similar to: LDAP proxy auth

Displaying 20 results from an estimated 10000 matches similar to: "LDAP proxy auth"

2014 Aug 07
2
Configure winbind to keep domain prefix
Any ideas how to custom format the usernames mapped by winbind? Background: I successfully set up an AD DC and several members, including a file server, which can serve both samba and NFS4. So far so good. However my prime goal is to use my Synology NAS and share data between Linux and Windows. The NAS joined the AD and lists its users and groups as AD\uid and AD\gid. The standard setup of
2014 Sep 14
2
Winbind user/group name case change
My Synology NAS runs Samba 3.6.9 and maps accounts using winbind. It is joined to my samba4 AD. I set "winbind use default domain=yes" and have no entry for "winbind normalize names". Strangely a group like "Domain Users" appears as "domain users", i.e. in all lower case. A translation which breaks idmapd for NFSv4. My Debian Wheezy 3.6.6 behaves the
2015 Mar 12
3
AD DC out of sync
Hi Marc, >> The cause is that the password change didn' reach both AD DCs, but only >> one. The other one still had the old value as could be seen by >> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of >> seconds brings them back to sync and Windows logons work as they used to. >> Any idea, what I should do next time to obtain valuable output
2014 Sep 23
2
NFS4 with samba4 AD for authentication
It's probably difting slightly off the topic, but I know that there are some people listening here, who have a decent expertise. I'm trying to setup a file server (nfs4 at ad.domain) and mount from a client (hunin at ad.domain) using the user database and especially Kerberos provided by my AD (samba at ad.domain). It already works nicely, if I forget about krb5, i.e. idmapd is
2014 Dec 30
3
CUPS and Samba4
Hi, I'm going to migrate my old CUPS server to a new setup. It shall provide the printing backend for Samba4 and should integrate as seamless as possible. Both Windows and Linux users should not require additional passwords, but should be authenticated by their Kerberos tickets. Is there anything particular to consider? E.g. has the CUPS server to be joined to the AD and should it run a
2015 Jan 19
2
Joined machine cannot mount share, others can - strange
I run a Samba4 AD and joined a Synology NAS running Samba 3.6.9. I can access the shares using smbclient or mount -t cifs from all Linux machines (usually running Samba 3.6.6 clients). I can mount the shares from WinXP home and Win7 home. However, with a Win7 Ultimate machine joined to the AD most of the time it doesn't work. I can logon to the machine with my AD credentials, but I am
2015 Mar 04
2
Is there a listprincs equivalent?
I joined a machine. net ads testjoin says OK. The join exported a keytab, which among others contains MACHINE$@REALM. However, trying k5start I get "Client not found in Kerberos database". Also kinit -t /etc/krb5.keytab MACHINE\$@REALM claims that the client was not found. But then, how did it come into the keytab? Is there a tool to list the principals in AD? Kind regards, -
2018 Sep 22
3
Printing via SMB-Kerberos no longer works
Hello, After upgrading from Ubuntu 16.04 to 18.04 printing via SMB-Kerberos no longer works (printing still works in 18.04 when I print via SMB but I don't want to have the password stored in clear text in /usr/lib/cups/backend/smb). In 16.04 I can just type "lpr file.pdf", but when doing this in 18.04 I get "Password for [myuser] on localhost?" and it expects me to type
2014 Dec 01
3
uidNumber. ( Was: What is --rfc2307-from-nss ??)
Greg, > Unfortunately, these attributes do not exist as standard, so you would > either have to add a user with ADUC or manually add them yourselves with > ldbedit. As standard on windows, they both start at '10000', though you > can set them to whatever you require, just make sure that they do not > interfere with any local Unix users. If you like to manage Unix users
2020 Sep 17
2
smbclient ignores configured kerberos ccache when using krb5-user on ubuntu/debian
On 17/09/2020 02:44, L.P.H. van Belle via samba wrote: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941493 > https://bugzilla.samba.org/show_bug.cgi?id=14344 > These appear they could be related to the issue I'm encountering. So I did some additional testing and discovered something interesting, but first some background: I previously mentioned that part of my initial
2014 Jun 27
2
Permission issue writing to demo share
I created a demo share on my AD DC. After obtaining a copy of Win7 Ultimate I could now verify that the share has all rights granted to anyone (don't know how Windoze call "Jeder" in English). I can read and write the Share using AD\Administrator. AD\StandardUser can mount the share and read, what the Administrator put there. But he cannot create or modify files.
