similar to: sssd keytab bug

Hello, we are using sssd version 1.12 on openSUSE 13.1 with Sernet-Samba Packages 4.1.11. Samba runs as a single AD DC We have removed the complete openSUSE samba stuff before testing. sssd runs on the same machine as samba. Our sssd config: -------------------------------------------------------------------------------- [sssd] services = nss, pam config_file_version = 2 domains =

Environment ========================================================================== ubuntu 16.04 samba 4.3.11+dfsg-0ubuntu0.16.04.6 sssd 1.13.4-1ubuntu1.2 Windows Server 2008 R2 At site1 the above works. My ubuntu server running samba+sssd can authenticate to the Windows Server 2008 R2 for services like ssh and samba. At site2 the same setup as site1 I can authenticate with services like ssh

Hi again, Thanks again, Denis, Steve and Rowland for your previous answers about RFC2307 and winbind. Maybe I'm an dreamer but here is that I wanted to achieve : Ubuntu server 12.04.3, samba4 as PDC, several NICS : 1 LAN and 2/3 WANS Use a windows VM (on this server) to control AD through WRAT AD offers me the 'wishdom' of software deployment and GPO, users are can't install

Dear list, It has been a true adventure setting up a samba4 ad with a bind9 backend. >From what I can see, everything is more or less working: --> samba itself: root at bubba3-one:/etc/sssd# smbclient //localhost/netlogon -UAdministrator -c 'ls' Enter Administrator's password: Domain=[EARTH] OS=[Unix] Server=[Samba 4.1.4-SerNet-Debian-7.wheezy] .

Hello all, after spending the last days fighting and researching I hope someone can point me to an solution here. Even if I am using Debian / Ubuntu since years I wouldn?t consider myself as a Linux professional. I have some experience though. What I try to accomplish: - Centrally administrated groups for file services. Right now it is only one server but there will be more. Setup: - System

Hi List, I?m attempting to configure an Active Directory joined CentOS 7 host to share directories with Windows clients using Samba. The machine has been joined to the domain via: ?adcli join --stdin-password --domain-ou=?OU=Servers,DC=domain,DC=com' --login-user={{ private_ad_username }} -S dc1 DOMAIN.COM". Logging in to the host via ssh with AD user credentials works fine. I have SSSD

CentOS Errata and Bugfix Advisory 2016:0153 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0153.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 51e4b292cca39ca7533cd14267520f41574954784efcbcbd8e72fd55d6cba332 libipa_hbac-1.12.4-47.el6_7.7.i686.rpm

Test 1: User User1 is a member of group Group1. Group1 has R-X rights to the shared folder SITES. When User1 connects to the server over SMB he sees SITES but when he tries to access it he gets access denied. Logs for the attempt show “chdir (/srv/SITES) failed, reason: Permission denied” Test 2: The same user can connect to the server over SSH and access the folder according to the group

On 11/06/2019 14:01, Zach Doman via samba wrote: > Hi List, > > I?m attempting to configure an Active Directory joined CentOS 7 host to share directories with Windows clients using Samba. The machine has been joined to the domain via: ?adcli join --stdin-password --domain-ou=?OU=Servers,DC=domain,DC=com' --login-user={{ private_ad_username }} -S dc1 DOMAIN.COM". Logging in to the

Thanks for the reply, Rowland. I managed to solve the issue without using winbind after doing some additional reading and digging around in my own environment. Due to the many times I have rebuilt my test host, the servicePrincipalName attribute within AD went missing somehow. This caused the Windows smb requests that I expected to be negotiated via kerberos to always fall back to NTLM (as noted

On 05/10/2020 16:14, Markus Jansen via samba wrote: > Dear all, > > i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) > > After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to

I am running Samba 4.1.12 with SSSD 1.12.2 on RHEL 7.1. I have joined my system to a Win 2008r2 domain. I have added the necessary unix attributes to all relevant users and groups. When I add a domain group to a directory, either as the primary group or as an ACL, I can access the share locally from the server, but cannot access the share from a Windows system via the SMB share. If I change

Dear all, i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.) After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to use SSSD and configured the `ldap_user_name = userPrincipalName` in the

CentOS Errata and Security Advisory 2016:0175 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0175.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b864b56998c7f54ad2ff8a88e6d2e2e9bbb7fed5b5cd1a5a37335df3db1009f5 glibc-2.12-1.166.el6_7.7.i686.rpm

CentOS Errata and Security Advisory 2016:0459 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0459.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a5eba41fcb4adf6207572d530b492827291b7e45b67b130e48dbe6aeb1e96012 bind-9.8.2-0.37.rc1.el6_7.7.i686.rpm

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Bugfix Advisory 2015:2006 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-2006.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: becebdde456b0b185c050aa164e7cb4145531466e5479801ff4f8aeb6f58dd2b selinux-policy-3.7.19-279.el6_7.7.noarch.rpm

Is it possible to specify a list of DCs for Samba to use, rather than have it look them up dynamically via DNS? I have an issue with Kerberos, Samba, and SSSD where my machines stop authenticating after a period of time – preAuthentication errors, etc. I suspect it's because of a "DC mismatch" between the three. Because we have numerous DCs all over the world, I specifically

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Hi all, I hope that this request for help will be the last one, for a while to come. Today, sernet support helped my sort out our DC mess, and they did a great job. However, sssd no longer works, and I hope someone here can help out. We used to have DC1, DC2 and DC3. DC1 was the classic-upgraded, first, 'original' DC, and had to be shutdown, unfortunately. So only DC2 and DC3