Displaying 20 results from an estimated 5000 matches similar to: "Using samba4 with AD and rfc2307 - what are the *current* practices?"
2013 Nov 20
0
RODC DNS oddness
I just checked the SOA records on my samba DCs and noticed a few oddities:
michael at sles-bree:~> for i in ad{1..4} sles-bree sles-shire; do host -t
soa main.adlab.netdirect.ca $i | grep SOA; done
main.adlab.netdirect.ca has SOA record ad1.main.adlab.netdirect.ca.
hostmaster.main.adlab.netdirect.ca. 177 900 600 86400 3600
main.adlab.netdirect.ca has SOA record ad2.main.adlab.netdirect.ca.
2013 Nov 20
0
Error using password cached on a samba4 RODC
OK! I'm getting farther and farther! :)
I've managed to preload user and computer passwords onto a samba RODC:
*sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload
'win7-shire$' --server main.adlab.netdirect.ca**
*Replicating DN
CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca
Exop on[CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca]
2013 Nov 28
1
Replicating failing after installing RODC
We've joined an RODC to the domain (Windows 2008R2 running a W2003
FFL/DFL AD) but are getting these errors on first startup.
It was joined with:
samba-tool domain join main.adlab.netdirect.ca RODC
--realm=main.adlab.netdirect.ca
--username=administrator at main.adlab.netdirect.ca --dns-backend=BIND9_DLZ
but we get these errors right after startup:
Nov 28 12:35:27 sles-bree samba[3939]:
2013 Nov 20
1
No neighbors in 'drs showrepl'
Is this a problem? Does this mean no replication links exist?
michael at sles-bree:~> samba-tool drs showrepl -k yes
Bree\SLES-BREE
DSA Options: 0x00000025
DSA object GUID: 7ea641b0-d418-4c74-a4fa-c15b852467b8
DSA invocationId: 1017ff29-756c-4777-b395-b481f4b5387c
==== INBOUND NEIGHBORS ====
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name:
2013 Nov 18
1
samba4.1 RODC with BIND as DNS backend
OK, further to my previous message I've configured BIND, but when I try
to run samba_dnsupdate I get the following:
Nov 18 16:19:23 sles-shire named[6112]: samba b9_putrr: unhandled record
type 0
Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: starting transaction
on zone _msdcs.main.adlab.netdirect.ca
Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: disallowing update of
2013 Nov 18
1
Samba 4.1 acting as RODC, how to fix TSIG and configure DNS?
I've set up a lab for testing Samba 4.1 as an RODC emulating a satellite
office setup, using the sernet packages on SLES11SP2.
## Problem 1
samba_dnsupdate is failing:
==> /var/log/samba/log.samba <==
[2013/11/18 13:22:37.416193, 0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
[2013/11/18
2014 Jan 26
1
Configuring RHEL6 Samba4 DC for local accounts
I've configured a new RHEL DC with sernet samba 4.1.4 and a domain just
upgraded from classic with an LDAP backend.
I need to configure the DC with user accounts and since:
* I can't use winbind on a DC
* I can't use SSSD with the sernet packages
it looks like the best thing to use is LDAP. I've configured it with:
authconfig --enableldap --enableldapauth
2015 Dec 19
2
LDAP create home directories
Hey guys,
I've setup an LDAP server on our network. I'm using OpenLDAP.
It was really easy to use the authconfig-tui to generate the nsswitch.conf
and ldap.conf files that would allow user authentication.
But when users would log in, the system wasn't creating the home
directories.
I found one command that would correct that:
authconfig --enablemkhomedir --update
After that
2011 Oct 31
3
NSS ldap problems
I'm having trouble setting up ldap based authenication.
I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine.
However, I set up a virtual box running CentOS 6, and I can't get it to authenicate.
I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in. /var/log/secure
2015 Dec 19
2
LDAP create home directories
>
> You may also need to restart sssd or nslcd, depending upon which one is
> running the backed ldap connection service on the clients.
