Displaying 20 results from an estimated 20000 matches similar to: "What does a domain member authentication failure mean?"
2018 Nov 10
2
How to Samba share with mixed Active Directory 'Classic' authentication
I have a Samba4 AD Domain with one of the file servers as a domain member. This file server
host the main network shares for the domain. Currently, Windows users mapping this share are
authenticated using their AD domain credentials. That all works just fine.
What I want to do now is ALSO allow a user on a network host which IS NOT a domain member, and
the user is not domain users to also
2018 Nov 10
0
How to Samba share with mixed Active Directory 'Classic' authentication
Uhhh, what is wrong with how Active Directory is running? I have plenty of
machines that are and are not attached to various NT-style and AD-style
domains, hosted by Samba, and I can access the files I want.
On Fri, Nov 9, 2018 at 7:35 PM Mark Foley via samba <samba at lists.samba.org>
wrote:
> I have a Samba4 AD Domain with one of the file servers as a domain member.
> This file
2019 Aug 21
2
Authenticating Samba Share with Domain Administrator
I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map
shared directories just fine without having to enter Credentials. If I try doing that with the
domain Administrator it prompts me for the credentials, then fails. On the NAS I can get an
"OK" status with ntlm_auth using the administrator credentials. I cannot 'su -' to the
2016 Jun 26
2
Need IP on failed logins in logfile
I used to also get related log messages of the form:
auth_check_password_send: Checking password for unmapped user [HPRS]\[mark]@[ROVER]
auth_check_password_send: mapped user is: [HPRS]\[mark]@[ROVER]
but now all I get is the auth_check_password_recv in the log. Perhaps the change is due to an
upgrade to Samba, or perhaps a change I made to my smb.conf log options? (see log config in
my
2017 Nov 27
2
How to use AD authentication for normal Samba file sharing
With help from kjhambrick at linuxquestions.org I did figure out how to authenticate from a
Window domain member to a samba share using AD credentials. My smb.conf is listed below. I
was able to map the share from Windows using domain credentials and create a file on the share.
Here's my next challenge: All the UID.GIDs on the share (287G and +105K files) are currently
the non-AD values of
2016 Jun 26
1
Need IP on failed logins in logfile
On Sun, 26 Jun 2016 09:24:16 Rowland penny <rpenny at samba.org> wrote:
> ...
> So, if you are looking for an ipaddress of a failed login attempt, it
> seems you can get it.
That looked interesting. I tried creating the logfile /var/log/samba/.log.samba.%m and restart
samba. What it did was immediately create separate log files for each currently attached
workstation:
2016 Jun 26
0
Need IP on failed logins in logfile
On 26/06/16 06:16, Mark Foley wrote:
> I used to also get related log messages of the form:
>
> auth_check_password_send: Checking password for unmapped user [HPRS]\[mark]@[ROVER]
> auth_check_password_send: mapped user is: [HPRS]\[mark]@[ROVER]
>
> but now all I get is the auth_check_password_recv in the log. Perhaps the change is due to an
> upgrade to Samba, or perhaps
2019 Aug 22
0
Authenticating Samba Share with Domain Administrator
On 21/08/2019 22:47, Mark Foley via samba wrote:
> I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map
> shared directories just fine without having to enter Credentials. If I try doing that with the
> domain Administrator it prompts me for the credentials, then fails. On the NAS I can get an
> "OK" status with ntlm_auth
2017 Nov 28
0
How to use AD authentication for normal Samba file sharing
I guess I'm answering my own questions on this thread!
I believe I've found the answer to my last issue on this. To my smb.conf (message below), add:
force user ohprso
force group ohprs
I've tested it and the Domain user 10001.10001 was able to create a file on the samba share as
1001.103.
