similar to: getent does not show domain user/groups

Hello Rowland, I should also mention that Samba 4.3.0 was installed from tarball, I compiled it myself. DC2 does not have the /var/lib/samba/private/sam.ldb file. Also it did not return any result on DC1. However, using /usr/local/samba/private/sam.ldb, both DCs returned the same thing: # returned 4 records # 1 entries # 3 referrals I wonder why DC1 has the /var/lib/samba/private/sam.ldb file

Hello, I just realized that my second DC does not recognize the users from the AD. wbinfo -u/-g are working just fine. [root at dc1 ~]# id bruno.castro uid=10004(POL\bruno.castro) gid=100(users) grupos=100(users),10001(POL\ti),3000009(BUILTIN\users) [root at dc2 ~]# id bruno.castro id: bruno.castro: no such user [root at dc1 ~]# wbinfo -i bruno.castro POL\bruno.castro:*:10004:100:Bruno de

Yup, compiled it myself and did not change the path. The query to the ldb returned the same thing on both DC1 and DC2. DNS and /etc/hosts are also fine, DC1 dns points to DC2 and DC2 to DC1. Everything seems to be completely fine... I was looking into this issue because I was doing the sysvol replication and noticed that the sysvol path had a '300000' as the group owner on DC2, where on

Hi, I am authenticating users on our linux servers using nslcd/pam_ldap. Authentication is fine, however, it is not possible for the user to change the password from the server. Is there a way to make it work ? [Guilherme at server ~]$ passwd Changing password for user Guilherme. passwd: Authentication token manipulation error Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user

Well, i add new configuration in my smb.conf. I try connecting in shared backup, this work with authentication, in shared printers, It prints with anonymous users and when I insert one valid ad user, it prints and displays the following error: "Idle - "Session setup failed: NT_STATUS_LOGON_FAILURE" Another doubt, in directory /var/spool/samba/, no have files, This folder should not

hi everyone > Yes, but you can add these two lines to smb.conf: > > winbind enum users = yes > winbind enum groups = yes > > This will allow getent to list all users and groups, but is not > recommended if you have a lot of users. > > Rowland thanks the dc's now lists all the domain users and groups. the domain users gid is correct on both dc's the uid

Hi, If your system is Debian use: ln -s /usr/local/samba/lib/libnss_winbind.so /lib/x86_64-linux-gnu/ ln -s /lib/x86_64-linux-gnu/libnss_winbind.so /lib/x86_64-linux-gnu/libnss_winbind.so.2 And "getent passwd" will show the domain users. Maybe you need restart de server. Att, Este e-mail foi enviado por um computador sem vírus e protegido pelo Avast. www.avast.com

On 20/08/15 18:26, Guilherme Boing wrote: > Yes, you are correct. > > The users where the UID 3000000 was the owner were users that belong to > Domain Admins group. > Is this the correct behaviour ? I have other users that are in different > groups (e.g. Marketing) and whenever they create a new file, their own UID > shows up as the owner of that file, not the

Hey, By "through LDAP" I meant that our linux servers would look for the users using pam_ldap. Anyway, I was able to "fix" this by mapping gidNumber to gidNumber instead of primaryGroupID on nslcd.conf. $ id uid=10000(Guilherme) gid=10001(it) grupos=10001(it) On Fri, Aug 21, 2015 at 4:28 PM, Rowland Penny <rowlandpenny241155 at gmail.com > wrote: > On 21/08/15

Well, i use samba wiki tutorial, well my actually config: I use winbind for work with getent searchs. In network no package sssd installed. I start services winbind, smbd and nmbd Well, really, about the confusion, I did not understand what you meant. The other config are not changed, they are the same ones when you helped the problems of the kerberos. Last detail, with shared backup, i test

Hi Rowland, This is a CentOS 6.7 server. I was able to make some progress. I have edited /etc/pam.d/system-auth, and now it looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account

Hello, I want my domain users to be able to connect to our linux servers using their AD username through LDAP. I am using nslcd and pam_ldap to do so, but I am having some hard time trying to figure out why the GID is not working properly. # getent passwd Guilherme Guilherme:*:10000:*513*:Guilherme:/home/Guilherme:/bin/bash # getent group|grep 513 # id Guilherme uid=10000(Guilherme) gid=513

Hi I hope that I am not totally wrong when asking this on a Samba list, but as I followed a tutorial found at the SAMBA wiki I hope I can find someone how is able to help me. My goal is to set up a server acting as a SAMBA AD Server with single sign on for linux users. I use a Ubuntu Server 13.10 as the base. On top of this I installed a SAMBA 4.1.2 from GIT, did provisioning, Kerberos

On 13/10/15 14:19, Guilherme Boing wrote: > Hello, > > I just realized that my second DC does not recognize the users from the AD. > wbinfo -u/-g are working just fine. > > [root at dc1 ~]# id bruno.castro > uid=10004(POL\bruno.castro) gid=100(users) > grupos=100(users),10001(POL\ti),3000009(BUILTIN\users) > > [root at dc2 ~]# id bruno.castro > id: bruno.castro: no

I have removed use_auhtok from /etc/pam.d/system-auth and now passwd is "kind of" working... I am still able to login with my old password and the new one also. But only on the linux servers that are authenticating through LDAP. On my workstation only the old password (the one I was trying to change through passwd(ssh)) works. I have noticed that my user now has a userPassword

Yes, it is an AD DC. The thing is, the only way I know to change the user password is from a Windows workstation (CTRL+ALT+DEL and go to Change password). I was trying to achieve the same thing through another Linux server that is not the AD DC. So I thought that it would be possible for them to change their AD passwords through "passwd", but it didn't seem to work properly, because

>-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny >Verzonden: donderdag 20 augustus 2015 16:56 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] Samba4 DC/AD documents created in >redirected folders with bogus UID > >On 20/08/15 15:24, Mark Foley wrote: >> Guilherme Boing, on 19 Aug 2015 14:31 you wrote:

Hello all, we are currently running several samba 3 services to give CIFS access to shares (mostly homedirs). Well, access to the shares are controlled by our LDAP service (not AD, OpenLDAP). Our servers are using sssd + pam to check wether or not a user is allowed to mount the share (on some old servers we also use the pam_ldap module for pam). Now, we just want to run samba 4 as simply as

On 20/08/15 15:24, Mark Foley wrote: > Guilherme Boing, on 19 Aug 2015 14:31 you wrote: > >> I just noticed that my fresh install of Samba 4.2.3 has the same behaviour. > Did you get a solution? > > Odd, but this topic doesn't seem to be getting much traction. I wonder what > people are using Samba4 for. Outside of hard-cord samba-junkies who love > spending hours

I am trying to configure idmap_ad on a linux member server (fedora core 23, samba 4.3.11) with a Windows 2008 domain controller. The domain is "MYDOMAIN.COM" with a child domain of "CHILD1.MYDOMAIN.COM." By default those domains trust each other. The MYDOMAIN PDC has the unix identity mapping feature installed, so I can use "active directory users and