Displaying 20 results from an estimated 7000 matches similar to: "nslcd: kerberos vs. simple bind"
2012 Jul 12
2
nslcd service - "Client not found in Kerberos database"
Hi,
I am trying to configure the nslcd service on an Ubuntu client for kerberos
authentication against samba4. My /etc/nslcd.conf contains the following:
uid nslcd
gid nslcd
uri ldapi:///cofil01.mydomain.net
base dc=mydomain,dc=net
sasl_mech GSSAPI
krb5_ccname FILE:/tmp/host.tkt
I have added the host principal "host/ubuntu-test.mydomain.net @
MYDOMAIN.NET" to /etc/krb5.keytab on both
2013 Oct 26
2
lost with AD auth
Hi all,
Well, I'm completely lost with AD authentification ...
server is :
Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu
Samba 4.0.10 installed (and upgraded) via git, setup as unique Active
Directory Domain Controller
( -> how to upgrade to 4.1 via git ?? )
I 'just' would like that the local services (let's say only dovecot and
postfix) can query AD to authentifiate
2012 Jan 17
1
Samba 4 and GSSAPI kerberos ldap connect
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
to /etc/nslcd.conf
and restart nslcd, no one can connect to the database. Nothing works.
ldapsearch and getent passwd draw a blank.
ldapsearch -x -b '' -sbase
2015 Mar 04
2
Is there a listprincs equivalent?
I joined a machine. net ads testjoin says OK. The join exported a
keytab, which among others contains MACHINE$@REALM. However, trying
k5start I get "Client not found in Kerberos database". Also kinit -t
/etc/krb5.keytab MACHINE\$@REALM claims that the client was not found.
But then, how did it come into the keytab?
Is there a tool to list the principals in AD?
Kind regards,
-
2017 Jul 01
1
integrating samba with pam
On Sat, 1 Jul 2017 19:27:09 +0100, Rowland Penny via samba wrote:
> On Sat, 01 Jul 2017 14:19:13 -0300
> Guido Lorenzutti wrote:
>
>>
We used to hide some information from our windows group, to make acls
only in unix groups. But well.. i think we can start sharing that info
with the domain groups.
>
> You can do something very similar by using
ACLs, create groups in AD,
2020 Jun 22
2
Winbind help - with domain migration.
Hello guys
I need some lights to migrate a Winbind/Samba share to a new AD.
My scenario is:
I have an old AD running on a Debian 9 and Samba 4.5.16 with many
replication issues.
Then I decided to create a new one from the scratch using Debian 10 and
Samba 4.12.2 (and everything is working perfectly). I have migrated all the
accounts/machines/etc from old to new domain without any problem.
Both the
2014 Oct 05
1
What is wrong with my nslcd configuration?
I can't get my domain users presented to my local machine with getent
passwd and the wiki
https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
doesn't give me any steps troubleshoot this issue. My best guess it that
I configured the user account incorrectly or I configured nslcd
incorrectly. I can't exactly see what is the problem.
I get these messages from
2014 Nov 19
1
Cannot bind to AD using nslcd
Hi Again - following on from my last request for help, I'm now attempting to
setup LDAP auth against my working samba4 AD.
Simplistically, I'm trying initially to SSH into my AD server (working)
using nslcd.
I've tried method #1 from
https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns
lcd
My simple config is:
uid nslcd
gid nslcd
uri
2013 Jul 08
1
Samba 3 member server connected to Samba 4 DC (using nslcd)
Hi all,
I am having a problem connecting a Samba 3 member server to my newly
created Samba 4 DC.
I am using nslcd at the Samba 4 end successfully and this has allowed me to
login using domain accounts - I've also got this working with visudo and
/etc/security/access.conf to control sudo access with groups created on the
DC. All good.
My problem is that I have a Samba 3 member server
2014 Nov 08
7
[Bug 2310] New: functionality to start process before ssh and/or to "wrap" such command around ssh
https://bugzilla.mindrot.org/show_bug.cgi?id=2310
Bug ID: 2310
Summary: functionality to start process before ssh and/or to
"wrap" such command around ssh
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2013 Jan 31
1
Strange nslcd error with ldap database
Greetings,
I've got a S4 DC joined to a Windows 2008 R2 DC. I'm using the s4bind scripts to add uidNumber/gidNumber/etc entries to LDAP, and I've got nss-pam-ldap installed on the S4 server. I had this working back in December, but since installing the latest stable build, getent passwd is throwing this error,
[8b4567] <passwd="myuser"> passwd entry
2015 Apr 20
2
NSLCD works, do I need RFC2307 extensions enabled in AD as well?
