similar to: wbinfo and samAccountName rather uid attribute for Unix login

Thank you again Rowland for precision : ) In userPrincipalName there is a "@". It is forged with cn at ad.domain.tld and cn is forged with firstname.sn, as samAccountName, which often is longer than 20 chars. I'll change that... Thank you again all, have a nice day! mathias 2015-07-01 18:56 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 01/07/15 17:44,

Thank you both precisions : ) My users have no "@" in their names (samAccountName nor userPrincipalName nor anything) except in mail attribute). >From https://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx which I read before initial post I understand AD can have this limitation of 20 chars if and only if you decide to support (so) old clients (that we should stop

Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)

2017-08-31 15:54 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Thu, 31 Aug 2017 15:28:57 +0200 > mathias dufresne via samba <samba at lists.samba.org> wrote: > > > Hi all, > > > > Here there are trust relationship between domains. > > On some file server using Samba 4.4.4 (Centos 7) I must set up my > > shares using %U. When

2017-08-31 16:29 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Thu, 31 Aug 2017 16:08:00 +0200 > mathias dufresne <infractory at gmail.com> wrote: > > > 2017-08-31 15:54 GMT+02:00 Rowland Penny via samba > > <samba at lists.samba.org>: > > > > > On Thu, 31 Aug 2017 15:28:57 +0200 > > > mathias dufresne via samba

On Thu, 31 Aug 2017 16:27:12 +0200 mathias dufresne <infractory at gmail.com> wrote: > PS: the short way to explain %u is adding domain/workgroup to > username is the fact we are using trust relationship? > Probably, what you have to get your head around is this: The users 'fred', 'DOMAINA\fred' and 'DOMAINB\fred' are all different users. Winbind will

On Tue, 6 Sep 2016 11:41:59 +0000 Julian Zielke via samba <samba at lists.samba.org> wrote: > OK I think I got some more information for you guys. I just did > “getent passwd <NEWusername>” and got: <OLD > username>:*:<ID>:<ID2>::/home/…/<OLD username>:/bin/bash. > > When I do “su - <NEW username>” I get a valid shell with notification

Yes, the change is reflected into groups. The user's DN has all the new information we entered. The group has a memberOf string with the same correct information. A net cache flush on our DCs didn't help either. Since on another server using the same DCs and authentication mechanisms has no problems with the new name it's seems to be a server-related issue and not a DC one. - Julian

On 19/10/15 16:46, mathias dufresne wrote: > AD from Samba or Microsoft is mainly a database for storing users (and > associated stuffs). It comes also with stuffs (protocols) to connect and > retrieve information. > > How the client uses these information is, as always, a choice from that > specific client. > > Your AD client is your Squid/Squidguard(ian) server. Its job

Solved : ) Reminder of the issue: Every services (CIFS, Kerberos, LDAP, DNS, RPC) on one DC were working well and ldapsearch using DN and password were also working. The only thing which was not working was ldapsearch using GSSAPI authentication with the following error: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic

On 01/07/15 17:44, mathias dufresne wrote: > Thank you both precisions : ) > > My users have no "@" in their names (samAccountName nor userPrincipalName > nor anything) except in mail attribute). What have you got in userPrincipalName ? > > From https://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx > which I read before initial post I understand AD

Hi all, I've got on AD DC using Samba 4.4.3 on Centos7 which accept Kerberos connections (kinit is working), which accept ldapsearch with credentials but which refuse ldapsearch with GSSAPI. The issue does not seem to be coming from the client as I discovered this issue writing a script to test all 22 DC, and all 21 others DC are working well from that client. The error: SASL/GSSAPI

2016-10-12 12:17 GMT+02:00 L.P.H. van Belle via samba <samba at lists.samba.org >: > Your error. > > > > dn: uid=102220,ou=User,dc=example,dc=com > > > uid: 102220 > > > username: test1 > > Samba normaly set uid=Username and not the uidNumber > First find why you have uid=Number and not uid=Username. > >

As he wrote that SSH and SMTP auth and others stuffs are working, I would say SSSD should work. As he wrote there is an issue with Samba, I'd like to understand how he is using Samba, what is the exact error and what he's doing to get that error. Samba should be able to live with other tools. We should be able to able to speak here about Samba working with other tools. But that certainly

Hum... All users are OK except the one(s) you changed there names. No other modification in configuration, all others users are working well. Is that true? This broken user is correctly shown using "getent passwd <NEW username>"? Is that true? Can you use that user on system side, I would try, as root, "su - <NEW username>". This last test is to verify all is

2016-11-21 16:00 GMT+01:00 Rowland Penny via samba <samba at lists.samba.org>: > > See inline comments: > > On Mon, 21 Nov 2016 14:47:13 +0000 > Brian Candler via samba <samba at lists.samba.org> wrote: > > > A few questions about Unix groups in Samba. > > > > (1) "samba-tool user add" has an option to set --gid-number. However, > >

Hi all, I just add into my AD a user with different values for attributes "CN" and "name". Here is an extract of the LDIF used to add this user: ------------------------------------------------------------------------------------ dc202:~# egrep 'cn:|name:' mathias.ldif cn: Mathias Dufresne (CN) *name: mathias.dufresne*

Hi, After more investigations I'm now believing that we have some issue on our AD site declaration. I'll be back once I would have get more information. Best regards, M. Le jeu. 8 nov. 2018 à 11:22, mathias dufresne <infractory at gmail.com> a écrit : > Hi all, > > AD version is MS 2008R2. > > smb.conf is : > [global] > workgroup = AD > security = ADS

On Wed, 5 Oct 2016 12:04:53 +0200 mathias dufresne via samba <samba at lists.samba.org> wrote: > I just tested on some DC running also 4.4.5 and "getent group > my_group" does not show groups content. > > I read here > http://serverfault.com/questions/625416/samba-4-group-members-not-shown-in-getent-group > a proposal to use samba-tool as a replacement but

On 20/10/15 15:12, mathias dufresne wrote: > 2015-10-20 15:43 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > >> On 20/10/15 14:03, mathias dufresne wrote: >> >>> 2015-10-20 13:39 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: >>> >>> On 20/10/15 11:43, mathias dufresne wrote: >>>> 2015-10-20 11:10