Displaying 20 results from an estimated 6000 matches similar to: "Winbind offline cache and strangeness..."
2023 May 22
2
PAM Offline Authentication in Ubuntu 22.04...
On 22/05/2023 10:14, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
>> I would undo that, it appears to be wrong.
>
> OK, i've undo also i.
>
>
>> I have tested this on a Ubuntu 22.04 computer and it works, so I have
>> updated the wiki page:
>>
2019 Jan 28
2
Winbind, cached logons and 'user persistency'...
On Mon, 28 Jan 2019 12:52:45 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS''
> > > one (seems to me)?
> > The problem is (for myself anyway), I do not understand the
>
2023 Jun 30
1
PAM Offline Authentication in Ubuntu 22.04
On 28/06/2023 17:52, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
>> I didn't try turning the last one off, but at least you are getting
>> somewhere :-)
>
> With very little steps... ;-)
>
>
>> When you say 'back to login screen', do you mean that you cannot just
>> click the screen,
2018 Mar 22
2
[OT?] Strangeness on clients migrating NT -> AD...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> So, it sounds like you have a PDC for the domain 'DOMAIN' and an AD DC
> for the domain 'DOMAIN' both using the same SID, I don't think this is
> going to work. I suggest you turn the old PDC off.
No no no! I'm not mad! ;-)
There's the OLD PDC for the domain 'SVCORSI', and the new AD DC
2017 Dec 06
4
DM and ''offline'' PAM (and NSS?)...
I'm using samba 4.5 on a debian jessie (Louis packages).
Rarely it happen that a power outgage tear down all the stuff, here.
I've noticed that if the DM start before the DC, clearly all account
data are inaccessible.
To prevent or minimize that, the ''offline mode'' of winbind can be
safely used also on DM servers? Or is tailoread against roaming client
(portables,
2018 Sep 04
4
Upgraded a member server to 4.8, rfc2307 data?
I'm starting to upgrade my domain members to debian stretch/samba 4.8,
using louis packages.
Domain controllers still on jessie/samba45.
Upgrade went smooth, but after upgrade seems that the DM was not able
anymore to retrieve rfc2307 data, eg:
root at vdmsv2:~# getent passwd gaio
gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false
root at vdmsv2:~# ldbsearch -H
2018 Sep 27
2
[OT?] passing group name with spaces to ntlm_auth...
I've not clear if is a squid or a samba/ntlm_auth trouble... indeed...
In Squid i've added:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users'
auth_param ntlm children 5
but in 'cache.log' i got:
Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID!
Winbindd
2017 Dec 18
3
DM and ''offline'' PAM (and NSS?)...
On Mon, 18 Dec 2017 15:51:47 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> > I've seen:
> > https://wiki.samba.org/index.php/PAM_Offline_Authentication
>
> I've tried to enable offline logon, and seems to work as expected.
>
> I've only found a little strange thing, i think related to the fact
> that in my DM i've set
2018 Sep 24
3
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > clearly, i've on [globals] 'map to guest = Bad User'.
> That is how it is supposed to work, if a known user tries to use a
> wrong password, the user is rejected. If the user is unknown, it is
> mapped to the guest user (usually 'nobody') and allowed access to
> shares where 'guest ok =
2017 Oct 19
3
Best practice for creating an RO LDAP User in AD...
Caming from Samba in NT mode with OpenLDAP backend i've created a bunch
of ''things'' (apps, web tools, ...; but also printers and so on) that
rely on reading ''public'' data in LDAP.
With OpenLDAP ''public'' was a easy concept: anonymous access was
the default, and ACL protect more sensitive data (mostly, passwords).
Now i've to redo some
2018 Mar 22
2
[OT?] Strangeness on clients migrating NT -> AD...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> How is the 'old' server now set up ?
> Is it now an AD DC domain member ?
No, it remain in the old state, simply we have a tool that keep in sync
passwords, so access works to the old server because users and password
matches.
