Displaying 20 results from an estimated 10000 matches similar to: "Samba 4 with sssd - primary Windows group membership not honored"
2016 Mar 23
3
Samba 4 with sssd - primary Windows group membership not honored
Thanks for the reply! I'm confused on a few bits:
To change a users primary group is a bit like jumping through hoops, you
> have to add the user to the group that you want to be the new primary
> group, then change the primaryGroupID attribute to contain the RID of the
> new group and then finally add the user to the 'Domain Users' group. If I
> were you, I wouldn't
2016 Mar 23
2
Samba 4 with sssd - primary Windows group membership not honored
>
> OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If
> you create a directory on Unix that you want to share, set the owner:group
> to root:'Domain Admins' and permissions to 0770. You will then be able to
> set the permissions from windows or with setfacl on the Unix machine, you
> do not need the 'force group' lines in smb.conf,
2016 Mar 23
0
Samba 4 with sssd - primary Windows group membership not honored
See inline comments
On 23/03/16 15:32, Joseph Dickson wrote:
> Greetings!
>
> I am working with Samba 4 as a domain member fileserver (not a domain
> controller, just a normal ads member fileserver). Operating system is
> Centos 7. SSSD is configured and pulling information correctly.
>
> I had to work around a bug that wasn't fixed in a released version, so I am
>
2016 Mar 23
1
Samba 4 with sssd - primary Windows group membership not honored
>
> Can you check if this file exists:
> /usr/local/samba/lib/security/pam_winbind.so
For historical reasons, I used a prefix of /opt/samba when I compiled:
[root at smbfs1 shares]# ls -al /opt/samba/lib/security/pam_winbind.so
-rwxr-xr-x 1 root root 63837 Mar 17 19:54
/opt/samba/lib/security/pam_winbind.so
relevant config lines in case they are helpful:
[global]
lock directory =
2016 Mar 23
0
Samba 4 with sssd - primary Windows group membership not honored
On 23/03/16 20:16, Joseph Dickson wrote:
>> OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If
>> you create a directory on Unix that you want to share, set the owner:group
>> to root:'Domain Admins' and permissions to 0770. You will then be able to
>> set the permissions from windows or with setfacl on the Unix machine, you
>>
2016 Mar 23
0
Samba 4 with sssd - primary Windows group membership not honored
On 23/03/16 16:18, Joseph Dickson wrote:
> Thanks for the reply! I'm confused on a few bits:
>
>
> To change a users primary group is a bit like jumping through hoops, you
>> have to add the user to the group that you want to be the new primary
>> group, then change the primaryGroupID attribute to contain the RID of the
>> new group and then finally add the user
2015 Jan 13
3
Ubuntu SSSD Active Directory Authorization issue (group membership is not honored)
Hello all,
after spending the last days fighting and researching I hope someone can
point me to an solution here.
Even if I am using Debian / Ubuntu since years I wouldn?t consider
myself as a Linux professional. I have some experience though.
What I try to accomplish:
- Centrally administrated groups for file services. Right now it is only
one server but there will be more.
Setup:
- System
2015 Jan 15
0
Ubuntu SSSD Active Directory Authorization issue (group membership is not honored)
On 15.01.15 09:52, Peter Serbe wrote:
> On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote:
>
>> What works:
> ...
>> - getfacl / setfacl setting with domain object names.
>>
>> My issue:
>> Authorization is not working. For example:
>> - Write list / read list / valid users options in smb.conf are not
>>
2015 Jan 16
0
Ubuntu SSSD Active Directory Authorization issue (group membership is not honored)
Rowland Penny schrieb am 15.01.2015 22:00:
[RFC2307]
> For samba4 active directory, read microsoft AD, so you don't have to
> provision anything else, you just need to learn how to properly use what
> you already have.
>
> Rowland
Rowland is right, of course. But(!) things might be simpler with the
RFC2307 attributes.
Without the attributes You need to set the
2015 Jan 15
0
Ubuntu SSSD Active Directory Authorization issue (group membership is not honored)
Hi,
On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote:
> Hello all,
>
> after spending the last days fighting and researching I hope someone can
> point me to an solution here.
>
> Even if I am using Debian / Ubuntu since years I wouldn?t consider myself
> as a Linux professional. I have some experience though.
