similar to: Pair ADFS with samba: possible?

Hi, Is it possible to query an Exchange server for its user list via ADFS using samba? I'm interested in integrating this support with postfix on my fedora system instead of having to maintain the list in Exchange and the list as a map in postfix. I really don't know much about Exchange and whether/how this would work. Is it secure? Is LDAPS an alternative? Is it secure? Thanks, Alex

Hello, Does samba support the use of S4U? What do we need to configure in SAMBA or krb5 to support getting a ticket obtained by S4U. We are using 3.0.25 and krb5-1.4.1 We are getting the following error: decode_pac_data: Name in PAC [username@something1.something2.realmname] does not match principal name in ticket The ticket could be different than the PAC name because the

On Tue, 31 May 2016, Alex wrote: > Hi, > > Is it possible to query an Exchange server for its user list via ADFS > using samba? > > I'm interested in integrating this support with postfix on my fedora > system instead of having to maintain the list in Exchange and the list > as a map in postfix. > > I really don't know much about Exchange and whether/how this

Seteuid now creates user token using S4U. We don't create a token from scratch anymore, so we don't need the "Create a process token" privilege. The service can run under SYSTEM again. --- contrib/cygwin/ssh-host-config | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index

OS is Centos 7; FreeRADIUS Version 3.0.13; Samba version 4.9.1; I'm building a FreeRADIUS box for Eduroam authentication for both SP & IDP, and have hit a stumbling block I can?t figure or Google my way out of. The issue is the local AD domain is along the lines of ?example.campus?, but users have a UPN of ?user at example.com? which was added for Skype for Business as prior the UPN

does SAMBA4 support Kerberos S4U tokens? Background: I am trying to get OpenSSH for windows to work on machines joined to our SAMBA4 domain We are running Samba 4.7.3-Debian on Debian 9 When attempting to SSH in to a windows client using public key credentials for a domain user it fails. When attempting to SSH into a windows client using public key credentials for a local user it works just

Hi, thank you for your answer :) ohhh that is new I thought that samba 4 was to this day incompatible with a schema update >= v67 (it is I think somewhere it is written in the documentation that the reason why windows > 2016 can't be used as domain controller is partly due to the schema that is what bothered me)) I already have set up an ADFS (win 2016) (works with heimdal krb

Hi Rowland, Apologies for the tardy reply, I mistakenly set the mailing list to digest... Thanks for the suggestion, I'll ask the AD guys about this but I have a feeling it is an unlikely solution as Office 365 & Skype for Business apparently relies on the UPN. Unfortunately the local domain is a result of following Microsoft's "Best Practice" in the early 2000's which

https://technet.microsoft.com/en-us/magazine/jj631606.aspx goes through the steps I remember taking in a windows environment. As you can see step 2 is to install ADFS this is what would need emulated with some web server. So I will try and google ADFS on apache or nginx or linux. I'll let you know if I find anything interesting. On Mon, Jun 6, 2016 at 1:53 PM, Jeff Sadowski <jeff.sadowski

On Tue, 12 Jun 2018 08:28:10 +0200 Norbert Hanke via samba <samba at lists.samba.org> wrote: > Hi Taylor > > That's not hard to explain: > > The login to a local account is under the control of sshd, and if > that has enough privileges it works. > > The login to a domain account is a kerberos login which requires > either Username and Password, or possibly

thanks, I believe I will need to do an Adfs for this kind of authentication. I found nothing in documented about federation service, is it possible to do samba? Thiago Em sex, 11 de out de 2019 00:16, Andrew Bartlett <abartlet at samba.org> escreveu: > On Thu, 2019-10-10 at 21:24 -0300, Thiago Anderson Santos via samba > wrote: > > Hello everyone, > > I received a

> > Is this all that would be required to enable a deployment based upon a > > traditional PKI? > > > If you are using windows yes, if not then you would need to find a way > to replace the EDRS (there is a good doc about it here > > https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning > ) >

Hi Andrew, I'm very interested in using Windows Hello for Business in small business environments, with Samba as the AD DC. I'm sorry that I don't have great news. The schema upgrade is the easy > part - we could do that by obtaining new schema from Microsoft: > > https://www.microsoft.com/en-nz/download/confirmation.aspx?id=23782 > (and yes, the licence terms are

On Sat, Apr 14, 2012 at 12:20:00AM +0100, Dale Amon wrote: > I might add that virt-rescue now gets much further > than I have ever seen before... it shows a line > [ 245.032513] vda: vda1 vda2 > > before hanging forever. So it at least has gotten > to the point of recognizing the partitions on the > virtual disk I want to access. This hang is also characteristic of the

Hi Andrew and Rowland, Two replies, so quickly! I'm impressed :-) On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote: > And a very interesting one at that. I'm glad to see someone has taken > on some of the ADFS capability I hear folks ask for regularly. Yes I agree, keycloak is very cool. I have found the following samba bug report:

On Tue, Apr 18, 2023 at 02:56:38PM +0200, Christian Brauner wrote: > On Tue, Apr 18, 2023 at 05:37:06PM +0800, Joseph Qi wrote: > > Andrew picked ocfs2 patches into -mm tree before. > > Yup and that's fine obviously, but this belongs to fs/ and we're aiming > to take fs/ stuff through the dedicated fs trees going forward. Er... Assuming that there *is* an active fs

Hi again, I just started to debug things on the samba4 side: When trying to mount the Windows NFS share, I get the following error on the samba4 dc (just grepping for nfs in the logs): auth_check_password_send: Checking password for unmapped user [S5DOM.TEST]\[nfs/nfsclient.mydom.test]@[] map_user_info_cracknames: Mapping user [MYDOM.TEST]\[nfs/nfsclient.mydom.test] from workstation []

hi all, I can't figure out why winbind can't find ad users with wbinfo calls. It happens on a member server, Debian GNU/Linux stretch, samba is 4.7.5 from Louis repository: [global] security = ADS workgroup = EXAMPLEAD realm = EXAMPLE.ORG idmap config * : backend = tdb idmap config * : range = 1000000-3000000 idmap config EXAMPLEAD:backend = ad idmap config

Il 04/09/18 06:00, Volker Lendecke ha scritto: > Hi! > > Technical description below, but the exec summary is: Yes, we have a > performance problem with gencache. > > On Wed, Aug 29, 2018 at 10:28:05AM +0200, Francesco Malvezzi via samba wrote: >> Hi all, >> >> I have a midsize AD domain with some 50k users but only 100 workstations >> joined. >>

Hello everybody, I've got a matrix called EUROPEDATA and I want to calculate the adf test statistic (part of the tseries package) on a rolling basis for window my.win on each column; i.e. each column of EUROPEDATA represents a particular variable; for the first column I calculate the adf test statistic for window my.win = 60 for example, roll forward one observation, calculate the adf