similar to: Winbind offline cache and strangeness...

Displaying 20 results from an estimated 6000 matches similar to: "Winbind offline cache and strangeness..."

2023 May 22
2
PAM Offline Authentication in Ubuntu 22.04...
On 22/05/2023 10:14, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> I would undo that, it appears to be wrong. > > OK, i've undo also i. > > >> I have tested this on a Ubuntu 22.04 computer and it works, so I have >> updated the wiki page: >>
2019 Jan 28
2
Winbind, cached logons and 'user persistency'...
On Mon, 28 Jan 2019 12:52:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' > > > one (seems to me)? > > The problem is (for myself anyway), I do not understand the >
2023 Jun 30
1
PAM Offline Authentication in Ubuntu 22.04
On 28/06/2023 17:52, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> I didn't try turning the last one off, but at least you are getting >> somewhere :-) > > With very little steps... ;-) > > >> When you say 'back to login screen', do you mean that you cannot just >> click the screen,
2018 Mar 22
2
[OT?] Strangeness on clients migrating NT -> AD...
Mandi! Rowland Penny via samba In chel di` si favelave... > So, it sounds like you have a PDC for the domain 'DOMAIN' and an AD DC > for the domain 'DOMAIN' both using the same SID, I don't think this is > going to work. I suggest you turn the old PDC off. No no no! I'm not mad! ;-) There's the OLD PDC for the domain 'SVCORSI', and the new AD DC
2017 Dec 06
4
DM and ''offline'' PAM (and NSS?)...
I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,
2018 Sep 04
4
Upgraded a member server to 4.8, rfc2307 data?
I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H
2018 Sep 27
2
[OT?] passing group name with spaces to ntlm_auth...
I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd
2017 Dec 18
3
DM and ''offline'' PAM (and NSS?)...
On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set
2018 Sep 24
3
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
Mandi! Rowland Penny via samba In chel di` si favelave... > > clearly, i've on [globals] 'map to guest = Bad User'. > That is how it is supposed to work, if a known user tries to use a > wrong password, the user is rejected. If the user is unknown, it is > mapped to the guest user (usually 'nobody') and allowed access to > shares where 'guest ok =
2017 Oct 19
3
Best practice for creating an RO LDAP User in AD...
Caming from Samba in NT mode with OpenLDAP backend i've created a bunch of ''things'' (apps, web tools, ...; but also printers and so on) that rely on reading ''public'' data in LDAP. With OpenLDAP ''public'' was a easy concept: anonymous access was the default, and ACL protect more sensitive data (mostly, passwords). Now i've to redo some
2018 Mar 22
2
[OT?] Strangeness on clients migrating NT -> AD...
Mandi! Rowland Penny via samba In chel di` si favelave... > How is the 'old' server now set up ? > Is it now an AD DC domain member ? No, it remain in the old state, simply we have a tool that keep in sync passwords, so access works to the old server because users and password matches. > It sounds like the machines are still looking for the old PDC. How do > the win7
2017 Nov 07
2
Best practice for creating an RO LDAP User in AD...
Mandi! Denis Cardon via samba In chel di` si favelave... > You can put your service accounts in an OU and add a GPO that deny > logon/services/tasks locally. Shortly come back. I've created a 'Restricted' OU, a 'Restricted' group (i'm short in fantasy, today ;) and i've created an 'mta' user, both user and group in 'Restricted' OU, of course.
2017 Dec 18
2
DM and ''offline'' PAM (and NSS?)...
Mandi! L.P.H. van Belle via samba In chel di` si favelave... > What you show below is correct. > In linux, DOM\user != user I know. And i was using 'wbinfo', that, AFAIK query directly winbind and no POSIX stuff... > https://wiki.samba.org/index.php/OpenSSH_Single_sign-on > [realms] > SAMDOM.EXAMPLE.COM = { > auth_to_local = RULE:[1:SAMDOM\$1] >
2020 Jul 02
2
(no subject)
Ok, know from desktop logon apparently the user logon right, look user 'policia\gafranchello' granted access on the trace below, but still tel me "Invalid password please try again" Jul 2 16:15:03 samba-cliente polkitd(authority=local): Unregistered Authentication Agent for unix-session:c6 (system bus name :1.231, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale
2018 Oct 09
2
Samba and Freeradius...
Hello, Wiki entry was based on my mail to this list, sorry if I was not clear enough. I'm glad You figured it out yourself, Regards, Kacper W dniu 09.10.2018 o 17:21, Marco Gaiarin via samba pisze: >> Someone have some hints? Thanks. > ...i reply to myself. > > Indeed the option 'ntlm auth = mschapv2-and-ntlmv2-only' (4.7+) or 'ntlm auth = > yes'
2017 Sep 26
3
Domain member server: user access
Hai Rowland, Im pretty sure this is a bug in the DC part. I'll show. On the DC. dc1:~# getent passwd winadmin NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash wbinfo --group-info="Domain Users" NTDOM\domain users:x:100: id winadmin uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)
2018 Sep 24
2
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
You know what windows did with the "default" local, Administrator on the PC.. They disabled them... If you joined a domain, then still, the PC administrator is disabled. And the users is called PCNAME\Administrator and not Administrator You have "BUILTIN\Administrator" on the servers. ( or SERVERNAME\Administrator ) I hope this helps you understanding your problem a
2018 Aug 24
1
login a Linux client to a Samba NT4 style domain
Hi, I would like to do what I mentioned in the subject on an Ububtu 18.04. I tried it with the following steps: https://lists.samba.org/archive/samba/2011-March/161372.html My files on the client: smb.conf [global] ;Workstation Settings workgroup = PM netbios name = DS1223 server string = %h security = domain idmap backend = tdb idmap uid = 15000-20000 idmap gid = 15000-20000 wins server =
2018 Apr 27
2
Homes, folder redirection and hide files...
Samba 4.5 in AD mode, domain in ''beta'' stage. ;-) I've created homes for users following: https://wiki.samba.org/index.php/User_Home_Folders using 'POSIX' mode, eg using: [users] comment = Home Directories path = /home browseable = No veto files = /.mail/.inbox/.ssh/ root preexec = /etc/samba/createhome "%U" force create mode = 0600 force
2020 Sep 11
0
Winbind offline cache and strangeness...
The version of samba that comes with Ubuntu 16.04 is very old (4.3.11) and the offline login feature for winbind simply doesn't work. I'm not sure if it's fixed in newer versions or not as I'm still on Ubuntu 18.04 (samba 4.7.6) which also doesn't work. If you are only using it to authenticate to an AD controller, you should switch to using sssd. I have multiple clients that