similar to: Samba4 Using AD/UNIX attributes for home directory and shell not possible?

Hi all, i've got samba 3.6 joined to a ad domain (s4 in this case) running winbind all looks ok, but i ran into a problem (for us that is) i've got 2 groups (students and employes) who have there home dirs in 2 different places. /home/students/<user> /home/employ/<user> so far so good, but i can't make the [homes] work for both of them (just 1 group) in winbind

Thank you Rowland for looking at it. I did read the wiki here https://wiki.samba.org/index.php/Idmap_config_ad that is how I got as far as I did; that and the idmap_ad man page. I could not find how to use the loginShell is there a variable I can use for it in the template or an option to set to use it? loginShell and unixHomedir are not mentioned on the wiki that I could find. I'm good with

Hi all , I'm running Debian Etch . I just finished configuring SAMBA as PDC to authenticate against LDAP server which works. The system in question uses default debian etch packages. As My Linix/unix accounts can authenticate against it. The LDAP works. I Used the default shipped smbldap-populate script to setup SAMBA. Everything seems to work as Anonymous User or as user

Hello everybody, I am trying to set the homeDirectory and loginShel of my users in the samba user database from the command line interface (no webgui stuff) See the attachment for the smb.conf The samba users are in a ldapsam:editposix openldap database. They show with getent passwd and getent group or ldapsearch -x. # both do not work usermod --shell /bin/bash username usermod --home

I finally got to test it and it works OK something really strange is occurring though It works good as follows except for groups but I'll look at that latter as I see others have mentioned some issues with groups here is my /etc/samba/smb.conf security = ads realm = DOMAIN.LONG workgroup = DOMAIN idmap config * : backend = tdb idmap config * : range = 900-999 idmap config

I have found a fixed my previous problems (two typos that were hard to find) and now the smbldap-tools all work as expected if I run them as root. However when I try to join a domain from a windows machine, the scripts never run and get an "Access is denied message". Since I am using 0.10 I do not think I can use net rpc rights, so do I need to add that into ldap manually? Or do I

Hello, I am doing a samba pdc with ldap. When I try to login to the domain, or access some shares I get this in my ldap logs: Mar 7 16:46:16 localhost slapd[3588]: conn=25 op=4 SRCH base="ou=People,dc=test,dc=org" scope=1 filter="(&(objectClass=posixAccount)(uid=DOMAIN\5CTD))" Mar 7 16:46:16 localhost slapd[3588]: conn=25 op=4 SEARCH RESULT tag=101 err=0 text= My

Hi all, Is there a way to extract the whole attributes of objects, even hidden attributes, using ldbsearch or any samba tool? Hidden attributes have to be hidden from ldapsearch which can be used through network and so, remotely. ldbsearch can be used only locally by root, which [should] limit who is using it, so perhaps I thought it was possible : )

I am trying to do a classicupgrade.  (This is not 1st try, I went through it once time already; then I deleted all data and trying it again, with questions now.) Command samba-tool domain classicupgrade --dbdir=/etc/samba.PDC/ --realm=ad.nemuh.cz --dns-backend=BIND9_DLZ /etc/samba.PDC/smb.PDC.conf Problem a) ... init_sam_from_ldap: Entry found for user: pc0027$ init_sam_from_ldap: Failed to

@Andrew: I expect these lines came from RDP issue workaround which should be happening with previous Samba version. I removed all these lines as now, with 4.2.2 Samba version RDP and RSAT are working well without them. I removed also each and every idmap lines, commented most of winbind lines too and now my smb.conf is: ------------------------------------------------------------ [global]

Sir, As you suggested I have already done this settings ('ldap_user_name =username') 3 year back and due to this our users are able to login in various service like ssh, imap, pop by sssd service but not able to connect/authenticate by samba. As you know in my case due to our customized ldap which start 'uid=numericID' instead of 'uid=username' samba is not able to

Hi all, I'm wondering about winbind[d] behaviour. I tried the following with: auth methods = sam winbindd and the same with only one d: auth methods = sam winbind One user: ldbsearch -H $sam '(cn=another.fakeuser)' homeDirectory loginShell gidnumber uidnumber # record 1 dn: CN=another.fakeuser,OU=a,OU=Standards,OU=Utilisateurs,DC=ad,DC=dgfip homeDirectory: */home/another.fakeuser*

I've been trying to do this for days, and I think I'm really close. It's become one of those so-close-yet-so-far sorts of things. I'm running Gentoo -- all sync'ed up and current as of a week ago -- with the following package versions: openldap-2.1.30-r5 pam_ldap-178-r1 nss_ldap-239-r1 smbldap-tools-0.9.1-r1 phpldapadmin-0.9.5 (very cool, I must say!) samba-3.0.14a-r2

2015-06-30 12:42 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 30/06/15 11:17, mathias dufresne wrote: > >> @Andrew: I expect these lines came from RDP issue workaround which should >> be happening with previous Samba version. I removed all these lines as >> now, >> with 4.2.2 Samba version RDP and RSAT are working well without them. >>

I'm trying to migrate my existing RedHat ES Samba PDC to Ubuntu. The RedHat version of Samba is 3.0.9 and the Ubuntu version is 3.0.14a. Everything was going fine until I tried to import the LDIF of the existing LDAP directory. The LDIF actually imports all of the structure (OU and Group definitions) and all of my users, but it fails when it comes to my first machine account with this

I have 2 Ubuntu 12.04/samba 4 servers acting as DCs for my Domain. I provisioned the Domain by using the classicupgrade (prior authentication was LDAP+Samba). I have added some new test users. I also have two files servers. One is running RHEL 5.9/Samba 3, the other Ubuntu 12.04/Samba 4. Users that have their home directories and profiles stored on the RHEL5.9/Samba 3 fileserver work correctly.

Hi Harry, sadmin and tadmin are both admin logins. I was trying to domain join with both. sadmin is in ldap The olcdbindex.ldif gave this error SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: Other (e.g., implementation specific) error (80) additional

But that doesn't work for me. As I am saying If I set it like that I only see 7 domain users with getent passwd experimenting I see if I set idmap config * : range = 2000-7999 idmap config DOMAIN:range = 8000-99999 I see all my users. which is really odd because all my users have uids above 10000 What other trouble shooting steps can I take to see why this is acting this way? I edit

Something strange here. User created using: root at dc1:~# samba-tool user add user7 Abcd1234 --uid-number=1007 --home-directory=/home/user7 --login-shell=/bin/bash User 'user7' created successfully I can see the homeDirectory attribute in the entry. But the home directory that winbind returns is just the template one: root at adclient:~# getent passwd user7

Hi list samba3-3.0.31-36 openldap2-2.3.43-1.1 my problem is i have stop my working openldap and restart it again, in the Log i see now = pdb_get_group_sid: Failed to find Unix account for ... a lot of machine accounts. Whats wrong? i must now all accounts rejoin to domain? example from a host # bart$, hosts, server.intern dn: uid=bart$,ou=hosts,dc=server,dc=intern objectClass: sambaSamAccount