Displaying 20 results from an estimated 10000 matches similar to: "Samba4 Winbind - is it really not possible to be sensible?"
2012 Dec 14
5
Samba4 LDAP ACLs - access to POSIX attributes from a non-admin account
In our current testing environment, we are using nslcd to get user and
group information from the Samba4 LDAP server, using the last part of
objectSid as uidNumber. The configuration is designed to pull down
unixHomeDirectory and loginShell if they exist, but they default to
standard values if they do not. nslcd on each machine binds to LDAP
using a dedicated user account, nslcd-service, and
2014 Oct 14
2
nslcd samba 4.1 and FreeBSD 10
Hello list-
As a FreeBSD shop we've used Samba 3.x quite well for a couple years. With version 3.6 due to expire in due time, we've been experimenting with version 4.1 using winbindd with very limited success. We find that if we use the TDB backend instead of either RID or AD, we are able to enumerate our AD users via getent. I cannot enumerate AD users via either the AD or the RID
2014 Oct 05
1
What is wrong with my nslcd configuration?
I can't get my domain users presented to my local machine with getent
passwd and the wiki
https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
doesn't give me any steps troubleshoot this issue. My best guess it that
I configured the user account incorrectly or I configured nslcd
incorrectly. I can't exactly see what is the problem.
I get these messages from
2013 Aug 15
2
Remote linux auth vs samba4: winbind or nslcd + openldap.
I'm lost in documentation.
I setup a samba4 AD, and configured winbind so I can have local
authentification using pam, I can now login to AD users v?a ssh.
I want to achieve the Holy Gria of 1 source of users and password, for
both, linux and windows machines, but I'm lost in documentation.
So far I know:
samba4 cann't use openldap as backend.
samba4 ldap doesn't really is a full
2016 Jul 07
5
Using Samba4 AD to authenticate users of other Linux services (SSH, Mail, etc.)
I'm confused about how to authenticate users of other Unix services with Samba4 AD.
After trying the classic upgrade on a test server, I can use smbclient. However,
"getent passwd" doesn't show the users, and I'm not sure what I have to do now.
On the live machines, I have openldap, pam-ldapd and nslcd running to authenticate
users of Samba 3 as well as ssh, postfix,
2013 Oct 26
2
lost with AD auth
Hi all,
Well, I'm completely lost with AD authentification ...
server is :
Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu
Samba 4.0.10 installed (and upgraded) via git, setup as unique Active
Directory Domain Controller
( -> how to upgrade to 4.1 via git ?? )
I 'just' would like that the local services (let's say only dovecot and
postfix) can query AD to authentifiate
2012 Jul 12
2
nslcd service - "Client not found in Kerberos database"
Hi,
I am trying to configure the nslcd service on an Ubuntu client for kerberos
authentication against samba4. My /etc/nslcd.conf contains the following:
uid nslcd
gid nslcd
uri ldapi:///cofil01.mydomain.net
base dc=mydomain,dc=net
sasl_mech GSSAPI
krb5_ccname FILE:/tmp/host.tkt
I have added the host principal "host/ubuntu-test.mydomain.net @
MYDOMAIN.NET" to /etc/krb5.keytab on both
2017 Jul 01
1
integrating samba with pam
On Sat, 1 Jul 2017 19:27:09 +0100, Rowland Penny via samba wrote:
> On Sat, 01 Jul 2017 14:19:13 -0300
> Guido Lorenzutti wrote:
>
>>
We used to hide some information from our windows group, to make acls
only in unix groups. But well.. i think we can start sharing that info
with the domain groups.
>
> You can do something very similar by using
ACLs, create groups in AD,
2015 Apr 05
2
Member server - winbind unable to resolve users/groups
On 05/04/15 00:59, Andrey Repin wrote:
> Greetings, Rowland Penny!
>
>>>> OK, what does running this command on the DC show:
>>>> ldbsearch -H /var/lib/samba/private/sam.ldb
>>>> '(objectSID=S-1-5-21-1031481445-3291699540-3997755762-61000)' | grep
>>>> 'uidNumber'
>>>> This relies on ldb-tools being installed and
2018 Sep 06
2
Authenticating against Samba 4 AD LDAP service
Rowland Penny via samba wrote 2018-09-06 14:50:
> On Thu, 06 Sep 2018 12:47:02 +0700
> Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
>
>> Rowland Penny via samba писал 2018-09-05 16:10:
>> > However, are you sure you cannot use kerberos ?
