentication and smb.conf manpage, it is clear that 'offline logon' is a pam/authentication only, does not involve NSS. Considering a 'full offline' DM client (supposing a portable), there's a 'winbind permanent nss

Hi, this has nothing directly to do with samba, but there might be some people who try to use samba with (Open)LDAP on OpenSUSE 11.1 like me. Between 10.2 and 11.1 the nss_ldap configuration has changed a bit. The file which configures the access to ldap is now /etc/nss-ldap.conf and seems to have the identical layout as the former /etc/ldap.conf. Also needed is the "nslcd"

Hello all. Is it right to have: idmap backend = tdb idmap uid = 2000-9999 idmap gid = 2000-9999 idmap config PERSONALE:backend = rid idmap config PERSONALE:base_rid = 500 idmap config PERSONALE:range = 100000 - 49999999 idmap config STUDENTI:backend = rid idmap config STUDENTI:base_rid = 500 idmap config STUDENTI:range =

Hi all *Context:* I'm trying to use the s4bind scripts ( http://linuxcostablanca.blogspot.com.es/p/s4bind.html) k5start is running So far, i've succeeded in * modifying (posixifying) the built-in "Domain Users" * adding a user to this group and i can login with this user (ssh), create files that are correctly owned, etc... The user also shows up correcly in ADUC. * retrieving

Greetings, Peter Ross! > problem solved but part of the mystery remains: > It has to do with the root shell!! Oh? I'm no expert, but I could probably explain it. If you're using statically linked shell (busybox comes to mind), you are locked to whatever libs have been linked in at the compile time. Also re: your previous wonder about library name, it may differ between

I'm having trouble setting up ldap based authenication. I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine. However, I set up a virtual box running CentOS 6, and I can't get it to authenicate. I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in. /var/log/secure

I am unable to get 2.7.4 to work with NSS support as provided by libnss3 2:3.26.2 on Debian stretch. Currently NSS supports two database formats identified by prefixes "sql:" for the new database and "dbm:" for the legacy database. I created the NSS database in directory /etc/nut with command certutil -N -d dbm:NSS_db --empty-password I copied over public key and

Hi! I've been working with pxelinux for quite some time now, and I'd like to use PXE and a simple kind of selection menu (like syslinux does). But I couldn't get it to work. I can enter several "label" sections to my pxelinux.cfg/<something> but it'll never ask, just boot the first/default one ... Is this currently supported at all? Or did I miss something?

Hi! I've spent the last days trying to get PXE working (with all the nice stuff that's in the specification - doesn't work :-( ) So I tried the new 1.75 with the Intel DOSUndi Bootdisk (which should verify that everything works correctly) but it does no longer work with syslinux-1.75! 1.74 is fine - so I guess something is broken here ... Please have a look at it - and let me know

Dear Sir/Madam, I got some problem about using R. I am a student, and need to use R a lot. But sometimes when I am working in computer lab, we can not install some particular pacakges by ourselves because of the previliges. Can the folder of Librabry of R, move to, for instance the personal folder, my documents... then we can install any specified package? Best regards,

Hi Trever, things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: root at ubuntu1:~# kinit user09999 user09999 at S4DOM.TEST's Password: root at ubuntu1:~# klist -v Credentials cache: FILE:/tmp/krb5cc_0 Principal: user09999 at S4DOM.TEST Cache version: 4 Server: krbtgt/S4DOM.TEST at