Displaying 20 results from an estimated 4000 matches similar to: "Joining a DC, was (no subject)"
2019 Mar 03
3
Joining a DC, was (no subject)
On Sun, 3 Mar 2019 13:14:35 +0000 (UTC)
Billy Bob <billysbobs at yahoo.com> wrote:
>
> > > > > The 'Nooooo, don't do that is:
> > > > > Don't change the UPN
> > > >
> > > > Why not? It's a recommended best practice to choose a subdomain
> > > > of your primary domain (e.g. "ad.example.com"), and
2019 Mar 02
1
Joining a DC, was (no subject)
Thanks for the input, Rowland! Replies inline:
On Fri, Mar 1, 2019 at 8:57 AM Rowland Penny via samba
<samba at lists.samba.org> wrote:
[snip]
> The 'Nooooo, don't do that is:
> Don't change the UPN
Why not? It's a recommended best practice to choose a subdomain of your
primary domain (e.g. "ad.example.com"), and then add alternate UPN
suffix which allows
2019 Mar 03
0
Joining a DC, was (no subject)
> > > > The 'Nooooo, don't do that is:
> > > > Don't change the UPN
> > >
> > > Why not? It's a recommended best practice to choose a subdomain of
> > > your primary domain (e.g. "ad.example.com"), and then add alternate
> > > UPN suffix which allows user logons to match their email addresses.
> > >
2020 Jul 10
1
Azure Sync
On 09.07.20 18:59, Bernhard Dick via samba wrote:
> Hi,
>
> Am 02.07.2020 um 17:23 schrieb Martin Hauptmann via samba:
>> Sorry if I didn't find the right manual.
>>
>> I would like to set up a new Domain Controller and connect it to an
>> existing Office 365 with Exchange in a way, AD-Users of a certain
>> group can login and not having to login to
2019 Mar 03
0
Joining a DC, was (no subject)
I *think* we're all on the same page now. My suggestion was adding an
additional entry to the UPN Suffixes list, and using that suffix
(without "ad.") when creating new users.
This Microsoft doc [1] says:
> By convention, this should map to the user's email name. The point of
> the UPN is to consolidate the email and logon namespaces so that the
> user only needs to
2020 Oct 29
1
authenticate to samba using email address
Mandi! Rowland penny via samba
In chel di` si favelave...
> You are authenticating to AD, so you need to use information that AD
> understands, its dns domain (not an email domain) and the users name, or the
> Netbios domain\username.
But UPN is written 'domainful', eg 'username at ad.domain.name':
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
2016 Aug 29
5
set UPN / SPN from samba-tool.
Hai
After my squid group adventure, i have a remaining question here.
The problem was as followed. ( and this probely dont applie to squid kerberos helpers only. )
samba-tool setup for squid i used, was as followed.
samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password
samba-tool user setexpiry
2020 Oct 05
2
Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.
Dear all,
i'm investigating the issue that I can't authenticate against a Samba (as Active-Directory Member) using the userPrincipalName (UPN). (Using Samba and sAMAccountName works fine.)
After some research I'm quite sure that winbind is limited to the sAMAccountName and can't use UPN. So I deciced to use SSSD and configured the `ldap_user_name = userPrincipalName` in the
2020 Oct 14
2
Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.
Am 14.10.20 um 08:31 schrieb Nico Kadel-Garcia via samba:
> On Tue, Oct 13, 2020 at 10:30 AM Rowland penny via samba
> <samba at lists.samba.org> wrote:
>> On 13/10/2020 15:01, Markus Jansen via samba wrote:
>>> Thank you very much for your hints.
>>>
>>> I got rid of SSSD and managed to get a successful kerberos
>>> authentication via wbinfo
2019 Mar 01
8
(no subject)
Hello,
I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab
environment, set up like this:
https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up-a-samba-4-domain-controller-on-debian-9/
I would now like to configure this server to enable login via domain
credentials. I'm aware that the Samba wiki recommends the following:
-
2023 Apr 04
1
[EXTERNAL] Fwd: ntlm_auth and freeradius
On Tue, 2023-04-04 at 09:37 +0200, Kees van Vloten wrote:
> Op 04-04-2023 om 00:32 schreef Andrew Bartlett:
>
> >
> > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote:
> >
> > > Unfortunately it's still erroring out:
> > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk
> > > (7) mschap:
2020 Oct 13
2
Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.
