similar to: Is there a listprincs equivalent?

Hello, I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it was drifting away from it's origin question :-) I played this afternoon a bit with nslcd and kerberos for extending my Wiki HowTo. But as more as I read, one question comes bigger and bigger: What are the advantages of kerberos against simple bind with DN and password? Simple bind method: Create a

Hi everyone I'm trying to use kerberos to authenticate to Samba 4 ldap. At the moment, I authenticate by specifying the binddn and password in /etc/nslcd.conf and all works fine If I add the line: sasl_mech GSSAPI to /etc/nslcd.conf and restart nslcd, no one can connect to the database. Nothing works. ldapsearch and getent passwd draw a blank. ldapsearch -x -b '' -sbase

https://bugzilla.mindrot.org/show_bug.cgi?id=2310 Bug ID: 2310 Summary: functionality to start process before ssh and/or to "wrap" such command around ssh Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

Hello All, I am currently changing my samba linux clients (Debian) from sssd binding to winbind. With sssd I had all sudo rules within the samba active directory. The configuration was based on: https://lists.samba.org/archive/samba/2016-April/199402.html Is there some guideline like the one mentioned available/has someone already experience with this for winbind based clients? Within the

Hi, I am trying to configure the nslcd service on an Ubuntu client for kerberos authentication against samba4. My /etc/nslcd.conf contains the following: uid nslcd gid nslcd uri ldapi:///cofil01.mydomain.net base dc=mydomain,dc=net sasl_mech GSSAPI krb5_ccname FILE:/tmp/host.tkt I have added the host principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" to /etc/krb5.keytab on both

Hi all, Well, I'm completely lost with AD authentification ... server is : Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu Samba 4.0.10 installed (and upgraded) via git, setup as unique Active Directory Domain Controller ( -> how to upgrade to 4.1 via git ?? ) I 'just' would like that the local services (let's say only dovecot and postfix) can query AD to authentifiate

Good afternoon. how to overcome the problem, samba creates an SPN in the format computer_name.example.com (computer name in lower case) and Windows registers as CUMPUTER_NAME.example.com (computer name in uppercase). When synchronizing in the direction of Samba, 2 SPN entries appear computer_name.example.com CUMPUTER_NAME.example.com And on the windows side, there is a replication error, since by

this is a rather critical error. Do you have a patch for version 4.6 or 4.7? В Пн, 12/03/2018 в 18:56 +1300, Andrew Bartlett via samba пишет: > On Mon, 2018-03-12 at 10:36 +0500, denis.shigapov via samba wrote: > > Good afternoon. > > how to overcome the problem, > > samba creates an SPN in the format computer_name.example.com (computer name in lower case) and Windows

I'm looking for a way to batch create a list of computers accounts in Active directroy running on Windows 2000 PDC. I tried to use perl ldap to create those objects but I didn't manage to set the sAMAccountType to "805306369" ( apparently this is a read only auto generated value) Is there any way to do that under Linux ? Thanks, Thomas #! /usr/bin/perl use strict; use

Mandi! Kees van Vloten via samba In chel di` si favelave... >> For a sake of simplicity i'm thinking to use machine account (-P). > There is "net changetrustpw" to do this. Ok, i've missed that. Thanks. > If you just have a service that does LDAP-queries, I would create an > ordinary user-account for it (and start it's name e.g. with "svc_").

On Sat, 1 Jul 2017 19:27:09 +0100, Rowland Penny via samba wrote: > On Sat, 01 Jul 2017 14:19:13 -0300 > Guido Lorenzutti wrote: > >> We used to hide some information from our windows group, to make acls only in unix groups. But well.. i think we can start sharing that info with the domain groups. > > You can do something very similar by using ACLs, create groups in AD,

but why not bring everything to the same register when checking? How do I understand Windows does not care about the register? В Пн, 12/03/2018 в 19:43 +1300, Andrew Bartlett via samba пишет: > On Mon, 2018-03-12 at 11:33 +0500, denis.shigapov via samba wrote: > > this is a rather critical error. > > Do you have a patch for version 4.6 or 4.7? > > No. It turns out to be

Hello guys I need some lights to migrate a Winbind/Samba share to a new AD. My scenario is: I have an old AD running on a Debian 9 and Samba 4.5.16 with many replication issues. Then I decided to create a new one from the scratch using Debian 10 and Samba 4.12.2 (and everything is working perfectly). I have migrated all the accounts/machines/etc from old to new domain without any problem. Both the

Problem: We have a share defined using Samba 3.5.8 on AIX 6.1. Several people can map a Windows Network Drive to the share and it works fine. Several other people get Windows errors or system errors when trying to map a drive to the same share. Command line errors (from the net use command): System error 59 or System error 64 Windows Explorer error: The specified network name is no

Hi all *Context:* I'm trying to use the s4bind scripts ( http://linuxcostablanca.blogspot.com.es/p/s4bind.html) k5start is running So far, i've succeeded in * modifying (posixifying) the built-in "Domain Users" * adding a user to this group and i can login with this user (ssh), create files that are correctly owned, etc... The user also shows up correcly in ADUC. * retrieving

On 26-02-2024 22:54, Marco Gaiarin via samba wrote: > Mandi! Kees van Vloten via samba > In chel di` si favelave... > >>> For a sake of simplicity i'm thinking to use machine account (-P). >> There is "net changetrustpw" to do this. > Ok, i've missed that. Thanks. > > >> If you just have a service that does LDAP-queries, I would create an

Hi, Maybe you can help me. Im trying to join one NT Server 4.0 Remote Access Server to a samba PDC (2.2.2) Domain so that the users who make dial-up connections can be validated on this domain. The Windows NT Server (RAS) is joining to the domain but the users who trying to make a dial-in connection receive a message saying that they not have permission to make a dial in connection. Must I

Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto: >>> OK, you can get winbind to update your keytab, you need to alter your >>> smb.conf slightly. You need to change 'kerberos method = secrets >>> only' >>> to either 'kerberos method = secrets and keytab' or 'kerberos method >>> = >>> system keytab' and add the line

I am running samba-2.2.7a-7.9.0 on RedHat 9.0. The domain I am trying to join has a different name than the workgroup I am trying to leave. Below is a copy of the last two entries of the computer_name.log, which are created when I try to add the machine account. [2003/06/27 15:57:24, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1929) User carroll-313cny4$ does not exist in system

Rpvs> On 14/07/2020 16:51, Gregory Sloop via samba wrote: >> Yeah, I could setup an extra XCP box - but at smaller setups, it really seems like overkill. >> So, it sounds like restores of the VM work "fine." >> How often do machine accounts reset their passwords? Rpvs> Every 30 days, though this is adjustable, but not recommended >> [This is the one that is