similar to: Samba 4.2.15 and MIT Kerberos External Authentication

Hello, I have been trying to get Samba 4.21.5 setup to use an external MIT kerberos authentication system on Debian 12. I realize this feature is still experimental, but I just wanted to confirm if I am missing a critical detail as it seems to be correctly installed except that it's not passing the credentials from the windows client correctly. I I have Samba complied as per the doc with

> > It sounded like you had set up Samba as an AD DC using MIT instead of > Hiemdal until here, now I am not so sure. It sounds like you have an > existing Kerberos realm and you are trying to get a Samba AD DC to auth > from that, if that is the case, then that is not how you are supposed > to do it. > > If you want to see how to set up a DC with MIT, then the easiest way

Hi, Here is our smb.conf. Please note that this server uses nss resolution for DOMAIN_B users and idmap_ldap backend to resolve DOMAIN_A users. Trusted relationship between works well for other services between those two domains. Only samba4 fileserver needs to rejoin DOMAIN_A domain (AD 2008 server) every week. #======================= Global Settings

There may be several parts to the problem: 1. Winbind on Samba 3.4.x seems unable to allocate idmap entries (UID/SID or GID/SID) , whether or not the backend is LDAP or TDB. Winbind on Samba 3.0.x is able to create idmap allocation mappings with an LDAP backend. The two problems with Samba 3.0.x are as follows - "getent" would stop showing trusted users once the cache period

Hi All, Answering to myself, this problem still occurs again and again, every week as I mentioned before. Rejoining the domain each time for samba4 file server is the only workaround. What could be the origin of this kind of problem? Any answer would be helpfull Regards Le 17/07/2017 à 10:12, Julien TEHERY a écrit : > Hello, > > > We recently put in place a trust relationship

> You did say that this machine is joined to the AD domain (DOMAIN > A), didn't you ? >> Yes > > If so, why, if 'security = ADS' is in smb.conf, are you trying to use > ldap to connect to the AD DC ????? >> Not at all. If it was the case the machine would have never be joined to DOMAIN_A Joining this machine to the 2008 domain (via net ads join..) succeed

Le 16/08/2017 à 18:18, Rowland Penny via samba a écrit : > Very hard to understand this post, but see inline comments: > > On Wed, 16 Aug 2017 17:47:25 +0200 > Julien TEHERY via samba <samba at lists.samba.org> wrote: > >>> You did say that this machine is joined to the AD domain (DOMAIN >>> A), didn't you ? >> >> Yes >>> If so,

Hi Gaiseric, both packages have been provided as RPM and installed by yum. We didn´t have to compile. "wbinfo -i" shows the correct uidnumber for users of DOMAIN_A, but nothing for users auf the trusted Domain DOMAIN_B. We have another server running Centos 6 and Samba 4.4.4. It shows the same problem: Only users and groups of DOMAIN_A are available. The settings: ldap

Hi Gaiseric, "wbinfo -u" does not show the DOMAIN_B users. "wbinfo -n DOMAIN_B+someuser" works and show the SID of the users, also from Domain_B. "wbinfo -i DOMAIN_B+someuser" does not work. It only works for users of Domain_A. For User of Domain_B, it says: failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user Domain_B+someuser

On Thu, 2 May 2019 14:05:12 +0800 d tbsky via samba <samba at lists.samba.org> wrote: > > Dear list, > > > > when I connect to a samba AD member server from a windows 10 client > > not joined to the domain, it appears that I always have to connect > > as DOMAIN\USER. Is it possible to configure samba such that it > > always interprets the USER part as

Hi Igor, I got stuck now. I did my best. I got stuck at the winbind which I suspected is the reason why the domainA_computer cannot map the domain_B user's home directory. 1. What are the settings of your winbind? 2. Do you use only "winbind" in your libnss_ldap or use "ldap" as well? 3. My winbind works with :- (For both sides) wbinfo -t wbinfo -p wbinfo -u wbinfo

Dear list, when I connect to a samba AD member server from a windows 10 client not joined to the domain, it appears that I always have to connect as DOMAIN\USER. Is it possible to configure samba such that it always interprets the USER part as being the account name of the one domain that is configured, and to discard the DOMAIN part supplied by the client? This may be a dumb question, but thanks

How would I set the idmap backend to TDB ? Both domain controlers are running Windows 2008 Server. Am 19.12.2016 um 15:44 schrieb Gaiseric Vandal: > Which idmap backend are you using? > > One thing to try is setting the idmap backend for the trusted domains > to TDB (local database file) This is not a great long term solution > since you will not have consistent mappings

Hi! Apologies if this is not the correct place to ask. I am attempting a MFA analysis of a dataset based on wine chemical and sensory analysis, based on the STHDA tutorial [1]. (I am using this dataset here too, as an example dataset to work on without posting my actual data. I've tried this with both my data and the example data, with the exact same results.) The only issue I am having is

I installed R-2.3.1 and ran make check without problem, but I am having trouble installing several packages using gcc (GCC) 3.2.3 20030502 (Red Hat Linux 3.2.3-53) on Red Hat Enterprise Linux AS release 3 (Taroon Update 7) Kernel 2.4.21-40.ELsmp on an x86_64 Below are the messages from MCMCpack. Perhaps my systems are messed up? Paul Gilbert > install.packages("MCMCpack")

On Sat, 28 Oct 2023 16:22:23 +0200 Kees van Vloten via samba <samba at lists.samba.org> wrote: > > Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: > > On Sat, 28 Oct 2023 13:50:31 +0200 > > Kees van Vloten via samba <samba at lists.samba.org> wrote: > > > >>>> I consider this a big security omission: if? Samba is the source >

On Sat, 28 Oct 2023 13:50:31 +0200 Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> I consider this a big security omission: if? Samba is the source of > >> information but not the the authenticator of the user, that > >> application cannot block expired users ! > > But, Samba when running as an AD DC is the source of information AND >

Hi, I'm running the following code to produce lattice plots of microfibril angle versus ring number in Scots pine. There are 12 trees and 5 sample positions ("Position") in each tree: xyplot(MFA ~ RN | Tree, data = MFA.data, groups = Position, subscripts=TRUE, auto.key=list(space = "top", points = FALSE, lines = TRUE, reverse.rows=TRUE,

Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: > On Sat, 28 Oct 2023 13:50:31 +0200 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >>>> I consider this a big security omission: if? Samba is the source of >>>> information but not the the authenticator of the user, that >>>> application cannot block expired users !

Op 28-10-2023 om 17:19 schreef Rowland Penny via samba: > On Sat, 28 Oct 2023 16:22:23 +0200 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: >>> On Sat, 28 Oct 2023 13:50:31 +0200 >>> Kees van Vloten via samba <samba at lists.samba.org> wrote: >>>