2018 Sep 22
2
Printing via SMB-Kerberos no longer works
> Sent: Saturday, September 22, 2018 at 12:08 PM > From: "Robert Schetterer via samba" <samba at lists.samba.org> > To: samba at lists.samba.org > Subject: Re: [Samba] Printing via SMB-Kerberos no longer works > > Am 22.09.2018 um 09:49 schrieb Alex Persson via samba: > > After upgrading from Ubuntu 16.04 to 18.04 printing via SMB-Kerberos no longer works
2020 Oct 01
2
Kerberos ticket lifetime
On 10/1/2020 8:34 AM, Rowland penny via samba wrote: > On 01/10/2020 13:30, Jason Keltz via samba wrote: >> On 10/1/2020 8:28 AM, Rowland penny via samba wrote: >> >>> On 01/10/2020 13:17, Jason Keltz via samba wrote: >>>> So why is it that winbind renews the ticket on the original system, >>>> but on the system that I ssh to, it does not.
2014 Jun 29
2
Winbind does not read uidNumber
Well, seems like I hit every mudhole that could be on the way ... root at samba4:/# getent passwd | grep mgr mgr:*:10000:10000:Lars LH. Hanke:/home/AD/mgr:/bin/bash root at samba4:/# ldapsearch -LLL -D "CN=Administrator,CN=Users,DC=ad,DC=microsult,DC=de" -x -W '(uid=mgr)' uid uidNumber gidNumber sAMAccountName name gecos Enter LDAP Password: dn: CN=Lars LH.
2020 Sep 16
3
smbclient ignores configured kerberos ccache when using krb5-user on ubuntu/debian
I know, and i have him the "samba" solution, because ... I dont know sssd also. And i dont get the fuss on samba+winbind or samba+sssd I have 3 services running minimal : samba winbind user-homes.automount Everything works as it should. I hope, and i'll add the note here also. NOTE ! My packages are NOT sssd compliant, you need to recompile SSSD yourselfs agains my samba
2015 Jan 29
3
rfc2307 deprecated in Windows 2012 R2?
It is actually rather easy to set the attributes via powershell, and that is probably the best way to add them in a Server 2012 R2 environment. I wrote a powershell script to do this automatically for users and groups in an entire domain that should be pretty generic to be reused. It also mirrors the logic used in automatic winbind UID/GID generation to be able to coexist in an environment where
2014 Jun 18
1
Mount share on Synology NAS (Samba 3.6.9) as client of Samba 4.1.9 AD DC
I set-up a basic AD DC using samba 4.1.9 successfully. I joined my NAS to the domain, i.e. I saw no errors and see the users and groups of my AD listed in the GUI of the NAS. When I try to connect to a share of the NAS the following happens: mgr at ws1:~$ smbclient -U 'AD\mgr' //nas/Test Enter AD\mgr's password: Domain=[AD] OS=[Unix] Server=[Samba 3.6.9] tree connect failed:
2014 Jun 24
2
Join AD fails DNS update
This topic has been on the list two years ago, already, but apparently to no conclusion. I'm trying to join a Debian Wheezy machine (Samba 3.6.6) to my freshly made backports AD (Samba 4.1.7). This is what I see: root at samba4:/# net ads join -U Administrator at AD.MICROSULT.DE Enter Administrator at AD.MICROSULT.DE's password: Using short domain name -- AD Joined 'SAMBA4' to
2015 Jan 29
2
rfc2307 deprecated in Windows 2012 R2?
Ok, it's here: http://pastebin.com/JEnr5wUq The id_offset is that value because i initially didn't use rfc2307 attributes, but instead On 29 January 2015 at 23:27, Tim <lists at kiuni.de> wrote: > @Hans-Kristian: > I'd like to see it. How did you automate this? > > @Andrew: > In another thread I suggested to set the rfc2307 info automatically when a > domain
2018 Sep 22
1
Printing via SMB-Kerberos no longer works
Robert Schetterer wrote: > Alex Persson wrote: >> Robert Schetterer wrote: >>> Alex Persson wrote: >>>> After upgrading from Ubuntu 16.04 to 18.04 printing via SMB-Kerberos no longer works (printing still works in 18.04 when I print via SMB but I don't want to have the password stored in clear text in /usr/lib/cups/backend/smb). >>>> >>>>