Displaying 20 results from an estimated 5000 matches similar to: "How to give AD users group permissions on a Samba share"
2024 Jun 04
1
How to give AD users group permissions on a Samba share
On Tue, 4 Jun 2024 13:22:49 -0400
Mark Foley via samba <samba at lists.samba.org> wrote:
> I have a Linux file server that is an AD Domain Member. It shares the
> following (smb.conf):
>
> [public]
> path = /public
> store dos attributes = no
> hide dot files = yes
> readonly = no
> force group = ohprs
> create mask = 0660
> directory mask = 2770
>
2024 Jun 06
1
How to give AD users group permissions on a Samba share
On Tue Jun 4 14:08:30 2024 Rowland Penny <rpenny at samba.org> wrote:
> On Tue, 4 Jun 2024 13:22:49 -0400
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
> > I have a Linux file server that is an AD Domain Member. It shares the
> > following (smb.conf):
> >
> > [public]
> > path = /public
> > store dos attributes = no
>
2018 Nov 10
2
How to Samba share with mixed Active Directory 'Classic' authentication
I have a Samba4 AD Domain with one of the file servers as a domain member. This file server
host the main network shares for the domain. Currently, Windows users mapping this share are
authenticated using their AD domain credentials. That all works just fine.
What I want to do now is ALSO allow a user on a network host which IS NOT a domain member, and
the user is not domain users to also
2019 Aug 21
2
Authenticating Samba Share with Domain Administrator
I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map
shared directories just fine without having to enter Credentials. If I try doing that with the
domain Administrator it prompts me for the credentials, then fails. On the NAS I can get an
"OK" status with ntlm_auth using the administrator credentials. I cannot 'su -' to the
2017 Nov 27
2
How to use AD authentication for normal Samba file sharing
With help from kjhambrick at linuxquestions.org I did figure out how to authenticate from a
Window domain member to a samba share using AD credentials. My smb.conf is listed below. I
was able to map the share from Windows using domain credentials and create a file on the share.
Here's my next challenge: All the UID.GIDs on the share (287G and +105K files) are currently
the non-AD values of
2019 Aug 28
2
Authenticating Samba Share with Domain Administrator
On Thu, 22 Aug 2019 08:04:10 +0100 Rowland penny <rpenny at samba.org> wrote:
>
> On 21/08/2019 22:47, Mark Foley via samba wrote:
> > I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map
> > shared directories just fine without having to enter Credentials. If I try doing that with the
> > domain Administrator it
2024 Jun 06
1
How to give AD users group permissions on a Samba share
On Thu, 06 Jun 2024 13:37:34 -0400
Mark Foley via samba <samba at lists.samba.org> wrote:
>
> I have no doubt you have said this many times before, but no to me --
> at least not that I can recall. This is new territory for me. This
> share started off way-back-when as a Microsoft Sharepoint repository
> which was then migrated to a plain Samba share (I presume this is
2024 Jun 07
1
How to give AD users group permissions on a Samba share
On Thu Jun 6 14:28:46 2024 Rowland Penny <rpenny at samba.org> wrote;
>
> On Thu, 06 Jun 2024 13:37:34 -0400
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
> > [snip]
>
> Basically, the old NT4-style domains relied on setting permissions in
> the share part of the smb.conf file, but, by using vfs_acl_xattr, you
> can set finer control from
2015 Sep 07
2
How to "Windows Authenticate"
More info ...
My dovecot error log shows:
Sep 05 16:45:19 auth: Debug: client in: AUTH 1 NTLM service=imap
Sep 05 16:45:19 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS
Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713 10219 1 f56352c207cb8f6dea4d264b2c0f8dc1 session_pid=10220 request_auth_token
Sep 05
2015 Sep 08
2
How to "Windows Authenticate"
Comments interspersed with yours ...
--Mark
-----Original Message-----
> Date: Sun, 06 Sep 2015 20:00:11 -0500
> From: Rick Romero <rick at havokmon.com>
> To: dovecot at dovecot.org
> Subject: Re: How to "Windows Authenticate"
>
> Hmm. I would expect to see 'mark at hprs.com'. Whatever your full domain
> name is.
