similar to: AD authentication with separate LDAP authorization

Hi all, SHORT VERSION How can I configure Samba 4.8.0 serving users on Windows 7 clients to authenticate using their domain login credentials (winbindd and Active Directory) but be authorized (i.e. perform user/group lookup) against a separate OpenLDAP server? This was easy in previous versions of Samba with the fallback mechanism

On 11/06/2019 17:48, Ryan via samba wrote: > Hi all, > > SHORT VERSION > How can I configure Samba 4.8.0 serving users on Windows 7 clients to > authenticate using their domain login credentials (winbindd and Active > Directory) but be authorized (i.e. perform user/group lookup) against > a separate OpenLDAP server? > > This was easy in previous versions of Samba with

IMHO, in short, learn to use encrypted connections. 2016-07-27 22:38 GMT+02:00 Kris Lou <klou at themusiclink.net>: > As of 4.2.11: https://www.samba.org/samba/security/CVE-2016-2112.html > > =================== > New smb.conf option > =================== > > ldap server require strong auth (G) > > The ldap server require strong auth defines whether the

CC: List Thanks for the tip! Kris Lou klou at themusiclink.net ---------- Forwarded message ---------- From: Andrew Bartlett <abartlet at samba.org> Date: Fri, Jul 15, 2016 at 3:23 PM Subject: Re: [Samba] Samba 4.2.14 Internal DNS not returning DNAME records? To: Kris Lou <klou at themusiclink.net> On Fri, 2016-07-15 at 14:41 -0700, Kris Lou wrote: > > On Fri, Jul 15, 2016

Just because it hasn't yet been mentioned, did you run 'smbpasswd -w <ldap-secret>' to pass samba the admin dn passwords? https://wiki.samba.org/index.php/Samba_%26_LDAP#Let_Samba_use_LDAP Kris Lou klou at themusiclink.net On Tue, Oct 16, 2018 at 2:24 PM, Andrew Bartlett via samba < samba at lists.samba.org> wrote: > On Tue, 2018-10-16 at 20:55 +0100, Rowland Penny

I was fighting this a few weeks ago, and asking here. I *finally* solved it yesterday... and the answer isn't pleasant. Running the command authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall breaks crond, as per bugzilla # Bug 1650314. The way that it breaks it is to insert into /etc/pam.d/password-auth-ac two lines reading

So you have to reset the other account flags after doing it? On 08/15/2019 02:43 PM, Kris Lou via samba wrote: > pdbedit -c="[]" <user> > > This clears the Account Flags (warning, clears ALL Account flags) that you > can also view via "pdbedit -Lv <user>" > > > Kris Lou > klou at themusiclink.net > > > On Thu, Aug 15, 2019 at 12:11

Well, this is interesting (to me, at least). I joined a W10 machine to the domain (4.8/4.9.4 mix, I'm working on it), then renamed it via "WMIC /node:<computer> computersystem where name="<computer>" call rename name="<newname>". Doing so changed the displayName, sAMAccountName, dNSHostName, and assorted servicePrincipalNames, but did not change the

> > There is also Citrix XenServer for maxium > comfort. It offers GUI tools under Windows for managing VMs. The > drawback is, there are a lot of parameters you cannot set in the non > paid version. Just to throw it out there, there's also XCP-NG which is a rebranded (w/o Citrix) version of XenServer without all of the proprietary bits. The same people also produce

On Wed, Dec 27, 2023 at 12:21?PM Sonic <sonicsmith at gmail.com> wrote: > On Wed, Dec 27, 2023 at 2:31?PM Kris Lou via samba > <samba at lists.samba.org> wrote: > > > named.conf.local > > > ===================== > > > include "/usr/local/samba/private/named.conf"; > > > ===================== > > > > Is the correct

I have a bit of an oddity here: I'm using Samba 4.2.14 with AD, using Samba's internal DNS to serve to my domain (and forwarding others to Google Public DNS 8.8.8.8). However, it looks like client queries (and subsequent forwards) to a vendor's URL (www.pitneybowes.us) fail, but are successful if I query Google directly: [root at XXXX~]# nslookup -type=any www.pitneybowes.us >

OK, lets dig further. Does your sssd.conf have [sssd] section? Something like [sssd] debug_level = 4 config_file_version = 2 domains = your-domain-name-here If it's not there, add it and modify the [your-domain-name-here] section so it'll look like this: [domain/your-domain-name-here] 23.06.2016, 15:51, "Kaplan, Andrew H." <ahkaplan at partners.org>: > Hello ?

Perhaps try http://wing-repo.net/ for CentOS rpms? The readme is out of date -- inspecting the repo at http://wing-repo.net/wing will find 4.6, 4.7 (in extras), 4.8rc3. Kris Lou klou at themusiclink.net On Wed, Feb 21, 2018 at 8:27 PM, denis.shigapov via samba < samba at lists.samba.org> wrote: > We have the standard centos. > I have recompiled packages from Fedora, as well as all

Hello -- We are running CentOS 7.2 on a virtual machine, and we are trying to set up LDAP authentication. The ldap packages that are currently installed on the system are the following: python-sss 1.13.0-40.el7_2.4 python-sssdconfig 1.13.0-40.el7_2.4 sssd 1.13.0-40.el7_2.4 sssd-ad 1.13.0-40.el7_2.4 sssd-client 1.13.0-40.el7_2.4 sssd-common 1.13.0-40.el7_2.4 sssd-common-pac 1.13.0-40.el7_2.4

Hi all, I seem to have run into a case where my DC's aren't being round-robin'ed by DNS. I've got 3 DC's using Internal DNS, but every time I ping mydomain.com and check the results (ipconfig /displaydns), it's always in the same order. The same order appears when I query the DC's directly, individually: # nslookup mydomain.com 172.23.51.5 Server:

piggybacking on the "Syncing Sysvol" thread ... I had thought that the conventional wisdom was that ntacl sysvolreset should be mostly avoided once relative stability achieved and additional GPO's created. https://wiki.samba.org/index.php/Sysvolreset Has this changed recently? Kris Lou klou at themusiclink.net

I've found that some embedded devices have older CIFS clients, which can only talk over SMB1. So, you can adjust your server to allow it, or look for another file transport. Kris Lou klou at themusiclink.net On Wed, Sep 9, 2020 at 3:16 PM Jeremy Allison via samba < samba at lists.samba.org> wrote: > On Wed, Sep 09, 2020 at 02:35:28PM -0700, Peter Pollock via samba wrote: >

Kaplan, Andrew H. wrote: > Hello -- > > I made the suggested changes to the sssd.conf file, and the results are > the same. > > Just to make sure my syntax is correct: > > The following section was added to the end of the file: > > [sssd] > debug_level = 4 > config_file_version = 2 > domains = company/company.org > One little detail you may have missed:

Hello ? Thank-you for your e-mail. I corrected the syntax in the file, and I have confirmed the permissions are correct: -rw-------. 1 root root 266 Jun 23 08:45 sssd.conf Unfortunately, the error condition and messages listed in my initial e-mail are still present. From: l at avc.su [mailto:l at avc.su] Sent: Thursday, June 23, 2016 8:34 AM To: CentOS mailing list; Kaplan, Andrew H.

Shanks for the hint! Very strange that the default is only to use a deprecated protocol… Anyway, this option has no effect on this issue… Yvan Le 31/05/2019 à 18:53, Kris Lou via samba a écrit : > Most likely, your Windows 10 (file server) is disallowing SMB1 connections, > which is the default for smbclient. > > You can force smbclient to use a higher protocol with "smbclient