Displaying 20 results from an estimated 800 matches similar to: "Configuring RHEL6 Samba4 DC for local accounts"
2018 Jun 14
0
CentOS7: Setting up ldap over TLS in kickstart file
On Thu, 14 Jun 2018, Patrick Begou wrote:
> Hi,
>
> I'm facing a problem with setting up LDAP+TLS client authentication in a
> kickstart script on CentOS7 for several days.
>
> Setting up manualy the config with system-config-authentication works but I
> need to automate this in kickstart for deploying cluster nodes.
> This show that the server side is running fine.
2006 Jun 02
1
Redhat Authconfig errors
Ok, I've got most everything setup, but I'm not able to confirm
pam_ldap and nss_ldap are working properly. (Actually given the
examples in SBE, they still appear to be returning information from
local files rather than the ldap info.)
I wanted to go back and check my authconfig and reset the parameters.
However now when I do a authconfig I get this:
----
authconfig --enablecache
2018 Jun 14
3
CentOS7: Setting up ldap over TLS in kickstart file
Hi,
I'm facing a problem with setting up LDAP+TLS client authentication in a
kickstart script on CentOS7 for several days.
Setting up manualy the config with system-config-authentication works but I need
to automate this in kickstart for deploying cluster nodes.
This show that the server side is running fine.
At this time the message is
#systemctl status sssd
|....
2014 Aug 29
1
C7: need authconfig against LDAP
Hi all,
On a C6 box, when I want to enable LDAP authentication, I issue:
# yum -y install nss-pam-ldapd pam_ldap nscd
# authconfig --enableldap --enableldapauth --enablemkhomedir \
--ldapserver=ldap://ldap-blabla/ \
--ldapbasedn="blabla" \
--enablecache --disablefingerprint \
--kickstart --update
All is working fine, the directory structure is fine and compliant.
2010 Oct 06
2
LDAP authentication on a remote server (via ldaps://)
Hello,
I have a central repository of users/groups based on OpenLDAP which is
working on a remote LAN (servers share users credentials and mount
their home directories via NFS). They use non-encrypted ldap
restricted to the local network.
Now, I have a few servers in our local office and I would like them to
authenticate from the remote LDAP server using encryption via
ldaps://.
(at this stage,
2013 Nov 18
1
samba4.1 RODC with BIND as DNS backend
OK, further to my previous message I've configured BIND, but when I try
to run samba_dnsupdate I get the following:
Nov 18 16:19:23 sles-shire named[6112]: samba b9_putrr: unhandled record
type 0
Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: starting transaction
on zone _msdcs.main.adlab.netdirect.ca
Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: disallowing update of
2013 Nov 20
1
No neighbors in 'drs showrepl'
Is this a problem? Does this mean no replication links exist?
michael at sles-bree:~> samba-tool drs showrepl -k yes
Bree\SLES-BREE
DSA Options: 0x00000025
DSA object GUID: 7ea641b0-d418-4c74-a4fa-c15b852467b8
DSA invocationId: 1017ff29-756c-4777-b395-b481f4b5387c
==== INBOUND NEIGHBORS ====
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name:
2013 Nov 20
0
RODC DNS oddness
I just checked the SOA records on my samba DCs and noticed a few oddities:
michael at sles-bree:~> for i in ad{1..4} sles-bree sles-shire; do host -t
soa main.adlab.netdirect.ca $i | grep SOA; done
main.adlab.netdirect.ca has SOA record ad1.main.adlab.netdirect.ca.
hostmaster.main.adlab.netdirect.ca. 177 900 600 86400 3600
main.adlab.netdirect.ca has SOA record ad2.main.adlab.netdirect.ca.
2013 Nov 28
1
Replicating failing after installing RODC
We've joined an RODC to the domain (Windows 2008R2 running a W2003
FFL/DFL AD) but are getting these errors on first startup.
It was joined with:
samba-tool domain join main.adlab.netdirect.ca RODC
--realm=main.adlab.netdirect.ca
--username=administrator at main.adlab.netdirect.ca --dns-backend=BIND9_DLZ
but we get these errors right after startup:
Nov 28 12:35:27 sles-bree samba[3939]:
2013 Nov 20
0
Error using password cached on a samba4 RODC
OK! I'm getting farther and farther! :)
I've managed to preload user and computer passwords onto a samba RODC:
*sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload
'win7-shire$' --server main.adlab.netdirect.ca**
*Replicating DN
CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca
Exop on[CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca]
2013 Nov 05
2
Unable to join samba4 to AD as a DC
Hello,
I'm trying to get samba4 up and running as a DC in a lab environment.
