Displaying 20 results from an estimated 4000 matches similar to: "Is there a listprincs equivalent?"
2013 Aug 28
2
nslcd: kerberos vs. simple bind
Hello,
I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it
was drifting away from it's origin question :-)
I played this afternoon a bit with nslcd and kerberos for extending my
Wiki HowTo. But as more as I read, one question comes bigger and bigger:
What are the advantages of kerberos against simple bind with DN and
password?
Simple bind method: Create a
2012 Jan 17
1
Samba 4 and GSSAPI kerberos ldap connect
Hi everyone
I'm trying to use kerberos to authenticate to Samba 4 ldap. At the
moment, I authenticate by specifying the binddn and password in
/etc/nslcd.conf and all works fine
If I add the line:
sasl_mech GSSAPI
to /etc/nslcd.conf
and restart nslcd, no one can connect to the database. Nothing works.
ldapsearch and getent passwd draw a blank.
ldapsearch -x -b '' -sbase
2014 Nov 08
7
[Bug 2310] New: functionality to start process before ssh and/or to "wrap" such command around ssh
https://bugzilla.mindrot.org/show_bug.cgi?id=2310
Bug ID: 2310
Summary: functionality to start process before ssh and/or to
"wrap" such command around ssh
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2019 Apr 12
3
Sudo rules in samba with winbind
Hello All,
I am currently changing my samba linux clients (Debian) from sssd binding
to winbind.
With sssd I had all sudo rules within the samba active directory.
The configuration was based on:
https://lists.samba.org/archive/samba/2016-April/199402.html
Is there some guideline like the one mentioned available/has someone
already experience with this for winbind based clients?
Within the
2012 Jul 12
2
nslcd service - "Client not found in Kerberos database"
Hi,
I am trying to configure the nslcd service on an Ubuntu client for kerberos
authentication against samba4. My /etc/nslcd.conf contains the following:
uid nslcd
gid nslcd
uri ldapi:///cofil01.mydomain.net
base dc=mydomain,dc=net
sasl_mech GSSAPI
krb5_ccname FILE:/tmp/host.tkt
I have added the host principal "host/ubuntu-test.mydomain.net @
MYDOMAIN.NET" to /etc/krb5.keytab on both
2013 Oct 26
2
lost with AD auth
Hi all,
Well, I'm completely lost with AD authentification ...
server is :
Ubuntu 12.04.3 3.8.0-32-generic #47~precise1-Ubuntu
Samba 4.0.10 installed (and upgraded) via git, setup as unique Active
Directory Domain Controller
( -> how to upgrade to 4.1 via git ?? )
I 'just' would like that the local services (let's say only dovecot and
postfix) can query AD to authentifiate
2018 Mar 12
2
failes replication ldap, error SPN
Good afternoon.
how to overcome the problem,
samba creates an SPN in the format computer_name.example.com (computer name in lower case) and Windows registers as CUMPUTER_NAME.example.com (computer name
in uppercase).
When synchronizing in the direction of Samba, 2 SPN entries appear
computer_name.example.com
CUMPUTER_NAME.example.com
And on the windows side, there is a replication error, since by
2018 Mar 12
2
failes replication ldap, error SPN
this is a rather critical error.
Do you have a patch for version 4.6 or 4.7?
В Пн, 12/03/2018 в 18:56 +1300, Andrew Bartlett via samba пишет:
> On Mon, 2018-03-12 at 10:36 +0500, denis.shigapov via samba wrote:
> > Good afternoon.
> > how to overcome the problem,
> > samba creates an SPN in the format computer_name.example.com (computer name in lower case) and Windows
2009 Jul 29
1
Batch computer account creation
I'm looking for a way to batch create a list of computers accounts in
Active directroy running on Windows 2000 PDC.
I tried to use perl ldap to create those objects but I didn't manage
to set the sAMAccountType to "805306369" ( apparently this is a read
only auto generated value)
Is there any way to do that under Linux ?
Thanks,
Thomas
#! /usr/bin/perl
use strict;
use
2024 Feb 26
1
'Scripted' machine account renewal?!
Mandi! Kees van Vloten via samba
In chel di` si favelave...
>> For a sake of simplicity i'm thinking to use machine account (-P).
> There is "net changetrustpw" to do this.
Ok, i've missed that. Thanks.
> If you just have a service that does LDAP-queries, I would create an
> ordinary user-account for it (and start it's name e.g. with "svc_").
