similar to: Joining a domain.

Displaying 20 results from an estimated 50000 matches similar to: "Joining a domain."

2017 Aug 21
5
Windows pre-requisites for login with winbind?
Hi all, I've just been following a series of guides to set up "winbind" authentication on a container build I'm working on, but I'm seeing some strange behaviour.... After the "net ads join -k", some users can log in, but others cannot (pam says their account does not exist)... although they can all authenticate with kinit! If someone has an idea why this might
2017 Aug 22
5
Windows pre-requisites for login with winbind?
On Tue, 22 Aug 2017 12:01:20 +0000 "A. James Lewis via samba" <samba at lists.samba.org> wrote: > Indeed!... you are correct... this does appear to be the kerberos > issue uncovered by Rowlands pointing out that I should not need to be > manually defining "kdc =", in my krb5.conf.... so with that resolved, > I'm hoping we can also find the cause of my
2017 Aug 21
6
Windows pre-requisites for login with winbind?
Also, I see the following repeated in syslog:- ==> syslog <== Aug 21 15:25:41 hostname01 winbindd[691]: [2017/08/21 15:25:41.438959, 0] ../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send) Aug 21 15:25:41 hostname01 winbindd[691]: Kinit for HOSTNAME01$@DOMAIN.LOCAL to access cifs/LOCAL_AD02.domain.local at DOMAIN.LOCAL failed: Cannot contact any KDC for requested realm
2017 Oct 30
5
Listing AD group members
Hi, Ive been trying to work out how to get wbinfo to list members of a specific AD group, rather than list groups a specific user is in. So far I have had no luck... In fact im not sure its possible with wbinfo. Is there another tool which could do this? James -- Sent using Dekko from my Ubuntu device
2017 Aug 21
6
Windows pre-requisites for login with winbind?
August 21, 2017 5:34 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote: > On Mon, 21 Aug 2017 15:37:03 +0000 > "A. James Lewis" <james at fsck.co.uk> wrote: > >> OK, obviously I am slightly sanitising the output here, but I'm >> preserving the case, and just replacing local names with generic ones >> as I did for the
2017 Aug 22
6
Windows pre-requisites for login with winbind?
Hi! Indeed!, this sounds like good advice... there are certainly bugs, I had to get the 7.04.5 package from "proposed" to get resolve a PAM library issue!... although I suppose that's a packaging problem. What is the best way to get an updated Samba package here, I'm trying to make this system reproduceable, I have a single script that builds the entire container, and sets up
2017 Oct 30
4
Listing AD group members
Oh, I assumed you meant -d10, since -d0 turns off all debug output, so the output is long, but I get:- . . . GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system'
2017 Aug 23
4
Windows pre-requisites for login with winbind?
I have to confess here, that on trying again, to get the error... I restarted everything to ensure there were no errant messages, and now installing libpam-krb5 does not cause a problem... the users are assigned a kerberos ticket when logging in which is nice too... I must thank you and Rowland both, since I have learned a lot about how Kerberos works in this process, and debugged some issues
2017 Aug 25
4
AD Group update lag / cache, firewall related?
August 25, 2017 3:12 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote: > On Fri, 25 Aug 2017 13:54:21 +0000 > "A. James Lewis" <james at fsck.co.uk> wrote: > >> It's not offline.... and groups do usually filter through... >> sometimes immediately, sometimes never... but usually with a >> significant delay... >>
2019 May 16
2
SRV records.
Hi all, A slightly hypothetical one here... but after Samba (Winbind actually)... looks up the list of AD server for a doman from DNS... what method does it use to decide which is the correct (most local?) domain controller to connect to/log in to? What will it's behaviour be if it connects to one, or two which don't have connectivity. -- A. James Lewis (james at fsck.co.uk
2017 Aug 22
5
Windows pre-requisites for login with winbind?
I have krb5-config krb5-user, but not libpam-krb5... I'm slightly fuzzy about how this works, but I thought the interaction with kerberos was implemented via winbind, so I wasn't expecting this package to be installed... certainly there is no dependency that has pulled it in. James August 22, 2017 1:15 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote: >
2017 Sep 28
4
Trusted domain with different short name to DNS name.
Hey, I have 2 trusted domains to deal with, "DEV" and "TODEV", and I have configured smb.conf like this:- [global] workgroup = MAIN security = ADS realm = MAIN.DOMAIN.LOCAL idmap config *:backend = tdb idmap config *:range = 95000-99999 idmap config MAIN:backend = rid idmap config MAIN:range = 100000-999999 idmap config DEV:backend = rid idmap config DEV:range =
2017 Aug 25
4
AD Group update lag / cache, firewall related?
Hey again all, After the rather excellent assistance from a few of you on the list over the last week... I wonder if you will be able to answer the cause of another rather long standing issue I've had for a long while. We have a couple of Linux hosts using winbind for authentication, and AD groups for access to various privileges... but for some reason or another... possible firewalls
2018 Jan 31
3
netsamlogon_cache.tdb & winbind.
All, I wonder if someone can give me an idea what the file "netsamlogon_cache.tdb" contains... as I have noticed that I can be added to a group, and access will not appear on the Unix side for a good deal of time... but if I stop Winbind, remove the file "netsamlogon_cache.tdb", and re-start everything, it will then work. Can anyone tell me what the purpose of this file is,
2015 May 05
4
Managing Samba Active directory.
Hi, I've never been a Windows user, but I'm curious to see how the AD integration works in Linux, since it looks like we may need to have one or two Windows desktops and I don't realy want to start setting up Windows infrastructure. If I can have Samba as a domain controller that makes things a lot simpler. I have one question tho, the documentation suggests using the Microsoft
2017 Aug 24
3
Windows pre-requisites for login with winbind?
Yes indeed.... I know a lot about the Linux side, but Windows is a bit of a mystery to me... and I have to confess to not knowing exactly how nss links various directory services into the system.... hence my comment earlier with "Password file entry" in quotes... I know it's not in the password file, and is amalgamated into the password "map", via nss, but I'm not sure
2017 Sep 21
0
Joining a domain.
What I don't understand is that the Windows team here are really restrictive, and I have no administrative rights in the domain, however I verified that I could authenticate with kerberos, using kinit, and then "net ads join -k", and I am able to authenticate against the domain, and gain access to idmap UID/GID mapping... So, what I don't understand is what the join process
2017 Sep 22
0
Joining a domain.
On Thu, 21 Sep 2017 22:06:10 +0100 "A. James Lewis" <james at fsck.co.uk> wrote: > On 21/09/17 20:48, Rowland Penny via samba wrote: > > On Thu, 21 Sep 2017 19:30:29 +0000 > > "A. James Lewis" <james at fsck.co.uk> wrote: > > > >> What I don't understand is that the Windows team here are really > >> restrictive, and I have
2017 Mar 13
4
Best way to integrate Unix with AD.
Hi all, I know this is a little off topic (although it might not be because I'm sure there's a solution involving Samba!)... but I hope one of you fine people can advise me on the best approach to achieving an integrated directory supporting Unix/Linux as a first class citizen, storing autofs maps, as well as uid, gid and home folders for each user... and how would that be managed. I see
2017 Oct 30
1
Listing AD group members
It appears to hang for a very long time (up to 15 minutes) on "kinit for HOSTNAME$@DOMAIN.LOCAL succeeded" then it returns nothing. I'm somewhat confused! James October 30, 2017 12:27 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote: > On Mon, 30 Oct 2017 12:07:24 +0000 > "A. James Lewis" <james at fsck.co.uk> wrote: >