similar to: Strange nslcd error with ldap database

Hi Again - following on from my last request for help, I'm now attempting to setup LDAP auth against my working samba4 AD. Simplistically, I'm trying initially to SSH into my AD server (working) using nslcd. I've tried method #1 from https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns lcd My simple config is: uid nslcd gid nslcd uri

Hi folks, Have been battling with this for a while. I have a Debian 6/Samba 4 install working nicely. Have migrated my old Samba 3 domain and can see all users/groups via AD management tools fine. I am now trying to get the *nix side sorted. Have followed the guide here: https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd Which works up to a point. All users and

I can't get my domain users presented to my local machine with getent passwd and the wiki https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd doesn't give me any steps troubleshoot this issue. My best guess it that I configured the user account incorrectly or I configured nslcd incorrectly. I can't exactly see what is the problem. I get these messages from

Hi, I am trying to configure the nslcd service on an Ubuntu client for kerberos authentication against samba4. My /etc/nslcd.conf contains the following: uid nslcd gid nslcd uri ldapi:///cofil01.mydomain.net base dc=mydomain,dc=net sasl_mech GSSAPI krb5_ccname FILE:/tmp/host.tkt I have added the host principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" to /etc/krb5.keytab on both

Hi all, i've got samba 3.6 joined to a ad domain (s4 in this case) running winbind all looks ok, but i ran into a problem (for us that is) i've got 2 groups (students and employes) who have there home dirs in 2 different places. /home/students/<user> /home/employ/<user> so far so good, but i can't make the [homes] work for both of them (just 1 group) in winbind

Hello list- As a FreeBSD shop we've used Samba 3.x quite well for a couple years. With version 3.6 due to expire in due time, we've been experimenting with version 4.1 using winbindd with very limited success. We find that if we use the TDB backend instead of either RID or AD, we are able to enumerate our AD users via getent. I cannot enumerate AD users via either the AD or the RID

Hi all, I am having a problem connecting a Samba 3 member server to my newly created Samba 4 DC. I am using nslcd at the Samba 4 end successfully and this has allowed me to login using domain accounts - I've also got this working with visudo and /etc/security/access.conf to control sudo access with groups created on the DC. All good. My problem is that I have a Samba 3 member server

Hello, I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it was drifting away from it's origin question :-) I played this afternoon a bit with nslcd and kerberos for extending my Wiki HowTo. But as more as I read, one question comes bigger and bigger: What are the advantages of kerberos against simple bind with DN and password? Simple bind method: Create a

Hi all *Context:* I'm trying to use the s4bind scripts ( http://linuxcostablanca.blogspot.com.es/p/s4bind.html) k5start is running So far, i've succeeded in * modifying (posixifying) the built-in "Domain Users" * adding a user to this group and i can login with this user (ssh), create files that are correctly owned, etc... The user also shows up correcly in ADUC. * retrieving

Hi Rowland, On Mon, Apr 20, 2015 at 10:29 AM, Rowland Penny <rowlandpenny at googlemail.com > wrote: > OK, I understand a bit better where your problems lie. I would still use > backports, supported code is (hopefully) better code :-) > I am certainly willing to do that. > > >> >> I'd be willing to do that if it got me support for UPN names (see below)

I'm lost in documentation. I setup a samba4 AD, and configured winbind so I can have local authentification using pam, I can now login to AD users v?a ssh. I want to achieve the Holy Gria of 1 source of users and password, for both, linux and windows machines, but I'm lost in documentation. So far I know: samba4 cann't use openldap as backend. samba4 ldap doesn't really is a full

Hello all, I've just installed Samba 3.6.6 from the Debian Stable repo. I want to use this linux box as a smb file server for windows clients. I installed NSLCD to allow users in AD to authenticate against my linux server per https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd getent passwd and getent group returns domain users with UID mappings like: tempuser

Hi, I try to use nslcd with samba 4 for get suers and group for AD. if I do a ldapsearch, I have a message : Server not in kerberos database if I do a getent passwd, nslcd display same error message. log of samba4: [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: TGS-REQ Administrator at CORMANDOM.INT-CORMAN.BE from

Rowland Penny via samba wrote 2018-09-06 14:50: > On Thu, 06 Sep 2018 12:47:02 +0700 > Konstantin Boyandin via samba <samba at lists.samba.org> wrote: > >> Rowland Penny via samba писал 2018-09-05 16:10: >> > However, are you sure you cannot use kerberos ? >> > What are your existing services ? >> >> to name most important ones: >>

On 04/20/2015 02:01 PM, Rowland Penny wrote: > > I would suggest you try it on a test set up in a VM and if it works, go > to production. > > Rowland > Hi Rowland, Ok, I think I am pretty close. Still using Samba 3.3.6 since I couldn't seem to get Samba 4 to work from backports. My sticking point right now is that winbind is mapping the wrong UID to my test user.

In our current testing environment, we are using nslcd to get user and group information from the Samba4 LDAP server, using the last part of objectSid as uidNumber. The configuration is designed to pull down unixHomeDirectory and loginShell if they exist, but they default to standard values if they do not. nslcd on each machine binds to LDAP using a dedicated user account, nslcd-service, and

Samba3 allowed for the setting of idmaps and passdb backends to configure how users were pulled in. This made integrating with existing LDAP databases, other other forms of authentication easy, since Samba could be configured to present the same UID and GID as directly from the [insert other auth method here] system. All was good. Unfortunately Samba4 seems to have removed much of that

Thank you Rowland, so it looks like kerberos should be my authentication method and that I'll need to install rfc2307 extensions in my Active Directory environment in order to use your approach. Your approach supports UPN names for access to shares and It also appears that I won't need to use nslcd at all. Does all of that sound correct to you? Thanks again! John On Mon, Apr 20, 2015 at

Hi, I think it is great that samba4 has a single sign on solution for Windows platforms and it seems to work well too, but I am wondering is it possible to do the same for a Linux environment? I have been studying how to implement single sign on using the Ubuntu way through this document: https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can do the same with samba4 where the

Sir, As you suggested I have already done this settings ('ldap_user_name =username') 3 year back and due to this our users are able to login in various service like ssh, imap, pop by sssd service but not able to connect/authenticate by samba. As you know in my case due to our customized ldap which start 'uid=numericID' instead of 'uid=username' samba is not able to