similar to: winbind offline logon

On Thu, 14 Feb 2019 09:30:00 +0100 Piviul via samba <samba at lists.samba.org> wrote: > Hi all, I have a problem in libpam-winbind: offline logon doesn't > seems to work. The first version of samba in which I have found the > problem is 4.1 and the last is 4.7 but I fear that newer version are > affected too. Hopefully there is a workaround: you have to remove >

Il 15/02/19 13:01, Marco Gaiarin via samba ha scritto: > [...] > The same configuration happen on Debian stretch (at least). I've > effectively test offline logon in the past, but with a sub-5 minutes delay > from latest connected logon. ...but in my experience cached credentials doesn't works even in 5 minutes after a successfully logon: the mistery of winbind cached

Mandi! Piviul via samba In chel di` si favelave... > [¹] https://bugzilla.samba.org/show_bug.cgi?id=10455 Very, very interesting thing. The same configuration happen on Debian stretch (at least). I've effectively test offline logon in the past, but with a sub-5 minutes delay from latest connected logon. A note: the manpage for pam_winbind and pam_winbind.conf area bit different; the

Rowland penny via samba ha scritto il 25/08/20 alle 18:20: > [...] > Even though your users may have the same username in AD as in the > NT4-style domain, they are different users, so a few thoughts. You have > 'map to guest = bad user', so I take it you must have 'guest ok = yes' > set in the shares (you haven't shown us the shares), in effect there is no

Il 16/02/19 18:15, Rowland Penny via samba ha scritto: > On Thu, 14 Feb 2019 09:30:00 +0100 > [...] > Hi Piviul, I have read that bug report and sorry but your smb.conf is > incorrect. > > try this one: > > [global] > workgroup = DOMINIOCSA > security = ADS from man smb.conf: SECURITY = ADS In this mode, Samba will act as a domain member in an ADS realm.

Il 14/02/19 19:25, Data Control Systems - Mike Elkevizth via samba ha scritto: > I experienced this same issue (with the default packages from Ubuntu) and > switched to using sssd for all my Linux clients specifically because of > this issue. thanks Mike, have you tried the workaround I suggest i.e. remove krb5_ccache_type=FILE from the winbind row of the file /etc/pam.d/common-auth?

Mandi! Rowland penny via samba In chel di` si favelave... > You have 'allow trusted domains = No' in 'global' and from 'man smb.conf': I've had not noted that. I can confirm that my working setup had NOT 'allow trusted domains = No'. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''

Per chi vuole guardare il log generato aggiungo una piccola legenda: ZIZI (192.168.70.3) ? il server samba, win7pro-v01 (192.168.64.12) ? il client win7; inoltre il dominio AD si chiama CSATEST mentre il dominio NT (anche se non compare nei logs) si chiama DOMINIOCSA. Piviul

Rowland penny via samba ha scritto il 24/08/20 alle 17:39: > [...] > As far as I am aware, SMBv1 is still readily available on Win7, but from > Samba 4.11.0, it is now disabled on Samba, so if you must use SMBv1, you > will need to set: > > client min protocol = NT1 > > server min protocol = NT1 > > in smb.conf ok, the samba server I'm using as test has

On Fri, 25 Jan 2019 16:32:56 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > I come back in this thread, sorry. > > > Maybe https://wiki.debian.org/LDAP/NSS is a better solution for > > the mailserver. > > Probably better use directly LDAP info with native MTA tools

All DC are running same Samba version : 4.4.2. All DC are hosted on same Centos 7. On broken server(s): wbinfo -i mdufresne failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user mdufresne On working servers: wbinfo -i mdufresne AD.DOMAIN\mdufresne:*:12104:100:Mathias Dufresne (TEMP):/home/AD.DGFIP/mdufresne:/bin/false The smb.conf is:

Hi all, a PC was correctly joined to a domain but offline logon wasn't working so then I have tried to get authentication and nss using SSSD but I fail to correctly configure the logon. Then I read a message on this list that says SSSD doesn't works on samba >= 4.8. Samba installed is the 4.12 so I have followed this guide[?] to reconfigure again the PC using winbind instead of

On Mon, 28 Jan 2019 12:52:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' > > > one (seems to me)? > > The problem is (for myself anyway), I do not understand the >

Hi all, now that I have solved drivers problem on shared printers I've found a new problem regarding variable substitution on shared printers "print command"... in smb.conf on the print command parameter section I read: > %J - the job name as transmitted by the client. but the print command receive the ip address with dots replaced with underscore :? In effect in smb.conf

Hi Jonathan, Thank you for that, that solved the issue. Unfortunately I get another issue: on one DC id <user> gives "no such user". Adding domain (id ad.domain\\<user>) does not help. Adding the whole domain (id ad.domain.tld\\<user>) does not help more. I did checked PAM, NSS and Samba configurations, this server is using same configurations as the two working DC.

Rowland penny via samba ha scritto il 25/08/20 alle 12:21: > [...] > Try adding 'nltm auth = yes' to the smb.conf, it defaulted to 'no' at 4.5.0 thanks Rowland I have tried to change ntlm auth to yes but AD users continue to have problems connecting to the shares... Piviul

Marco Gaiarin via samba ha scritto il 28/08/20 alle 09:53: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > >> And i dont change registry keys to "make things work".. > > A light blink in my head. Louis, you have keeped WINS server (in old or > new domain)? Your client use it? > > When i had, as you, two domain (NT and AD), the NT

Mandi! Rowland penny via samba In chel di` si favelave... > Even though your users may have the same username in AD as in the NT4-style > domain, they are different users, so a few thoughts. You have 'map to guest > = bad user', so I take it you must have 'guest ok = yes' set in the shares > (you haven't shown us the shares), so try changing 'bad user' to

Hi all, I would like to use samba shared printers from win32 clients but I can't. I can'install drivers or access shared printers from win32 clients: on the logs I can find the error > [2020/10/29 15:41:20.197881, 0] ../source3/smbd/trans2.c:3447(smbd_do_qfsinfo) > smbd_do_qfsinfo: not an allowed info level (0x102) on IPC$. win 64 bit clients can install and use printers

Hi all, I have a samba AD domain to test to; I don't administer it, I have only an administrator account. I can join without problem win PCs to the domain but I can't linux PCs. If I try to join it I get the error: > # net ads join -U administrator > Enter administrator's password: > Using short domain name -- CSATEST > Joined 'FREERADIUS-CT01' to dns domain