>
> What I try to
2015 Jan 15
2
Ubuntu SSSD Active Directory Authorization issue (group membership is not honored)
On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote:
> What works:
...
> - getfacl / setfacl setting with domain object names.
>
> My issue:
> Authorization is not working. For example:
> - Write list / read list / valid users options in smb.conf are not
> honored.
...
> - Skipped the samba authorization and moved this to the filesystem
2008 Dec 01
1
Group membership not being honored
I've got a relatively simple permissions scheme I need to implement, and
I'm having issues with group membership.
I have a share that I need to grant an active directory group full
control to. If I add an AD user to the ACL on the directory that is the
root of the share, the user can access it. If I add an AD group to the
ACL on that same directory, group members cannot access the
2019 Jun 12
4
Samba + sssd deployment: success and failure
I agree with putting the sssd discussion to bed, but am still interested
in clearing up some confusion, as I'm concerned I might be missing
something.
On 6/12/19 12:44 PM, Rowland penny via samba wrote:
> On 12/06/2019 17:43, Goetz, Patrick G via samba wrote:
>> On 6/12/19 11:10 AM, Rowland penny via samba wrote:
>>> Why are you using sssd on a standalone server ?
2019 Jun 12
4
Samba + sssd deployment: success and failure
On 6/12/19 11:10 AM, Rowland penny via samba wrote:
>
> Why are you using sssd on a standalone server ?
>
> your users will be in /etc/passwd and the Samba database, I don't think
> sssd can talk to the Samba database.
>
I'm pretty sure what happens when you set [server role = standalone] is
that Samba then defers to /etc/nsswitch.conf for how authorization
should
2016 Apr 07
3
centos samba sssd active directory
Hello all,
Im having the latest centos that should be integrated into win 2012 active directory domain.
Im having Authentication running, an AD user can login via ssh, getent and id working
But Im not able to get the samba shares running with AD
[sfu-erp]
comment = Mandant
path = /share
# ; valid users = @"RZ-DOMAIN\linuxtest" @"RZ-DOMAIN\linuxtest"
valid users =
2019 Jun 12
2
Samba + sssd deployment: success and failure
On 6/12/19 7:00 AM, Rowland penny wrote:
> How are you actually running samba ?
> How are you actually running samba ?
I *think* setting
security = user
server role = auto
makes Samba run as a standalone server, which is fine, because
authentication is handled via /etc/nsswitch.conf:
passwd: compat systemd sss
group: compat systemd sss
shadow:
2015 Jan 07
1
Password Must Change using SSSD in Samba 4.1.10
Hi,
I am trying to implement the *password must change at next logon* in CentOS
6.5 client using sssd 1.11.6 where Samba 4.1.10 is my backend server.
Here are the list of things which I have done,
1. I have setup the CentOS to do the Domain login using sssd service. I can
able to login into the CentOS client using Domain user's credentials from
display
and from SSH also, no problem at all.
2019 Jun 13
5
Samba + sssd deployment: success and failure
On Thursday, 13 June 2019 00:41:09 PDT Rowland penny via samba wrote:
> On 13/06/2019 07:55, Alexey A Nikitin wrote:
> > On Wednesday, 12 June 2019 13:07:56 PDT Rowland penny via samba wrote:
> >>>> I think you mean 'RID' instead of 'SID'
> >>> Yes, you're right. The Windows people seem to use the terms synonymously.
> >> I cannot
2020 Aug 12
2
Using SSSD + AD with Samba seems to require Winbind be running
On 12/08/2020 13:24, Robert Marcano via samba wrote:
> If you are runnning a Samba server as a member of a domain, you need
> to start winbind. The following is a not a Samba issue since Samba and
> SSSD interactions are not part of Samba.
>
> You can still run SSSD/realmd/adcli as your domain membership toolkit,
> but you need to start winbind if a Samba server is started on
2012 Oct 24
1
SSSD configuration
Hello,
we're upgrading from Centos 5.8 to Centos 6.3 and have realized few
things have changed in the system.
We're using LDAP authentication (nss_ldap package) on our Centos 5.8
servers and have different PAM ldap configuration files configured to be
used for specific PAM services.
Here is the example of our setup:
/etc/pam.d/service1:
auth sufficient pam_ldap.so