Displaying 20 results from an estimated 5000 matches similar to: "Winbind issues with AD member file server"
2019 Jul 09
2
Winbind issues with AD member file server
Ugh, I knew I forgot something. Here is smb.conf:
---
[global]
kerberos method = system keytab
template homedir = /soe/%U
workgroup = BSOE
template shell = /bin/bash
security = ads
realm = AD.SOE.UCSC.EDU
idmap config BSOE : schema_mode = rfc2307
idmap config BSOE : range = 100-999999
idmap config BSOE : backend = ad
idmap config BSOE : unix_nss_info = yes
idmap config BSOE : unix_primary_group
2019 Jul 09
0
Winbind issues with AD member file server
On 09/07/2019 18:38, Eric Shell via samba wrote:
> I am setting up a CentOS 7 system as a file server within an AD domain,
> following the following Red Hat documentation:
>
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-file_and_print_servers
>
> Here is some information that likely complicates things:
>
> -
2019 Jul 10
2
Winbind issues with AD member file server
I agree that this sounds like, and indeed is, a recipe for disaster. I was
going to explain some of the woes of our environment but I don't think it's
actually relevant after looking at my problem a bit more. If I'm way off
base I'm happy to be herded back, but please tolerate me as I share what I
am seeing today because I really hope to solve the narrow issue of SMB file
access
2019 Jul 09
2
Winbind issues with AD member file server
Hi Rowland,
Thanks for the prompt reply. The gidNumber attribute is set to the
appropriate primary UNIX group for each user already. Are there any ways
to work around the ID issue, or at least to mitigate some of the
consequences? We looked at updating uid/gid values across the board but
there is so much data owned by existing users and groups that we haven't
been able to proceed.
On
2019 Jul 09
2
Winbind issues with AD member file server
Hi Rowland,
Currently Domain Users doesn't have a gidNumber because it didn't have a
corresponding group in OpenLDAP, which is our master directory.
The primary Unix group gidNumber for each user is replicated from their
OpenLDAP records, but the AD groups have a suffix due to historical name
collisions - a POSIX group called harry would be harry-group in AD, but
with a matching
2019 Jun 10
6
please confirm: sssd not a good idea :)
On 08/06/2019 21:32, Rowland penny via samba wrote:
> On 08/06/2019 16:24, Uwe Laverenz via samba wrote:
>> Hi all,
>>
>> when you join a linux server to an active directory with "realm" it
>> uses "sssd" as default. This works well as long as you just want to
>> be a simple domain member.
>>
>> As soon as you want a real member
2016 Jun 22
2
Samba 4 AD member server authentication issues, domain vs. ads security
Thanks for the quick replies.
One domain is at Windows Server 2008 functional level, and the other is
Windows Server 2012 R2. The samba 4 servers are running 4.2.10 and the
samba 3 servers are running 3.6.23, both from rpms available from either
the CentOS 6 or 7 repos (samba 4 on CentOS 7, samba 3 on CentOS 6).
Here's the smb.conf used on the two samba 4 servers:
[global]
> workgroup
2019 Jul 10
1
Winbind issues with AD member file server
>
> When I try to
> > access even an already-mounted NFS directory to which I have permission,
> > gssproxy complains:
> >
> > Jul 10 08:55:51 smb gssproxy: gssproxy[1469]: (OID: { 1 2 840 113554 1 2
> 2
> > }) Unspecified GSS failure. Minor code may provide more information,
> > Client 'host/smb.soe.ucsc.edu at AD.SOE.UCSC.EDU' not found in
2019 Jun 12
3
samba Digest, Vol 198, Issue 12
On 6/12/19 7:00 AM, Rowland penny wrote:
> Until yesterday I would have pointed you at the sssd-users mailing list, that was until I found this:
> *Important*
> Red Hat only supports running Samba as a server with the |winbindd| service to provide domain users and groups to the local system. Due to certain limitations, such as missing Windows access control list (ACL) support and NT LAN
2019 Jul 09
0
Winbind issues with AD member file server
On 09/07/2019 19:02, Eric Shell via samba wrote:
> Ugh, I knew I forgot something. Here is smb.conf:
>
> ---
>
> [global]
> kerberos method = system keytab
> template homedir = /soe/%U
> workgroup = BSOE
> template shell = /bin/bash
> security = ads
> realm = AD.SOE.UCSC.EDU
> idmap config BSOE : schema_mode = rfc2307
> idmap config BSOE : range = 100-999999
2020 Jun 19
2
SAMBA using existing users and passwords on Linux
On 19/06/2020 14:08, Fernando Gon?alves wrote:
> Hello Rowland. Thanks for answering.
