Displaying 20 results from an estimated 20000 matches similar to: "`getent passwd` not working with ad backend"
2019 Jan 24
1
`getent passwd` not working with ad backend
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, January 24, 2019 9:33 AM, Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Thu, 24 Jan 2019 08:57:21 +0000
> Harpoon via samba samba at lists.samba.org wrote:
>
> > Hi all,
> > I've been reading and it seems like ad backend has many features that
> > I'd like to use. However, despite browsing many
2019 Jan 15
4
SSH SSO without keytab file
Hai,
Lets start here.
Handy for us to know.
OS?
Samba version?
AD or member setup?
And I suggest, set this in the ssh server.
# GSSAPI options
GSSAPIAuthentication yes
Restart the ssh server and try to SSO login.
If its a AD server this should work.
Yes, you dont get home dir etc, end up in / after login, but lets check if this works.
Greetz,
Louis
> -----Oorspronkelijk
2019 Jan 24
0
`getent passwd` not working with ad backend
> Did you assing uid/gid's to the user/groups?
> https://wiki.samba.org/index.php/Maintaining_Unix_Attributes_in_AD_using_ADU
> C
I added uid/gid to the new users and groups. I dont have access to ADUC so can't check atm.
Here's how I added new group:
`samba-tool group add lag --gid-number 16000 --nis-domain SAMDOM`
Here's how I added new user:
`samba-tool user
2019 Jan 18
1
SSH SSO without keytab file
Thanks for the prompt reply!
> I did see that you are using Administrator, and thats the problem.
> Administrator is mapped to root ( most of the time ),
> if you assigned Administrator UID = 0 then you have a problem, because only root = uid 0.
>
> Never ever give Administrator a UID/GID
I am using tdb backend. It mapped administrator account to 12000:10000.
> So try again
2019 Jan 18
4
SSH SSO without keytab file
Hai,
> -----Oorspronkelijk bericht-----
> Van: Harpoon [mailto:harp00n at protonmail.com]
> Verzonden: vrijdag 18 januari 2019 9:24
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] SSH SSO without keytab file
>
> Thanks for the prompt reply!
Your welkom.
>
> > I did see that you are using Administrator, and thats the problem.
2019 Jan 24
0
`getent passwd` not working with ad backend
Hai,
> Here's how I added new group:
>
> `samba-tool group add lag --gid-number 16000 --nis-domain SAMDOM`
>
> Here's how I added new user:
>
> `samba-tool user create user23 --unix-home=/home/%U
> --uid-number=14800 --login-shell=/bin/bash --gid-number=16000
> --nis-domain SAMDOM`
Yes, thats fine too..
>
> On the DC, I checked the new user:
>
2019 Jan 18
3
SSH SSO without keytab file
I actually spent the entire last day getting 'ad' backend to work.
Adding 'idmap config SAMDOM : backend = ad' and related lines in the client's smb.conf results in `getent passwd`
...
Use : getent passwd username
Check if wbinfo -u works also.
As tip, if you try these.
id username
getent passwd username
wbinfo -u | grep username
If all work and show your usename,
2019 Jan 18
3
SSH SSO without keytab file
> ............
>
> > You can, provided you have a user.map in smb.conf
>
> Oeps, Ah yes, forgot that, because he was testing on the DC.
> And DC's dont use the user.mapping.
>
> Thanks for the correction.
With regard to tdb ipmap, I set this parameter on domain member. Domain controller has no such parameter set.
I'll look into the other useful suggestions you
2019 Jan 24
0
`getent passwd` not working with ad backend
On Thu, 24 Jan 2019 08:57:21 +0000
Harpoon via samba <samba at lists.samba.org> wrote:
> Hi all,
> I've been reading and it seems like ad backend has many features that
> I'd like to use. However, despite browsing many forums and docs, I am
> still unable to get domain users list using `getent passwd` while
> using `ad backend`. If I change backend to tdb, then I can
2019 Jan 18
1
SSH SSO without keytab file
> > > ............
> > >
> > > > You can, provided you have a user.map in smb.conf
> > >
> > > Oeps, Ah yes, forgot that, because he was testing on the DC.
> > > And DC's dont use the user.mapping.
> > > Thanks for the correction.
