similar to: AD authentication with separate LDAP authorization

On 11/06/2019 17:48, Ryan via samba wrote: > Hi all, > > SHORT VERSION > How can I configure Samba 4.8.0 serving users on Windows 7 clients to > authenticate using their domain login credentials (winbindd and Active > Directory) but be authorized (i.e. perform user/group lookup) against > a separate OpenLDAP server? > > This was easy in previous versions of Samba with

> > Shooting in the dark, but: > > idmap config * : ldap_user_dn = uid=samba,ou=agents,dc=mydomain,dc=com > > > Is this correct? And do you have credentials stored to access the LDAP > directory? > Yes and yes. The credentials and authentication process to the LDAP server are working correctly as verified positively by the log files. > > Kris Lou > klou at

Hi, I'm facing a problem with setting up LDAP+TLS client authentication in a kickstart script on CentOS7 for several days. Setting up manualy the config with system-config-authentication works but I need to automate this in kickstart for deploying cluster nodes. This show that the server side is running fine. At this time the message is #systemctl status sssd |....

Hello -- I made the suggested changes to the sssd.conf file, and the results are the same. Just to make sure my syntax is correct: The following section was added to the end of the file: [sssd] debug_level = 4 config_file_version = 2 domains = company/company.org -----Original Message----- From: l at avc.su [mailto:l at avc.su] Sent: Thursday, June 23, 2016 9:08 AM To: Kaplan, Andrew H.;

On 05/07/2019 18:50, Ryan via samba wrote: > On Thu, Jul 4, 2019 at 4:49 PM Rowland penny via samba < > samba at lists.samba.org> wrote: > >> On 04/07/2019 21:25, Ryan via samba wrote: >>> I am still trying to configure Samba to authenticate users against >>> ActiveDirectory, but lookup uid and gids against a stand-alone OpenLDAP >>> server. Related

On 05/07/2019 20:00, Ryan via samba wrote: > On Fri, Jul 5, 2019 at 2:32 PM Rowland penny via samba < > samba at lists.samba.org> wrote: > >> On 05/07/2019 18:50, Ryan via samba wrote: >>> On Thu, Jul 4, 2019 at 4:49 PM Rowland penny via samba < >>> samba at lists.samba.org> wrote: >>> >>>> On 04/07/2019 21:25, Ryan via samba wrote:

On Thu, Jul 4, 2019 at 4:49 PM Rowland penny via samba < samba at lists.samba.org> wrote: > On 04/07/2019 21:25, Ryan via samba wrote: > > I am still trying to configure Samba to authenticate users against > > ActiveDirectory, but lookup uid and gids against a stand-alone OpenLDAP > > server. Related to a previous recommendation, I found the idmap_rfc2307 > >

Would someone please tell me where I can find some good troubleshooting documents to resolve AD authentication issues when using Samba? Is this mailing list the best place? I was able to setup a working WINBIND-Samba setup on CentOS 7.6, but I am required to use SSSD on a different CentOS 7.6 server. Using a test VM, I can get services running, but I can't authenticate from a Mac or

Hello ? Thank-you for your e-mail. I corrected the syntax in the file, and I have confirmed the permissions are correct: -rw-------. 1 root root 266 Jun 23 08:45 sssd.conf Unfortunately, the error condition and messages listed in my initial e-mail are still present. From: l at avc.su [mailto:l at avc.su] Sent: Thursday, June 23, 2016 8:34 AM To: CentOS mailing list; Kaplan, Andrew H.

On 28/02/2020 10:15, Goto, Ryoichi wrote: > Hi, Rowland. > Thank you for your answer. > >> I removed these: >> >> sssd sssd * realmd > Did this: > [root @ ms2 ~] # rpm -qa | grep realmd > [root @ ms2 ~] # rpm -qa | grep sss > libsss_certmap-2.2.0-19.el8.x86_64 > sssd-common-2.2.0-19.el8.x86_64 > libsss_sudo-2.2.0-19.el8.x86_64 >

On Fri, Jul 5, 2019 at 2:32 PM Rowland penny via samba < samba at lists.samba.org> wrote: > On 05/07/2019 18:50, Ryan via samba wrote: > > On Thu, Jul 4, 2019 at 4:49 PM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > >> On 04/07/2019 21:25, Ryan via samba wrote: > >>> I am still trying to configure Samba to authenticate

On Sat, Jul 6, 2019 at 3:04 PM Rowland penny via samba < samba at lists.samba.org> wrote: > On 05/07/2019 20:00, Ryan via samba wrote: > > On Fri, Jul 5, 2019 at 2:32 PM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > >> On 05/07/2019 18:50, Ryan via samba wrote: > >>> On Thu, Jul 4, 2019 at 4:49 PM Rowland penny via samba

Hello -- I have not touched that file. What change(s) do I need to make there? -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of m.roth at 5-cent.us Sent: Thursday, June 23, 2016 9:36 AM To: CentOS mailing list Subject: Re: [CentOS] sssd.conf file missing Kaplan, Andrew H. wrote: > Hello -- > > I made the suggested

Sorry for the repost: my message delivery was set to digest, and that was hard to manage use for conversation. I changed that setting. So starting clean with the same subject... I don't care about SSSD or whether it's even on the machine or not. Right now, it's only used by the machine for login. It isn't used by Samba, and I am very careful to let libwbclient-sssd nowhere near

Hello fellow Samba Users and Developers ... Recently I have been struggling to clearly understand the current documentation for IDMAP. There seems to be the old way of doing things and the new way of doing things...and the documentation is not very clear as to which way is appropriate for which release of Samba. At least not clear to those of use who don't read source code ;-) I am

Hi! How to get usermod working with SSSD/389DS ? We have SSSD set up on our server and it uses 389DS. SSSD was enabled with the following command: authconfig --enablesssd --enablesssdauth --ldapbasedn=dc=example,dc=com --enableshadow --enablemkhomedir --enablelocauthorize --update Running for example "usermod -L username" returns: usermod: user 'username' does not exist in

I am still trying to configure Samba to authenticate users against ActiveDirectory, but lookup uid and gids against a stand-alone OpenLDAP server. Related to a previous recommendation, I found the idmap_rfc2307 capability, which seems likely exactly what I what. Unfortunately, it does not seem to work. Users are not permitted to access shares for which they are in the group. Tests I found online

Le 21/11/2019 ? 16:49, Julien TEHERY via samba a ?crit?: > Le 21/11/2019 ? 15:46, Rowland penny via samba a ?crit?: >> On 21/11/2019 14:33, Julien TEHERY via samba wrote: >>> Le 21/11/2019 ? 15:15, Rowland penny via samba a ?crit?: >>>> On 21/11/2019 14:00, Julien TEHERY via samba wrote: >>>>>> Not entirely sure, but why does 'Administrator'

I was fighting this a few weeks ago, and asking here. I *finally* solved it yesterday... and the answer isn't pleasant. Running the command authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall breaks crond, as per bugzilla # Bug 1650314. The way that it breaks it is to insert into /etc/pam.d/password-auth-ac two lines reading

Hello -- We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication. The ldap packages that are currently installed on the system are the following: python-sss 1.13.0-40.el7_2.4 python-sssdconfig 1.13.0-40.el7_2.4 sssd 1.13.0-40.el7_2.4 sssd-ad 1.13.0-40.el7_2.4 sssd-client 1.13.0-40.el7_2.4 sssd-common 1.13.0-40.el7_2.4 sssd-common-pac 1.13.0-40.el7_2.4