similar to: AD for Kerberos authentication, *separate* OpenLDAP for User/Group Lookup

On 11/06/2019 17:48, Ryan via samba wrote: > Hi all, > > SHORT VERSION > How can I configure Samba 4.8.0 serving users on Windows 7 clients to > authenticate using their domain login credentials (winbindd and Active > Directory) but be authorized (i.e. perform user/group lookup) against > a separate OpenLDAP server? > > This was easy in previous versions of Samba with

> > Shooting in the dark, but: > > idmap config * : ldap_user_dn = uid=samba,ou=agents,dc=mydomain,dc=com > > > Is this correct? And do you have credentials stored to access the LDAP > directory? > Yes and yes. The credentials and authentication process to the LDAP server are working correctly as verified positively by the log files. > > Kris Lou > klou at

Hi all, SHORT VERSION How can I configure Samba 4.8.0 serving users on Windows 7 clients to authenticate using their domain login credentials (winbindd and Active Directory) but be authorized (i.e. perform user/group lookup) against a separate OpenLDAP server? This was easy in previous versions of Samba with the fallback mechanism

So far answers I've received on this list have been inconsistent at best and downright inaccurate at worst. I'm going to try one more time and see if, at the very least, someone can give me a lead. I ask you to consider what I'm asking remotely possible, and then seek a solution. (Particularly before one blasts off an ill-thought out message that says simple, "Can't be

I googled a lot but didn't find any answer. My problem is next: I have Openldap/kerberos directory. I have samba (samba-A), which acts as NT PDC and use ldap/kerberos as backend. I have another samba server (samba-B) which I want to authenticate users in my directory. Of course I can join it to my samba NT PDC, it works, but by this a loose ability to authenticate via kerberos tickets.

Rowland, Thank you, I'll try to implement your suggestions. But it definitely worked without winbind. On Wed, Mar 20, 2019 at 1:26 PM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Wed, 20 Mar 2019 13:11:47 +0200 > "linux.il" <linux.il at gmail.com> wrote: > > > >> - There have been no configuration changes to the system > >

We are trying to connect a file server to our AD for sid info, while trying to use our OpenLDAP server for uid, gid and other posix info. Is there any way to do this? We already have uids, gids, and sids so we can't dynamically create them.

On 2017-04-27, 07:13, Gaiseric Vandal via samba wrote: > A Samba AD directory server (domain controller) is its own > kerberos server. I don't see how you could configure it to use > another KDC. I don't know Kerberos much, so I am wondering can something like this "delegated"? > Depending on how may computers in your environment, it may be > easier to have

On 2017-04-22, 02:12, Andrew Bartlett via samba wrote: > To be clear, this would be an 'MIT Trust'. This isn't > currently supported, but would allow you to authenticate with > the username and password via krb5 from the trusted domain, > but use the ticket to log in to the Windows desktop and the > Samba file server. Actually no. I fork this thread to specifically

Hello Pierre, Am 08.04.2015 um 17:25 schrieb BRIEC, Pierre: > On Site1, the machines accounts are specifics, same for the Users and > Groups except 1 group that is common with Site2 (The Teachers). > Today, each site is independant, > > Now, i would like a create a new domain Samba4 AD whith all machines and > users from site1 and site2 together. > Then, i would make a

Hi, I have been working on Windows NT PDC to OpenLDAP+Samba migration project and all is going on well, thanks to idealx. Now, I want to now do migrate MS Windows 2000/2003 based Active Directory to Linux+Samba+OpenLDAP+Kerberos. Somehow, the impression that I am getting having gone through many docs, including those from samba.org is that its not possible till probably version Samba 4 is out. My

Howdy, I'm trying to build 3.0.14a on Solaris 9 sparc, and I am seeing a linker error. I tried building yesterday (and had configure errors related to libs), and then I found information about conflicts with Sun standard kerberos bits (and missing header files). I've installed and compiled Openldap and MIT Kerberos, and pointed LDFLAGS to the new installed locations. The new install

Hi, i'm looking for this how-to, often referenced but no more available: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Is there anywhere an how-to about integrating Heimdal, Kerberos, Samba and OpenLdap? Thank you in advance Marcello

Hi all, I have created a project for myself in that I would like to store an MIT Kerberos database inside LDAP (Using OpenLDAP). I have found some relevant results but most of them are extremely outdated and unreliable. I did however recently find an article for Ubuntu that was up to date however it wasn't focused on CentOS/Red hat-based distros. Has anybody found something like this

I have been trying to put together a SAMBA installation with winbind that will link to an existing ActiveDirectory, to allow UNIX (Solaris 9) hosts to accept logins from people using AD credentials. This has been slow going. Since I am running Solaris 9, Sun took a while to re-enable non-standard PAM/nsswitch.conf entries so winbind would work at all, but this part is now fixed. I think I

Dear all, is it possible to migrate from an existing MIT kerberos / openldap setup to samba AD? We can re-create the accounts through a script, but it would be nice to be able to keep passwords for users and machine accounts / keytabs which are in our existing KDC. Thanks for any insights, Christian

On 3/20/19 9:40 AM, Rowland Penny via samba wrote: > On Wed, 20 Mar 2019 17:22:36 +0200 > "linux.il via samba" <samba at lists.samba.org> wrote: >> Rowland, >> Thank you, I'll try to implement your suggestions. >> But it definitely worked without winbind. >> >> Then your 'Samba' problem isn't a Samba problem :-) >> >>

First, I'll just say this is a question principally about the arcane mysteries of Samba to OpenLDAP authentication. I've had Samba to OpenLDAP authentication running for a while now using the samba.schema and the ldapsam module. Now I'd like to understand a bit more about how that works in order to take it a step further and get openLDAP to bind against a Kerberos database via

RedHat enterprise v4 openldap 2.2.13-4 cyrus-sasl 2.1.19-5.EL4 samba 3.0.10-1.4E.9 krb-libs 1.3.4-27 server1: openldap and kerberos server server2: samba server We have openldap working as posix source for all of our *nix logins - with passwords stored in kerberos accessed via sasl. We have an exiting samba server running on redhat for macintosh/windows user access to network storage. Our

On Wed, 23 Jan 2019 13:10:04 +0100 (CET) Jens Günther <guenther at soscomp.de> wrote: > Thank you so much for your replies. In the meantime, I was able to > talk to the consultant again, who - as you already suspect - did the > "classicupgrade" with us. He explained to me that we changed from > rfc2307 to rid after the classic upgrade. Did he explain why you changed