similar to: Winbind idmap question

Displaying 20 results from an estimated 20000 matches similar to: "Winbind idmap question"

2016 Apr 21
2
Winbind idmap question
Hi Jonathan, Thank you for that, that solved the issue. Unfortunately I get another issue: on one DC id <user> gives "no such user". Adding domain (id ad.domain\\<user>) does not help. Adding the whole domain (id ad.domain.tld\\<user>) does not help more. I did checked PAM, NSS and Samba configurations, this server is using same configurations as the two working DC.
2016 Apr 21
2
Winbind idmap question
All DC are running same Samba version : 4.4.2. All DC are hosted on same Centos 7. On broken server(s): wbinfo -i mdufresne failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user mdufresne On working servers: wbinfo -i mdufresne AD.DOMAIN\mdufresne:*:12104:100:Mathias Dufresne (TEMP):/home/AD.DGFIP/mdufresne:/bin/false The smb.conf is:
2016 Apr 21
0
Winbind idmap question
Hi, Does "wbinfo -i <user>" work, and return the same results, on all the DCs? Are the DCs running the distribution & versions (e.g. CentOS, Debian, whatever) or are there differences there, also? On 21 April 2016 at 11:16, mathias dufresne <infractory at gmail.com> wrote: > Hi Jonathan, > > Thank you for that, that solved the issue. > > Unfortunately I
2016 Apr 21
0
Winbind idmap question
And why do I want to get rid of id mapping? Because starting my tests this morning, checking id of the same user on 3 DC I get 3 different UIDs for the same user. That's why we would prefer to rely on uidNumber. 2016-04-21 12:40 GMT+02:00 mathias dufresne <infractory at gmail.com>: > All DC are running same Samba version : 4.4.2. All DC are hosted on same > Centos 7. > >
2017 Aug 30
2
Shares not accessible when using FQDN
2017-08-30 16:15 GMT+02:00 mathias dufresne <infractory at gmail.com>: > > > 2017-08-30 16:05 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org> > : > >> On Wed, 30 Aug 2017 15:01:05 +0200 >> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: >> >> > Small addition. >> > >> > > have in
2017 Aug 03
1
file server, AD client, no rfc2307
2017-07-27 16:33 GMT+02:00 mathias dufresne <infractory at gmail.com>: > > > 2017-07-27 15:14 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org> > : > >> On Thu, 27 Jul 2017 08:51:52 +0100 >> Rowland Penny via samba <samba at lists.samba.org> wrote: >> >> > On Thu, 27 Jul 2017 08:36:51 +0100 >> > Rowland Penny via
2017 Aug 30
2
Shares not accessible when using FQDN
On Wed, 30 Aug 2017 15:01:05 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Small addition. > > > have in a users AD object is uidNumber. You can set the shell > > and unix homedir via template lines in smb.conf. > > The 'Domain Users' group must have a gidNumber attribute. > > > > No, the primary group,
2016 Oct 12
2
samba with customized ldap backend
As he wrote that SSH and SMTP auth and others stuffs are working, I would say SSSD should work. As he wrote there is an issue with Samba, I'd like to understand how he is using Samba, what is the exact error and what he's doing to get that error. Samba should be able to live with other tools. We should be able to able to speak here about Samba working with other tools. But that certainly
2017 Aug 31
3
file server: %U or %u?