> >
> > With regard to tdb ipmap, I set this parameter on domain member.
> >
2019 Oct 16
13
Samba AD-DC idmap config
Following the guidance here,
https://wiki.samba.org/index.php/Idmap_config_ad, I added idmap lines to my
smb.conf file on my Samba 4.7 AD-DC server on Ubuntu 18.04. Samba no
longer starts and testparm reports that the idmap ranges for the default *
domain and the AD domain are overlapping. Here's my smb.conf file (FWIW,
if I don't comment security = ADS, server role is set to Member
2016 Nov 24
5
getent only displays local users & groups
I have read numerous posts regarding this issue without finding a
resolution. I have a fresh Samba AD DC & a Samba Member server. the
member server has been setup using idmap config ad
wbinfo -u & wbinfo -g both work and list the domain users & groups
getent passwd & getent group both only display the local member server
users and groups
>From what I have read I understand
2018 Jan 08
3
R: R: R: cannot list/access samba share from Windows client
Ok.
I’ve done
root at SRVLNXWINTRA01:/home/data# nano /etc/samba/smb.conf
modified
idmap config COM_SPOLETO : backend = rid
to
idmap config COM_SPOLETO : backend = ad
root at SRVLNXWINTRA01:/home/data# systemctl restart smbd nmbd winbind
root at SRVLNXWINTRA01:/home/data# net cache flush
root at SRVLNXWINTRA01:/home/data# getent passwd com_spoleto\\andrea.rossetti
root at
2017 Nov 19
2
Samba to Domain Member Server Configs Messed Up, Now getent fails
Hi List
Absolute confused newb here. Again.
I noticed that the user gid and uids on my DCs were different from the
uids and gids I would find on the domain member file server. ( I
created users with samba-tool). User UIDs on the DCs would start in
the 30000XX range, while on the file server, the uid would start in
the 1000XX range.
In an attempt to rectify this, I changed the smb.conf from
2017 Nov 20
2
samba 4 ad member - idmap = ad for machine accounts
Samba - General mailing list wrote
> On Mon, 20 Nov 2017 10:43:58 -0700 (MST)
> tomict via samba <
> samba at .samba
> > wrote:
> On Unix there are users, groups and computers, whilst on
> Windows there are users, groups and special users that are also
> computers ;-)
>
> You posted that you have added uidNumber and gidNumber attributes to
> the users
2019 Jan 02
1
idmap problems
I've spent some time updating, upgrading and generally consolidating an old Samba AD. I've managed to remove a very old unsupported (4.2) Samba AD DC following migration to a couple of new DC's - that seems to have worked out OK. Workstation logons and GPO's working fine.
I'm now left with one problem after joining a new Samba (4.5.12) member server to the domain for file
2024 Nov 14
3
Very strange: Samba is unable to access one of its own files
On Thu, 14 Nov 2024 11:17:11 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:
> On 11/14/24 10:48, Rowland Penny via samba wrote:
> > The only things that a Samba AD DC pulls from AD is the uidNumber
> > and gidNumber attributes (if they are set) and only then if
> > 'idmap_ldb:use rfc2307 = yes' is set in the DCs smb.conf.
> >
2016 Oct 09
4
Problem with one User after upgrade to 4.5.0
On 10/09/2016 02:51 AM, Rowland Penny via samba wrote:
> Have you by any chance got another 3001108 'xidNumber' in idmap.ldb ?
> If you give a user a 'uidNumber' attribute, the contents of this will be
> used instead of the 'xidNumber' in idmap.ldb, hence you do not need to
> (and probably shouldn't) use numbers in the '3000000' range.
I managed to
2019 Oct 22
3
Samba domain users AWOL from Samba file server.
Using samba-tool on my samba DC, I created several users. On my separate
samba file server, joined to the domain, all the users are listed as
belonging to Domain Users ( getent group "Domain Users"). However, several
domain users are missing from the passwd database on the file server (i.e.,
nothing returned when I run getent passwd user3). Why would that be?
Each user has its own
2017 Feb 20
3
id maping
Hello,
I have install samba ad.
On AD the config look like
# Global parameters
[global]
netbios name = DC1
realm = SAMDOM.EXAMPLE.COM
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = SAMDOM
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
# Default idmap config for local BUILTIN accounts and