similar to: winbind rfc2307 not being obeyed

I found what I needed to do DOMAIN=MIND.UNM.EDU SHORT=MIND authconfig --enablekrb5 --krb5kdc=${DOMAIN} --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} --smbservers=${DOMAIN} --smbworkgroup=${SHORT} --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash --enablemkhomedir --enablewinbindusedefaultdomain

My smb.conf file now looks like so [global] #--authconfig--start-line-- # Generated by authconfig on 2017/10/30 10:47:34 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = MIND password server = MIND.UNM.EDU realm = MIND.UNM.EDU security = ads idmap config * : range = 2000-7999

maybe it'll work when f27 comes out in a few days I'll wait for it. On Mon, Oct 30, 2017 at 3:05 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > for this machine it was unimportant. I will just use local accounts to > login it is only one user > I did remove sssd and went back to my original smb.conf but it still shows > > [root at squints ~]# getent passwd

fedora's authconfig must edit a bunch of files On Mon, Oct 30, 2017 at 10:53 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > I found what I needed to do > DOMAIN=MIND.UNM.EDU > SHORT=MIND > authconfig --enablekrb5 --krb5kdc=${DOMAIN} > --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind > --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN}

nope that just brute forced homedir and shell. It'll work for what I want this machine for but I'd like to get the homedir and shell from AD On Mon, Oct 30, 2017 at 10:54 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > My smb.conf file now looks like so > [global] > #--authconfig--start-line-- > > # Generated by authconfig on 2017/10/30 10:47:34 > # DO NOT

On Mon, 30 Oct 2017 09:49:24 -0600 Jeff Sadowski via samba <samba at lists.samba.org> wrote: > OS:fedora-26 > SAMBA:4.6.8 > [root at squints ~]# cat /etc/samba/smb.conf > [global] > security = ads > realm = MIND.UNM.EDU > workgroup = MIND > idmap config * : backend = tdb > idmap config * : range = 2000-7999 > idmap config MIND:backend = ad

On Mon, 30 Oct 2017 12:22:54 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > No, fedora is action strange. it isn't getting the loginShell and > unixHomeDirectory attributes even if I take out the templates. also it > sets a bunch of other files up and I'm not sure what all it is doing. > Forget it is Fedora, do not use their tools and set up the individual

On Tue, Mar 13, 2018 at 7:30 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > On Tue, Mar 13, 2018 at 5:31 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >> On Tue, Mar 13, 2018 at 4:12 PM, Rowland Penny via samba >> <samba at lists.samba.org> wrote: >>> On Tue, 13 Mar 2018 16:05:53 -0600 >>> Jeff Sadowski <jeff.sadowski at

On Tue, Mar 13, 2018 at 4:12 PM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 13 Mar 2018 16:05:53 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> On Tue, Mar 13, 2018 at 4:03 PM, Rowland Penny via samba >> <samba at lists.samba.org> wrote: >> > On Tue, 13 Mar 2018 15:57:35 -0600 >> > Jeff Sadowski

My smb.conf looks like so. [global] security = ads realm = MIND.UNM.EDU workgroup = MIND idmap config * : backend = tdb idmap config * : range = 2000-7999 idmap config MIND:backend = ad idmap config MIND:schema_mode = rfc2307 idmap config MIND:range = 8000-9999999 idmap config MIND:unix_nss_info = yes winbind use default domain = yes restrict anonymous = 2 I have

On Mon, 30 Oct 2017 10:58:01 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > nope that just brute forced homedir and shell. It'll work for what I > want this machine for but I'd like to get the homedir and shell from > AD > The only real thing running authconfig did to the smb.conf was to add: password server = MIND.UNM.EDU You shouldn't need this,

My smb.conf file looks like so [global] security = ads realm = MIND.UNM.EDU workgroup = MIND idmap config * : backend = tdb idmap config * : range = 2000-7999 idmap config MIND:backend = ad idmap config MIND:schema_mode = rfc2307 idmap config MIND:range = 8000-9999999 # added because 4.6+ no longer understands winbind nss info = rfc2307 idmap config

On Tue, Mar 13, 2018 at 4:03 PM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 13 Mar 2018 15:57:35 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> On Tue, Mar 13, 2018 at 12:54 PM, Rowland Penny via samba >> <samba at lists.samba.org> wrote: >> > On Tue, 13 Mar 2018 12:13:32 -0600 >> > Jeff Sadowski via

On Tue, Mar 13, 2018 at 12:54 PM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 13 Mar 2018 12:13:32 -0600 > Jeff Sadowski via samba <samba at lists.samba.org> wrote: > >> My smb.conf file looks like so >> >> [global] >> security = ads >> realm = MIND.UNM.EDU >> workgroup = MIND >> idmap config * :

No, fedora is action strange. it isn't getting the loginShell and unixHomeDirectory attributes even if I take out the templates. also it sets a bunch of other files up and I'm not sure what all it is doing. On Mon, Oct 30, 2017 at 11:24 AM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Mon, 30 Oct 2017 10:58:01 -0600 > Jeff Sadowski <jeff.sadowski at

Hai, Checked and confirmed also on Debian stretch with samba 4.7.6. Even restart winbind does not help. A net cache flush, same did not work. A reboot, as test, did help here. I suggest increase the debug level and report bug? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jeff > Sadowski via samba >

On 30/07/2019 15:39, Jeff Sadowski via samba wrote: > winbindd -V > Failed to create /var/log/samba/cores for user 11490 with mode 0700 > Unable to setup corepath for winbindd: Permission denied > Version 4.10.5 > > cat /etc/samba/smb.conf > [global] > log level = 3 winbind:5 > winbind cache time = 10 > security = ads > realm = SUB.DOMAIN >

On Tue, Mar 13, 2018 at 5:31 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > On Tue, Mar 13, 2018 at 4:12 PM, Rowland Penny via samba > <samba at lists.samba.org> wrote: >> On Tue, 13 Mar 2018 16:05:53 -0600 >> Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >> >>> On Tue, Mar 13, 2018 at 4:03 PM, Rowland Penny via samba >>>

ok after fighting to get my groups sorted out for my test user I created an "sudoer" group and added "jefftest" to "sudoer" > id jefftest uid=11507(jefftest) gid=8513(domain users) groups=8513(domain users),31020(sudoer) and added "sudoer" to /etc/sudoers like so %sudoer ALL=(ALL) ALL now when I login as jefftest I can run commands using sudo back to

One of my colleagues at work brought to my attention that they could continuously attempt different passwords on a linux machine connected via AD via winbind. I did a test or too and it appears not to lock the account after numerous attempts. Is there a way to get the behavior like windows where too many invalid passwords puts a temporary lock on the account?