Please post your present smb.conf
Tell us what your AD DC's are.
How did you join the domain ?
Rowland
2019 Jun 12
2
sssd not a good idea
That's clearly a documentation bug. As for the samba integration, it's now
in its own guide:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/index
(this is what I followed on 7.5/7.6 to consume realmd).
Let me open a BZ about this...
Regards,
Vincent
On Wed, 12 Jun 2019, Rowland penny via samba wrote:
> On 12/06/2019 16:31,
2016 Jun 22
0
Samba 4 AD member server authentication issues, domain vs. ads security
I should add that the samba.log file was logging NT_STATUS_NO_LOGON_SERVERS
errors when authentication attempts were failing. Workstations in the
domains were still able to authenticate, however, and I verified that the
DNS records were still correct. The SRV records were all in place and the
domain controllers' host names were resolving.
On Wed, Jun 22, 2016 at 9:44 AM, Eric Shell
2016 Jun 22
3
Samba 4 AD member server authentication issues, domain vs. ads security
I have an environment with two separate AD instances which each have both a
samba 3 and samba 4 file server joined to them. Last week, we began to
experience authentication failures in both domains on the samba 4 file
servers. After a lot of experimenting, we found that changing the security
setting from domain to ads resolved the problem for the samba 4 servers.
However, the samba 3 servers
2017 Apr 17
2
doubt
On Mon, 17 Apr 2017 14:57:45 -0300
Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:
> Well, i dont have sssd installed.
OK, now we know that ;-)
>
> With winbind i install this packages:
> yum install realmd oddjob oddjob-mkhomedir adcli samba-common
> samba-common-tools krb5-workstation openldap-clients
> policycoreutils-python samba-winbind-clients
I
2019 Jul 09
0
Winbind issues with AD member file server
On 09/07/2019 20:00, Eric Shell wrote:
> Hi Rowland,
>
> Currently Domain Users doesn't have a gidNumber because it didn't have
> a corresponding group in OpenLDAP, which is our master directory.
Did you miss the bit where I said Domain Users MUST have a gidNumber ?
>
> The primary Unix group gidNumber for each user is replicated from
> their OpenLDAP records, but
2017 Apr 17
2
doubt
On Mon, 17 Apr 2017 14:28:12 -0300
Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote:
> This problem, in the computer park there is a domain controller
> microsoft without shared printers, I need to use another server with
> samba shares + cups, but with authentication in the microsoft active
> directory. I try parameters securty = ads (join machine in domain)
2019 Feb 19
5
Joining an Active Directory Domain "2016"
Hello,
Has anybody been able to join an Active Directory 2016 using Samba Winbind?
If so, how can this be done?
I've been trying but it fails every time and when it finally shows me
something using realm list, it won't let me login with any user from the
domain, therefore, not working.
Thanks,
--
Jorge F. Hernandez
IT System Administrator
*GLOSS*
28 West 25th Street, 12th Floor
New
2020 Nov 22
1
Windows file ownership changed from SID to Unix User
>
> There is no one supporting the use of sssd with Samba, not even Red Hat.
>
> Now that I know what to look for (thank you, Roland!), I found
https://access.redhat.com/solutions/3802321 page explaining how to properly
bridge between SSSD and winbind.
In essence, the following configuration is in place (copy-pasting main
parts of the document for the benefit of those who has no RHEL
2017 Dec 07
1
Samba documentation from Red Hat
Hi,
if you use Samba on Red Hat Enterprise Linux you might find the
following information useful:
Since yesterday, the official Red Hat Enterprise Linux documentation
contains a very detailed chapter about Samba:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-file_and_print_servers#sect-Samba
The documentation is up-to-date, based