similar to: Status of LDAPS port 636 with Winbind idmap backend ad in 2024?

On 4/15/24 10:02, Kuhring, Mathias via samba wrote: > Is this still the case? thankfully implementing channel bindings has recently been funded by one of our customers, so LDAPis soon coming (back) to Samba. https://gitlab.com/samba-team/samba/-/merge_requests/3516 Iirc it will also be available to idmap_ad, but I'm not familiar with the details. metze? -slow -- SerNet Samba Team

Am 15.04.24 um 21:14 schrieb Ralph Boehme: > On 4/15/24 10:02, Kuhring, Mathias via samba wrote: >> Is this still the case? > thankfully implementing channel bindings has recently been funded by one of our customers, so LDAPis soon coming (back) to Samba. > > https://gitlab.com/samba-team/samba/-/merge_requests/3516 > > Iirc it will also be available to idmap_ad, but

I've recently connected a Samba server to our domain (ourdomain.dom) and configured it to send authentication requests to AD. I can successfully authenticate ourdomain.com users from the Samba server. ourdomain.com has a trust with a sister company (theirdomain.com). With this trust we can assign NTFS permissions to users within theirdomain.com to, for example, file servers on ourdomain.com.

I am installing smb 3.5 on a CentOS 6.2 host using smbldap-tools. I've previously installed a similar configuration on RHEL4 using smb 3.0 but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations cannot be moved straight across. When I do a listing of a share directory that should have user and group ownership determined by LDAP, I get the uidNumbers and

I am trying to configure NIS, PAM, & LDAP on a CentOS 6.2 host. I've previously installed a similar configuration on RHEL4, but CentOS now uses nss-pam-ldapd and nslcd instead of nss_ldap, so the configurations are a little different. Currently, local users and groups are showing up but not LDAP users. When I do a /getent passwd/ and/getent group/ I don't get LDAP users. When I do

Dear Help, Here is my situation: We have offices located in several areas around the country, all of which can communicate with each other through VPNs we have established. I have set up a Samba domain in which the PDC is located here in our home office, and there are BDCs for the same domain in each of the remote offices. I have been able to successfully join machines here in our home office

Have you set in the slapd.conf on the slaves something like updateref ldap://master.ldap The slave / consumers need to redirect the request to the master ldap database. It may also be a good idea to have samba use fail over for the ldap backend. You would need to set this in your ldap.conf as too. for pdc / ldap master passdb backend =ldapsam:"ldap://master.ldap ldap://slave.ldap"

Hello Samba group, I ran into a problem concerning Dovecot LDAP authentication to the Samba4 Active Directory. Background: I want to install a Openchange+Samba4 environment using Sogo, Dovecot and Postfix. I didn't want to use openldap as described in the Openchange documentation, why should I use 2 LDAP databases? Fedora 17, latest updates applied Samba: Version 4.1.0pre1-GIT-813bd03

I've been following the forums on this subject. I am still having problems implimenting this at my site. I am trying to replace a Novell 5 file server doing single server signon(workstation manager) with a linux/samba server and a W2K ADS server. I tried this with slackware 10.0, samba 3.0.10, MIT krb5 v 3.1 5, openldap-2.1.22 and got it pretty close (could login wihtout password) but had

I've set up the following and can open a home share for me (sylveg). I've created a group on W2KADS and on OURSAMBALINUX called oadmin and added me as a member in both. I created a samba share called o_drive (see smb.conf below) w/ the linux dir /home/o_drive and valid users = %D+oadmnin. The /home dir is: drwxr-xr-x 2 root root 4096 2004-09-03 15:16 ftp/ drwx------ 2 root root

I've got three 7960s running v6 SIP firmware. My Asterisk setup has worked fine with grandstream devices, and basically, we're just upgrading to use nicer phones. Whilst I can make/receive calls from the 7960 to/from gossiptel). When I try to place a call, I get the following Jan 21 11:09:23 NOTICE[19688]: chan_sip.c:7271 handle_request: Failed to authenticate user "30"

>>>> Set >>>> >>>> ssl_client_ca_file=/path/to/cacert.pem to validate the certificate >>> >>> Can this be the Lets Encrypt cert that we already have? In other words we have: >>> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem >>> ssl_key = </etc/pki/dovecot/private/dovecot.pem >>> >>> Can those be

Am still having problems getting Samba/W2K ADS to work w/MIT-KRB5. Fresh install of following: Slackware 10.1 Openldap 2.2.23 MIT krb5 1.4 Samba 3.0.11 (with clitar patch) Following "http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member" I get to: kinit administrator@OURORG.OURDOMAIN.ORG (comes back to prompt after password, no error. klist -e gives:

Hello, Sometime when we receive a spam or virus that is detected as it, mailer daemon send a reply to the sender to inform that the message is a spam or content viruses. The problem is that the sender of the spam as something like voicemail at ourdomain.fr ( the user voicemail doesn't exist in our database ) And sometimes dovecot create the directory and store the reply 's mail...

We have an urgent problem that we've been spending hours on to no avail. We have a RHEL 5.2 server that is running Samba 3.2.8 and was set up for domain authentication against our PDC. It was running fine until I decided to try and change it to "ads" authentication. I then realized that we needed to keep it on "domain" because of the version of Clearcase we have on the

I am not sure if this first post made it to the list, but I wanted to post the resolution, which was very simple and something I had documented but buried and I had forgotten about it. All these problems went away when I joined the domain using Samba's version of "net", not Redhat's. If you use Redhat's version, it looks like it joins the domain but it really doesn't

Hi Louis, answers are inline ... On 03/24/2015 03:48 PM, L.P.H. van Belle wrote: > Realm is advices to use UPPERCASE.. not obligated. ( but very advices yes ) I changed the config to uppercase and rebooted, no change in the logfiles. > > check the following outputs and post them back in the list ( if needed anonymized ) > > hostname -i 192.168.1.235 > hostname -s the-ad-hostname

Dovecot version dovecot-1.0.rc14-7 (opensuse) Postfix is using Dovecot LDA. I'm getting this error message, and I guess it's going to be a problem on my next task, which is to set up sieve scripts. Is there something wrong/contraditory on my config or I forgot something? I want: /var/dovecot-tests/: where user's inbox resides /var/dovecot-tests/home/: home dir (users will not be

Hello, I've been trying to figure this out for some time and can't quite nail it down, despite searching the internet, and a couple of samba books. Here goes: I'm running "Version 3.4.3-3.3.1-2341-SUSE-SL11.2" of Samba on OpenSUSE 11.2. Here are some relevant excerpts from my smb.conf file: [global] ... security = ADS ... winbind separator = + ... log level = 2 ...

Hello, I've been trying to figure this out for some time and can't quite nail it down, despite searching the internet, and a couple of samba books. Here goes: I'm running "Version 3.4.3-3.3.1-2341-SUSE-SL11.2" of Samba on OpenSUSE 11.2. Here are some relevant excerpts from my smb.conf file: [global] ... security = ADS ... winbind separator = + ... log level = 2 ...