> It sounds like the machines are still looking for the old PDC. How do
> the win7
2017 Nov 07
2
Best practice for creating an RO LDAP User in AD...
Mandi! Denis Cardon via samba
In chel di` si favelave...
> You can put your service accounts in an OU and add a GPO that deny
> logon/services/tasks locally.
Shortly come back.
I've created a 'Restricted' OU, a 'Restricted' group (i'm short in
fantasy, today ;) and i've created an 'mta' user, both user and group
in 'Restricted' OU, of course.
2017 Dec 18
2
DM and ''offline'' PAM (and NSS?)...
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> What you show below is correct.
> In linux, DOM\user != user
I know. And i was using 'wbinfo', that, AFAIK query directly winbind
and no POSIX stuff...
> https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
> [realms]
> SAMDOM.EXAMPLE.COM = {
> auth_to_local = RULE:[1:SAMDOM\$1]
>
2020 Jul 02
2
(no subject)
Ok, know from desktop logon apparently the user logon right, look user
'policia\gafranchello' granted access on the trace below, but still tel me
"Invalid password please try again"
Jul 2 16:15:03 samba-cliente polkitd(authority=local): Unregistered
Authentication Agent for unix-session:c6 (system bus name :1.231, object
path /org/gnome/PolicyKit1/AuthenticationAgent, locale
2018 Oct 09
2
Samba and Freeradius...
Hello,
Wiki entry was based on my mail to this list, sorry if I was not clear
enough. I'm glad You figured it out yourself,
Regards,
Kacper
W dniu 09.10.2018 o 17:21, Marco Gaiarin via samba pisze:
>> Someone have some hints? Thanks.
> ...i reply to myself.
>
> Indeed the option 'ntlm auth = mschapv2-and-ntlmv2-only' (4.7+) or 'ntlm auth =
> yes'
2017 Sep 26
3
Domain member server: user access
Hai Rowland,
Im pretty sure this is a bug in the DC part.
I'll show.
On the DC.
dc1:~# getent passwd winadmin
NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash
wbinfo --group-info="Domain Users"
NTDOM\domain users:x:100:
id winadmin
uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)
2018 Sep 24
2
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
You know what windows did with the "default" local, Administrator on the PC..
They disabled them...
If you joined a domain, then still, the PC administrator is disabled.
And the users is called PCNAME\Administrator and not Administrator
You have "BUILTIN\Administrator" on the servers. ( or SERVERNAME\Administrator )
I hope this helps you understanding your problem a
2018 Aug 24
1
login a Linux client to a Samba NT4 style domain
Hi,
I would like to do what I mentioned in the subject
on an Ububtu 18.04. I tried it with the following steps:
https://lists.samba.org/archive/samba/2011-March/161372.html
My files on the client:
smb.conf
[global]
;Workstation Settings
workgroup = PM
netbios name = DS1223
server string = %h
security = domain
idmap backend = tdb
idmap uid = 15000-20000
idmap gid = 15000-20000
wins server =
2018 Apr 27
2
Homes, folder redirection and hide files...
Samba 4.5 in AD mode, domain in ''beta'' stage. ;-)
I've created homes for users following:
https://wiki.samba.org/index.php/User_Home_Folders
using 'POSIX' mode, eg using:
[users]
comment = Home Directories
path = /home
browseable = No
veto files = /.mail/.inbox/.ssh/
root preexec = /etc/samba/createhome "%U"
force create mode = 0600
force
2020 Sep 11
0
Winbind offline cache and strangeness...
The version of samba that comes with Ubuntu 16.04 is very old (4.3.11) and
the offline login feature for winbind simply doesn't work. I'm not sure if
it's fixed in newer versions or not as I'm still on Ubuntu 18.04 (samba
4.7.6) which also doesn't work. If you are only using it to authenticate
to an AD controller, you should switch to using sssd. I have multiple
clients that