2017 Jul 01
1
integrating samba with pam
On Sat, 1 Jul 2017 19:27:09 +0100, Rowland Penny via samba wrote:
> On Sat, 01 Jul 2017 14:19:13 -0300
> Guido Lorenzutti wrote:
>
>>
We used to hide some information from our windows group, to make acls
only in unix groups. But well.. i think we can start sharing that info
with the domain groups.
>
> You can do something very similar by using
ACLs, create groups in AD,
2018 Mar 12
1
failes replication ldap, error SPN
but why not bring everything to the same register when checking?
How do I understand Windows does not care about the register?
В Пн, 12/03/2018 в 19:43 +1300, Andrew Bartlett via samba пишет:
> On Mon, 2018-03-12 at 11:33 +0500, denis.shigapov via samba wrote:
> > this is a rather critical error.
> > Do you have a patch for version 4.6 or 4.7?
>
> No. It turns out to be
2020 Jun 22
2
Winbind help - with domain migration.
Hello guys
I need some lights to migrate a Winbind/Samba share to a new AD.
My scenario is:
I have an old AD running on a Debian 9 and Samba 4.5.16 with many
replication issues.
Then I decided to create a new one from the scratch using Debian 10 and
Samba 4.12.2 (and everything is working perfectly). I have migrated all the
accounts/machines/etc from old to new domain without any problem.
Both the
2011 Apr 15
3
Samba 3.5.8 / Windows error and system errors while mapping network drive on some PC's
Problem: We have a share defined using Samba 3.5.8 on AIX 6.1. Several
people can map a Windows Network Drive to the share and it works fine.
Several other people get Windows errors or system errors when trying to
map a drive to the same share.
Command line errors (from the net use command):
System error 59
or
System error 64
Windows Explorer error:
The specified network name is no
2013 May 20
1
[Samba4] modifying attributes: no write access to self
Hi all
*Context:*
I'm trying to use the s4bind scripts (
http://linuxcostablanca.blogspot.com.es/p/s4bind.html)
k5start is running
So far, i've succeeded in
* modifying (posixifying) the built-in "Domain Users"
* adding a user to this group and i can login with this user (ssh), create
files that are correctly owned, etc... The user also shows up correcly in
ADUC.
* retrieving
2024 Feb 26
1
'Scripted' machine account renewal?!
On 26-02-2024 22:54, Marco Gaiarin via samba wrote:
> Mandi! Kees van Vloten via samba
> In chel di` si favelave...
>
>>> For a sake of simplicity i'm thinking to use machine account (-P).
>> There is "net changetrustpw" to do this.
> Ok, i've missed that. Thanks.
>
>
>> If you just have a service that does LDAP-queries, I would create an
2002 Feb 20
1
(no subject)
Hi,
Maybe you can help me.
Im trying to join one NT Server 4.0 Remote Access Server to a samba PDC
(2.2.2) Domain so that the users who make dial-up connections can be
validated on this domain. The Windows NT Server (RAS) is joining to the
domain but the users who trying to make a dial-in connection receive a
message saying that they not have permission to make a dial in connection.
Must I
2014 Dec 31
4
Fwd: Re: Samba4 and sssd, keytab file expires?
Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto:
>>> OK, you can get winbind to update your keytab, you need to alter your
>>> smb.conf slightly. You need to change 'kerberos method = secrets
>>> only'
>>> to either 'kerberos method = secrets and keytab' or 'kerberos method
>>> =
>>> system keytab' and add the line
2003 Jun 27
2
Can't add machine account to domain
I am running samba-2.2.7a-7.9.0 on RedHat 9.0. The domain I am trying
to join has a different name than the workgroup I am trying to leave.
Below is a copy of the last two entries of the computer_name.log, which
are created when I try to add the machine account.
[2003/06/27 15:57:24, 0]
rpc_server/srv_samr_nt.c:_api_samr_create_user(1929)
User carroll-313cny4$ does not exist in system
2020 Jul 14
2
DC disaster recovery
Rpvs> On 14/07/2020 16:51, Gregory Sloop via samba wrote:
>> Yeah, I could setup an extra XCP box - but at smaller setups, it really seems like overkill.
>> So, it sounds like restores of the VM work "fine."
>> How often do machine accounts reset their passwords?
Rpvs> Every 30 days, though this is adjustable, but not recommended
>> [This is the one that is