On Thu, 31 Aug 2017 16:27:12 +0200 mathias dufresne <infractory at gmail.com> wrote: > PS: the short way to explain %u is adding domain/workgroup to > username is the fact we are using trust relationship? > Probably, what you have to get your head around is this: The users 'fred', 'DOMAINA\fred' and 'DOMAINB\fred' are all different users. Winbind will
2017 Aug 30
5
Shares not accessible when using FQDN
To have users accessibles from UNIX side (ie your member server) with any tool (winbind, sssd...) you must (ie that's mandatory) to have all needed informations to build a UNIX user in LDAP tree. What I mean here is you must have uidNumber, gidNumber but also something to fill login shell, home directory and perhaps gecos too (but I expect that last one is not mandatory). This because a UNIX
2015 Jun 11
4
idmap & migration to rfc2307
Yup, strange - right! Samba 4.2.2 RFC2307 attributes were added as follows: # sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \ -e 's/${NETBIOSNAME}/MYDOMAIN/g' \ -e 's/${NISDOMAIN}/MYDOMAIN/g' \ /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif # service samba4 stop # ldbmodify -H
2016 Oct 19
2
NS records for a new AD DC
2016-10-19 8:56 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Wed, 19 Oct 2016 08:47:25 +0200 > mathias dufresne <infractory at gmail.com> wrote: > > > > > > > > > The domain member will ask its nameserver (which should be an AD > > > DC), > > > > > > > The client send request to its resolver, which
2017 Aug 30
4
Shares not accessible when using FQDN
Rowland, Yes, I mean uidNumber and gidNumber. I'm aware I need to work with AD but at this time I need my unix IDs (on NSS) to keep services working. Not only for files ownership, but also for some other services. Yeah, that's complex... If I undestand well, the best way to do is to join the server using "net ads join" and use nss_winbind. This what I do but I only use the
2016 Aug 12
2
Samba and POSIX ACLs
Hi everybody, I know this has been discussed ad naseum, but I can't find an answer to my question precisely. My version of samba is 4.2.10. Here's my question. I have POSIX ACLs set on a directory like this: # file: . # owner: root # group: admin # flags: -s- user::rwx user:apache:rwx group::rwx group:admin:rwx mask::rwx other::r-x default:user::rwx default:user:apache:rwx
2016 Oct 05
2
getent group [groupname] do not show users
On Wed, 5 Oct 2016 12:04:53 +0200 mathias dufresne via samba <samba at lists.samba.org> wrote: > I just tested on some DC running also 4.4.5 and "getent group > my_group" does not show groups content. > > I read here > http://serverfault.com/questions/625416/samba-4-group-members-not-shown-in-getent-group > a proposal to use samba-tool as a replacement but
2016 Jan 27
6
NT_STATUS_CONNECTION_REFUSED
On 27 January 2016 at 08:24, Rowland penny <rpenny at samba.org> wrote: > On 26/01/16 20:54, Henry McLaughlin wrote: > >> [root at centos7member ~]# net rpc rights list accounts >> -U'TESTING\administrator' >> Enter TESTING\administrator's password: >> Could not connect to server 127.0.0.1 >> Connection failed: NT_STATUS_CONNECTION_REFUSED
2018 Nov 08
1
joining a Centos7 to MS AD
Hi, After more investigations I'm now believing that we have some issue on our AD site declaration. I'll be back once I would have get more information. Best regards, M. Le jeu. 8 nov. 2018 à 11:22, mathias dufresne <infractory at gmail.com> a écrit : > Hi all, > > AD version is MS 2008R2. > > smb.conf is : > [global] > workgroup = AD > security = ADS
2016 Jul 06
2
[samba as AD] Scripting GPO creation
PS: I could share information about what should be modified to modify the very same GPO, I didn't yet as I'm not sure anyone there would be interested and because that would work only for that kind of GPO. 2016-07-06 17:08 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Context: several teams have to manage only a a bunch of the company's > computers, so these
2016 Feb 10
1
Authenticate using AD UPN name
Hi, Thanks for answering. Yes, the linux machines are joined to the domain through samba and are using the AD accounts on their linux clients to logon and authenticate through winbind. Using the AD accounts samid to logon is just fine, the question is if its possible to use the UPN instead of the samid to login. Kind regards, Björn On Wed, Feb 10, 2016 at 2:33 PM mathias dufresne
2018 Nov 06
2
joining a Centos7 to MS AD
Hi Rowland, Thank you for your reply. I'll provide these information but for now I'm suspecting Samba and others things could be installed in a strange manner. I have to check that first... Best regards, mathias Le mar. 6 nov. 2018 à 10:36, Rowland Penny via samba <samba at lists.samba.org> a écrit : > On Tue, 6 Nov 2018 10:16:26 +0100 > mathias dufresne via samba