similar to: Winbind offline cache and strangeness...

On 22/05/2023 10:14, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> I would undo that, it appears to be wrong. > > OK, i've undo also i. > > >> I have tested this on a Ubuntu 22.04 computer and it works, so I have >> updated the wiki page: >>

On Mon, 28 Jan 2019 12:52:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' > > > one (seems to me)? > > The problem is (for myself anyway), I do not understand the >

On 28/06/2023 17:52, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> I didn't try turning the last one off, but at least you are getting >> somewhere :-) > > With very little steps... ;-) > > >> When you say 'back to login screen', do you mean that you cannot just >> click the screen,

Mandi! Rowland Penny via samba In chel di` si favelave... > So, it sounds like you have a PDC for the domain 'DOMAIN' and an AD DC > for the domain 'DOMAIN' both using the same SID, I don't think this is > going to work. I suggest you turn the old PDC off. No no no! I'm not mad! ;-) There's the OLD PDC for the domain 'SVCORSI', and the new AD DC

I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,

I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H

I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd

On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set

Mandi! Rowland Penny via samba In chel di` si favelave... > > clearly, i've on [globals] 'map to guest = Bad User'. > That is how it is supposed to work, if a known user tries to use a > wrong password, the user is rejected. If the user is unknown, it is > mapped to the guest user (usually 'nobody') and allowed access to > shares where 'guest ok =

Caming from Samba in NT mode with OpenLDAP backend i've created a bunch of ''things'' (apps, web tools, ...; but also printers and so on) that rely on reading ''public'' data in LDAP. With OpenLDAP ''public'' was a easy concept: anonymous access was the default, and ACL protect more sensitive data (mostly, passwords). Now i've to redo some

Mandi! Rowland Penny via samba In chel di` si favelave... > How is the 'old' server now set up ? > Is it now an AD DC domain member ? No, it remain in the old state, simply we have a tool that keep in sync passwords, so access works to the old server because users and password matches. > It sounds like the machines are still looking for the old PDC. How do > the win7

Mandi! Denis Cardon via samba In chel di` si favelave... > You can put your service accounts in an OU and add a GPO that deny > logon/services/tasks locally. Shortly come back. I've created a 'Restricted' OU, a 'Restricted' group (i'm short in fantasy, today ;) and i've created an 'mta' user, both user and group in 'Restricted' OU, of course.

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > What you show below is correct. > In linux, DOM\user != user I know. And i was using 'wbinfo', that, AFAIK query directly winbind and no POSIX stuff... > https://wiki.samba.org/index.php/OpenSSH_Single_sign-on > [realms] > SAMDOM.EXAMPLE.COM = { > auth_to_local = RULE:[1:SAMDOM\$1] >

Ok, know from desktop logon apparently the user logon right, look user 'policia\gafranchello' granted access on the trace below, but still tel me "Invalid password please try again" Jul 2 16:15:03 samba-cliente polkitd(authority=local): Unregistered Authentication Agent for unix-session:c6 (system bus name :1.231, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale

Hello, Wiki entry was based on my mail to this list, sorry if I was not clear enough. I'm glad You figured it out yourself, Regards, Kacper W dniu 09.10.2018 o 17:21, Marco Gaiarin via samba pisze: >> Someone have some hints? Thanks. > ...i reply to myself. > > Indeed the option 'ntlm auth = mschapv2-and-ntlmv2-only' (4.7+) or 'ntlm auth = > yes'

Hai Rowland, Im pretty sure this is a bug in the DC part. I'll show. On the DC. dc1:~# getent passwd winadmin NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash wbinfo --group-info="Domain Users" NTDOM\domain users:x:100: id winadmin uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)

Hi, I would like to do what I mentioned in the subject on an Ububtu 18.04. I tried it with the following steps: https://lists.samba.org/archive/samba/2011-March/161372.html My files on the client: smb.conf [global] ;Workstation Settings workgroup = PM netbios name = DS1223 server string = %h security = domain idmap backend = tdb idmap uid = 15000-20000 idmap gid = 15000-20000 wins server =

You know what windows did with the "default" local, Administrator on the PC.. They disabled them... If you joined a domain, then still, the PC administrator is disabled. And the users is called PCNAME\Administrator and not Administrator You have "BUILTIN\Administrator" on the servers. ( or SERVERNAME\Administrator ) I hope this helps you understanding your problem a

Samba 4.5 in AD mode, domain in ''beta'' stage. ;-) I've created homes for users following: https://wiki.samba.org/index.php/User_Home_Folders using 'POSIX' mode, eg using: [users] comment = Home Directories path = /home browseable = No veto files = /.mail/.inbox/.ssh/ root preexec = /etc/samba/createhome "%U" force create mode = 0600 force

The version of samba that comes with Ubuntu 16.04 is very old (4.3.11) and the offline login feature for winbind simply doesn't work. I'm not sure if it's fixed in newer versions or not as I'm still on Ubuntu 18.04 (samba 4.7.6) which also doesn't work. If you are only using it to authenticate to an AD controller, you should switch to using sssd. I have multiple clients that