similar to: idmap woes after upgrade

Displaying 20 results from an estimated 10000 matches similar to: "idmap woes after upgrade"

2017 May 27
0
idmap woes after upgrade
On Sat, 27 May 2017 09:25:24 +0000 Tim ODriscoll via samba <samba at lists.samba.org> wrote: > Hello All, > > I've bitten the bullet and upgraded from sernet-samba-4.2 to > 4.6.4-SerNet-RedHat-7.el7. > > Now my AD users don't show up in Linux, with the result that the > [homes] share fails to connect. Other shares work fine, it's just the > homes share.
2017 May 27
3
idmap woes after upgrade
Hi Rowland, On 27 May 2017 11:39: > Hmm, you mention: > > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' > > Is this on a DC or a Unix domain member ? This is on a DC. I only have two centOS7 AD DC's in my environment.. Tim
2017 May 29
2
ntlm_auth with freeradius
Hello All, After updating to sernet-samba-4.6.4, ntlm_auth doesn't appear to work for me with challenge and nt-responses. I'm using ntlm_auth in freeradius to authenticate my wifi users against my AD. In sernet-samba-4.2.14 it was working perfectly. My freeradius server is an AD Member, and I've got two other sernet-samba-4.6.4 AD DC's. $ ntlm_auth --request-nt-key
2017 May 27
0
idmap woes after upgrade
On Sat, 27 May 2017 11:02:36 +0000 Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote: > Hi Rowland, > > On 27 May 2017 11:39: > > Hmm, you mention: > > > > 'idmap_ldb:use rfc2307 = yes' and 'xidNumber' > > > > Is this on a DC or a Unix domain member ? > > This is on a DC. I only have two centOS7 AD DC's in my
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: Unfortunately it's still erroring out: (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk (7) mschap: Client is using MS-CHAPv2 > Is this set as a UPN (with the realm appended) on the user? I don't see any UPN's in my AD record, only SPNs - unless I misunderstand you? I've run
2017 May 27
3
idmap woes after upgrade
On 27 May 2017 12:45: On Sat, 27 May 2017 11:02:36 +0000 Tim ODriscoll <tim.odriscoll at lambrookschool.co.uk> wrote: > The other lines never did anything on a DC. Thank you, I've removed them now.. > Unless you manually add uidNumber attributes to users and gidNumber > attributes to groups, id mapping on a DC is done in idmap.ldb and > results in ID numbers in the 3000000
2023 Apr 04
1
Fwd: ntlm_auth and freeradius
On Tue, 2023-04-04 at 07:55 +0000, Tim ODriscoll wrote: > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > > Unfortunately it's still erroring out: > > (7) mschap: Creating challenge hash with username: host/SL- > > 6S4BBS3.MYDOMAIN.co.uk > > (7) mschap: Client is using MS-CHAPv2 > > > > > Is this set as a
2023 Apr 03
2
ntlm_auth and freeradius
Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not
2023 Apr 03
2
[EXTERNAL] Fwd: ntlm_auth and freeradius
On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > Unfortunately it's still erroring out: > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > (7) mschap: Client is using MS-CHAPv2 Is this set as a UPN (with the realm appended) on the user? -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001)
2023 Apr 03
1
ntlm_auth and freeradius
Dear All, I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. The errors I'm getting are to do with ntlm_auth not authenticating my machine account. Everything looks OK (to me) on the command
2017 May 29
0
Fw: ntlm_auth with freeradius
Edit: When running 'winbindd -SFd5', I see a little more of the problem after I run my two ntlm_auth commands one after the other. I believe the 'crap' part is an acronym for 'Challenge Response Authentication Protocol', so why would it be failing? [ 2202]: request interface version (version = 28) [ 2202]: request location of privileged pipe getgroups root Could not
2017 May 27
1
[SOLVED] Fw: idmap woes after upgrade
On 27 May 2017 16:07 > After thinking everything was fine, I'm now getting RPC failures on my Windows clients. > I can map a drive with 'net use..', but 'net user tim.odriscoll /domain' returns a 1722 error, 'The RPC server > is unavailable'. Turns out 'authconfig' (used to modify PAM files), also adds a few extra bits to smb.conf. It adds
2017 May 27
2
Fw: idmap woes after upgrade
On Sat, 27 May 2017 12:53:16 +0000 Tim ODriscoll via samba <samba at lists.samba.org> wrote: > I've got winbind in my nsswitch.conf. I don't want to grant user > access to the servers via ssh or anything, so I don't need > pam_winbind, right? > > What does the mapping of uidNumber to username on the filesystem so I > can use chown etc? Er the same thing as
2017 Jan 12
2
Corrupted idmap...