If that seems wrong to anyone on this list, please advise. Even if it looks right, perhaps
2019 Aug 28
2
Authenticating Samba Share with Domain Administrator
On Thu, 22 Aug 2019 08:04:10 +0100 Rowland penny <rpenny at samba.org> wrote:
>
> On 21/08/2019 22:47, Mark Foley via samba wrote:
> > I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map
> > shared directories just fine without having to enter Credentials. If I try doing that with the
> > domain Administrator it
2016 Jun 25
4
Need IP on failed logins in logfile
I am running Samba Version 4.1.23 as an AD/DC on Linux Slackware64 14.1. I am logging samba
messages to /var/log/samba/log.samba with logging set to the following in smb.conf:
log level = 2 passdb:5 auth:10 winbind:2 lanman:10
I have a script that scans this logfile for message like the following:
auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\thisuser] FAILED with
2019 Aug 28
0
Authenticating Samba Share with Domain Administrator
On 28/08/2019 04:34, Mark Foley via samba wrote:
> On Thu, 22 Aug 2019 08:04:10 +0100 Rowland penny <rpenny at samba.org> wrote:
>> On 21/08/2019 22:47, Mark Foley via samba wrote:
>>> I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map
>>> shared directories just fine without having to enter Credentials. If I
2016 Jun 29
2
Looking for GSSAPI config [was: Looking for NTLM config example]
The last log line shows "user=<>". This indicates no credentials were
presented. If the rip field matches the client ip you tested from, I would
bet the appropriate kerberos ticket (imap/host.domain.tld at REALM) was not
pulled for the authentication.
On Jun 28, 2016 11:33 PM, "Mark Foley" <mfoley at ohprs.org> wrote:
> Aki - partial success! I rebuilt my
2015 Sep 07
0
How to "Windows Authenticate"
Hmm.? I would expect to see 'mark at hprs.com'.? Whatever your full domain
name is.
It also won't look up /etc/shadow - Samba is doing the AD->Unix UID
mapping.? Your AD users shouldn't be in there when all is said and done.?
Well, at when I did a Samba4 install as a DC it still behaved like a Samba3
member, and there were no AD users in the local unix passwd files.
What does
2015 Sep 08
0
How to "Windows Authenticate"
More experimentation ...
I tried removing userdb and passdb from the dovecot NTLM config. That didn't
work. I then tried adding a static userdb as follows:
userdb {
driver = static
# allow_all_users = yes
args = gid=100 home=/home/HPRS/%n
}
(Interestingly, when I uncommented "allow_all_users" I got an "unsupported
setting" [or something like that], even though that
2017 Jan 17
2
Apparent Maildir permission issue
Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark))
Just wanted to point out that you have at different UID for the folder
than your EUID (gotten from userdb/passdb).
Aki
On 16.01.2017 23:09, Mark Foley wrote:
> More
2016 Jun 29
2
Looking for GSSAPI config [was: Looking for NTLM config example]
> On Jun 28, 2016, at 10:32 PM, Mark Foley <mfoley at ohprs.org> wrote:
>
> Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, and restarted. Now I
> don't get that "Unknown authentication mechanism 'gssapi'" message in maillog, and mail is
> delivered successfully to the other domain users having PLAIN authentication. That's a
2015 Sep 09
3
How to "Windows Authenticate"
If I had time I would be all over this - but IMHO the main problem is that
Dovecot != Exchange.? Even in small environments - unless I'm out of date,
there's no calendar, tasks or contact lists within Dovecot.
Your next best best is to use something like Horde that would allow you to
auth via ActiveSync (on Outlook 2013 clients) and manage everything else
that the users will want, with
2018 Jun 07
2
Domain Member Computer not showing in ADUC
On Thu, 07 Jun 2018 08:54:51 +0200 Henry Jensen wrote:
>
> Am 6. Juni 2018 19:55:52 MESZ schrieb Mark Foley via samba <samba at lists.samba.org>:
> >I am running Samba 4.4.16 on Slackware64 14.2. I have a domain member
> >Windows 7 workstation. I
> >upgraded the hardware on this computer a couple of weeks ago. I deleted
> >the computer from
> >the domain,
2016 Jul 25
0
sendmail getting domain\user as email userId
Dewayne,
Thanks a lot for this patch. I'll hang on to it any probably do some experimenting on the side.
The problem with this approach is that our AD/DC/Mail-server is in an office and I have to be
concerned about future sysadmins as well as future sendmail updates. I am very reluctant to
patch OS software, especially if other solutions are available.
At worst, I can drop back and remove