Displaying 20 results from an estimated 4000 matches similar to: "Offline logon and NSS..."
2019 Oct 17
3
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> > Considering a 'full offline' DM client (supposing a portable), there's
> > a 'winbind permanent nss cache' or a general nss cache (like
> > nss-updatedb):
> > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd
> > have to be used? Thanks.
> No, you cannot use
2019 Oct 17
0
Offline logon and NSS...
Hai Marco,
But a quick peek at this tells me it should be possible
and you need these packages for a "full offline setup" or, a combination of these.
These packages need to be installed and all need to be configured:
libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser libnss-winbind libpam-winbind
I suggest first look at :
2017 Dec 06
4
DM and ''offline'' PAM (and NSS?)...
I'm using samba 4.5 on a debian jessie (Louis packages).
Rarely it happen that a power outgage tear down all the stuff, here.
I've noticed that if the DM start before the DC, clearly all account
data are inaccessible.
To prevent or minimize that, the ''offline mode'' of winbind can be
safely used also on DM servers? Or is tailoread against roaming client
(portables,
2019 Oct 17
0
Offline logon and NSS...
On 17/10/2019 10:32, Marco Gaiarin via samba wrote:
> Mandi! Rowland penny via samba
> In chel di` si favelave...
>
>>> Considering a 'full offline' DM client (supposing a portable), there's
>>> a 'winbind permanent nss cache' or a general nss cache (like
>>> nss-updatedb):
>>>
2019 Jan 25
2
Winbind, cached logons and 'user persistency'...
On Fri, 25 Jan 2019 16:32:56 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> I come back in this thread, sorry.
>
> > Maybe https://wiki.debian.org/LDAP/NSS is a better solution for
> > the mailserver.
>
> Probably better use directly LDAP info with native MTA tools
2012 May 24
2
Samba as member of multi domain AD (nss/pam)
Hi list,
I'm looking for someone out there, using samba as a member
server in a multi-domain Active Directory forest (maybe even
with nss_/pam_winbind for unix users/groups).
It took quite a long time to get things working at all here, and we're
still not really comfortable with our current solution (especially
the unix nss/pam part).
I'd be glad if someone out there was interested
2017 Dec 18
3
DM and ''offline'' PAM (and NSS?)...
On Mon, 18 Dec 2017 15:51:47 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> > I've seen:
> > https://wiki.samba.org/index.php/PAM_Offline_Authentication
>
> I've tried to enable offline logon, and seems to work as expected.
>
> I've only found a little strange thing, i think related to the fact
> that in my DM i've set
2015 Aug 31
4
Samba AD PDC , LDAP and Single-Sign-On (was: re: Samba Internal DNS vs. BIND_DLZ)
On Thu, 27 Aug 2015 23:03:39 -0400
Robert Moskowitz <rgm at htt-consult.com> wrote:
>
> On 08/27/2015 08:45 PM, Jim Seymour wrote:
> > On Thu, 27 Aug 2015 17:00:28 -0400
> > Robert Moskowitz <rgm at htt-consult.com> wrote:
> >
> >> Ah, LDAP is included within Samba, I find. Don't install provided
> >> one...
[snip]
> >
>
2019 Feb 28
4
[OT?] Kerberos, PAM, NSS: if user does not exist, pam_krb5 try login?
A bit more then a curiosity.
Mobing from Samba/NT to Samba/AD i'm now switching some 'one-purpose'
(mostly containers) from libpam-ldaps to libpam-krb5.
In these box normally i don't need user access, so i create 'manually'
(eg, in /etc/passwd) only the admin users, and i add only the PAM layer
to do external auth.
Still i use ssh keys for direct root access, but as an
2018 Jun 13
3
NSS and group enumeration in CUPS...
I was used (in SambaNT/OpenLDAP) to put on CUPS configuration the
statement (/etc/cups/cups-files.conf):
SystemGroup printops
and add to 'printops' group some users that can manage cups.
