similar to: ADS security mode - authenticating non-domain Linux users

Hi Rowland, Thanks very much for the reply and confirming what I suspected. One quick questions in-line, if I may: On 6/4/19 4:00 PM, Rowland penny via samba wrote: > 'map untrusted to domain' made 'UNKNOWNDOMAIN\fred' become > 'LOCALDOMAIN\fred' and if 'fred' is a member of 'LOCALDOMAIN' and has > the correct password, then access will be

On 04/06/2019 20:17, Tim Miller via samba wrote: > Hi All, > > We've been beating our heads against a problem here with a new Samba > server that we're trying to bring into production, and I'm hoping that > the members of this list can provide some insight. > > Our server is on a Linux CentOS 7.6, Samba version 4.8.3 installed > from distribution packages.

Have you tried using domain\user to log in? That should work if this is the problem. Am 5. Juni 2019 03:49:43 MESZ schrieb Tim Miller via samba <samba at lists.samba.org>: >Hi Rowland, > >Thanks very much for the reply and confirming what I suspected. One >quick questions in-line, if I may: > >On 6/4/19 4:00 PM, Rowland penny via samba wrote: >> 'map untrusted

Hi All,    I am running into an issue mounting a Samba share from our Linux server. We are running Samba 4.8.8 on CentOS  7.6.1810. I have done a some testing, and I can't get the root cause of the error. Testing: CentOS 7.6 client -> Samba server, mounting fails - mount.cfs mount error(13): Permission denied CentOS 7.6 client -> Win10 desktop share, mounting works Fedora 29

hi: at RHEL 7.4 we had used "map untrusted to domain = yes". so users can login with "username" instead of "sam-dom\username". after upgrade to RHEL 7.5, samba version upgrade from 4.6 to 4.7. now "map untrusted to domain = yes" or "map untrusted to domain = auto" are not working. can we still let user to use "usename" instead

----- Original Message ----- > From: "samba" <samba at lists.samba.org> > To: "samba" <samba at lists.samba.org> > Sent: Tuesday, July 17, 2018 2:54:17 AM > Subject: Re: [Samba] Cannot authenticate as guest to domain-joined Samba 4.7.0 fileserver when map untrusted to domain = > auto > On Mon, 16 Jul 2018 16:47:57 -0500 (CDT) > Andrew Martin

----- Original Message ----- > From: "samba" <samba at lists.samba.org> > To: "samba" <samba at lists.samba.org> > Sent: Tuesday, July 17, 2018 2:29:59 PM > Subject: Re: [Samba] Cannot authenticate as guest to domain-joined Samba 4.7.0 fileserver when map untrusted to domain = > auto > On Tue, 17 Jul 2018 13:53:41 -0500 (CDT) > Andrew Martin

Hi I have a question/problem about winbind and the "map untrusted to domain" (=yes) parameter. I use samba 3.6.0 on FreeBSD 8.2 with the following configuration: [global] encrypt passwords = yes map untrusted to domain = yes allow trusted domains = yes client ntlmv2 auth = yes client use spnego = yes client lanman auth = yes client plaintext auth = no winbind enum

This change allows use of untrusted X11 forwarding (which is more secure) without requiring users to choose a finite timeout after which to refuse new connections. This matches the semantics of the X11 security extension itself, which also treat a validity timeout of 0 on an authentication cookie as indefinite. Signed-off-by: Trixie Able <table at inventati.org> --- clientloop.c | 12

Hello, I just upgraded Samba on a fileserver from 4.6.8 to 4.7.0; this fileserver is joined to a Samba4 AD Domain. I have configured the following options to allow guest access to a share: [global] guest account = nobody map to guest = Bad User [Share] guest ok = yes When attempting to connect from a local account on a Windows 7 client (the client is joined to the domain but the

On 4/24/20 2:27 PM, Tom Lendacky wrote: > On 4/24/20 4:24 PM, Dave Hansen wrote: >> On 4/24/20 2:03 PM, Mike Stunes wrote: >>> I needed to allow RDTSC(P) from userspace and in early boot in order to >>> get userspace started properly. Patch below. >>> >>> --- >>> SEV-ES guests will need to execute rdtsc and rdtscp from userspace and

On 4/24/20 2:27 PM, Tom Lendacky wrote: > On 4/24/20 4:24 PM, Dave Hansen wrote: >> On 4/24/20 2:03 PM, Mike Stunes wrote: >>> I needed to allow RDTSC(P) from userspace and in early boot in order to >>> get userspace started properly. Patch below. >>> >>> --- >>> SEV-ES guests will need to execute rdtsc and rdtscp from userspace and

On Wed, Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote: > That would still not work I think where swiotlb is used for pass-thr devices > (when private memory is fine) as well as virtio devices (when shared memory is > required). So that is a separate question. When there are multiple untrusted devices, at the moment it looks like a single bounce buffer is used. Which to me

On Wed, Apr 29, 2020 at 03:39:53PM +0530, Srivatsa Vaddagiri wrote: > That would still not work I think where swiotlb is used for pass-thr devices > (when private memory is fine) as well as virtio devices (when shared memory is > required). So that is a separate question. When there are multiple untrusted devices, at the moment it looks like a single bounce buffer is used. Which to me

A couple of things possible, from 4.8.0 winbind must be running and your smb.conf is, to be blunt, rubbish. You need to set the workgroup, you need to have idmap config lines for the workgroup, the 'winbind enum' lines only slow things down and 'map untrusted to domain' has been removed. Winbind is running and the workgroup was set as well. I omitted some lines from the smb.conf

http://bugzilla.mindrot.org/show_bug.cgi?id=803 Summary: Security Bug: X11 Forwarding is more powerful than it needs to be. Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs

2018-06-29 15:12 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>: > On Fri, 29 Jun 2018 12:56:33 +0800 > d tbsky via samba <samba at lists.samba.org> wrote: > >> hi: >> >> at RHEL 7.4 we had used "map untrusted to domain = yes". so users >> can login with "username" instead of "sam-dom\username". >>

On Tue, Nov 19, 2019 at 10:46 AM JF Bastien <jfbastien at apple.com> wrote: > And I do agree that if someone were to come in and put in the significant > amounts of work to make LLVM directly usable in security-sensitive places, > then we could support that. But none of that should have anything to do > with the security group or its membership. All of that work and discussion,

Am 2015-12-29 um 18:05 schrieb Rowland penny: > On 29/12/15 16:32, Stefan G. Weichinger wrote: >> I have to add a brand new fedora 23 server with samba 4.3.3 to an >> existing Windows ADS domain. >> >> The join is OK: >> >> # net ads testjoin >> Join is OK >> >> I use winbind as I still have to learn about sssd (and I am unsure which

Hi All, I seem to have exactly the same problem which was described in this thread a while ago. I have gone through every piece of information I was able to find on mailing list archives but all I found was people reporting similar problems and not a solution to it. As in the original discussion if I use smbclient it works fine but if I use mount.cifs it does not work at all. To make smbclient