similar to: Is kerberos authentication against AD possible without joining the domain?

Is there a way to get samba to authenticate against an AD without having to join that domain (which needs admin credentials)? I don't want any of the automatic user creation or mapping stuff from winbind, just a password check instead of having to maintain a local password. I can get that effect via kerberos for normal linux logins by using authconfig-tui, checking kerberos, and filling in

I have some services on Centos5 boxes that use smb authentication against the Windows domain as a low-maintenance way to handle most of our office users for things that don't need home directories (web/file shares, etc.). Running authconfig is all it takes to add it to PAM, then adding mod_auth_pam to apache makes it work with that and local users. This all works without any particular

Hi all, I just upgraded more servers, and doing some tests I found that my setup for kerberos/ldap authentication against Active Directory is no more working. I don't know why... I followed some times ago scott Lowe blog for this setup : http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/ And it was working correctly until the upgrade. What is curious is that id command

Maybe its.. authconfig --enablewinbindkrb5 --update Requirements to achieve this: - A valid /etc/krb5.conf - A valid system keytab /etc/krb5.keytab - A valid /etc/samba/smb.conf -> will be modified by authconfig ( found on internet worked in centos7 ) But better read.. https://sssd.io/docs/users/pam_krb5_migration.html Greetz, Louis > -----Oorspronkelijk bericht----- >

So I have this centos 5.10 box which authenticates network users against ldap(authorizing)+kerberos(authentication). And I now would like to have sudo be able to allow admins (netgroup chinbeards) to sudo about. I am not using sssd though (yet). Here is the output of me trying sudo (debug on): [raub at centos5-x64 ~]$ sudo pwd LDAP Config Summary =================== uri

Hi all, I am a bit confused about the usage of pam_mount. Here is my /etc/pam.d/system-auth: auth required pam_env.so auth required pam_mount.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account

On 21/06/2019 15:39, Edouard Guign? via samba wrote: > Hello, > > I am facing 2 issues now. > The first one is the more critical for me... > > 1. When I switch from sssd to winbind with : > # authconfig --enablekrb5 --enablewinbind --enablewinbindauth > --enablemkhomedir --update > > My sftp access did not work. Does it change the way to pass the login ? > I used

We have a small Ubuntu 9.10 file server in a large Win 2003/2008 domain. There is no X nor web browser in the server. I have rights to join machines to the domain, but I'm not an Administrator There is about 10 users in this server, who want to authenticate with domain passwords when they mount their home directories to WindowsXP workstations. The ssh passwords should be local and separated

On 01/10/2020 21:46, Rowland penny via samba wrote: > On 01/10/2020 21:23, Jason Keltz via samba wrote: >> >> >> Okay - I guess the failure of kdc: lines in smb.conf is a bug. >> >> Let's wait and see what happens with your ticket after 10 hours. >> Maybe there's a bug there as well. > It will be in the middle of the night here, so I will report

Hi Apple changed from Linux PAM to OpenPAM and the dovecot pam file (dovecot installed from macports) doesn't work anymore. Installed pam modules are: -r--r--r-- 1 root wheel 76640 31 Jul 09:15 pam_env.so.2 -r--r--r-- 1 root wheel 51024 31 Jul 09:15 pam_group.so.2 -r--r--r-- 1 root wheel 99776 31 Jul 09:15 pam_krb5.so.2 -r--r--r-- 1 root wheel 51552 31 Jul 09:15

Hello Andrew, I'm a little stuck with my login authentication for my Samba 3 box. With the new features in Samba 3 - Should I be able to provide username@domain & password at login that would authenticate me against our W2K ADS PDC and obtain my kerberos ticket? Please advise on the suggested way to authenticate against our Active Directory domain at login if I'm way off base on

Hello Rowland, Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize, should be : realm = MYDOMAIN.LOCAL workgroup = MYDOMAIN About libpam-krb5 installed, I have on my system : yum list krb5-workstation pam_krb5 krb5-workstation.x86_64 1.15.1-37.el7_6 @updates pam_krb5.x86_64 2.4.8-6.el7 @base Is pam_krb5

So finally here is the solution that works for me. If you have any questions, just ask. I use pam_mount with the following volume definition in the "/etc/security/pam_mount.conf.xml": <volume fstype="cifs" server="server" path="home/%(USER)" mountpoint="/home/%(USER)" sgrp="domain users"

I'm going to start with clean centos install, so I might as well use some additional guidelines, thank You. When You run kinit, does Your user have ticket already? What I noticed is that when user has a ticket already, kinit works fine, uses as default principal the one from ticket. Can you do kdestroy - then kinit? Also, on Fedora, did You install samba from source or from repo's RPM?

On Fri, 29 Nov 2024 20:50:21 +0100 Peter Milesson <miles at atmos.eu> wrote: > > On 11/29/24 20:07, Rowland Penny via samba wrote: > > On Fri, 29 Nov 2024 12:07:45 +0100 > > Peter Milesson via samba <samba at lists.samba.org> wrote: > > > >>> Hi Peter, that was actually more than what I was expecting, a very > >>> detailed tutorial

On 29.11.2024 21:40, Rowland Penny via samba wrote: > On Fri, 29 Nov 2024 20:50:21 +0100 > Peter Milesson <miles at atmos.eu> wrote: > >> On 11/29/24 20:07, Rowland Penny via samba wrote: >>> On Fri, 29 Nov 2024 12:07:45 +0100 >>> Peter Milesson via samba <samba at lists.samba.org> wrote: >>> >>>>> Hi Peter, that was actually

I'm close to making this work. The goal is to make this Fedora 20 system pretend to be a Windows member server in my Windows 2008R2 Active Directory domain and then I'll use it as a backup target. When I run ADUC from my domain controller, I see my F20 system named nfsa. But from Windows, when I do Start...\\nfsa, I get an Access Denied error and it prompts for credentials. When I do

On 17/06/2019 12:56, Edouard Guign? via samba wrote: > Hello, > > May you answer me about my issue with kerberos ? > > About libpam-krb5 installed, I have on my system : > yum list krb5-workstation pam_krb5 > krb5-workstation.x86_64 1.15.1-37.el7_6 @updates > pam_krb5.x86_64 2.4.8-6.el7 @base > > Is pam_krb5 equivalent to libpam-krb5 on centos 7 ? Sorry for the late

> Apart from ipa are there any other good tools out there for centralised user > auth? I am currently testing LDAP (openldap) combined with nss_ldap, configured with authconfig. I would start by testing IPA. Redhat is building out a set of enterprise management tools which include cobbler and spacewalk; I would think IPA will eventually be integrated into their mgt tools. That said, if

On 30.11.2024 17:26, Rowland Penny via samba wrote: > On Sat, 30 Nov 2024 17:14:24 +0100 > Peter Milesson via samba <samba at lists.samba.org> wrote: > >> Hi Rowland, >> >> I got it working under Archlinux also. Most of the work was looking >> up how to configure PAM with the pam_winbind and pam_krb5 modules. >> Not very well documented. > If by