Now i'm in AD mode. I'm in 'printops' group:
root at vdmpp1:~# id gaio
uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain
2015 Jan 21
2
Is anyone using C7 in production yet? (sssd, nss-pam-ldapd, kerberos, etc)
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Gordon Messmer
> Sent: den 21 januari 2015 05:47
> To: CentOS mailing list
> Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd,
nss-pam-
> ldapd, kerberos, etc)
>
> On 01/20/2015 05:26 PM, Dan Irwin wrote:
> > Before I fire up a
2015 Jan 21
2
Is anyone using C7 in production yet? (sssd, nss-pam-ldapd, kerberos, etc)
Hi all,
Is anyone using C7 in production with LDAP and kerberos?
Currently all of my machines run C5 or C6 with nss-pam-ldapd or nss_ldap,
with kerberos and pam_krb5 for authentication.
Before I fire up a test VM (is it even worth it?) I wanted to check
feedback from the community.
Cheers!
Dan
2015 Jan 21
4
Is anyone using C7 in production yet? (sssd, nss-pam-ldapd, kerberos, etc)
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Fred Smith
> Sent: den 21 januari 2015 15:35
> To: centos at centos.org
> Subject: Re: [CentOS] Is anyone using C7 in production yet? (sssd, nss-pam-
> ldapd, kerberos, etc)
>
> > > > Before I fire up a test VM (is it even worth it?) I wanted to
2009 Feb 12
1
OpenSUSE 11.1 with OpenLDAP => some surprises (ldap.conf, nss-ldap.conf, nsswitch.conf)
Hi,
this has nothing directly to do with samba, but there might be some
people who try to use samba with (Open)LDAP on OpenSUSE 11.1 like me.
Between 10.2 and 11.1 the nss_ldap configuration has changed a bit.
The file which configures the access to ldap is now /etc/nss-ldap.conf
and seems to have the identical layout as the former /etc/ldap.conf.
Also needed is the "nslcd"
2012 Feb 28
1
Anything like "nss_updatedb" for ldapsam account information backend?
Is there anything like "nss_updatedb" [1] for ldapsam account
information backend?
nss_updatedb caches unix account information, so it is available even
when the LDAP directory isn't available
But ldapsam stores additional account information. How can I cache this
additional account information, so it is also available even when the
LDAP directory isn't available?
[1]
2016 Jan 26
2
Samba Hylafax PAM
O, try the following.
Test this first.
ldd /usr/sbin/hfaxd
if you getting libpam.so.. something, then hylafax is compiled with pam support.
Next,
apt-get install libpam-ldap ( just to be sure, i do believe you have installed it already )
create the file :
/etc/pam.d/hylafax
Add :
auth required pam_ldap.so
account required pam_ldap.so
2016 Jan 18
3
Samba Hylafax PAM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
I posted this also on hylafax list - maybe here is someone with a hint.
System: Debian Jessie, Hylafax-Server 6.0.6, pam 1.1.8, libpam-ldapd
0.9.4, nslcd 0.9.4 (all actual debian packets from stable),
sernet-samba-*-4.2.7-8
After a switch from OpenLDAP to a Samba 4.2 based LDAP Server, I cannot
auth users anymore in Hylafax, everything else
2012 May 23
2
multi home dir locations
Hi all,
i've got samba 3.6 joined to a ad domain (s4 in this case)
running winbind
all looks ok, but i ran into a problem (for us that is)
i've got 2 groups (students and employes)
who have there home dirs in 2 different places.
/home/students/<user>
/home/employ/<user>
so far so good, but i can't make the [homes] work for both of them (just
1 group)
in winbind
2019 Oct 17
3
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> Yes, somebody moved the cache to a different directory and it now gets wiped
> every time Samba is restarted, we have a bug report for it:?
> https://bugzilla.samba.org/show_bug.cgi?id=14074
Ok, thanks.
I suppose that cache get controlled by:
idmap cache time = 604800
winbind cache time = 300
so, for a portable system,
2018 Jun 14
3
NSS and group enumeration in CUPS...
Hai,
@Rowland.
Yes, the link is what i have setup, but in less steps without sssd.
For the kerberos part, you only need to add the HTTP/UPN.
After a join with winbind you have the host/UPN.
I must say that the CUPS setup is working great.
Only 1 or 2 problems in almost 2 years.
@Marco,
> ...but you have added 'locally' (eg, in /etc/group
> and /etc/shadow) the user