Displaying 20 results from an estimated 10000 matches similar to: "Accessing Samba domain member shares from trusted domain"
2024 Nov 08
1
Accessing Samba domain member shares from trusted domain
On Fri, 8 Nov 2024 19:45:27 +0000
"Vaughan, Robert J via samba" <samba at lists.samba.org> wrote:
> Hello all
>
> We have two AD domains; A for production, and B for development
>
> I am told B trusts A, but not the other way around (one-way trust)
>
> Within domain B exists a Linux Samba file server (domain member of
> domain B) which I am trying to
2024 Nov 12
2
Accessing Samba domain member shares from trusted domain
On 11/12/24 6:49 PM, Vaughan, Robert J via samba wrote:
> Ok well I have that setting you mention
>
> I just can't map my trusted AD account in the trusting domain on my
> Linux Samba domain member
>
> I can't see any users in the trusted domain actually
>
> wbinfo -u --domain=TRUSTED
>
> returns nothing at all
this is as expected. We're not allowed
2024 Nov 22
1
Accessing Samba domain member shares from trusted domain
Hi Ralph
When you said I can't use idmap_ad in my trusting domain because 'we're not allowed to talk to a DC in the trusted domain', does that still apply even if we can provide a read-only DC from the trusted domain inside the trusting domain network?
Thanks,
Rob
-----Original Message-----
From: Ralph Boehme <slow at samba.org>
Sent: Tuesday, November 12, 2024 12:59
2024 Nov 08
2
Accessing Samba domain member shares from trusted domain
On 11/8/24 9:33 PM, Rowland Penny via samba wrote:
> You need two way trusts, see here:
>
> https://wiki.samba.org/index.php/Active_Directory_Trusts
as an AD DC: yes. As a member server: no.
-slow
--
SerNet Samba Team Lead https://sernet.de/
Samba Team Member https://samba.org/
SAMBA+ packages https://samba.plus/
-------------- next part --------------
A non-text
2024 Nov 11
1
Accessing Samba domain member shares from trusted domain
Is it described anywhere how to setup a domain member to share to a trusted AD domain?
Thanks,
Rob
-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Ralph Boehme via samba
Sent: Friday, November 8, 2024 4:35 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Accessing Samba domain member shares from trusted domain
On 11/8/24 9:33 PM, Rowland Penny
2023 Feb 13
1
idmap ad question
> On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
> Hi all
>
> In the idmap_config_ad wiki, it states ..
>
> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
>
> Can someone explain this?
>
>> Yes
>>
>> Every users primaryGroupID attribute is set to 513, the RID for Domain
2023 Feb 13
1
idmap ad question
On 13/02/2023 18:26, Vaughan, Robert J via samba wrote:
> I should mention, I can ssh into the server using my AD creds and the one test share I setup also maps fine, so it all seems to be working, was just curious why 'getent passwd' does not show AD accounts
Provided that the users you want to be visible to Unix have a uidNumber
attribute containing a unique number inside the
2023 Feb 13
1
idmap ad question
> On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
> Hi all
>
> In the idmap_config_ad wiki, it states ..
>
> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
>
> Can someone explain this?
>
>> Yes
>>
>> Every users primaryGroupID attribute is set to 513, the RID for Domain
2023 Feb 13
1
idmap ad question
> I should mention, I can ssh into the server using my AD creds and the one test share I setup also maps fine, so it all seems to be working, was just curious why 'getent passwd' does not show AD accounts
>>Provided that the users you want to be visible to Unix have a uidNumber
>>attribute containing a unique number inside the 225-999999 range and
>>Domain Users has
2023 Feb 13
1
idmap ad question
On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
> Hi all
>
> In the idmap_config_ad wiki, it states ..
>
> If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
>
> Can someone explain this?
>
>>Yes
>>Every users primaryGroupID attribute is set to 513, the RID for Domain
>>Users.
2023 Feb 01
2
Searching Samba share file contents
Hello Samba listers
Is there a way to search Samba share file contents from the Windows client explorer? This works on Windows shares. I can't seem to get a hit on this on Google ..
Thanks,
Robert Vaughan
----------------------------------------------------------------------
This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain
2017 Mar 30
2
JPG issue
Ok, it's taken me a while, but here's what seems to be the problem. In OSX
I see a lock on the file. If that lock is ON, it disappears. But what is
that lock and where did it come from.... Is it like a read only lock?
On Thu, Mar 30, 2017 at 11:04 AM Curtis Vaughan <cavaughan at gmail.com> wrote:
> Ok, here's what seems to be going on. When a JPG is put into a share it
>
2023 Feb 13
1
idmap ad question
On 13/02/2023 18:54, Vaughan, Robert J via samba wrote:
>
> nsswitch.conf has 'files winbind' for the passwd, shadow and group lines
Remove it from the shadow line, it should not be there.
>
> What does it mean 'winbind links set up'?
It refers to the links that connect winbind to nsswitch
>
> OS is Red Hat 7. Any idea in those packages if I might be
2023 Feb 12
2
idmap ad question
Hi all
In the idmap_config_ad wiki, it states ..
If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD.
Can someone explain this?
Thanks,
Robert Vaughan
----------------------------------------------------------------------
This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain
2023 Feb 08
1
Domain join with realm
> The LDAP client is also Fedora 37, Samba client version also 4.17.5;
> this host is joined to the Samba AD domain using "realm join ...".
>>This is, in my opinion, the wrong way of joining, you should have used
>>'net ads join'.
>>Rowland
Hi Rowland,
I have noticed several times you have warned against using 'realm join' when that is the
2023 Feb 13
1
idmap ad question
On 13/02/2023 19:42, Vaughan, Robert J via samba wrote:
> Yeah the link is correctly setup, since it is not compiled Samba
>
> Ok, I found in this link ..
>
>
2002 Aug 26
2
Homedrive mapping
Hello everyone,
We are making extensive use of the homedrive mapping fields in AD.
(automagically mapping a drive letter to a UNC path without a logon script)
Since we sp2 applied to our clients, none of them have been able to map
their home drives to our samba servers.
According to Microsoft's q-article,
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q308580&, "this
2023 Feb 14
1
idmap ad question
On 13/02/2023 22:53, Vaughan, Robert J via samba wrote:
>
>>> Were you running 'getent passwd' rather than 'getent passwd AUSERNAME' ?
>
> Yes, I am used to getting that output with getent on my UNIX LDAP system. As long as I can get it from wbinfo I suppose that works too.
>>Never understood why anyone requires all the users or groups on a
2017 Mar 30
2
JPG issue
[global]
workgroup = NPC
server string = Samba Server %v
netbios name = Atlantica
security = user
map to guest = bad user
dns proxy = no
hide files = /~*/
hide unwriteable files = yes
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
path = /home/%S
valid users = %S
browseable = no
guest ok = no
writable = yes
2023 Feb 14
1
idmap ad question
On 14/02/2023 11:41, Vaughan, Robert J via samba wrote:
> I am the UNIX admin and don't have a use for all domain users group since all domain users won't be UNIX (or SAMBA) users
>>Your decision.
>
> What do you mean by "It isn't as if you can have a user group with the same name as the user"? We currently do have group names in UNIX (local and in LDAP)