similar to: How to give AD users group permissions on a Samba share

On Tue, 4 Jun 2024 13:22:49 -0400 Mark Foley via samba <samba at lists.samba.org> wrote: > I have a Linux file server that is an AD Domain Member. It shares the > following (smb.conf): > > [public] > path = /public > store dos attributes = no > hide dot files = yes > readonly = no > force group = ohprs > create mask = 0660 > directory mask = 2770 >

On Tue Jun 4 14:08:30 2024 Rowland Penny <rpenny at samba.org> wrote: > On Tue, 4 Jun 2024 13:22:49 -0400 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > I have a Linux file server that is an AD Domain Member. It shares the > > following (smb.conf): > > > > [public] > > path = /public > > store dos attributes = no >

I have a Samba4 AD Domain with one of the file servers as a domain member. This file server host the main network shares for the domain. Currently, Windows users mapping this share are authenticated using their AD domain credentials. That all works just fine. What I want to do now is ALSO allow a user on a network host which IS NOT a domain member, and the user is not domain users to also

I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map shared directories just fine without having to enter Credentials. If I try doing that with the domain Administrator it prompts me for the credentials, then fails. On the NAS I can get an "OK" status with ntlm_auth using the administrator credentials. I cannot 'su -' to the

With help from kjhambrick at linuxquestions.org I did figure out how to authenticate from a Window domain member to a samba share using AD credentials. My smb.conf is listed below. I was able to map the share from Windows using domain credentials and create a file on the share. Here's my next challenge: All the UID.GIDs on the share (287G and +105K files) are currently the non-AD values of

On Thu, 22 Aug 2019 08:04:10 +0100 Rowland penny <rpenny at samba.org> wrote: > > On 21/08/2019 22:47, Mark Foley via samba wrote: > > I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map > > shared directories just fine without having to enter Credentials. If I try doing that with the > > domain Administrator it

On Thu, 06 Jun 2024 13:37:34 -0400 Mark Foley via samba <samba at lists.samba.org> wrote: > > I have no doubt you have said this many times before, but no to me -- > at least not that I can recall. This is new territory for me. This > share started off way-back-when as a Microsoft Sharepoint repository > which was then migrated to a plain Samba share (I presume this is

On Thu Jun 6 14:28:46 2024 Rowland Penny <rpenny at samba.org> wrote; > > On Thu, 06 Jun 2024 13:37:34 -0400 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > [snip] > > Basically, the old NT4-style domains relied on setting permissions in > the share part of the smb.conf file, but, by using vfs_acl_xattr, you > can set finer control from

More info ... My dovecot error log shows: Sep 05 16:45:19 auth: Debug: client in: AUTH 1 NTLM service=imap Sep 05 16:45:19 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713 10219 1 f56352c207cb8f6dea4d264b2c0f8dc1 session_pid=10220 request_auth_token Sep 05

Comments interspersed with yours ... --Mark -----Original Message----- > Date: Sun, 06 Sep 2015 20:00:11 -0500 > From: Rick Romero <rick at havokmon.com> > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hmm. I would expect to see 'mark at hprs.com'. Whatever your full domain > name is. Full user at domain would be

Debug log output please! I think you still miss the gssapi module for dovecot. Am 03.07.2016 um 19:42 schrieb Mark Foley: > Achim, > > This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest. > > I used easy-rsa to create a cert. Files are: > > /etc/ssl/certs/OHPRS/easyrsa/ca.crt > /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req

If I had time I would be all over this - but IMHO the main problem is that Dovecot != Exchange.? Even in small environments - unless I'm out of date, there's no calendar, tasks or contact lists within Dovecot. Your next best best is to use something like Horde that would allow you to auth via ActiveSync (on Outlook 2013 clients) and manage everything else that the users will want, with

Hi Mark, I haven't done it, but I've played with the scenario enough to have an idea. What you want to do is have Outlook auth via NTLM to Dovecot.? First that means having the machine be a domain member (usually via Samba) in order to properly process NTLM/Kerberos handshake - which it appears you have. Second that means having Dovecot know how to accept NTLM authentication (SPA) to

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for

On 21/07/16 06:08, Mark Foley wrote: > OK! I deleted the /etc/passwd entry for user mark and I modified my /etc/nsswitch.conf to: > > passwd: compat winbind > group: compat winbind > > I couldn't get sendmail working with this at first -- I didn't know what to [re]start to get > the new nsswitch config to take, so I rebooted. Probably I just had to restart sendmail,

> On Jun 28, 2016, at 10:32 PM, Mark Foley <mfoley at ohprs.org> wrote: > > Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, and restarted. Now I > don't get that "Unknown authentication mechanism 'gssapi'" message in maillog, and mail is > delivered successfully to the other domain users having PLAIN authentication. That's a

On 08/08/2023 14:15, Mark Foley via samba wrote: > My current AD domain is hprs.local. Per advice in this list I'm planning on > naming the new domain ad.ohprs.org. Currently, users login from Windows with > "HPRS\joe" as their login ID. What will they use for the ID on the new domain: > "OHPRS\joe" or will they have to use e.g. "ad.ohprs.org\joe"?

On Thu, 14 Jun 2018 16:03:35 -0400 Mark Foley via samba <samba at lists.samba.org> wrote: > Nevertheless, 'ls' does give names though I don't seem to have either > libnss-winbind or libpam-winbind files on my AD/DC. I keep forgetting that you use slackware, I suppose it uses something different, but do you have any file like: libnss_winbind.so.2 > > Circling back

I think the problem still is that your keytab file has no entry imap/hostname at DOMAIN and IMAP/hostname at DOMAIN you also have no host/hostname at DOMAIN Aki On 29.06.2016 18:40, Mark Foley wrote: > Yes, I think that's exactly correct. I just made a similar reply to Edgar Pettijohn about that. > The Thunderbird message is: > > "The Kerberos/GSSAPI ticket was not accepted

More info ... when I do MAIL=imap://mark at mail.ohprs.org/ mutt (using the domain of the registered certificate). I do not get the message "Certificate host check failed: certificate owner does not match hosthame ..." I do get the same (mutt?) edit screen shown below with the "(r)eject, accept (o)nce, (a)ccept always" action at the bottom. If I "accept (o)nce",