I forgot about ldbsearch. Here is a dump of xid numbers. root at dc01:~# ldbsearch -H /var/lib/samba/private/idmap.ldb | grep xidNumber xidNumber: 3000028 xidNumber: 3000013 xidNumber: 3000033 xidNumber: 3000003 xidNumber: 3000032 xidNumber: 3000023 xidNumber: 3000019 xidNumber: 3000010 xidNumber: 65534 xidNumber: 3000031 xidNumber: 3000022 xidNumber: 3000026 xidNumber: 3000017 xidNumber: 3000027
2016 Oct 26
3
NT_STATUS_INVALID_SID
I have a brand-new install of Debian 8 without systemd and a freshly-built Samba 4 install with issues. I created this as a standalone AD DC, setup group policies, etc and then took it to the client location. Now nothing works. I keep getting "RPC server unavailable" on Windows machines and trying to list shares on the DC itself results in NT_STATUS_INVALID_SID. I am lost as there are
2023 Apr 04
2
Fwd: ntlm_auth and freeradius
> You said earlier that you have set ntlm auth = mschapv2-and-ntlmv2-only Yes, I found that here: https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory > This means to reject NTLMv1, which MSCHAPv2 is cryptographically, unless the client makes special pleading that it used MSCHAPv2 with it's client. > This is related to the missing ntlm_auth option
2017 May 27
3
[SOLVED] Fw: idmap woes after upgrade
Thank you for your help on this, Rowland. A tweak of PAM and a restart of nscd and suddenly all my file permissions were back. You've saved my weekend :-) Tim
2015 Jul 03
3
Clients unable to get group policy...
On 03/07/15 15:18, Ryan Ashley wrote: > The only Unix client I can think of would be the Buffalo NAS. It runs > Samba3 and hosts various shares via SMB. DNS is handled by BIND9 on the > Samba4 DC. DNS does work and the domain name resolves to the IP address > of the server. DHCP is also handled on the DC. As for the GPO's, they're > in the correct place as far as I can tell.
2015 Jul 02
5
Clients unable to get group policy...
On 02/07/15 16:55, Ryan Ashley wrote: > Rowland, here is what I found in the ldb. > > # record 68 > dn: CN=S-1-5-32-544 > cn: S-1-5-32-544 > objectClass: sidMap > objectSid: S-1-5-32-544 > type: ID_TYPE_BOTH > xidNumber: 3000000 > distinguishedName: CN=S-1-5-32-544 > > # record 70 > dn: CN=S-1-5-32-549 > cn: S-1-5-32-549 > objectClass: sidMap >
2016 Oct 27
4
NT_STATUS_INVALID_SID
On Wed, 26 Oct 2016 17:27:37 -0400 Ryan Ashley via samba <samba at lists.samba.org> wrote: > I guess I should note that it seems like the high SIDs will resolve, > except for 300000. Below is an example. > > root at dc01:~# l /var/lib/samba/sysvol/medarts.lan/ > total 16 > drwxrws---+ 4 MEDARTS\reachfp 3000000 4096 Oct 17 17:45 Policies > drwxrws---+ 2 MEDARTS\reachfp