Displaying 20 results from an estimated 10000 matches similar to: "Best way to integrate Unix with AD."
2017 Mar 14
3
Best way to integrate Unix with AD.
Is there a good guide for how to set up a Samba based AD domain
controller with RFC2307 attributes so I can experiment... I can't get
the Windows guys in my company to do anything Microsoft don't provide a
check box for, unless I can teach them how to do it... but I've not used
any of these Windows technologies for a very long time...
At least if I can show a working system then
2017 Mar 13
0
Best way to integrate Unix with AD.
On Mon, 13 Mar 2017 20:04:30 +0000
"A. James Lewis via samba" <samba at lists.samba.org> wrote:
> Hi all,
>
> I know this is a little off topic (although it might not be because
> I'm sure there's a solution involving Samba!)... but I hope one of
> you fine people can advise me on the best approach to achieving an
> integrated directory supporting
2017 Aug 22
6
Windows pre-requisites for login with winbind?
Hi!
Indeed!, this sounds like good advice... there are certainly bugs, I had to get the 7.04.5 package from "proposed" to get resolve a PAM library issue!... although I suppose that's a packaging problem.
What is the best way to get an updated Samba package here, I'm trying to make this system reproduceable, I have a single script that builds the entire container, and sets up
2015 May 05
4
Managing Samba Active directory.
Hi,
I've never been a Windows user, but I'm curious to see how the AD
integration works in Linux, since it looks like we may need to have one
or two Windows desktops and I don't realy want to start setting up
Windows infrastructure. If I can have Samba as a domain controller that
makes things a lot simpler.
I have one question tho, the documentation suggests using the Microsoft
2017 Aug 21
6
Windows pre-requisites for login with winbind?
August 21, 2017 5:34 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:
> On Mon, 21 Aug 2017 15:37:03 +0000
> "A. James Lewis" <james at fsck.co.uk> wrote:
>
>> OK, obviously I am slightly sanitising the output here, but I'm
>> preserving the case, and just replacing local names with generic ones
>> as I did for the
2015 May 05
2
Managing Samba Active directory.
Hmm, thanks to all who replied... you've actually made me think of
another question... I gues it's a bit odd on this list to see someone
who's looking at using AD that doesn't know anything about it... last
time I was tempted down the Windows path it was Win9x.
Anyway, you mentioned "netgroup management", which makes me wonder if
the other NIS style maps can be
2015 Jan 13
1
Is there any problem that can arise from remapping gidNumber?
On 13/01/15 17:22, John Lewis wrote:
> On 01/13/2015 12:03 PM, Rowland Penny wrote:
>> On 13/01/15 16:25, John Lewis wrote:
>>> On 01/13/2015 11:10 AM, John Lewis wrote:
>>> I figured out that the RID was the last few numbers on the end of the
>>> objectSid.
>>>
>>> How do I change the object Rid so I can change the GID of the group?
>>
2019 Dec 19
3
unix_primary_group and unix_nss_info for rfc2307 idmap backend
Hi,
In winbind, are there any plans to add the idmap_ad options "unix_primary_group" and "unix_nss_info" to the idmap_rfc2307 backend?
I am using an ldap proxy to preserve the UNIX uids and gids between two domains, and it would be nice to also share the shell setting and the UNIX primary group as well.
2017 Feb 01
4
creating new users - missing uidNumber
Am 2017-02-01 um 12:19 schrieb Rowland Penny via samba:
> ADUC never added uidNumbers automatically, you had to use the Unix
> Attributes tab, but this no longer exists on windows 10, you have to
> use the 'attributes' tab
>
> The only way (that I know) to create a user with a uidNumber, is to
> use samba-tool, run 'samba-tool user create --help' for more info.
2015 Jan 13
2
Is there any problem that can arise from remapping gidNumber?
