similar to: Authentification against kerberos / sssd

On 11.12.18 15:23, Rowland Penny via samba wrote: > On Tue, 11 Dec 2018 15:09:39 +0100 > tseegerkrb via samba <samba at lists.samba.org> wrote: > >> Hello list, >> >> a quick question. Right now I have a combination of MIT Kerberos, >> OpenLDAP and SSSD for authenticating my users. Is there a way that >> Samba can use this setup to perform user

On 11.12.18 18:19, walk2sun via samba wrote: > Am 11.12.18 um 15:36 schrieb tseegerkrb via samba: >> On 11.12.18 15:23, Rowland Penny via samba wrote: >>> On Tue, 11 Dec 2018 15:09:39 +0100 >>> tseegerkrb via samba <samba at lists.samba.org> wrote: >>> >>>> Hello list, >>>> >>>> a quick question. Right now I have a

Am 11.12.18 um 15:36 schrieb tseegerkrb via samba: > On 11.12.18 15:23, Rowland Penny via samba wrote: >> On Tue, 11 Dec 2018 15:09:39 +0100 >> tseegerkrb via samba <samba at lists.samba.org> wrote: >> >>> Hello list, >>> >>> a quick question. Right now I have a combination of MIT Kerberos, >>> OpenLDAP and SSSD for authenticating my

On Tue, 11 Dec 2018 15:09:39 +0100 tseegerkrb via samba <samba at lists.samba.org> wrote: > Hello list, > > a quick question. Right now I have a combination of MIT Kerberos, > OpenLDAP and SSSD for authenticating my users. Is there a way that > Samba can use this setup to perform user authentication. I only want > to access the shares of the Samba server from about 8

On Thu, Jul 20, 2023 at 1:49?PM Johnnie W Adams <jxadams at ualr.edu> wrote: > > Hi, folks, > > We're experiencing an odd ten-second delay intermittently when logging > into any of our Linux boxes which authenticate against LDAP. Here's where > it happens: > > Jul 13 11:54:23 console2 sshd[1853]: debug1: temporarily_use_uid: <my > uid\gid>

Nico Kadel-Garcia wrote: > On Thu, Jul 20, 2023 at 1:49?PM Johnnie W Adams <jxadams at ualr.edu> wrote: >> >> Hi, folks, >> >> We're experiencing an odd ten-second delay intermittently when logging >> into any of our Linux boxes which authenticate against LDAP. Here's where >> it happens: >> >> Jul 13 11:54:23 console2

  Hi,    it there  any way how to look into samba ldap in the same way I can look into OpenLdap via LDAPAdmin, ldap tools etc, when I know OpenLDAP "root" dn and password? Is there such "root" user for Samba AD LDAP?    We have a lot of scripts based on "ldapsearch" (without authentification) and "ldapmodify" (with ldap authentification). It would be very

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Gordon Messmer > Sent: den 21 januari 2015 05:47 > To: CentOS mailing list > Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd, nss-pam- > ldapd, kerberos, etc) > > On 01/20/2015 05:26 PM, Dan Irwin wrote: > > Before I fire up a

> apt remove sssd > apt install winbind I need to disable enumerate AD user and group. With tens of thousands of objects in the AD, this makes login very slow. Another internal team already set up sssd on their OS for years. Me suddenly going to winbind would result in different uid and gid without some hacky idmap. > The smbd daemon cannot talk directly to AD, it requires winbind

Hi all, Is anyone using C7 in production with LDAP and kerberos? Currently all of my machines run C5 or C6 with nss-pam-ldapd or nss_ldap, with kerberos and pam_krb5 for authentication. Before I fire up a test VM (is it even worth it?) I wanted to check feedback from the community. Cheers! Dan

/Hello, i m playing around with MIT kerberos at moment and got the problem that openssh do not honor the "default_ccache_name" variable in /etc/krb5.conf. It looks like the FILE based credential cache is hardcoded and openssh set KRB5CCNAME to it, but i would like to use the KEYRING cache. Is there any way to tell ssh to use the cache set in "default_ccache_name"? /Many

On Fri, 12 Jul 2024 22:28:27 +0000 (UTC) Household Cang via samba <samba at lists.samba.org> wrote: > Hello there > > Seeking to serve file shares from AD-joined Debian using sssd and > Kerberos as authentication. No Winbind. Stop right there, I do not know what distro you are using, but if it was Debian, I would be running the following commands: apt remove sssd apt install

Hello, I have a big performance problem with a mail server using dovecot and authenticating users via ldap. The architecture of the machine is a local ldap and mysql server, they are used by dovecot for authenticating the mail users. If i use pam_sss the mail server has about 1/8 - 1/10 the performances it has if i use the pam_ldap. Even doing a 'time ls -l' on the mail tree (there are

> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Fred Smith > Sent: den 21 januari 2015 15:35 > To: centos at centos.org > Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd, nss-pam- > ldapd, kerberos, etc) > > > > > Before I fire up a test VM (is it even worth it?) I wanted to

Hello there Seeking to serve file shares from AD-joined Debian using sssd and Kerberos as authentication. No Winbind. Having a lot of problems and confusions... Current smb.conf, no winbind [global] ? ?workgroup = company.net ? ?realm = company.net ? ?security = user ? ?kerberos method = dedicated keytab ? ?dedicated keytab file = /etc/krb5.keytab ? ? ? ?disable netbios = yes ? ?dns proxy = yes

Hello, Our linux clients are integrated to AD by the tool "realm" (no "net ads join") and use "sssd" for authenticating AD users. What is the recommended configuration for smb.conf to authenticate AD users for directory shares? First, it looks like the configuration for "security" should be "ADS" and "server role" should be

Hi, I'm trying to migrate to samba4 and had the following issue: I have SSSD configured to authenticate users on linux machines that I get from a samba4 service through LDAP endpoint. Users are successfuly authenticated in the system, but I can't manage to change password of these users from command line. When I try to use passwd command, i got the following: Password change failed.

---------- Původní e-mail ---------- Od: Rowland Penny via samba <samba at lists.samba.org> Komu: samba at lists.samba.org Datum: 27. 6. 2018 11:49:38 Předmět: Re: [Samba] AD LDAP "On Wed, 27 Jun 2018 11:31:15 +0200 (CEST) Michal via samba <samba at lists.samba.org> wrote: >   Hi, >   >  it there  any way how to look into samba ldap in the same way I can > look

I have not looked at Kerberos is years. But it looks like KRB5CCNAME comes from: https://github.com/openssh/openssh-portable/blob/master/gss-serv-krb5.c#L134-L197 But it depends on which version of Kerberos you have, and if you are also use PAM. Google for: heimdal kerberos cache name It looks like there is now a SSSD Kerberos Cache Manager rather then storing in individual file. On 6/11/2024

Good day everyone, I am currently testing integrating kerberos into our MMR openldap cluster and things have gone well so far. I can ssh to my test clients using my kerberos credentials then ssh using GSSAPI to other hosts as defined in my principals using my ticket, achieving SSO. *I wanted to see if I could make the cache file user-specific, instead of the default location