I have a freshly installed AD environment (W2012R2 servers, W2008R2
functional level) and I'm trying to join samba4 to it as a domain
controller.
When I try, I get this:
# samba-tool domain join ad.netdirect.ca DC -Uadministrator
--realm=AD.NETDIRECT.CA -W AD
Finding a writeable DC for domain
2013 Nov 28
1
Enabling NIS after samba4 installation
I'm testing out our samba 4 migration process and when the initial
forest/domain was created, it was created without using --use-rfc2307:
sudo samba-tool domain provision --domain netdirect
--function-level=2008_R2 --realm=ad.netdirect.ca
Now that it's in place and we have machines joined, what do I need to do
to add the unix attribute and NIS maps to an existing samba4 domain so
2013 Nov 18
1
Samba 4.1 acting as RODC, how to fix TSIG and configure DNS?
I've set up a lab for testing Samba 4.1 as an RODC emulating a satellite
office setup, using the sernet packages on SLES11SP2.
## Problem 1
samba_dnsupdate is failing:
==> /var/log/samba/log.samba <==
[2013/11/18 13:22:37.416193, 0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
[2013/11/18
2013 Dec 11
2
Using samba4 with AD and rfc2307 - what are the *current* practices?
I would like to get samba4 working with AD and rfc2307 attributes, while
allowing the nice remote management available via samba4.
Using sernet-samba packages on 4.1.3-7.el6.x86_64 CentOS 6.
I have samba4 configured as follows:
krb5.conf:
[libdefaults]
default_realm = MAIN.ADLAB.NETDIRECT.CA
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable =
2014 Feb 04
1
Creating samba4/AD users from ADUC
We have a couple Samba4 AD domains we've implemented and I've noticed a
difference between how users look when created via ADUC versus samba-tool.
Created via ADUC, the following extra attributes are added:
msSFU30Name: bilbo
msSFU30NisDomain: netdirect
unixHomeDirectory: /home/bilbo
unixUserPassword: ABCD!efgh12345$67890
Created via samba-tool, the following extra attributes are added:
2012 Nov 13
0
Test Active Directory sync module: lpep
Hi All
I have just published a module that synchronises users and groups from
Active Directory into a Puppet manifest, which can then be rolled out to
subscribed agents/workstations. The module maintains generated uids and
gids in an SQLite database. It has only been tested on Puppet Enterprise
2.6.1 and RHEL 6.3 so far, at my end.
The module is called lpep and you can view it at
2013 Nov 19
1
Prepopulate *all* users to a samba4 RODC
I was hoping this would be simpler. I'd like to prepopulate an RODC with
all users accounts that are permitted. But I can only pre-populate one
at a time:
samba-tool rodc preload (<SID>|<DN>|<accountname>)
sles-shire:~ # samba-tool group listmembers 'Allowed RODC Password
Replication Group - Shire'
Allowed RODC Password Replication Group - Global
WIN7-SHIRE$
bilbo
2014 Jan 14
2
classicupgrade error: User 'Administrator' does not have SID ending in 500
Oh Boy.
User 'Administrator' in your existing directory has SID
S-1-5-21-2070472328-935435760-1634736958-1000, expected it to be
S-1-5-21-2070472328-935435760-1634736958-500
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: User 'Administrator' in your existing directory does
not have SID ending in -500
It's not all
2010 Jan 01
1
kickstart and logins.def question
Hello all:
Happy New Year to everyone and thank you for all the knowledge this past year.
I have a hopefully simple question about kickstart. In the
authconfig section I can enable ldap, credential caching, etc.. Using
the GUI tool there's an option to create the user home directories on
first login. The docs don't show a similar option for authconfig in
kickstart. For now I'm
2011 Oct 31
3
NSS ldap problems
I'm having trouble setting up ldap based authenication.
I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine.
However, I set up a virtual box running CentOS 6, and I can't get it to authenicate.
I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in. /var/log/secure