On 13/10/2020 15:01, Markus Jansen via samba wrote:
> Thank you very much for your hints.
>
> I got rid of SSSD and managed to get a successful kerberos
> authentication via wbinfo -K and the UPN.
>
> But accessing via SMB (using MAC OS' smbutil or Finder) still fails with
> "FAILED with error NT_STATUS_NO_SUCH_USER".
>
> As I'm using CentOS 8, I used
2016 Feb 05
2
[samba4ad] Duplicate attributes list ?
Hi all,
I just add into my AD a user with different values for attributes "CN" and
"name".
Here is an extract of the LDIF used to add this user:
------------------------------------------------------------------------------------
dc202:~# egrep 'cn:|name:' mathias.ldif
cn: Mathias Dufresne (CN)
*name: mathias.dufresne*
2016 Aug 30
2
set UPN / SPN from samba-tool.
And reading last mails comforts me in believing the filter used by client
side to retrieve user is not correct, that filter should use SPN then you
won't need to set up SPN into UPN field.
2016-08-30 15:55 GMT+02:00 mathias dufresne <infractory at gmail.com>:
> Hi Louis,
>
>
> 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba <
> samba at lists.samba.org>:
>
2013 Oct 20
2
Does Samba 4 support UPN for AD authentication
We want to know if Samba 4 supports UPN for AD authentication.
Thanks.
Angelica
2013 Jul 19
0
Winbind in Samba 4 suite and the template homedir parameter
Hi!
The command "samba-tool testparm -v" returns "template homedir = /home/%WORKGROUP%/%ACCOUNTNAME%".
Is there other variables that can be used?
It is possible to add one or more uPNSuffixes to Samba 4 AD DC to alter the userPrincipalName. Both on the "domain" level (cn=uPNSuffixes,cn=Partitions,...) and on OU-level (cn=uPNSuffixes,ou=example.org,dc=...) But is it
2016 Aug 29
1
set UPN / SPN from samba-tool.
hello Achim,
yes, if you change the
userPrincipalName LDAP attributethats suffient, thats what i changed through the windows tool.
greetz,
Louis
Op 29 aug. 2016 om 19:42 heeft Achim Gottinger via samba <samba at lists.samba.org> het volgende geschreven:
Am 29.08.2016 um 17:17 schrieb L.P.H. van Belle via samba:
No,
That was not sufficient, i had to use the windows tool to
2008 Dec 23
1
Docu for Winbind using userprincipalName (UPN)
Hi Samba-Group,
my name is carsten from cologne.
I would like to use samba/winbind in a Windows AD 2k3, 2k8 multi-domain environment as workstation.
All users from the AD should be able to logon via ssh for example.
It would great to use the MS userprincipalName (UPN). I am using samba 3.2.6.37 from sernet on a centos 5.2 system.
The normal authentication by domain+username works fine.
2016 Dec 02
6
Samba and kerberized NFSv4
> Does it work if you manually add userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry and reexport the keytab?
I already thought about trying that. So by now, I tried tweaking the client's LDAP entry.
Adding
userPrincipalName=CLIENT02.DOMAIN.TLD
does not succeeed, however, after reviewing the ldap filter once again, I added
userPrincipalName=nfs/client02.domain.tld at
2020 Oct 29
3
authenticate to samba using email address
Hi,
On 10/29/20 12:51 PM, Rowland penny via samba wrote:
> Are we talking from Windows here ?
Yes.
> If so, then 'username at dns.domain.com' should work.
dns in the above sample meaning the samba AD dns name, i guess..?
In that case, that basically means username at samba.domain.com, or
username at realm, which also equals the above)
That is still something for our end users