similar to: Is it possible to make Samba4 use an external LDAP server for authN, and its own internal LDAP server for all other LDAP purposes?

I'd like to: 1) use samba3 as a PDC, and 2) not use LDAP as the account backend database, and 3) specify samba to use but use "encrypt passwords = true", and 4) use an ldap server as the authentication source for samba. Is that possible? I'd assumed it would be given that samba is pam-aware, and I can tell pam to use ldap for authN. However, the man page for smb.conf seems to

I started with one dc, 'dc1', running samba v4.0.21, in subnet1. I successfully added two more dc's, 'dc2' and 'dc3', both running samba v4.0.24, both in subnet2. There are several firewalls between subnets 1 & 2. I continued to make firewall holes on behalf of msad after I added dc's 2 & 3. I.e. when they were added, there were patterns of communication

Suppose I want to upgrade a bunch of packages on a system, but in case the upgrade produces unexpected, undesired results, I want to be able to rollback the system to its original state. What is the best way to do that? Often, I won't have, or be able to find, packages for the current installed versions. I.e. If I haven't upgraded postgres for 2 years, it may be that I can no longer

Hello, I can't join a winxp box to my samba domain. I just have one samba server, meant to act as a PDC for domain='CHI'. Any ideas how to troubleshoot and/or remedy? Thanks, Jon Context: ------------ samba v3.3.8 on CentOS v5.5, using ldapsam backend. Domainname ='CHI'. smbldap-tools v0.9.6. I 'populated' the ldap with 'smbldap-populate'. I try to join

Hello, I want to use samba v3.3.x to implement an NT4/Win2k style domain: a samba PDC and a samba BDC, using ldapsam for the 'passdb backend'. I plan to use RedHat Directory Server v8.2 as the ldap server. I'm trying to sort out how user/group management and nss will work. I'm confused about how/when the samba-supplied ldap schema is used (I mean the schema that's in the

Hi, I hava a Samba4 file server joined to a Samba4 domain. I made a share for all members of the INFINITY domain 'Domain Users' group to access: [demoshare] comment = Test share path = /usr/local/samba/demoshare read only = no valid users = @"INFINITY+Domain Users" but no group member can access it. Any ideas what is wrong? It works if I change the group to

Two related questions about the minor release numbers (e.g. the 'x' in 5.x or 6.x) : 1) What constitutes the o.s. being at a particluar minor release? Typically, when you install you are getting a package set available from a specific minor release number. But what minor release is the o.s. at if I just update the centos-release package, and no other package? Typically, a 'yum

Hi Jonathan, Yep, samba sends the domain name as well as the username to the domain controller, and what I think happens is the NT controller sees that the domainname passed is NOT his domain, checks his list of trusted domains, doesn't find it, and says sayonara buddy... I am assuming that 'SATURN' is the netbios name of the win2k client machine? I'm not real clear on how this

I'm using winbind v3.0.22 on Debian Linux as a source for nss info. I have a group that was once known by winbind, but is no more: ------ beging shell except ------ # ls -ld ./ drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./ # ------ end shell except ------ It must have been known, as I was the one who chgrp'ed the dir originally. I know what the group name is

Hello, I'm trying to use samba v3.3.8 on Centos 5.5 to act as a PDC, using ldap as the backend for users, groups, and computers. The ldap I'm using is Centos Directory Server v8.1. The setting is a new, never used before, installation of samba and ldap. There are no users other than what exists by default after a Centos install. The smb.conf contains what is my best guess for the

There is an instance of Ms.Active Directory that has had the 'Services For Unix' applied. I use winbind v3.0.24 to get user/group info from that Ms.Active directory instance like so: -------- begin smb.conf snippet: ------------ security = ADS realm = mydomain.com workgroup = MYDOMAIN winbind enum groups = yes winbind enum users = yes winbind nested groups = yes winbind nss info = sfu

with samba 3.0.22, I'm trying to integrate a linux box with Microsoft AD by using winbind for authentication as well as for the source of nss info. When winbind is configured to use its own local id maps, everything works fine. But when i configure winbind to use 'ad' as the source of nss info, authentication fails, 'getent' commands return no results, and 'wbinfo -r

I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes to auth against MsA.D. and get all their user info from MsA.D. I recently discovered that winbind can accomplish the same without Mssfu, as long as I'm content to be limitted by the winbind config directives 'template shell' and 'template homedir'. I'd like to drop sfu if I can. The 'template

suggestion for minor improvement of the smb.conf manpage in the context of the 'idmap backend' parameter. At least as of v3.0.22 the manpage says: Finally, using the idmap_ad module, the UID and GID can directly be retrieved from an Active Directory LDAP Server that supports an RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"

On 24/09/2020 03:23, Chris Olive via samba wrote: > Been using Samba since the early days and it's always worked terrifically. > Install it from RPM or apt or yum, make a few tweaks to the smb.conf and > I'm off and running without fail. > > So to run into a situation where I'm getting denied has really stumped me. > I dialed up logging to try and get a peek into

I want to add a samba4 server to a samba4 AD domain, and serve file-shares from it. The closest URL I found is this: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server However, it is not enough. Would some one please point me to better documentation, or tell me how to go about this? Problems I have with the above url: 1) I don't have users/groups in schema rfc2307. Is this

Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the

Hello everyone, I'm writing you a topic because i have a problem with smaba and LDAP. This is my problem, when I type in the shell slapcat, i've got this message : str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38) slapcat: bad configuration file! There is my slapd.conf : include /etc/ldap/schema/core.schema include

No real "standalone" or domains explicitly specified in the smb.conf file. This is a host with containers on it, but at this level, this is the smb.conf file for the host itself. Ironically when I install SMB in a container and spin it up it works fine. At the machine level it does not. All these issues took place before I tried it in a container, so the log I originally sent was when

ClassicUpgrade of my samba3 data to samba4 fails, with this error: ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid Full log of the classicupgrade is at the end of this email. Project member on this list, Andrew Barlett, wrote that the issue is probably that my Samba 3 passdb was passable in an NT 4 DC mode, but is actually 'invalid' :