Displaying 20 results from an estimated 40000 matches similar to: "Samba AD/DC, Single-Sign-On, domain users cannot change password"
2016 Jan 14
2
Samba AD/DC, Single-Sign-On, domain users cannot change password
On 14/01/16 05:54, Mark Foley wrote:
> Hmmm, this message is a week old and nothing?
>
> I know many of you have domain member hosts in your domain and surely are logging in as domain
> users authenticating with the Samba4 AD/DC, right?
>
> How do you change your password without having the domain Administrator do it for you?
>
> --Mark
>
> -----Original Message-----
2016 Jan 15
4
Samba AD/DC, Single-Sign-On, domain users cannot change password
On January 14, 2016 at 12:16 Rowland Penny wrote:
> Using 'passwd' does work, but pam has to be setup correctly and you
> cannot change the password on the first day unless you change the
> minimum password age to '0'
You answer piles of questions on this list, so you may not remember, but you helped me set this
whole domain-member/single logon thing last October. The
2016 Jan 14
1
Samba AD/DC, Single-Sign-On, domain users cannot change password
On Thu, 14 Jan 2016, Mark Foley wrote:
> Hmmm, this message is a week old and nothing?
>
> I know many of you have domain member hosts in your domain and surely are logging in as domain
> users authenticating with the Samba4 AD/DC, right?
>
> How do you change your password without having the domain Administrator do it for you?
> Trying to change the password from a terminal
2015 Oct 08
3
Samba AD PDC , LDAP and Single-Sign-On
On Thu, 8 Oct 2015 15:46 Sketch wrote:
> It's easy in Linux with Samba as well. You basically just need to follow
> the directions here:
>
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
Thanks for the feedback. OK, I'll check out your link ASAP. The "Server" bit
in the link gives me pause. I *have* a Samba4 AD/DC "server" already.
2017 Dec 03
3
Howto authenticate smartPhone via Active Directory
with passdb ldap i guess.
---Aki TuomiDovecot oy
-------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory
Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2
shows:
passdb pam {
}
used for
2015 Sep 02
2
How to "Windows Authenticate"
I've been using Dovecot 2.2.15 as the IMAP server for Outlook (2010/2013) on
Windows workstations for over 6 months with no problems. Dovecot is hosted on
the office Samba4 AC/DC server.
I have been using auth_mechanisms plain login, and passdb driver = shadow.
What I'd like to do now is use the "Windows Authenticated" login so I don't have
to have separate passwords for
2015 Sep 03
2
How to "Windows Authenticate"
Hi Mark,
I haven't done it, but I've played with the scenario enough to have an
idea.
What you want to do is have Outlook auth via NTLM to Dovecot.?
First that means having the machine be a domain member (usually via Samba)
in order to properly process NTLM/Kerberos handshake - which it appears you
have.
Second that means having Dovecot know how to accept NTLM authentication
(SPA) to
2015 Sep 07
2
How to "Windows Authenticate"
More info ...
My dovecot error log shows:
Sep 05 16:45:19 auth: Debug: client in: AUTH 1 NTLM service=imap
Sep 05 16:45:19 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS
Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713 10219 1 f56352c207cb8f6dea4d264b2c0f8dc1 session_pid=10220 request_auth_token
Sep 05
2015 Sep 08
2
How to "Windows Authenticate"
Comments interspersed with yours ...
--Mark
-----Original Message-----
> Date: Sun, 06 Sep 2015 20:00:11 -0500
> From: Rick Romero <rick at havokmon.com>
> To: dovecot at dovecot.org
> Subject: Re: How to "Windows Authenticate"
>
> Hmm. I would expect to see 'mark at hprs.com'. Whatever your full domain
> name is.
Full user at domain would be
2016 Jun 30
1
Where is krb5.keytab or equivalent?
I myself have dovecot running and auth is against a samba4 dc running on the same host.
Perhaps it can help you to let samba do the authentification.
Greetings
Daniel
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
Email: mueller at tropenklinik.de
www.tropenklinik.de
2015 Oct 10
2
Samba AD PDC , LDAP and Single-Sign-On
On Sat, 10 Oct 2015 16:07 Andrew Bartlett wrote
> For the pain that you are about to endure, I can only offer my apologies.