Hi Rowland,
On Mon, Apr 20, 2015 at 10:29 AM, Rowland Penny <rowlandpenny at googlemail.com
> wrote:
> OK, I understand a bit better where your problems lie. I would still use
> backports, supported code is (hopefully) better code :-)
>
I am certainly willing to do that.
>
>
>>
>> I'd be willing to do that if it got me support for UPN names (see below)
2014 Oct 14
2
nslcd samba 4.1 and FreeBSD 10
Hello list-
As a FreeBSD shop we've used Samba 3.x quite well for a couple years. With version 3.6 due to expire in due time, we've been experimenting with version 4.1 using winbindd with very limited success. We find that if we use the TDB backend instead of either RID or AD, we are able to enumerate our AD users via getent. I cannot enumerate AD users via either the AD or the RID
2012 Jan 11
6
Samba 4 kerberos and kinit
Hi
After starting Samba 4, before anyone can do anything, Administrator has
to do a kinit to get a new ticket. This creates a cache /tmp/krb5cc_0
with an expiry time.
I've created a host principal and put it into the keytab:
samba-tool spn add host someuser
samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE
How can I keep Samba 4 up without having to get a new
2017 Jul 01
3
integrating samba with pam
On Sat, 1 Jul 2017 16:30:25 +0100, Rowland Penny via samba wrote:
> On Sat, 01 Jul 2017 11:48:21 -0300
> Guido Lorenzutti via samba
wrote:
>
>> Hi there! I been using samba3 with ldap for years, and now
im about to move to samba4 to leave the slapd.
>
> I take it you mean
that you use Samba as an AD DC
Exactly.
>> I didnt try yet to migrate
the directory from
2013 Aug 15
2
Remote linux auth vs samba4: winbind or nslcd + openldap.
I'm lost in documentation.
I setup a samba4 AD, and configured winbind so I can have local
authentification using pam, I can now login to AD users v?a ssh.
I want to achieve the Holy Gria of 1 source of users and password, for
both, linux and windows machines, but I'm lost in documentation.
So far I know:
samba4 cann't use openldap as backend.
samba4 ldap doesn't really is a full
2015 Apr 17
5
NSLCD works, do I need RFC2307 extensions enabled in AD as well?
Hello all,
I've just installed Samba 3.6.6 from the Debian Stable repo. I want to use
this linux box as a smb file server for windows clients.
I installed NSLCD to allow users in AD to authenticate against my linux
server per
https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
getent passwd and getent group returns domain users with UID mappings like:
tempuser
2012 Jan 15
3
Samba 4 ldb_wrap open of idmap.ldb
Hi everyone
Version 4.0.0alpha18-GIT-bfc7481
I'm using nslcd to map Samba 4 users to uid:gid and home directory. At
startup I get this:
ldb_wrap open of secrets.ldb
WARNING: no socket to connect to
and /var/log/messages shows:
Jan 15 14:20:13 hh3 nslcd[2425]: [334873] failed to bind to LDAP server
ldap://h
h3.site/: Can't contact LDAP server: Transport endpoint is not connected
Jan
2013 Aug 28
1
Problem with nslcd and samba
Hi,
I try to use nslcd with samba 4 for get suers and group for AD.
if I do a ldapsearch, I have a message :
Server not in kerberos database
if I do a getent passwd, nslcd display same error message.
log of samba4:
[2013/08/28 10:15:47, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ Administrator at CORMANDOM.INT-CORMAN.BE from
2017 Jul 01
0
integrating samba with pam
On Sat, 01 Jul 2017 14:19:13 -0300
Guido Lorenzutti <guido at lorenzutti.com.ar> wrote:
> We used to hide some information from our windows group, to make
> acls only in unix groups. But well.. i think we can start sharing that
> info with the domain groups.
You can do something very similar by using ACLs, create groups in AD,
add RFC2307 attributes and add your Unix users to the