similar to: User database ldap lookups and sasl

Solaris 11 include samba 3.6.25. I compiled samba 4.5.1 using GCC 4.8 and gmake. Had set following env variables to make sure krb5.conf was found # CPLUS_INCLUDE_PATH=/usr/include:/usr/include/kerberosv5/ # C_INCLUDE_PATH=/usr/include:/usr/include/kerberosv5/ After setting "client ldap sasl wrapping = plain" I was able to join to a Windows 2008 domain with samba 4.

Hi, I am trying to configure the nslcd service on an Ubuntu client for kerberos authentication against samba4. My /etc/nslcd.conf contains the following: uid nslcd gid nslcd uri ldapi:///cofil01.mydomain.net base dc=mydomain,dc=net sasl_mech GSSAPI krb5_ccname FILE:/tmp/host.tkt I have added the host principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" to /etc/krb5.keytab on both

Hi all, i've got samba 3.6 joined to a ad domain (s4 in this case) running winbind all looks ok, but i ran into a problem (for us that is) i've got 2 groups (students and employes) who have there home dirs in 2 different places. /home/students/<user> /home/employ/<user> so far so good, but i can't make the [homes] work for both of them (just 1 group) in winbind

I am unable to compile Samba 4.4.7, 4.5.1 or 4.5.3 on Solaris 11. I had been able in the past so maybe an update to GCC broke something. GCC 4.8 is the default. I then installed GCC 4.9. /usr/bin/gcc is a symlink to /usr/gcc/4.9/bin/gcc. I compiled the latest openldap (client only) to the samba target directory. Set environmental variables so the krb5.h and openldap would be found.

On 16/12/15 20:40, Таболин Юрий wrote: > 16.12.2015 22:47, Rowland penny пишет: >> On 16/12/15 19:35, Rowland penny wrote: >>> On 16/12/15 19:02, Таболин Юрий wrote: >>>> Hi all. >>>> >>>> I have samba 4.2.3 on freebsd 10.1 server. There are three DC and >>>> about 350 PC on domain. I wrote earlier that samba4 ldap

Hello, I'm having an issue compiling samba with-ads enabled. I've successfully compiled kerberosV5 and Openldap. I can the following line when compiling Samba ./configure --with-pam --with-ads --with-ldap=/usr/local/openldap --with-winbind --with-krb5 The configure fails due to not having ldap support. Any ideas? Rick Mattier Systems Analyst II Windriver Systems 120 Royall St

Follow up to original post. If I created local groups and users in /etc/passwd & /etc/groups I get farther along. For instance, if I have a Samba PDC with LDAP basically like I listed in my post. If I browse from a w2k pro box to the samba server without the workstation having joined the domain, I can authenticate to the samba server with a user who is not in /etc/passwd but is in LDAP. So

Hi everyone I'm trying to use kerberos to authenticate to Samba 4 ldap. At the moment, I authenticate by specifying the binddn and password in /etc/nslcd.conf and all works fine If I add the line: sasl_mech GSSAPI to /etc/nslcd.conf and restart nslcd, no one can connect to the database. Nothing works. ldapsearch and getent passwd draw a blank. ldapsearch -x -b '' -sbase

I'm about ready to smash my head through a wall...I could use a few answers. 1. When using security = ads, and completing net ads join, it was my understanding that samba authenticated username/pword against ads, and local posix accounts were nolonger needed, is this true? 2. If yes, I have not been able to get it to work. If I have a posix user account with the same name as one in

Hello list, In the release note of Samba 3.0.6 the following parameter is described: o Maintaining the service principal entry in the system keytab for integration with other kerberized services. Please refer to the 'use kerberos keytab' entry in smb.conf(5). When using the heimdal kerberos libraries, you must also specify the following in /etc/krb5.conf:

Hi After starting Samba 4, before anyone can do anything, Administrator has to do a kinit to get a new ticket. This creates a cache /tmp/krb5cc_0 with an expiry time. I've created a host principal and put it into the keytab: samba-tool spn add host someuser samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE How can I keep Samba 4 up without having to get a new

We use dovecot in a heterogeneous environment (Windows/Linux desktops and Linux servers). For unified authentication we use a sheaf "Samba/Openldap" (i.e., Samba NT domain with openldap backend and pam/nss_ldap for Linux). Windows users are authenticated well everywhere, but there is one old issue. As "SPA" (NTLM) against NT domain is not supported by dovecot, it is

Hi everyone Version 4.0.0alpha18-GIT-bfc7481 I'm using nslcd to map Samba 4 users to uid:gid and home directory. At startup I get this: ldb_wrap open of secrets.ldb WARNING: no socket to connect to and /var/log/messages shows: Jan 15 14:20:13 hh3 nslcd[2425]: [334873] failed to bind to LDAP server ldap://h h3.site/: Can't contact LDAP server: Transport endpoint is not connected Jan

I am not sure if this is relevant root at sambaPDC:~# /usr/local/samba/bin/net rpc trustdom establish DomainB Enter DOMAINA$'s password: Could not connect to server DomainB_DC Trust to domain DomainB established root at sambaPDC:~# root at sambaPDC:~# /usr/local/samba/bin/net rpc trustdom establish DomainC Enter DOMAINA$'s password: Could not connect to

The trusts aren't really working with Windows 2008 either (where DOMAINC is the Windows 2008 domain.) # /usr/local/samba/bin/net rpc trustdom establish DOMAINC Enter DOMAINA$'s password: Could not connect to server DOMAINC_DC Trust to domain DOMAINC established # Active Directory Domains and Trusts MMC on the Windows 2008 AD DC (DOMAINC_DC) seems to think the

Software list: FreeBSD 5.3 Samba 3.0.14a nss_ldap-1.204_5 openldap-client-2.2.19 openldap-server-2.2.23 p5-perl-ldap-0.32.02 pam_ldap-1.7.6 smbldap-tools-0.8.8 samba was configured with the following options. LDAP, Cups, Winbind, utmp, popt, acl, quotas, msdfs, syslog, without_ADS I have also tried winbind_nss which I believe is a FreeBSD wrapper around the linux implentation of winbindd, but

Hi All, Any thoughts on why, while everything seems ok at the OS level (getent , id -a ) Samba doesn't pickup any supplementary groups when Solaris is configured with 'group: files ldap' in nsswitch.conf and using it's own native nss_ldap.so.1 but does when using PADL's nss_ldap? Everything else is equal. Do they use/accept different calls or could it be an

Hi! I'm using CentOS 5.1 (x86_64) machines which authenticate using LDAP. At the start of booting I get messages like this: udevd[1158]: nss_ldap: failed to bind to LDAP server ldaps://ldap.server.example.com/: Can't contact LDAP server udevd[1158]: nss_ldap: reconnecting to LDAP server... udevd[1158]: nss_ldap: could not connect to any LDAP server as (null) - Can't contact LDAP

I was wondering what the best practice is for setting up several SAMBA servers in a SAMBA domain all on the same LAN. Here is what I am looking at PDC: LDAP, Samba, nss_ldap, pam_ldap Member1: Samba, nss_ldap, pam_ldap Member2: Samba, nss_ldap, pam_ldap Member . . . . Should I set the member servers up with: Security = domain and join the severs with net rpc join or, whould it be better to set

Hi all, I have installed and configured dovecot on two different machines, so I don't have much experience with this server. One installation is giving me serious problems, that I have a hard time tracing. From the beginning: the machine is a debian mix (stable/unstable) dovecot 0.9.11, real users authenticated via pam_ldap/nss_ldap. It serves ~70 users, all of them using Outlook, Outlook