On 13/01/15 16:25, John Lewis wrote:
> On 01/13/2015 11:10 AM, John Lewis wrote:
>> On 01/13/2015 10:41 AM, Rowland Penny wrote:
>>> On 13/01/15 15:11, John Lewis wrote:
>>>> On 01/13/2015 09:23 AM, Rowland Penny wrote:
>>>>> On 13/01/15 14:06, John Lewis wrote:
>>>>>> On 01/13/2015 06:35 AM, Rowland Penny wrote:
2019 Dec 19
1
unix_primary_group and unix_nss_info for rfc2307 idmap backend
On Thu, Dec 19, 2019 at 10:19:28PM +0000, Rowland penny via samba wrote:
> On 19/12/2019 21:46, Sebastian Lisic wrote:
> >Thanks for the quick reply, Rowland!
> >
> >The problem I have is that the clients of each domain do not have access to the other domain's DC. Only the DCs of each domain can talk to one another. With Microsoft no longer allowing POSIX attributes to be
2017 Oct 30
5
Listing AD group members
Hi,
Ive been trying to work out how to get wbinfo to list members of a specific
AD group, rather than list groups a specific user is in.
So far I have had no luck... In fact im not sure its possible with wbinfo.
Is there another tool which could do this?
James
--
Sent using Dekko from my Ubuntu device
2017 Aug 21
6
Windows pre-requisites for login with winbind?
Also, I see the following repeated in syslog:-
==> syslog <==
Aug 21 15:25:41 hostname01 winbindd[691]: [2017/08/21 15:25:41.438959, 0] ../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Aug 21 15:25:41 hostname01 winbindd[691]: Kinit for HOSTNAME01$@DOMAIN.LOCAL to access cifs/LOCAL_AD02.domain.local at DOMAIN.LOCAL failed: Cannot contact any KDC for requested realm
2017 Aug 25
4
AD Group update lag / cache, firewall related?
August 25, 2017 3:12 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:
> On Fri, 25 Aug 2017 13:54:21 +0000
> "A. James Lewis" <james at fsck.co.uk> wrote:
>
>> It's not offline.... and groups do usually filter through...
>> sometimes immediately, sometimes never... but usually with a
>> significant delay...
>>
2017 Aug 22
5
Windows pre-requisites for login with winbind?
On Tue, 22 Aug 2017 12:01:20 +0000
"A. James Lewis via samba" <samba at lists.samba.org> wrote:
> Indeed!... you are correct... this does appear to be the kerberos
> issue uncovered by Rowlands pointing out that I should not need to be
> manually defining "kdc =", in my krb5.conf.... so with that resolved,
> I'm hoping we can also find the cause of my
2017 Aug 22
5
Windows pre-requisites for login with winbind?
I have krb5-config krb5-user, but not libpam-krb5... I'm slightly fuzzy about how this works, but I thought the interaction with kerberos was implemented via winbind, so I wasn't expecting this package to be installed... certainly there is no dependency that has pulled it in.
James
August 22, 2017 1:15 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:
>
2019 May 16
2
SRV records.
Hi all,
A slightly hypothetical one here... but after Samba (Winbind actually)... looks up the list of AD server for a doman from DNS... what method does it use to decide which is the correct (most local?) domain controller to connect to/log in to?
What will it's behaviour be if it connects to one, or two which don't have connectivity.
--
A. James Lewis (james at fsck.co.uk
2017 Oct 30
4
Listing AD group members
Oh, I assumed you meant -d10, since -d0 turns off all debug output, so the output is long, but I get:-
.
.
.
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system'
2017 May 10
3
Using smbclient and mount.cifs with SPN in Keytab
Hi,
for a static cifs mount (automount from fstab) I would like to use
kerberos with a SPN. The share is accessed from a http service, so I use
HTTP/www.samdom.example.com with the username
http-www.samdom.example.com. Unfortunately I can not get it to work.
The keytab is generated as described on [1].
# klist -kt /etc/http.keytab
Keytab name: FILE:/etc/http.keytab
KVNO Timestamp
2017 Sep 28
4
Trusted domain with different short name to DNS name.
Hey,
I have 2 trusted domains to deal with, "DEV" and "TODEV", and I have configured smb.conf like this:-
[global]
workgroup = MAIN
security = ADS
realm = MAIN.DOMAIN.LOCAL
idmap config *:backend = tdb
idmap config *:range = 95000-99999
idmap config MAIN:backend = rid
idmap config MAIN:range = 100000-999999
idmap config DEV:backend = rid
idmap config DEV:range =