Hmm.. I got a different result after restarting nclcd. Instead of logging
me in and just complaining that it couldn't create the home directory, it
still complains about not creating the home directory, but now it doesn't
let me in:
#ssh
2013 Feb 20
3
LDAP users/groups not showing up with nis, pam, & ldap
I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've
previously installed a similar configuration on RHEL4, but CentOS now
uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations
are a little different.
Currently, local users and groups are showing up but not LDAP users.
When I do a /getent passwd/ and/getent group/ I don't get LDAP users.
When I do
2013 Feb 15
1
Problem with User and Group Ownership listing
I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've
previously installed a similar configuration on RHEL4 using smb 3.0 but
CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the
configurations cannot be moved straight across.
When I do a listing of a share directory that should have user and group
ownership determined by LDAP, I get the uidNumbers and
2015 Jul 31
6
Linux Workstation x SMB4 DC
What is the best way to authenticate users in SMB4 DC on Linux
workstation?
I'm using pam_winbind, but sometimes its very slow...
--
[]'s Jefferson B. Limeira
jbl at internexxus.com.br
https://br.linkedin.com/in/jlimeira
(41) 9928-8628
2015 Apr 20
2
NSLCD works, do I need RFC2307 extensions enabled in AD as well?
Hi Rowland,
On Mon, Apr 20, 2015 at 10:29 AM, Rowland Penny <rowlandpenny at googlemail.com
> wrote:
> OK, I understand a bit better where your problems lie. I would still use
> backports, supported code is (hopefully) better code :-)
>
I am certainly willing to do that.
>
>
>>
>> I'd be willing to do that if it got me support for UPN names (see below)
2015 Apr 17
5
NSLCD works, do I need RFC2307 extensions enabled in AD as well?
Hello all,
I've just installed Samba 3.6.6 from the Debian Stable repo. I want to use
this linux box as a smb file server for windows clients.
I installed NSLCD to allow users in AD to authenticate against my linux
server per
https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd
getent passwd and getent group returns domain users with UID mappings like:
tempuser
2013 Nov 05
2
Unable to join samba4 to AD as a DC
Hello,
I'm trying to get samba4 up and running as a DC in a lab environment.
I have a freshly installed AD environment (W2012R2 servers, W2008R2
functional level) and I'm trying to join samba4 to it as a domain
controller.
When I try, I get this:
# samba-tool domain join ad.netdirect.ca DC -Uadministrator
--realm=AD.NETDIRECT.CA -W AD
Finding a writeable DC for domain
2015 Aug 05
2
Linux Workstation x SMB4 DC
An example of how slow is...
[root at CTA1PAPAN001645 ~]# time id teste
uid=16777232(teste) gid=16777216(domain users) grupos=16777216(domain
users),16777220(operacao),16777222(BUILTIN\users)
real 1m15.981s
user 0m0.005s
sys 0m0.007s
According this documentation, if I want use File Sharing without AD
modifications only option is Winbind (idmap_rid).
2017 Oct 30
0
winbind rfc2307 not being obeyed
nope that just brute forced homedir and shell. It'll work for what I
want this machine for but I'd like to get the homedir and shell from
AD
On Mon, Oct 30, 2017 at 10:54 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> My smb.conf file now looks like so
> [global]
> #--authconfig--start-line--
>
> # Generated by authconfig on 2017/10/30 10:47:34
> # DO NOT
2017 Oct 30
2
winbind rfc2307 not being obeyed
My smb.conf file now looks like so
[global]
#--authconfig--start-line--
# Generated by authconfig on 2017/10/30 10:47:34
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = MIND
password server = MIND.UNM.EDU
realm = MIND.UNM.EDU
security = ads
idmap config * : range = 2000-7999
2015 Apr 21
3
NSLCD works, do I need RFC2307 extensions enabled in AD as well?
On 04/20/2015 02:01 PM, Rowland Penny wrote:
>
> I would suggest you try it on a test set up in a VM and if it works, go
> to production.
>
> Rowland
>
Hi Rowland,
Ok, I think I am pretty close. Still using Samba 3.3.6 since I couldn't
seem to get Samba 4 to work from backports.
My sticking point right now is that winbind is mapping the wrong UID to
my test user.