similar to: Configure winbind to keep domain prefix

My Synology NAS runs Samba 3.6.9 and maps accounts using winbind. It is joined to my samba4 AD. I set "winbind use default domain=yes" and have no entry for "winbind normalize names". Strangely a group like "Domain Users" appears as "domain users", i.e. in all lower case. A translation which breaks idmapd for NFSv4. My Debian Wheezy 3.6.6 behaves the

I run a Samba4 AD and joined a Synology NAS running Samba 3.6.9. I can access the shares using smbclient or mount -t cifs from all Linux machines (usually running Samba 3.6.6 clients). I can mount the shares from WinXP home and Win7 home. However, with a Win7 Ultimate machine joined to the AD most of the time it doesn't work. I can logon to the machine with my AD credentials, but I am

I set-up a basic AD DC using samba 4.1.9 successfully. I joined my NAS to the domain, i.e. I saw no errors and see the users and groups of my AD listed in the GUI of the NAS. When I try to connect to a share of the NAS the following happens: mgr at ws1:~$ smbclient -U 'AD\mgr' //nas/Test Enter AD\mgr's password: Domain=[AD] OS=[Unix] Server=[Samba 3.6.9] tree connect failed:

During my test phase I used to manage POSIX attributes in my AD using ldap-tools with -Y GSSAPI after kinit Administrator. Now this became impossible unless I logged in as Administrator, since the principal is tied to the user account - be it only for NFS4. ;) Administrator so far is not even a POSIX user. My first idea was to join my POSIX user to some group, which is allowed to modify user

It's probably difting slightly off the topic, but I know that there are some people listening here, who have a decent expertise. I'm trying to setup a file server (nfs4 at ad.domain) and mount from a client (hunin at ad.domain) using the user database and especially Kerberos provided by my AD (samba at ad.domain). It already works nicely, if I forget about krb5, i.e. idmapd is

Hi Marc, >> The cause is that the password change didn' reach both AD DCs, but only >> one. The other one still had the old value as could be seen by >> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of >> seconds brings them back to sync and Windows logons work as they used to. >> Any idea, what I should do next time to obtain valuable output

Hi, I'm going to migrate my old CUPS server to a new setup. It shall provide the printing backend for Samba4 and should integrate as seamless as possible. Both Windows and Linux users should not require additional passwords, but should be authenticated by their Kerberos tickets. Is there anything particular to consider? E.g. has the CUPS server to be joined to the AD and should it run a

I'm trying to configure a Samba 3.6.6 file server running on a Synology NAS to use uid/gid from RFC2307. The file server knows the users from the AD, but it does not use the uid stored in the AD. The smb.conf: [global] printcap name=cups winbind enum groups=yes workgroup=AD encrypt passwords=yes security=ads local master=no

I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok. Here's what we have, and what we'd like to do: Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system. Linux system is CentOS 6 and can NFS mount the

----- Original Message ----- > From: "Jeremy Allison" <jra at samba.org> > To: "Nick E Couchman" <nick.couchman at seakr.com> > Cc: samba at lists.samba.org > Sent: Thursday, December 3, 2015 6:13:51 PM > Subject: Re: [Samba] Linux & NFSv4 ACLs > On Thu, Dec 03, 2015 at 06:03:39PM -0700, Nick Couchman wrote: >> >> > On Dec 3,

Hai Batiste, Ok, thanks for these, i'll test that also. And the "why" is a bit more explained here. http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html and per example, http://www.citi.umich.edu/projects/nfsv4/crossrealm/ldap_server_setup.html First my work here, but this is a good one which i also need to adjust in my scripts, so thank you for asking

I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as

Greg, > Unfortunately, these attributes do not exist as standard, so you would > either have to add a user with ADUC or manually add them yourselves with > ldbedit. As standard on windows, they both start at '10000', though you > can set them to whatever you require, just make sure that they do not > interfere with any local Unix users. If you like to manage Unix users

----- Original Message ----- > From: "Jeremy Allison" <jra at samba.org> > To: "Nick E Couchman" <nick.couchman at seakr.com> > Cc: samba at lists.samba.org > Sent: Friday, December 4, 2015 1:22:06 PM > Subject: Re: [Samba] Linux & NFSv4 ACLs > On Thu, Dec 03, 2015 at 07:31:36PM -0700, Nick Couchman wrote: >> >> Try these pages (U

> Date: Thu, 19 Mar 2015 11:59:47 +0100 > From: Volker.Lendecke at SerNet.DE > To: groucho.64738 at hotmail.com > CC: samba at lists.samba.org > Subject: Re: [Samba] NFS4 ACLs with samba 3 (or 4) > > On Wed, Mar 18, 2015 at 01:17:34PM -0400, Kevin Taylor wrote: > > I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where

Hai Baptiste, I re-checked my setup and your totaly correct. I can not enter the nfsV4 mounted directory as root. What i've added in idmap.conf Is this : Domain = your_DNS_domain.tld [Translation] Method = nsswitch And i found this link. http://serverfault.com/questions/526762/root-access-to-kerberized-nfsv4-host-on-ubuntu im testing this now. Greetz, Louis >

Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny

Hello samba team ! I have some NFS4 exports managed by a Samba's Kerberos realm. All the standard user accesses work fine. I try now to setup an NFS4 root access to administer the share from another server (the two host are DC, one PDC and one SDC). But I have trouble understanding the kerberos/principals layer. ------------ Actually I do ------------- -> on the server I create an nfs

Hello, I am searching for a solution that I thought should be kind of standard, but until now I was not successful finding anything. Here is the problem: At our site we offer windows and linux, most servers (eg file, samba, web) are linux based. User data is stored on NFS file servers. Windows systems are part of a Windows domain with an ADS domain controller. At the moment the linux samba

I created a demo share on my AD DC. After obtaining a copy of Win7 Ultimate I could now verify that the share has all rights granted to anyone (don't know how Windoze call "Jeder" in English). I can read and write the Share using AD\Administrator. AD\StandardUser can mount the share and read, what the Administrator put there. But he cannot create or modify files.