similar to: sssd on a DC

Hello Jonathan and Rowlaand, Am 09.05.2015 um 17:46 schrieb Rowland Penny: > On 09/05/15 18:20, Jonathan Hunter wrote: >> Hi, >> >> I have a query about the use of sssd on a Samba4 DC. Background is as >> follows: >> >> I have two DCs and would like to synchronise files between the two >> machines. This is for sysvol replication - I am using lsyncd (

On 09/05/15 18:20, Jonathan Hunter wrote: > Hi, > > I have a query about the use of sssd on a Samba4 DC. Background is as follows: > > I have two DCs and would like to synchronise files between the two > machines. This is for sysvol replication - I am using lsyncd ( > https://code.google.com/p/lsyncd/ ) to trigger an rsync whenever files > change. > > However I have

OK, I've got a little further and I think I have tracked this down to a reverse DNS issue - which was non-obvious to me, so here is a write-up for the benefit of the archives. The part that was failing was this: [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: dc1$ [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] [sasl_bind_send] (0x0080): Extended failure

Samba4 beta6. CentOS 6.3. I have a CentOS client, using sssd, bound to a samba4 domain. The sssd configuration uses GSSAPI to bind to the directory. In both scenarios below, kerberos is fine, DNS is fine, I can use ldapsearch and bind to the directory with GSSAPI just fine, etc. If I have just one DC, everything works perfectly well for weeks on end. If I have two or more DC's,

Hi everyone my sssd log shows the nsupdate command failing, how do i test ddns separately from sssd to see if the problem is in sssd or samba. shadrock /etc/sssd/sssd.conf ------------------------------------------------- (Fri Aug 1 12:18:30 2014) [sssd[be[tissisat.co.uk]]] [be_nsupdate_timer_schedule] (0x0200): Timer already scheduled (Fri Aug 1 12:18:30 2014) [sssd[be[tissisat.co.uk]]]

On 10 May 2015 at 16:11, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > OK, I've got a little further and I think I have tracked this down to > a reverse DNS issue - which was non-obvious to me, so here is a > write-up for the benefit of the archives. Just to close this off - I have now got sssd configured and working on my Samba4 DCs (well, if I'm being picky, I have it

In need of some help here. I hope I haven't trimmed this too much. As I mentioned before, I have a CentOS 6.3 system using SSSD (only) bound to the samba4 DC as an LDAP server using the following in sssd.conf: [domain/SAMBA] ldap_default_bind_dn = CN=Administrator,CN=Users,DC=... ldap_default_authtok = <supersecret> ldap_default_authtok_type = password ... and everything

I've been going around in circles with this for days and I'm stuck. I'm trying to run up a new AD environment with only Samba 4.8.3 servers that we'll authenticate user server access against via SSSD/LDAP using a simple bind. All of our servers are either CentOS 6 or 7. I've created a test environment with a single Samba AD 4.8.3 server as the AD server, a Windows 7 client

Hi Experts I have setup samba4 version "samba-4.4.5" , Windows Authentication working fine. however sssd authentication not working, Same setup work with older version of samba4 , so i guess bellow requirement has been added new, but I dont understand what shall i do to make sssd work . bellow log i am getting from sssd log [simple_bind_done] (3): Bind result: Strong(er)

On Fri, 2 Sep 2016 12:33:34 -0700 John Yocum via samba <samba at lists.samba.org> wrote: > On 09/02/2016 08:36 AM, Fosiul Alam via samba wrote: > > Hi Experts > > I have setup samba4 version "samba-4.4.5" , Windows Authentication > > working fine. > > however sssd authentication not working, Same setup work with older > > version of samba4 , so i

https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC <https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC> > On Sep 3, 2016, at 7:59 AM, Fosiul Alam via samba <samba at lists.samba.org> wrote: > > Hi Both > Thanks > > from Samba4 side i need this help, I can see that sshd has this option, can > you

On 05/12/2015 06:25 AM, Ulrich Hiller wrote: > > i have set logging in sssd to 9: 7 might be good enough for what you want to find. I added this to domain/default section: access_provider = ldap ldap_access_order = host ldap_user_authorized_host = host debug_level = 7 /var/log/sssd/sssd_default.log logged the following for one user which had no "host" attribute, and was

Hai, >thus, the password of SAMDOM\Administrator is the >mapped (root) pw. No, not correct. root has its password. Administrator has it own password, even when mapped these are different. these users just share the same uid 0 ! test with kinit Administrator at YOUR.REALM.TLD and have a look here.

On 05/11/2015 10:06 AM, Ulrich Hiller wrote: > Hmmm...., i have made now a complete new install but the problem > persists: ldap authentication works, but the host attribute is ignored. Hate to say that we're running out of options. I had a CentOS 7 system similar to yours, with LDAP authentication. I added three lines to sssd.conf (for access provider, etc), restarted sssd, and

I'm setting up a test domain in order to try out Sudoers LDAP and have run into a problem that has my puzzled. On our production domain I can run a query such as: ldapsearch -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b "dc=ourdomain,dc=com,dc=au" -s sub However, running an equivalent search on a freshly installed test domain, using the exact same version of Samba

Thanks buhorojo. The sssd list came up trumps here. When changing ID mappings, the sssd database must be manually removed (rm /var/lib/sss/db/*). I now have sssd working again :) I shall keep an eye on the mappings during the day today.. On 12 June 2015 at 07:36, buhorojo <buhorojo.lcb at gmail.com> wrote: > On 12/06/15 01:34, Jonathan Hunter wrote: >> >> On 11 June 2015 at

Yup, strange - right! Samba 4.2.2 RFC2307 attributes were added as follows: # sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \ -e 's/${NETBIOSNAME}/MYDOMAIN/g' \ -e 's/${NISDOMAIN}/MYDOMAIN/g' \ /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif # service samba4 stop # ldbmodify -H

On 19/10/15 16:46, mathias dufresne wrote: > AD from Samba or Microsoft is mainly a database for storing users (and > associated stuffs). It comes also with stuffs (protocols) to connect and > retrieve information. > > How the client uses these information is, as always, a choice from that > specific client. > > Your AD client is your Squid/Squidguard(ian) server. Its job

Version 4.0.6-GIT-4bebda4 Hi I have sssd up and running. It works fine except that getent only returns domain users if I specify the object e.g. getent passwd and getent group return only local users but getent passwd steve2 steve2:*:3000034:20513:steve2:/home/users/steve2:/bin/bash and getent group Domain\ Users Domain Users:*:20513: work fine. /etc/nsswitch.conf passwd: compat sss group:

Hi, with sssd i can do: $ ssh user at domain.tld@HOST1 $ id user at domain.tld $ ls -al /home/domain.tld/user drwx------ 5 user at domain.tld domain users at domain.tld 103 12. Jun 14:14 . $ grep AllowGroups /etc/ssh/sshd_config AllowGroups lokale_gruppe samba_gruppe at domain.tld When switching to winbind only $ id user at domain.tld is working any other command is using user\domain $ ls -al