similar to: Samba + sssd

On 6/25/19 11:21 AM, Gregory Sloop via samba wrote: > You can always connect to the SMB share using a domain user/password credential set, even if you're not a member of the domain. > Something like - Connect as: User: "somedomain\pat" with Pat's password. > When we try this from a machine that is not connected to the domain, authentication fails:

On 6/25/19 12:57 PM, Gregory Sloop via samba wrote: > Hmmm... > > Use the netbios name, instead of a FQDN, perhaps? > i.e.: \\cns-bio-krak1\emtifs > [I'm assuming the NB name. If I'm wrong, correct it.] > > I know I've done this with Windows DC shares, and I'm 99% certain I've done it with FreeNAS acting as a domain member. [Samba domain member.] > I

So, we have Samba file sharing working on CentOS 7.6 with sssd: [root at cns-srv-lnode2 samba]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root at cns-srv-lnode2 samba]# smbd --version Version 4.8.3 Some smb.conf configuration details: - security = user - an idmap entry is unnecessary - disable netbios = yes works fine - pretty sure nmbd is unnecessary

I thought I sent this, but didn't see it hit the list. Since this presented a considerable amount of frustration (requiring a netbios name seems illogical in an AD-only world), I'm sending it again. Apologies if this is a repost. -------- Forwarded Message -------- Subject: Samba + SSSD: confirmed working for Samba versions 4.7.6 and 4,8.3 Date: Tue, 18 Jun 2019 17:15:47 -0500 From:

On 6/12/19 11:10 AM, Rowland penny via samba wrote: > > Why are you using sssd on a standalone server ? > > your users will be in /etc/passwd and the Samba database, I don't think > sssd can talk to the Samba database. > I'm pretty sure what happens when you set [server role = standalone] is that Samba then defers to /etc/nsswitch.conf for how authorization should

On Thursday, 13 June 2019 09:18:25 PDT Goetz, Patrick G via samba wrote: > On 6/13/19 10:48 AM, Alexey A Nikitin via samba wrote: > > According to the MS docs SID=('S-'+version+identifier authority value+domain or computer identifier+RID). The SIDs that don't contain RID are the special cases of Machine SID, Domain SID, Service SID, and some predefined universal well-known

On Thursday, 13 June 2019 00:41:09 PDT Rowland penny via samba wrote: > On 13/06/2019 07:55, Alexey A Nikitin wrote: > > On Wednesday, 12 June 2019 13:07:56 PDT Rowland penny via samba wrote: > >>>> I think you mean 'RID' instead of 'SID' > >>> Yes, you're right. The Windows people seem to use the terms synonymously. > >> I cannot

I've been experimenting with setting up a CentOS 7 client using automount maps from Active Directory via sssd I've followed the instructions given at: https://ovalousek.wordpress.com/2015/08/03/autofs/ and all works fine However, I can't seem to make the client 'see' new map entries added to the map on the AD server - I've tries reducing various timeout settings in

On 13/06/2019 17:17, Goetz, Patrick G via samba wrote: > On 6/13/19 10:48 AM, Alexey A Nikitin via samba wrote: >> According to the MS docs SID=('S-'+version+identifier authority value+domain or computer identifier+RID). The SIDs that don't contain RID are the special cases of Machine SID, Domain SID, Service SID, and some predefined universal well-known SIDs [1]. According to

OK, At a loss for what to try next. According to this page, it should be possible to make this work: http://www.hexblot.com/blog/centos-7-active-directory-and-samba However, I can't get AD users to authenticate when I run net use * \\cns-cryo-road1\my_share /user:austin\pgoetz Authenticating via ssh, su, or from the console using the same AD UserName is not a problem. It seems

The problem here is that sssd does not know sernet-samba-libs is also providing samba-libs or get the source of sssd and change/add the sernet-samba-libs in de Depens of the source yourself. or ask the sssd developers to add this. Its not that hard.. apt-get install build-essentials apt-get source sssd modify the needed in sourcemap/Debian/ apt-get source -b wait... and you have your

On 30/03/15 15:49, Luca Olivetti wrote: > El 30/03/15 a les 15:43, L.P.H. van Belle ha escrit: >> The problem here is that >> >> sssd does not know sernet-samba-libs is also providing samba-libs > Not only that, the layout is also different (at least, trying to force > the installation of sssd-ad/sssd-ad-common I see that it doesn't find > libndr-nbt.so.0, which

I agree with putting the sssd discussion to bed, but am still interested in clearing up some confusion, as I'm concerned I might be missing something. On 6/12/19 12:44 PM, Rowland penny via samba wrote: > On 12/06/2019 17:43, Goetz, Patrick G via samba wrote: >> On 6/12/19 11:10 AM, Rowland penny via samba wrote: >>> Why are you using sssd on a standalone server ?

Dear all, i have a problem with sssd in conjunction with ldap on a centos 7 x86_64 box. ldap works fine. I can login there as an usual user registred in ldap. I want now restrict the access with ldap's host attribute. This is beeing ignored. Still every ldap user can login, no matter what the host attribute says. I googled around and only found that sssd.conf need two lines: access_provider

I've been going around in circles with this for days and I'm stuck. I'm trying to run up a new AD environment with only Samba 4.8.3 servers that we'll authenticate user server access against via SSSD/LDAP using a simple bind. All of our servers are either CentOS 6 or 7. I've created a test environment with a single Samba AD 4.8.3 server as the AD server, a Windows 7 client

On 6/12/19 7:00 AM, Rowland penny wrote: > How are you actually running samba ? > How are you actually running samba ? I *think* setting security = user server role = auto makes Samba run as a standalone server, which is fine, because authentication is handled via /etc/nsswitch.conf: passwd: compat systemd sss group: compat systemd sss shadow:

On 6/13/19 10:48 AM, Alexey A Nikitin via samba wrote: > According to the MS docs SID=('S-'+version+identifier authority value+domain or computer identifier+RID). The SIDs that don't contain RID are the special cases of Machine SID, Domain SID, Service SID, and some predefined universal well-known SIDs [1]. According to the common use in MS tools SID encompasses RID. And even in

Keep you naming conventions as they should. wrong netbios name = cns-bio-krak1 right netbios name = CNS-BIO-KRAK1 If you resolving setup is correct. Then you can use : disable netbios = yes and dns proxy = yes Then your netbios name should be resolved over dns. But you still need to set it as shown above. > Still need to find out if there is a > way to allow a few non-domain

On 12/27/22 22:55, Gordon Messmer wrote: > On 2022-12-25 07:44, Jelle de Jong wrote: >> A recent update of the sssd-common-2.8.1-1.el8.x86_64 package is >> causing sssd.service systemctl failures all over my CentosOS machines. > ... >> [sssd] [confdb_expand_app_domains] (0x0010): No domains configured, >> fatal error! > > > Were you previously using

> On 1/3/23 05:17, Orion Poplawski wrote: >> On 12/30/22 04:06, Jelle de Jong wrote: >>> On 12/27/22 22:55, Gordon Messmer wrote: >>>> On 2022-12-25 07:44, Jelle de Jong wrote: >>>>> A recent update of the sssd-common-2.8.1-1.el8.x86_64 package is >>>>> causing sssd.service systemctl failures all over my CentosOS >>>>>