similar to: DM and ''offline'' PAM (and NSS?)...

On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set

On 22/05/2023 10:14, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> I would undo that, it appears to be wrong. > > OK, i've undo also i. > > >> I have tested this on a Ubuntu 22.04 computer and it works, so I have >> updated the wiki page: >>

On Mon, 28 Jan 2019 12:52:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' > > > one (seems to me)? > > The problem is (for myself anyway), I do not understand the >

On 19/05/2023 12:02, Marco Gaiarin via samba wrote: > > I'm trying to enable offline auth in a Ubuntu 22.04 box, following: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > using standard ubuntu samba package (4.15.13+dfsg-0ubuntu1.1). > I've enabled workaround 'lock directory = /var/cache/samba'. I would undo that, it appears to be

Mandi! Rowland Penny via samba In chel di` si favelave... > I would undo that, it appears to be wrong. OK, i've undo also i. > I have tested this on a Ubuntu 22.04 computer and it works, so I have > updated the wiki page: > https://wiki.samba.org/index.php/PAM_Offline_Authentication Apparently works as expected: root at dane:~# wbinfo -K gaio Enter gaio's password:

What you show below is correct. In linux, DOM\user != user If you want that. See: https://wiki.samba.org/index.php/OpenSSH_Single_sign-on [realms] SAMDOM.EXAMPLE.COM = { auth_to_local = RULE:[1:SAMDOM\$1] } Now, since im not sure this works ok, i dont use it on my debian servers, i use option2. option2 is ignore the "not recommended setting : "winbind use

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > What you show below is correct. > In linux, DOM\user != user I know. And i was using 'wbinfo', that, AFAIK query directly winbind and no POSIX stuff... > https://wiki.samba.org/index.php/OpenSSH_Single_sign-on > [realms] > SAMDOM.EXAMPLE.COM = { > auth_to_local = RULE:[1:SAMDOM\$1] >

> I've seen: > https://wiki.samba.org/index.php/PAM_Offline_Authentication I've tried to enable offline logon, and seems to work as expected. I've only found a little strange thing, i think related to the fact that in my DM i've set 'winbind use default domain = yes'. Folowing the wiki, i've enabled offline logon and then done: ['smbcontrol winbind

In my DC, without setting explicitly a 'winbind default domain', i can check logins domainless: root at vdcsv1:~# id gaio uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication

Hello All, I am at the switch from sssd to winbind based samba domain members (Debian 9 stretch). I am using Samba 4.10.2 packages from Louis ( http://apt.van-belle.nl/ ) and rid backend for idmap. *My problem:* I am able to logon to my domain members using winbind_pam as long as my client is connected to a network where a domain controller is reachable. As soon as I shutdown and connect a

Mandi! Rowland Penny via samba In chel di` si favelave... > Now this is what I do not understand, my understanding is that 'PAM' is > used to find the correct authentication system and 'NSS' just connects > to that authentication system. No. NSS, roughly, 'extend the user database': https://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html

Having issues adapting our 3.4 configuration that worked very well using idmap rid in 3.3. It seems like winbind does not cache the credentials despite all of the settings being present. I can set winbind offline via smbcontrol and have it work, but if I reboot the machine (important for my laptops) off the network winbind complains that it can't find the logon server. When disconnected and

On Tue, 29 Jan 2019 18:47:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > Now this is what I do not understand, my understanding is that > > 'PAM' is used to find the correct authentication system and 'NSS' > > just connects to that authentication system. >

Hai Rowland, Im pretty sure this is a bug in the DC part. I'll show. On the DC. dc1:~# getent passwd winadmin NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash wbinfo --group-info="Domain Users" NTDOM\domain users:x:100: id winadmin uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)

On 23/09/2019 13:42, Trenta sis via samba wrote: > Thanks, ntlm auth is temporary until we have solved some issues > getent is needed by filesystem acl > If you think you need the 'winbind enum' lines so that 'getent' works, then think again ;-) If you do not have the 'winbind enum 'lines 'getent passwd username' will still work. 'getent passwd'

On Tue, 29 Aug 2023 15:44:35 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > >> In samba the share is: > > I wish people wouldn't do this, if you are going to post a share, > > please post the global section as well. > > Sorry. > > # Global parameters >

I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H

Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 data can be missing), so? 'sAMAccountName'? or

Samba 4.8 (Louis debian repo), DM. Today i've had to recovery a deleted file in that share, that use 'vfs_recycle' modules: [Work] comment = Spazio di Lavoro Utente map acl inherit = Yes path = /srv/work read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit volume = Work full_audit:failure = none full_audit:success = mkdir rmdir read pread

Mandi! Rowland Penny via samba In chel di` si favelave... > Is this on a DC ? No, is a DM. > If it isn't, Try setting it up exactly like it is shown on the > wikipage, note that you only need the 'vfs objects' line if it isn't > set in [global] Wikipage say only: Create a new share. For details, see Setting up a Share Using Windows ACLs. and