Displaying 20 results from an estimated 10000 matches similar to: "SRV records."
2019 May 18
0
SRV records.
If you use bind9 as DNS the client will get the list via round-robin and
will take the first IP from the list, BUT if you set up sites then the
client will take one from it's site.
Am 16.05.19 um 16:21 schrieb A. James Lewis via samba:
> Hi all,
>
> A slightly hypothetical one here... but after Samba (Winbind actually)... looks up the list of AD server for a doman from DNS... what
2019 May 18
2
SRV records.
I have control only over the Winbind client, not over the AD server...
so I need to ask, is "sites" something set up on the AD side?... and
since you suggest that DNS impacts this, are you saying that the "sites"
parameter is encoded in the DNS values?... Do i need to ensure that the
host is querying an AD DNS directly, or will it still work if the DNS is
relayed via
2017 Oct 30
4
Listing AD group members
Oh, I assumed you meant -d10, since -d0 turns off all debug output, so the output is long, but I get:-
.
.
.
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system'
2017 Aug 21
6
Windows pre-requisites for login with winbind?
Also, I see the following repeated in syslog:-
==> syslog <==
Aug 21 15:25:41 hostname01 winbindd[691]: [2017/08/21 15:25:41.438959, 0] ../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Aug 21 15:25:41 hostname01 winbindd[691]: Kinit for HOSTNAME01$@DOMAIN.LOCAL to access cifs/LOCAL_AD02.domain.local at DOMAIN.LOCAL failed: Cannot contact any KDC for requested realm
2017 Aug 25
4
AD Group update lag / cache, firewall related?
August 25, 2017 3:12 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:
> On Fri, 25 Aug 2017 13:54:21 +0000
> "A. James Lewis" <james at fsck.co.uk> wrote:
>
>> It's not offline.... and groups do usually filter through...
>> sometimes immediately, sometimes never... but usually with a
>> significant delay...
>>
2017 Aug 22
5
Windows pre-requisites for login with winbind?
I have krb5-config krb5-user, but not libpam-krb5... I'm slightly fuzzy about how this works, but I thought the interaction with kerberos was implemented via winbind, so I wasn't expecting this package to be installed... certainly there is no dependency that has pulled it in.
James
August 22, 2017 1:15 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:
>
2017 Aug 22
6
Windows pre-requisites for login with winbind?
Hi!
Indeed!, this sounds like good advice... there are certainly bugs, I had to get the 7.04.5 package from "proposed" to get resolve a PAM library issue!... although I suppose that's a packaging problem.
What is the best way to get an updated Samba package here, I'm trying to make this system reproduceable, I have a single script that builds the entire container, and sets up
2017 Aug 21
5
Windows pre-requisites for login with winbind?
Hi all,
I've just been following a series of guides to set up "winbind" authentication on a container build I'm working on, but I'm seeing some strange behaviour....
After the "net ads join -k", some users can log in, but others cannot (pam says their account does not exist)... although they can all authenticate with kinit!
If someone has an idea why this might
2017 Oct 30
5
Listing AD group members
Hi,
Ive been trying to work out how to get wbinfo to list members of a specific
AD group, rather than list groups a specific user is in.
So far I have had no luck... In fact im not sure its possible with wbinfo.
Is there another tool which could do this?
James
--
Sent using Dekko from my Ubuntu device
2017 Aug 21
6
Windows pre-requisites for login with winbind?
August 21, 2017 5:34 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote:
> On Mon, 21 Aug 2017 15:37:03 +0000
> "A. James Lewis" <james at fsck.co.uk> wrote:
>
>> OK, obviously I am slightly sanitising the output here, but I'm
>> preserving the case, and just replacing local names with generic ones
>> as I did for the
2017 Sep 21
5
Joining a domain.
Hi,
I hope it's not a stupid question, but I'm mainly a Linux admin, and I'm really looking at Samba because of winbind, but there's something I don't really understand....
People keep talking about computer accounts and joining the domain, but the guide I followed required "net ads join -k", which doesn't appear to require authentication, and so cannot have
2017 Sep 28
4
Trusted domain with different short name to DNS name.
Hey,
I have 2 trusted domains to deal with, "DEV" and "TODEV", and I have configured smb.conf like this:-
[global]
workgroup = MAIN
security = ADS
realm = MAIN.DOMAIN.LOCAL
idmap config *:backend = tdb
idmap config *:range = 95000-99999
idmap config MAIN:backend = rid
idmap config MAIN:range = 100000-999999
idmap config DEV:backend = rid
idmap config DEV:range =
2017 Aug 22
5
Windows pre-requisites for login with winbind?
On Tue, 22 Aug 2017 12:01:20 +0000
"A. James Lewis via samba" <samba at lists.samba.org> wrote:
> Indeed!... you are correct... this does appear to be the kerberos
> issue uncovered by Rowlands pointing out that I should not need to be
> manually defining "kdc =", in my krb5.conf.... so with that resolved,
> I'm hoping we can also find the cause of my
2017 Aug 25
4
AD Group update lag / cache, firewall related?
Hey again all,
After the rather excellent assistance from a few of you on the list over the last week... I wonder if you will be able to answer the cause of another rather long standing issue I've had for a long while.
We have a couple of Linux hosts using winbind for authentication, and AD groups for access to various privileges... but for some reason or another... possible firewalls
2017 Aug 23
4
Windows pre-requisites for login with winbind?
I have to confess here, that on trying again, to get the error... I restarted everything to ensure there were no errant messages, and now installing libpam-krb5 does not cause a problem... the users are assigned a kerberos ticket when logging in which is nice too...
I must thank you and Rowland both, since I have learned a lot about how Kerberos works in this process, and debugged some issues
2018 Jan 31
3
netsamlogon_cache.tdb & winbind.
All,
I wonder if someone can give me an idea what the file "netsamlogon_cache.tdb" contains... as I have noticed that I can be added to a group, and access will not appear on the Unix side for a good deal of time... but if I stop Winbind, remove the file "netsamlogon_cache.tdb", and re-start everything, it will then work.
Can anyone tell me what the purpose of this file is,
2015 May 05
4
Managing Samba Active directory.
Hi,
I've never been a Windows user, but I'm curious to see how the AD
integration works in Linux, since it looks like we may need to have one
or two Windows desktops and I don't realy want to start setting up
Windows infrastructure. If I can have Samba as a domain controller that
makes things a lot simpler.
I have one question tho, the documentation suggests using the Microsoft
2017 Mar 13
4
Best way to integrate Unix with AD.
Hi all,
I know this is a little off topic (although it might not be because I'm sure there's a solution involving Samba!)... but I hope one of you fine people can advise me on the best approach to achieving an integrated directory supporting Unix/Linux as a first class citizen, storing autofs maps, as well as uid, gid and home folders for each user... and how would that be managed.
I see
2017 Aug 24
3
Windows pre-requisites for login with winbind?
Yes indeed.... I know a lot about the Linux side, but Windows is a bit of a mystery to me... and I have to confess to not knowing exactly how nss links various directory services into the system.... hence my comment earlier with "Password file entry" in quotes... I know it's not in the password file, and is amalgamated into the password "map", via nss, but I'm not sure
2017 Mar 14
3
Best way to integrate Unix with AD.
Is there a good guide for how to set up a Samba based AD domain
controller with RFC2307 attributes so I can experiment... I can't get
the Windows guys in my company to do anything Microsoft don't provide a
check box for, unless I can teach them how to do it... but I've not used
any of these Windows technologies for a very long time...
At least if I can show a working system then