similar to: Ubuntu SSSD Active Directory Authorization issue (group membership is not honored)

Hi, On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > Hello all, > > after spending the last days fighting and researching I hope someone can > point me to an solution here. > > Even if I am using Debian / Ubuntu since years I wouldn?t consider myself > as a Linux professional. I have some experience though. > > What I try to

On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > What works: ... > - getfacl / setfacl setting with domain object names. > > My issue: > Authorization is not working. For example: > - Write list / read list / valid users options in smb.conf are not > honored. ... > - Skipped the samba authorization and moved this to the filesystem

On 15.01.15 09:52, Peter Serbe wrote: > On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > >> What works: > ... >> - getfacl / setfacl setting with domain object names. >> >> My issue: >> Authorization is not working. For example: >> - Write list / read list / valid users options in smb.conf are not >>

Upgrade to 4.4.3 that fixes a lot, like. > - net ads testjoin > > ads_connect: No logon servers > > Join to domain is not valid: No logon servers > > - wbinfo -g and wbinfo -u > > provide no output anymore. And dont forget to setup the ldap certificate part as described in the change log of 4.4.2. Anyone should avoid the version 4.2.9-4.2.11

Rowland Penny schrieb am 15.01.2015 22:00: [RFC2307] > For samba4 active directory, read microsoft AD, so you don't have to > provision anything else, you just need to learn how to properly use what > you already have. > > Rowland Rowland is right, of course. But(!) things might be simpler with the RFC2307 attributes. Without the attributes You need to set the

On 26/05/16 06:36, Thomas Burger (tburger at eritron.de) wrote: > Hello Louis, > > thanks for your answer. I was afraid of an answer like this though. I > hoped to stay with the distribution packages so a maintenance is more > comfortable and easier. > > At least a manual installation of 4.4.3 looks quite complicated to me. > I am not unexperienced in terms of Linux but

Greetings! I am working with Samba 4 as a domain member fileserver (not a domain controller, just a normal ads member fileserver). Operating system is Centos 7. SSSD is configured and pulling information correctly. I had to work around a bug that wasn't fixed in a released version, so I am using a recent copy from git.. smbd -V: Version 4.5.0pre1-GIT-c06058a I'm relying on Windows

Thanks for the reply! I'm confused on a few bits: To change a users primary group is a bit like jumping through hoops, you > have to add the user to the group that you want to be the new primary > group, then change the primaryGroupID attribute to contain the RID of the > new group and then finally add the user to the 'Domain Users' group. If I > were you, I wouldn't

> > OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If > you create a directory on Unix that you want to share, set the owner:group > to root:'Domain Admins' and permissions to 0770. You will then be able to > set the permissions from windows or with setfacl on the Unix machine, you > do not need the 'force group' lines in smb.conf,

See inline comments On 23/03/16 15:32, Joseph Dickson wrote: > Greetings! > > I am working with Samba 4 as a domain member fileserver (not a domain > controller, just a normal ads member fileserver). Operating system is > Centos 7. SSSD is configured and pulling information correctly. > > I had to work around a bug that wasn't fixed in a released version, so I am >

On 23/03/16 20:16, Joseph Dickson wrote: >> OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If >> you create a directory on Unix that you want to share, set the owner:group >> to root:'Domain Admins' and permissions to 0770. You will then be able to >> set the permissions from windows or with setfacl on the Unix machine, you >>

On 23/03/16 16:18, Joseph Dickson wrote: > Thanks for the reply! I'm confused on a few bits: > > > To change a users primary group is a bit like jumping through hoops, you >> have to add the user to the group that you want to be the new primary >> group, then change the primaryGroupID attribute to contain the RID of the >> new group and then finally add the user

> > Can you check if this file exists: > /usr/local/samba/lib/security/pam_winbind.so For historical reasons, I used a prefix of /opt/samba when I compiled: [root at smbfs1 shares]# ls -al /opt/samba/lib/security/pam_winbind.so -rwxr-xr-x 1 root root 63837 Mar 17 19:54 /opt/samba/lib/security/pam_winbind.so relevant config lines in case they are helpful: [global] lock directory =

On Fri, 2 Sep 2016 12:33:34 -0700 John Yocum via samba <samba at lists.samba.org> wrote: > On 09/02/2016 08:36 AM, Fosiul Alam via samba wrote: > > Hi Experts > > I have setup samba4 version "samba-4.4.5" , Windows Authentication > > working fine. > > however sssd authentication not working, Same setup work with older > > version of samba4 , so i

Dear all, i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to use SSSD and configured the `ldap_user_name = userPrincipalName` in the

https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC <https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC> > On Sep 3, 2016, at 7:59 AM, Fosiul Alam via samba <samba at lists.samba.org> wrote: > > Hi Both > Thanks > > from Samba4 side i need this help, I can see that sshd has this option, can > you

I am running Samba 4.1.12 with SSSD 1.12.2 on RHEL 7.1. I have joined my system to a Win 2008r2 domain. I have added the necessary unix attributes to all relevant users and groups. When I add a domain group to a directory, either as the primary group or as an ACL, I can access the share locally from the server, but cannot access the share from a Windows system via the SMB share. If I change

Hi all, On a C6 box, when I want to enable LDAP authentication, I issue: # yum -y install nss-pam-ldapd pam_ldap nscd # authconfig --enableldap --enableldapauth --enablemkhomedir \ --ldapserver=ldap://ldap-blabla/ \ --ldapbasedn="blabla" \ --enablecache --disablefingerprint \ --kickstart --update All is working fine, the directory structure is fine and compliant.

I broke my head trying to solve the LDAP group membership updating issue. I need help. ###### Description I've configured OpenLDAP + SSSD + Winbind + Samba 4.21.5 on Fedora 41. ## OpenLDAP: - There is a test user nomad with objectClass posixAccount, sambaSamAccount (uid, uidNumber, gibNumber, sambaSID, SambaNTPassword etc. configured via smbpasswd). - There are 2 test groups: admins,

Le 14/05/2019 à 09:12, Rowland penny via samba a écrit : > On 14/05/2019 07:32, Julien TEHERY via samba wrote: >> Le 13/05/2019 à 18:44, Rowland penny via samba a écrit : >>> On 13/05/2019 16:11, Julien TEHERY via samba wrote: >>>> Hi >>>> >>>> I'm trying to find a way to change user passwords from ubuntu >>>> client