similar to: AD for Kerberos authentication, *separate* OpenLDAP for User/Group Lookup

So far answers I've received on this list have been inconsistent at best and downright inaccurate at worst. I'm going to try one more time and see if, at the very least, someone can give me a lead. I ask you to consider what I'm asking remotely possible, and then seek a solution. (Particularly before one blasts off an ill-thought out message that says simple, "Can't be

On 11/06/2019 17:48, Ryan via samba wrote: > Hi all, > > SHORT VERSION > How can I configure Samba 4.8.0 serving users on Windows 7 clients to > authenticate using their domain login credentials (winbindd and Active > Directory) but be authorized (i.e. perform user/group lookup) against > a separate OpenLDAP server? > > This was easy in previous versions of Samba with

> > Shooting in the dark, but: > > idmap config * : ldap_user_dn = uid=samba,ou=agents,dc=mydomain,dc=com > > > Is this correct? And do you have credentials stored to access the LDAP > directory? > Yes and yes. The credentials and authentication process to the LDAP server are working correctly as verified positively by the log files. > > Kris Lou > klou at

Hi all, SHORT VERSION How can I configure Samba 4.8.0 serving users on Windows 7 clients to authenticate using their domain login credentials (winbindd and Active Directory) but be authorized (i.e. perform user/group lookup) against a separate OpenLDAP server? This was easy in previous versions of Samba with the fallback mechanism

I googled a lot but didn't find any answer. My problem is next: I have Openldap/kerberos directory. I have samba (samba-A), which acts as NT PDC and use ldap/kerberos as backend. I have another samba server (samba-B) which I want to authenticate users in my directory. Of course I can join it to my samba NT PDC, it works, but by this a loose ability to authenticate via kerberos tickets.

Hi, I have been working on Windows NT PDC to OpenLDAP+Samba migration project and all is going on well, thanks to idealx. Now, I want to now do migrate MS Windows 2000/2003 based Active Directory to Linux+Samba+OpenLDAP+Kerberos. Somehow, the impression that I am getting having gone through many docs, including those from samba.org is that its not possible till probably version Samba 4 is out. My

Howdy, I'm trying to build 3.0.14a on Solaris 9 sparc, and I am seeing a linker error. I tried building yesterday (and had configure errors related to libs), and then I found information about conflicts with Sun standard kerberos bits (and missing header files). I've installed and compiled Openldap and MIT Kerberos, and pointed LDFLAGS to the new installed locations. The new install

Hi, i'm looking for this how-to, often referenced but no more available: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Is there anywhere an how-to about integrating Heimdal, Kerberos, Samba and OpenLdap? Thank you in advance Marcello

Hi all, I have created a project for myself in that I would like to store an MIT Kerberos database inside LDAP (Using OpenLDAP). I have found some relevant results but most of them are extremely outdated and unreliable. I did however recently find an article for Ubuntu that was up to date however it wasn't focused on CentOS/Red hat-based distros. Has anybody found something like this

I have been trying to put together a SAMBA installation with winbind that will link to an existing ActiveDirectory, to allow UNIX (Solaris 9) hosts to accept logins from people using AD credentials. This has been slow going. Since I am running Solaris 9, Sun took a while to re-enable non-standard PAM/nsswitch.conf entries so winbind would work at all, but this part is now fixed. I think I

Dear all, is it possible to migrate from an existing MIT kerberos / openldap setup to samba AD? We can re-create the accounts through a script, but it would be nice to be able to keep passwords for users and machine accounts / keytabs which are in our existing KDC. Thanks for any insights, Christian

First, I'll just say this is a question principally about the arcane mysteries of Samba to OpenLDAP authentication. I've had Samba to OpenLDAP authentication running for a while now using the samba.schema and the ldapsam module. Now I'd like to understand a bit more about how that works in order to take it a step further and get openLDAP to bind against a Kerberos database via

RedHat enterprise v4 openldap 2.2.13-4 cyrus-sasl 2.1.19-5.EL4 samba 3.0.10-1.4E.9 krb-libs 1.3.4-27 server1: openldap and kerberos server server2: samba server We have openldap working as posix source for all of our *nix logins - with passwords stored in kerberos accessed via sasl. We have an exiting samba server running on redhat for macintosh/windows user access to network storage. Our

On Wed, 23 Jan 2019 13:10:04 +0100 (CET) Jens Günther <guenther at soscomp.de> wrote: > Thank you so much for your replies. In the meantime, I was able to > talk to the consultant again, who - as you already suspect - did the > "classicupgrade" with us. He explained to me that we changed from > rfc2307 to rid after the classic upgrade. Did he explain why you changed

Rowland, Thank you, I'll try to implement your suggestions. But it definitely worked without winbind. On Wed, Mar 20, 2019 at 1:26 PM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Wed, 20 Mar 2019 13:11:47 +0200 > "linux.il" <linux.il at gmail.com> wrote: > > > >> - There have been no configuration changes to the system > >

Hi! How do I configure smb.conf and/or Pam as a single sign on server if I have a LDAP server with a Kerberos as password backend through gssapi? I only see either Samba/ldap as PDC or Samba/kerberos with ads on the Internet. Not both at the same time? I've already configured samba with LDAP and Kerberos support. Everything seams to works. I also configured Samba with ads and Pam support if

Hi! I have been reading for about two weeks (maybe I'm reading on the wrong places). I have found as many documents as one could expect describind how to build a LDAPv3 server, or how to build samba with ldap. This far, I have failed, and have a BIG confution in the order in wich the things should go: In one document, they recommend this: samba -> ldap -> sasl -> kerberos

Hi all, *Dovecot version: 2.2.22 (fe789d2)* *Ubuntu version: 16.04* *OpenLDAP version: openldap-2.4.42+dfsg* Configurations *# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf# Pigeonhole version 0.4.13 (7b14904)# OS: Linux 4.10.0-28-generic x86_64 Ubuntu 16.04.3 LTS disable_plaintext_auth = nolisten = *log_path = /var/log/dovecot.logmail_location =

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 10 Jul 2018, Anushka Bandara wrote: > * Error: User initialization failed: Namespace '': > mkdir(/home/users/"user"/Desktop/Maildir) failed: Permission denied > (euid=1000(myuser) egid=5000(<unknown>) missing +w perm: /home, we're not > in group 100(users), dir owned by 0:100 mode=0775)* Well, what is

We are trying to connect a file server to our AD for sid info, while trying to use our OpenLDAP server for uid, gid and other posix info. Is there any way to do this? We already have uids, gids, and sids so we can't dynamically create them.