similar to: Samba 4.19 and OpenLDAP

On Fri, 2 May 2025 21:40:38 +0000 Shannon Price via samba <samba at lists.samba.org> wrote: > > > We do not run our campus Active Directory, but our Linux clients > authenticate against it. There are several different Unix-based > environments on campus, so we cannot use the RFC2307 fields from AD > anyway since the answers would not be the same for each group. We >

Thank you for your prompt response, Rowland. The idmap_rfc2307 isn't working (yet) for me. I'm working down that path now, however I do need the homedir parameter from RFC 2307. ../../source3/auth/auth_util.c:1946(check_account) check_account: Failed to convert SID S-1-5-21-2286752186-3697686403-1823448917-102506 to a UID (dom_user[UNIV\someusername]) I have considered setting up a

Hello all, We have been working on the idmap_rfc2307 solution for this. Packet traces on the Samba server and the LDAP server don't show any communication between Samba and the LDAP server at any point. (Configuration below). Samba logs are set at 10 and the error message is consistent: ../../source3/auth/auth_util.c:1946(check_account) check_account: Failed to convert SID

I'm using the libnss-ldapd, libpam-ldapd, and nslcd packages. These replaced the old nss-ldap and pam-ldap software from a long time ago. Andy ________________________________ From: Shannon Price <pricesw at auburn.edu> Sent: Wednesday, May 14, 2025 2:34 PM To: Morgan, Andrew J <morgan at oregonstate.edu>; samba at lists.samba.org <samba at lists.samba.org> Subject: RE:

On Sat, 3 May 2025 13:56:25 +0000 Shannon Price <pricesw at auburn.edu> wrote: > > Thank you for your prompt response, Rowland. > > The idmap_rfc2307 isn't working (yet) for me. I'm working down that > path now, however I do need the homedir parameter from RFC 2307. As far as I am aware, only the idmap_ad config backend can obtain the homedir and that only works

Thanks for your response, Andrew. I haven't had success with the NSS idmap (yet). My Samba server is using SSSD for passwd and group: passwd: sss files systemd group: sss files system This works on the local system and for NFS mappings, but Samba won't pick up the initial userid. Which packages are you using to provide LDAP in your nsswitch.conf? Failed to convert SID

Shannon, We run Samba similar to what you describe. Here are excerpts from our smb.conf: [global] security = ads allow trusted domains = no idmap config * : backend = tdb idmap config * : range = 1000000-1999999 idmap config ONID : backend = nss idmap config ONID : range = 1000-999999 # our users in LDAP have uidnumbers in this range

I had a side suggestion from a list member whether nslcd was a possibility, using winbind for the authentication and nslcd to get the rfc2307 attributes. This was essentially my approach since nslcd and SSSD are performing the same role - connecting to an LDAP server for RFC2307. I have SSSD working with RHEL. RHEL has dropped NSLCD packages in favor of SSSD, but they are still available in

I have this working using "idmap_script" for the idmapping (homegrown script). I authenticate vs Active Directory and use SSSD to talk to OpenLDAP on the backend for group membership and posix attributes (homedir mostly). My nsswitch.conf looks like this: passwd: sss files systemd group: sss files systemd ID mapping is done very simply (my script is VERY short and for now

Sorry - my redaction was incomplete/incorrect in the smb.conf message. Corrected, redacted smb.conf below. I need to authenticate against AD, which does work, but idmap vs LDAP server (OpenLDAP). Why wouldn't I see traffic between the Samba server and the LDAP server? ("well there wouldn't be") >>> smb.conf <<< [global] # workgroup and naming

Is all of your authentication vs an actual Active Directory server, separate from the LDAP server? Also, what type of LDAP server (OpenLDAP? FreeIPA? Other?) and is the LDAP server also Debian? -- Shannon From: Morgan, Andrew J <morgan at oregonstate.edu> Sent: Wednesday, May 14, 2025 4:40 PM To: Shannon Price <pricesw at auburn.edu>; samba at lists.samba.org Subject: Re: [Samba]

If we use "security=user" (and idmap_rfc2307), we won't be able to authenticate against another source, right? (e.g. an AD domain)? The password would also need to come from Samba? I saw an older posting from you about "idmap_script" is that still a valid backend? The man page exists, but I don't want to go down more deprecated rabbit holes. -- Shannon

On Tue, 6 May 2025 15:39:34 +0000 Shannon Price <pricesw at auburn.edu> wrote: > > > Hello all, > > We have been working on the idmap_rfc2307 solution for this. Packet > traces on the Samba server and the LDAP server don't show any > communication between Samba and the LDAP server at any point. > (Configuration below). Well there wouldn't be. > Samba

On Tue, 6 May 2025 16:31:29 +0000 Shannon Price via samba <samba at lists.samba.org> wrote: > > Sorry - my redaction was incomplete/incorrect in the smb.conf > message. Corrected, redacted smb.conf below. I need to authenticate > against AD, which does work, but idmap vs LDAP server (OpenLDAP). Samba cannot do that. > > Why wouldn't I see traffic between the

Source: xen Severity: normal User: debian-lts at lists.debian.org Usertags: upstream-trixie X-Debbugs-Cc: debian-lts at lists.debian.org Dear xen maintainers, Testing (trixie) currently ships xen 4.17, which, according to the upstream support matrix [x], will get security support until 2025-12-12. The latest upstream release (4.19) will get security support until 2027-07-29. I believe it would

Hey, Am 23.08.2019 13:56, schrieb Rowland penny via samba: > see Red-Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1663323 > They no longer support using sssd with winbind. Yes, I know that discussion, and if you read the corresponding bug report, the case that was mentioned (which is outdated already, please look for info on idmap_sss for Samba for combining the two) is if sssd

Hello Rowland, Am 23.08.2019 13:12, schrieb Rowland penny via samba: > Do not bother, I take it you missed that red-hat (who produces sssd) > no longer supports using sssd with Winbind. So your cure is obvious: > apt-get purge sssd as I'm not using sssd and winbind for the same authentication domain (rather, winbind is for a windows domain, sssd for an LDAP-based authentication

On Tue, May 6, 2025 at 4:03?AM Rowland Penny via samba < samba at lists.samba.org> wrote: > > Is there some reason why you are still using an EOL version of Debian ? > > I personally no longer have any 32bit computers, but Debian still > supports them, so you should be able to update to 4.21.5 from > bookworm backports. > As far as I have been able to ascertain,

On 6/25/19 11:21 AM, Gregory Sloop via samba wrote: > You can always connect to the SMB share using a domain user/password credential set, even if you're not a member of the domain. > Something like - Connect as: User: "somedomain\pat" with Pat's password. > When we try this from a machine that is not connected to the domain, authentication fails:

Hello Rowland, I have to recognize that asking to compile the distro version is a valid argument. Hello Michael, can you please explain, how I can compile Samba as I am using your distro (deb [signed-by=/etc/apt/mjt.key] http://www.corpit.ru/mjt/packages/samba jammy/samba-4.19/)? Thanks, Joachim > -----Urspr?ngliche Nachricht----- > Von: samba <samba-bounces at lists.samba.org> Im