similar to: Override Linux homedir given by AD

When I do "getent group", I want to see the group's members enumerated. With nss_ldap they are; with nss_winbind they aren't: root at gumbo:~# getent group mgmt PI\mgmt:*:1040: There *are* members there (partially redacted): root at gumbo:~# ldbsearch -Htdb:///var/lib/samba/private/sam.ldb cn=mgmt member # record 1 dn: CN=mgmt,CN=Users,REDACTED member:

Hello All, I'm integrating an existing unix environment into an exist AD environment. I'm thinking of switching from nssldap to nss_winbind but have one problem. My user's home directories are in the format of /home/user/<$first letter>/<$second letter>/<$username> (/home/user/ d/h/dhaknes). Looking at the template homedir it doesn't appear that I can

Rowland, Yes, I mean uidNumber and gidNumber. I'm aware I need to work with AD but at this time I need my unix IDs (on NSS) to keep services working. Not only for files ownership, but also for some other services. Yeah, that's complex... If I undestand well, the best way to do is to join the server using "net ads join" and use nss_winbind. This what I do but I only use the

Hello list. The issue I have is that with the changes made to the idmap functionality of winbind, as regards the enumeration of rfc2307 users and groups using getent passwd and getent group, only those AD users that are not in the domains included in the "idmap config (domain)" statements (the ones in trusted domains that get their ID mappings auto-assigned by the TDB backend with

Dear All, I came across a really strange behaviour when using winbind on solaris 8. Normally "nscd" should be turned off because it's causing problems in the username resolution etc. When I turn it off I can login e.g. using ssh as an AD users but when i start a command like "ls" it gets put in the background immediately? When "nscd" is turn on and login again I

Hi Rowland, Thank you for your answer. I think I have found a solution which could solve the issue until the next migration step. It tested it on another server which is not critital : * Joining the server as a member and setup the shares as you suggest * Use nss_ldap instead of nss_winbind (idmap) which will pick my unix ids In this setup it seems I can access to the shares

Hello, i installed my Dovecot with authetification in MS AD throught WINBIND and PAM. Works fine. So I have virtual users with UID, GID from MS AD. I set maildir path as mail_location = maildir:/var/spool/mail/%n/ Then i want to make some vacation system. I install sieve and use dovecot LDA. In postfix main.cf I have mailbox_command = /usr/libexec/dovecot/deliver Setup of lda in dovecot.conf

I'm trying to setup a Solaris 10 Sparc station to authenticate users on login with Windows ADS. I have found the documentation for this but having no luck in getting the pam modules to work. Here is what I have done so far: Compiling Kerberos MIT5-1.8.3: cd into the src directory ./configure --prefix=/opt/local gmake gmake install Compiling Samba 3.5.6: setenv CFLAGS "-O2"

Hi, Meanwhile we've come many steps further, and a new issue has risen. In samba4 AD we have a user with: - homeDirectory \\server\username - homeDrive P: - scriptPath logon.bat When this user logs on, logon.bat is executed successfully, but homeDirectory is NOT mounted on P: and in the logs we see: canonicalize_connect_path failed for service username, path /\\server\username It seems

Hello everybody, for a while I am running a Samba 4.1 AD server under FreeBSD (from the FreeBSD ports). At thw moment the domain has ca. 20 Windows 7 desktops. I wanted to add a Samba 4.1 file server as a member server, was able to joint the domain and see AD users via "winbind -u" but "getent password" or "id <user>" does not work. The smb4.conf is

My samba thinks its own groups don't exist. Background: I had a samba3 server operating as a NAS with some desktops joined to the domain. I'm migrating it to samba 4.0.9 as an AD domain. Users can log in and browse their home share -- but the other shares aren't working. They're per-project shares set up to allow that project's group access, and to forcibly make all files

On 29/11/2019 18:17, S?rgio Basto via samba wrote: > On Fri, 2019-11-29 at 17:19 +0000, Rowland penny via samba wrote: >> Lets start by removing this: krb5-server-1.15.1-37.el7_7.2.x86_64 > ATM I can't, it will remove all samba packages :) Then your packages are depending on the krb5-server package, which is MIT, which is experimental. This shouldn't be a problem on a Unix

Hi all, we're using Winbind on a Solaris 9 machine to authenticate our Users, who are held in a Windows 2003SP1 AD. We are now using Samba 3.0.21b and everything works as expected. I configured the nsswitch and installed "libnss_winbind.so" and "pam_winbind.so" as described in the documentation and winbind is able to resolve the AD users and groups and the useres are able

I portupgraded my samba domain server and domain member to 3.0.23b from 3.0.23 and found that the domain member was not accessible from workstations. The error message: \\HOSTNAME is not accessible. There are currently no logon servers available to service the logon request. In the log.winbindd of the domain member, I found: [2006/08/23 22:52:00, 0] nsswitch/winbindd.c:request_len_recv(517)

I've recompiled samba 2.2.3a and still any time I do a ls -l in a directory where there are files from a PC I get the error : ld.so.1: ls: fatal: relocation error: file /usr/lib/nss_winbind.so.1: symbol socket: referenced symbol not found If I shut off winbind or take winbind out for my /etc/nsswitch.conf file, I can get a directory listing and it lists the users ID that winbind assigned to

You can test if winbind is able to resolve user IDs internally with "wbinfo -u". This uses the samba tool "wbinfo" to connect directly to the running winbind daemon and list all the Windows domain users. If that fails, then you have problems with the winbind daemon itself. The authentication between winbind and the PDC can be tested with "wbinfo -t", which is usually

Hi all, we have the following problem: We are running two windows domains, which trust each other. We have several RHEL6-Servers, which act as samba servers with windows domain authentication. Domain A is configured as realm in smb.conf. As long as we run samba3, all users from domain A and domain B are able to be authenticated. "wbinfo -g" lists all windows groups from domain A

Sunfreeware.com has compiled packages of Samba 3.4.2 with kerberos and ldap support included (if you also install the ldap and kerberos packages from sunfreeware.) However it does not include the nss_winbind.so.* or libnss_winbind.so.* files. Solaris does include nss_winbind.so already (since it is included with Samba 3.0.x) or I could compile it from the 3.4.x source code. But then I

Hi We're in the phase of converting our existing unix-based users to virtual users. Goal is to make mail-spool totaly independent of home-spool. For that reason, NO files can be written to home. I've solved the problem for all files, except for .dovecot.lda-dupes. I can see in duplicate.c #define DUPLICATE_PATH "~/.dovecot.lda-dupes" I thought being clever and override in

Hey, I'm getting this error when ever I've written a file from my Win2k Pro machine to my samba share. Using Samba 2.2.3. Built on Solaris 8. Using winbindd. I created the sym links as suggested under /lib (really /usr/lib): nss_winbind.so.1 -> libnss_winbind.so nss_winbind.so.2 -> libnss_winbind.so Are there some other sim links I need somewhere or is this error something