similar to: Ubuntu SSSD Active Directory Authorization issue (group membership is not honored)

Hi, On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > Hello all, > > after spending the last days fighting and researching I hope someone can > point me to an solution here. > > Even if I am using Debian / Ubuntu since years I wouldn?t consider myself > as a Linux professional. I have some experience though. > > What I try to

On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > What works: ... > - getfacl / setfacl setting with domain object names. > > My issue: > Authorization is not working. For example: > - Write list / read list / valid users options in smb.conf are not > honored. ... > - Skipped the samba authorization and moved this to the filesystem

On 15.01.15 09:52, Peter Serbe wrote: > On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > >> What works: > ... >> - getfacl / setfacl setting with domain object names. >> >> My issue: >> Authorization is not working. For example: >> - Write list / read list / valid users options in smb.conf are not >>

Upgrade to 4.4.3 that fixes a lot, like. > - net ads testjoin > > ads_connect: No logon servers > > Join to domain is not valid: No logon servers > > - wbinfo -g and wbinfo -u > > provide no output anymore. And dont forget to setup the ldap certificate part as described in the change log of 4.4.2. Anyone should avoid the version 4.2.9-4.2.11

Rowland Penny schrieb am 15.01.2015 22:00: [RFC2307] > For samba4 active directory, read microsoft AD, so you don't have to > provision anything else, you just need to learn how to properly use what > you already have. > > Rowland Rowland is right, of course. But(!) things might be simpler with the RFC2307 attributes. Without the attributes You need to set the

On 26/05/16 06:36, Thomas Burger (tburger at eritron.de) wrote: > Hello Louis, > > thanks for your answer. I was afraid of an answer like this though. I > hoped to stay with the distribution packages so a maintenance is more > comfortable and easier. > > At least a manual installation of 4.4.3 looks quite complicated to me. > I am not unexperienced in terms of Linux but

Greetings! I am working with Samba 4 as a domain member fileserver (not a domain controller, just a normal ads member fileserver). Operating system is Centos 7. SSSD is configured and pulling information correctly. I had to work around a bug that wasn't fixed in a released version, so I am using a recent copy from git.. smbd -V: Version 4.5.0pre1-GIT-c06058a I'm relying on Windows

Thanks for the reply! I'm confused on a few bits: To change a users primary group is a bit like jumping through hoops, you > have to add the user to the group that you want to be the new primary > group, then change the primaryGroupID attribute to contain the RID of the > new group and then finally add the user to the 'Domain Users' group. If I > were you, I wouldn't

> > OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If > you create a directory on Unix that you want to share, set the owner:group > to root:'Domain Admins' and permissions to 0770. You will then be able to > set the permissions from windows or with setfacl on the Unix machine, you > do not need the 'force group' lines in smb.conf,

See inline comments On 23/03/16 15:32, Joseph Dickson wrote: > Greetings! > > I am working with Samba 4 as a domain member fileserver (not a domain > controller, just a normal ads member fileserver). Operating system is > Centos 7. SSSD is configured and pulling information correctly. > > I had to work around a bug that wasn't fixed in a released version, so I am >

On 23/03/16 20:16, Joseph Dickson wrote: >> OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If >> you create a directory on Unix that you want to share, set the owner:group >> to root:'Domain Admins' and permissions to 0770. You will then be able to >> set the permissions from windows or with setfacl on the Unix machine, you >>

On 23/03/16 16:18, Joseph Dickson wrote: > Thanks for the reply! I'm confused on a few bits: > > > To change a users primary group is a bit like jumping through hoops, you >> have to add the user to the group that you want to be the new primary >> group, then change the primaryGroupID attribute to contain the RID of the >> new group and then finally add the user

> > Can you check if this file exists: > /usr/local/samba/lib/security/pam_winbind.so For historical reasons, I used a prefix of /opt/samba when I compiled: [root at smbfs1 shares]# ls -al /opt/samba/lib/security/pam_winbind.so -rwxr-xr-x 1 root root 63837 Mar 17 19:54 /opt/samba/lib/security/pam_winbind.so relevant config lines in case they are helpful: [global] lock directory =

On Fri, 2 Sep 2016 12:33:34 -0700 John Yocum via samba <samba at lists.samba.org> wrote: > On 09/02/2016 08:36 AM, Fosiul Alam via samba wrote: > > Hi Experts > > I have setup samba4 version "samba-4.4.5" , Windows Authentication > > working fine. > > however sssd authentication not working, Same setup work with older > > version of samba4 , so i

Dear all, i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to use SSSD and configured the `ldap_user_name = userPrincipalName` in the

https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC <https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC> > On Sep 3, 2016, at 7:59 AM, Fosiul Alam via samba <samba at lists.samba.org> wrote: > > Hi Both > Thanks > > from Samba4 side i need this help, I can see that sshd has this option, can > you

I am running Samba 4.1.12 with SSSD 1.12.2 on RHEL 7.1. I have joined my system to a Win 2008r2 domain. I have added the necessary unix attributes to all relevant users and groups. When I add a domain group to a directory, either as the primary group or as an ACL, I can access the share locally from the server, but cannot access the share from a Windows system via the SMB share. If I change

Hi all, On a C6 box, when I want to enable LDAP authentication, I issue: # yum -y install nss-pam-ldapd pam_ldap nscd # authconfig --enableldap --enableldapauth --enablemkhomedir \ --ldapserver=ldap://ldap-blabla/ \ --ldapbasedn="blabla" \ --enablecache --disablefingerprint \ --kickstart --update All is working fine, the directory structure is fine and compliant.

Le 14/05/2019 à 09:12, Rowland penny via samba a écrit : > On 14/05/2019 07:32, Julien TEHERY via samba wrote: >> Le 13/05/2019 à 18:44, Rowland penny via samba a écrit : >>> On 13/05/2019 16:11, Julien TEHERY via samba wrote: >>>> Hi >>>> >>>> I'm trying to find a way to change user passwords from ubuntu >>>> client

Hi everyone, We seem to be having issues on multiple CentOS 7.3 machines. The problem seems to revolve around polkitd. At some random time, polkitd seems to stop responding on my systems. Along with this, there might be hundreds of defunct pkla-check-authorization processes. If I reboot, then things are fine for a while. I don't see any activity in the unabridged journal to suggest anything