>> > What are your existing services ?
>>
>> to name most important ones:
>>
2014 Nov 19
1
Cannot bind to AD using nslcd
Hi Again - following on from my last request for help, I'm now attempting to
setup LDAP auth against my working samba4 AD.
Simplistically, I'm trying initially to SSH into my AD server (working)
using nslcd.
I've tried method #1 from
https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns
lcd
My simple config is:
uid nslcd
gid nslcd
uri
2012 Jan 15
3
Samba 4 ldb_wrap open of idmap.ldb
Hi everyone
Version 4.0.0alpha18-GIT-bfc7481
I'm using nslcd to map Samba 4 users to uid:gid and home directory. At
startup I get this:
ldb_wrap open of secrets.ldb
WARNING: no socket to connect to
and /var/log/messages shows:
Jan 15 14:20:13 hh3 nslcd[2425]: [334873] failed to bind to LDAP server
ldap://h
h3.site/: Can't contact LDAP server: Transport endpoint is not connected
Jan
2013 Apr 11
1
Internal LDAP explanation
Hi there !
I've read many documentation today but i can't understand samba 4
internal ldap server.
I'm currently using samba3 with openldap backend.
I'm considering using samba4 as my new domain controller in ADS mode.
I have few questions :
- Can i connect to the new ldap server from a remote machine (
ldapsearch on port 389 ) ? If no why ?
- So, can i connect pam for linux
2014 Dec 01
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 17:46, steve wrote:
> On 01/12/14 18:25, Rowland Penny wrote:
>> On 01/12/14 17:16, steve wrote:
>>> On 01/12/14 18:11, Rowland Penny wrote:
>>>> On 01/12/14 17:09, steve wrote:
>>>>> On 01/12/14 17:31, Greg Zartman wrote:
>>>>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny
>>>>>> <rowlandpenny at
2013 Feb 20
3
LDAP users/groups not showing up with nis, pam, & ldap
I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've
previously installed a similar configuration on RHEL4, but CentOS now
uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations
are a little different.
Currently, local users and groups are showing up but not LDAP users.
When I do a /getent passwd/ and/getent group/ I don't get LDAP users.
When I do
2013 Jul 08
1
Samba 3 member server connected to Samba 4 DC (using nslcd)
Hi all,
I am having a problem connecting a Samba 3 member server to my newly
created Samba 4 DC.
I am using nslcd at the Samba 4 end successfully and this has allowed me to
login using domain accounts - I've also got this working with visudo and
/etc/security/access.conf to control sudo access with groups created on the
DC. All good.
My problem is that I have a Samba 3 member server
2012 May 23
2
multi home dir locations
Hi all,
i've got samba 3.6 joined to a ad domain (s4 in this case)
running winbind
all looks ok, but i ran into a problem (for us that is)
i've got 2 groups (students and employes)
who have there home dirs in 2 different places.
/home/students/<user>
/home/employ/<user>
so far so good, but i can't make the [homes] work for both of them (just
1 group)
in winbind
2014 Dec 01
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 18:23, steve wrote:
> On 01/12/14 19:11, Rowland Penny wrote:
>> On 01/12/14 17:46, steve wrote:
>>> On 01/12/14 18:25, Rowland Penny wrote:
>>>> On 01/12/14 17:16, steve wrote:
>>>>> On 01/12/14 18:11, Rowland Penny wrote:
>>>>>> On 01/12/14 17:09, steve wrote:
>>>>>>> On 01/12/14 17:31, Greg Zartman
2013 Aug 28
2
nslcd: kerberos vs. simple bind
Hello,
I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it
was drifting away from it's origin question :-)
I played this afternoon a bit with nslcd and kerberos for extending my
Wiki HowTo. But as more as I read, one question comes bigger and bigger:
What are the advantages of kerberos against simple bind with DN and
password?
Simple bind method: Create a
2017 May 18
2
ls hangs in internal-sftp for LDAP users + numeric uid/gid instead of names
On 2017-05-18T13:13, mh at ow2.org <mh at ow2.org> wrote:
> Le 18/05/2017 ? 12:17, mh at ow2.org a ?crit :
> > However, I get uid/gid numbers instead of names within sftp session (ls
> > -l) ? I don't know if it's new but I would definitively prefer names...
>
> It seems the reason is :
>
> open("/etc/passwd", O_RDONLY|O_CLOEXEC) = -1 EACCES