Apologies accepted! :) Seriously though, the Samba team has done a great job
with the AD stuff. I was pretty much able to drop Samba4 in as a replacement
for our SBS 2008 with virtually no issues. What issues I had were mostly
Microsoft idiosyncracies (refer to my GPO
2016 Jun 29
2
Looking for GSSAPI config [was: Looking for NTLM config example]
> On Jun 28, 2016, at 10:32 PM, Mark Foley <mfoley at ohprs.org> wrote:
>
> Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, and restarted. Now I
> don't get that "Unknown authentication mechanism 'gssapi'" message in maillog, and mail is
> delivered successfully to the other domain users having PLAIN authentication. That's a
2015 Oct 10
2
Workstations are member servers (or domain members) Re: Samba AD PDC , LDAP and Single-Sign-On
On Sat, 10 Oct 2015 08:23 Andrew Bartlett wrote:
> The main difference between use as a file server vs use as a desktop,
> is that pam_winbindd is mandatory for the Samba method (see elsewhere
> for using sssd or other tools), as that will get you you the desktop
> login.
Yes, that does clarify and give me comfort with respect to naming. I understand
that the office-central Samba4
2016 Jun 30
2
Looking for GSSAPI config [was: Looking for NTLM config example]
I think the problem still is that your keytab file has no entry
imap/hostname at DOMAIN and IMAP/hostname at DOMAIN
you also have no host/hostname at DOMAIN
Aki
On 29.06.2016 18:40, Mark Foley wrote:
> Yes, I think that's exactly correct. I just made a similar reply to Edgar Pettijohn about that.
> The Thunderbird message is:
>
> "The Kerberos/GSSAPI ticket was not accepted
2017 Dec 04
2
Howto authenticate smartPhone via Active Directory
Hi Mark,
Just to let you know that we are running dovecot with AD. (and I guess:
*many* people are running that combination)
It worked without issues, we are using in dovecot-ldap.conf.ext:
> auth_bind = yes
this user/passwd filter:
> = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514)))
> dn = cn=search_dovecit,cn=users,dc=company,dc=com
> dnpass =
2015 Oct 08
4
Samba AD PDC , LDAP and Single-Sign-On (was: re: Samba Internal DNS vs. BIND_DLZ)
I'm very confused. I have a Samba4 AD/DC which works great for Windows
Authentication with our Windows 7 workstations.
Now, I am trying to implement single-sign-on for our coming-soon Linux workstations.
All web documentation I've so far found on this references OpenLDAP as the server
and describes server-side commands such as kadmin and slapd-config to get things
set up on the
2015 Sep 13
3
How to "Windows Authenticate"
I am running Dovecot 2.2.15 on Linux Slackware 14.1 and Samba 4.1.17 as the
Active Directory/Domain Controller on the same host as Dovecot.
Sendmail/procmail delivers mail to users' $HOME/Maildir. MS Outlook/IMAP is the
client MTU used to connect with Dovecot to read mail on the Users' WIN7
workstations.
I believe I have confirmed that MS Outlook will either ...
1) send the userid and
2016 Jun 27
6
Where is krb5.keytab or equivalent?
> ... you don't get the /etc/krb5.keytab by default on a DC, you will need
> to create it:
>
> samba-tool domain exportkeytab /etc/krb5.keytab
Excellent! Thank you. I've done that now, but I have more issues more appropriate to a reply to mathias' message following.
--Mark
-----Original Message-----
> To: samba at lists.samba.org
> From: Rowland penny <rpenny
2015 Oct 08
4
Samba AD PDC , LDAP and Single-Sign-On
On Oct 8 2015 09:32 Rowlan Penny wrote:
> It might help if you were to explain just what you require from single-sign-on ?
Well, perhaps I'm mistaken, but is this not the #1 reason to install Samba4?
>From reading this list over the past couple of months it does not seem that
Authenticating users on Windows workstations is the main thing people do. But,
is not the ability to
2016 Jul 21
3
sendmail getting domain\user as email userId [formerly: How to GSSAPI/Kerberos authenticate with Dovecot]
Hi Mark,
I've had the same trouble with the DOMAIN\user on my DCs, and as Rowland
has already pointed out, the "winbind use default domain = yes" configure
option is not honored on a DC. My guess is that is because a Samba DC can
only be a DC for one domain, so that is why it isn't honored. If I do
"getent passwd username" on my DCs, they all return