similar to: samba4 and sssd and user mapping

On 21/06/2019 15:39, Edouard Guign? via samba wrote: > Hello, > > I am facing 2 issues now. > The first one is the more critical for me... > > 1. When I switch from sssd to winbind with : > # authconfig --enablekrb5 --enablewinbind --enablewinbindauth > --enablemkhomedir --update > > My sftp access did not work. Does it change the way to pass the login ? > I used

Hi everyone, last week I took a look at a samba3 PDC server with some performance issues. The samba3 PDC has an ldap backend and has nss_ldap configured properly. It has also interdomain trust so it has nss_winbind configured too, so in /etc/nsswitch.conf there is : passwd: compat ldap winbind group: compat ldap winbind This setup has some performance issues on the nss_ldap part of the

Hi Denis. Since we have "tricky" people working on the Linux machines we prefer NFS because it's less hassle to mount and requires no credentials. Basically because of the users we tend to choose the easiest possible way for them to access the needed resources. I guess pam-script module mounting is exactly for this purpose, but I'll to research more since I'm not familiar

Hola Sandy, (mail rethreaded, please don't hijack threads) > Samba4 recently updated to version 4.2.2, but I have noticed that > since a policy which is to put a wallpaper on each machine is not > being implemented in windows 7 after upgrade ... somebody can helpme. Could you check the ACLs on the Sysvol share? samba-tool ntacl sysvolcheck samba-tool ntacl sysvolreset Cheers,

Denis, Thank you for the information. I was under the impression that authentication was done through LDAP. I'm not sure what led me to this belief/understanding. How can I confirm that indeed my Linux member server is authenticating with Kerberos, and that it is encrypted? Is Kerberos traffic always encrypted? Thanks, Tim On Mon, Jan 15, 2018 at 10:37 AM, Denis Cardon <dcardon at

Hi Marc, > Am 08.04.2015 um 17:25 schrieb BRIEC, Pierre: >> On Site1, the machines accounts are specifics, same for the Users and >> Groups except 1 group that is common with Site2 (The Teachers). >> Today, each site is independant, >> >> Now, i would like a create a new domain Samba4 AD whith all machines and >> users from site1 and site2 together. >>

Nope, but that was not the problem... root at samba01:~# dpkg -l | grep python-dns root at samba01:~# apt-get install python-dns Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: python-dns 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 28.7 kB of archives. After this operation, 135

Hi everyone, I came across this issue today while upgrading a samba4 AD. The forest/domain level is 2008R2, however the schema partition is actually missing the msDS-isRODC attribute (and probably a few others). It makes the ADUC console to failed on that entry below. Here is the samba log message (which is quite explicit :-) Sep 28 16:55:36 srvads samba[27900]: [2016/09/28 16:55:36.819666,

This way is so easier... Thank you Rowland Le 20/06/2019 ? 14:01, Rowland penny via samba a ?crit?: > On 20/06/2019 17:54, Edouard Guign? via samba wrote: >> My idea is to replace default "cifs_idmap_sss.so" plugin by >> "idmapwb.so" winbind plugin, in order to SSSD becomes a client of >> winbind. >> To avoid to change nsswitch.conf : >>

Hi Sébastien, >> I'm trying to synchronize user accounts from LDAP to Samba 4 AD >> (using LSC) but it seems that password update through ldap is not >> allowed. >> >> I failed to find details about it, but can someone confirm that >> unicodePwd cannot be read / wrote trough a LDAPS connection ? Is >> there any workaround ? The unicodePwd attribute

Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to

Hi Alexis, > > Any updates or schedule planed for this? I guess on the 26 of April, cf. https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.8 Cheers, Denis > > 2018-03-24 5:04 GMT+03:00 Andrew Bartlett via samba <samba at lists.samba.org>: > >> On Fri, 2018-03-23 at 10:44 -0400, lingpanda101 via samba wrote: >>> >>> Andrew in another

Hi everyone, Steve and Jeremy gave a great talk at SambaXP on SMB3 with Posix extensions. The death of SMB1 gets nearer ! I was wondering what is the minimum Samba version and minimum Linux kernel version in order to get that support. Cheers, Denis -- Denis Cardon Tranquil IT 12 avenue Jules Verne (Bat. A) 44230 Saint S?bastien sur Loire (FRANCE) tel : +33 (0) 240 975 755

Hi everyone, in samba 4.5 changelog, it says that samba AD now supports tombstone reanimation. I've been used to ldbrename and ldbmodify to reanimate objects to keep objectSID, but if it is now officially supported, it would be better to use the proper way. Sysinternals tool adrestore [1] seems to be working properly (it does not restore most attributes, but this is expected since

Hi everyone, after a classicupgrade from a samba3 domain to a samba4, I have a weird issue related to DCOM and named pipes. The switch to samba4 went fine and everything works perfectly except one old software that uses Windows named pipes and DCOM for client-server communication. When trying to access the DCOM server the software fails. The failure can be easily reproduced with a simple

Hi Denis, on both samba hosts (donald and pluto) these commands work great: id johndoe getent group getent passwd My pluto:/etc/nsswitch.conf looks like that: [...] passwd: compat ldap group: compat ldap shadow: compat ldap [...] I want to add, that the described problem works fine if I try it on a share on "donald", my domain controller. The users are

Hi Carlos, > > DC to DC2/DC3 -> > > /usr/bin/rsync -XAaz --delete-after /opt/samba/var/locks/sysvol > root at samba-dc102:/opt/samba/var/locks/ > > /usr/bin/rsync -XAaz --delete-after /opt/samba/var/locks/sysvol > root at samba-dc102:/opt/samba/var/locks/ looking at your smb.conf file, you are using tdb idmap (default on DC). So the UID/SID mapping will be

On Wed, Feb 14, 2018, at 06:01, Denis Cardon wrote: > Hi DreamySurfer212, > > > > When trying to join a new DC to an existing Samba4 domain, I am > > getting this WERR_DS_DRA_MISSING_PARENT error. Does any have any > > suggestions on how to fix it? My original 6 dc's are running the last > > free Sernet (4.2.14) on CentOS6 and the error occurs if I use Sernet

Hi everyone, there have already been some talk in the past about the null session access on samba, and that keeping "restrict anonymous" parameter below level 2 was necessary for NT4 domain support. [1] However I was wondering if it could be changed. For instance, on a samba4.4.5 AD with the default settings, when you run the following command, you'll get the domain user list

Hi, I'm having a problem with ssh and sssd in a samba4 ad environment. If I logon a linux client everything works fine. When entering klist I'm able to see my ticket. When I try to connect/logon to another linux client with ssh it is possible, but klist shows: klist: Credentials cache file '/run/user/$UID$/krb5cc/tkt' not found. So the ticket cache is not created during