Full user at domain would be
2016 Jul 03
1
Where is krb5.keytab or equivalent?
Debug log output please!
I think you still miss the gssapi module for dovecot.
Am 03.07.2016 um 19:42 schrieb Mark Foley:
> Achim,
>
> This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest.
>
> I used easy-rsa to create a cert. Files are:
>
> /etc/ssl/certs/OHPRS/easyrsa/ca.crt
> /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req
2015 Sep 09
3
How to "Windows Authenticate"
If I had time I would be all over this - but IMHO the main problem is that
Dovecot != Exchange.? Even in small environments - unless I'm out of date,
there's no calendar, tasks or contact lists within Dovecot.
Your next best best is to use something like Horde that would allow you to
auth via ActiveSync (on Outlook 2013 clients) and manage everything else
that the users will want, with
2015 Sep 03
2
How to "Windows Authenticate"
Hi Mark,
I haven't done it, but I've played with the scenario enough to have an
idea.
What you want to do is have Outlook auth via NTLM to Dovecot.?
First that means having the machine be a domain member (usually via Samba)
in order to properly process NTLM/Kerberos handshake - which it appears you
have.
Second that means having Dovecot know how to accept NTLM authentication
(SPA) to
2017 Dec 03
3
Howto authenticate smartPhone via Active Directory
with passdb ldap i guess.
---Aki TuomiDovecot oy
-------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory
Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2
shows:
passdb pam {
}
used for
2016 Jul 21
2
How to GSSAPI/Kerberos authenticate with Dovecot [formerly Where is krb5.keytab or equivalent?]
On 21/07/16 06:08, Mark Foley wrote:
> OK! I deleted the /etc/passwd entry for user mark and I modified my /etc/nsswitch.conf to:
>
> passwd: compat winbind
> group: compat winbind
>
> I couldn't get sendmail working with this at first -- I didn't know what to [re]start to get
> the new nsswitch config to take, so I rebooted. Probably I just had to restart sendmail,
2016 Jun 29
2
Looking for GSSAPI config [was: Looking for NTLM config example]
> On Jun 28, 2016, at 10:32 PM, Mark Foley <mfoley at ohprs.org> wrote:
>
> Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, and restarted. Now I
> don't get that "Unknown authentication mechanism 'gssapi'" message in maillog, and mail is
> delivered successfully to the other domain users having PLAIN authentication. That's a
2023 Aug 08
1
Picking a non-.local domain
On 08/08/2023 14:15, Mark Foley via samba wrote:
> My current AD domain is hprs.local. Per advice in this list I'm planning on
> naming the new domain ad.ohprs.org. Currently, users login from Windows with
> "HPRS\joe" as their login ID. What will they use for the ID on the new domain:
> "OHPRS\joe" or will they have to use e.g. "ad.ohprs.org\joe"?
2018 Jun 14
4
Admin UID changed with upgrade to 4.8.2
On Thu, 14 Jun 2018 16:03:35 -0400
Mark Foley via samba <samba at lists.samba.org> wrote:
> Nevertheless, 'ls' does give names though I don't seem to have either
> libnss-winbind or libpam-winbind files on my AD/DC.
I keep forgetting that you use slackware, I suppose it uses something
different, but do you have any file like: libnss_winbind.so.2
>
> Circling back
2016 Jun 30
2
Looking for GSSAPI config [was: Looking for NTLM config example]
I think the problem still is that your keytab file has no entry
imap/hostname at DOMAIN and IMAP/hostname at DOMAIN
you also have no host/hostname at DOMAIN
Aki
On 29.06.2016 18:40, Mark Foley wrote:
> Yes, I think that's exactly correct. I just made a similar reply to Edgar Pettijohn about that.
> The Thunderbird message is:
>
> "The Kerberos/GSSAPI ticket was not accepted
2016 Jul 01
3
Where is krb5.keytab or equivalent?
More info ...
when I do
MAIL=imap://mark at mail.ohprs.org/ mutt
(using the domain of the registered certificate). I do not get the message "Certificate host
check failed: certificate owner does not match hosthame ..."
I do get the same (mutt?) edit screen shown below with the "(r)eject, accept (o)nce, (a)ccept
always" action at the bottom. If I "accept (o)nce",