similar to: Winbind/idmap_nss search request to LDAP

On 17/12/14 23:01, Gaiseric Vandal wrote: > I have two Samba 3.6.24 domain controllers (Solaris 10.) On all > machines unix accounts and groups are in the LDAP as well as idmap > entries for trusted domains. Samba accounts on domain controllers are > in LDAP so there is problem with consistency unix/windows id and group > mapping on the domain controllers. The domain

On 17/12/14 22:01, Gaiseric Vandal wrote: > I have two Samba 3.6.24 domain controllers (Solaris 10.) On all > machines unix accounts and groups are in the LDAP as well as idmap > entries for trusted domains. Samba accounts on domain controllers > are in LDAP so there is problem with consistency unix/windows id and > group mapping on the domain controllers. The domain

On 18/12/14 16:43, Gaiseric Vandal wrote: > I think IDMAP_RID would not be the appropriate solution for me. Not > only do I want consistent IDMapping across all servers - which this > could do - but I want them to match the the existing unix uidNumber > in LDAP. You never said that you had uidNumber in LDAP!, in fact you seemed to mention every winbind backend except the one that

On 18/12/14 17:24, Gaiseric Vandal wrote: > I don't have an AD backend for this domain. The DC's are "classic" > domain controllers, Samba 3.6 , with LDAP backend for all accounts. > Would this still be an option? > > > > > I tried adding > > > idmap config MYDOMAIN:schema_mode = rfc2307 > idmap config MYDOMAIN:backend = ad > idmap

Hi! In my samba controlled domain, most users are stored in an LDAP directory. The Unix boxes use nss_ldap but they also have a few local users (mostly system-users) whose user-ids are not synchronized. I've read the documentation about idmap_nss but I'm still not sure if this is needed for my setup. Will using idmap_nss in addition to idmap_ldap result in any benefit (e.g. when mapping

I think IDMAP_RID would not be the appropriate solution for me. Not only do I want consistent IDMapping across all servers - which this could do - but I want them to match the the existing unix uidNumber in LDAP. Thanks for your help. On 12/18/14 04:29, Rowland Penny wrote: > On 17/12/14 22:01, Gaiseric Vandal wrote: >> I have two Samba 3.6.24 domain controllers (Solaris

I don't have an AD backend for this domain. The DC's are "classic" domain controllers, Samba 3.6 , with LDAP backend for all accounts. Would this still be an option? I tried adding idmap config MYDOMAIN:schema_mode = rfc2307 idmap config MYDOMAIN:backend = ad idmap config MYDOMAIN:range = 100-300 Didn't seem to work. Thanks On 12/18/14 11:57, Rowland

I have two Samba 3.6.24 domain controllers (Solaris 10.) On all machines unix accounts and groups are in the LDAP as well as idmap entries for trusted domains. Samba accounts on domain controllers are in LDAP so there is problem with consistency unix/windows id and group mapping on the domain controllers. The domain controllers are the main file servers as well. I am configuring a

Am 30.10.20 um 11:30 schrieb Rowland penny via samba: > On 30/10/2020 10:09, Thomas Besser via samba wrote: >> Am 30.10.20 um 10:57 schrieb Rowland penny via samba: >>> On 30/10/2020 09:20, Thomas Besser via samba wrote: >>>> actually we have running samba 4.5.16 under Devuan 2.0 (Ascii) as AD >>>> member without winbind configured. UID and GID

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good Morning, My test machine is Workstation 16178-AUDIT$. I've already included in the ldap base, like you can see in the base: smbldap# ldapsearch -D "cn=root,o=frigorifico-aurora,c=br" -b "o=frigorifico-aurora,c=br" -x -W '(uid=16178-audit$)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base

St?phane, The book "Samba-3 by Example" is being reprinted very soon. Up to date builds of the PDF are available on the Samba web site daily. This document can be downloaded from: http://www.samba.org/samba/docs/Samba-Guide.pdf In chapter 5 I have fully documented how Samba-3 can be deployed with LDAP and using the smbldap-tools. It works perfectly for me and in many sites that

I have an existing PDC which I am attempting to move across to a new server. On the new server, I'm having trouble with idmap (using an LDAP backend) and trusted domains. The smb.conf file is the same on both servers. My idmap & winbind parameters are as follows: ldap idmap suffix = ou=idmap idmap backend = ldap:ldap://127.0.0.1 idmap uid = 10000-29000 idmap gid = 10000-29000 winbind

I use openLDAP as dovecot pass/user db. here is main part of dovecot-ldap.conf: pass_attrs = mail=user, uid=userdb_home=/home/xadmin/%d/%$,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = SSHA user_attrs = mail=user, uid=home=/home/xadmin/%d/%$ user_filter = (&(objectClass=posixAccount)(|(mail=%u)(mailAlias=%u))) It works fine, but some

Hello, I have a Samba/OpenLDAP domain (PDB+BDC) and a member Samba server hosting homes and profiles which is identifying users with nss_ldap and is issuing some strange ldap searches. I have these messages in my slapd logs: conn=14143 op=2 SRCH base="ou=XXX" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=domain\5Cuser))" conn=14143 op=2 SRCH attr=uid

If you already tested %d in the ou of the auth user bind, and it is not working. I guess you are just left with options like 1. 3 different vm's 2. auth bind = no base, scope subtree that is parent of those 3 ou's and then apply filters something like pass_filter = (&(objectClass=posixAccount)(uid=%n)(ou:dn:=%d)) 3. investigate if nslcd(/ssss?) has an option to use multiple queries

On 30/10/2020 13:17, Ralph Boehme wrote: > Am 10/30/20 um 12:39 PM schrieb Rowland penny via samba: >> On 30/10/2020 11:20, Ralph Boehme wrote: >>> Am 10/30/20 um 12:11 PM schrieb Rowland penny via samba: >>>> On 30/10/2020 11:06, Ralph Boehme via samba wrote: >>>>> Am 10/30/20 um 10:20 AM schrieb Thomas Besser via samba: >>>>>> Can I

I read LinuxFest NW 2005 Presentation pdf. On page 32, mentioned it required patches on kernel 2.6.x and netfilter and It only said that SuSE 9.2 and 9.3 had patches on it''s stock kernel. I''m using Redhat AS 4. Anybody knows does the stock kernel and netfilter had theses patches patched ? or How should I know the kernel and netfilter had these patches applied ? thanks!

You have two ways of authenticating against ldap. I decided to use the method where a single account has access to the user credentials. (Advantage of this method, you can limit ldap lookups eg do not have to do 2nd for the userdb) debug_level = 1 uris = ldaps://ldap.local:8443 dn = cn=aaaa,cn=bbbbb,ou=ccccc,dc=dddd,dc=eeee,dc=local dnpass = xxxx base =

Am 10/30/20 um 12:39 PM schrieb Rowland penny via samba: > On 30/10/2020 11:20, Ralph Boehme wrote: >> Am 10/30/20 um 12:11 PM schrieb Rowland penny via samba: >>> On 30/10/2020 11:06, Ralph Boehme via samba wrote: >>>> Am 10/30/20 um 10:20 AM schrieb Thomas Besser via samba: >>>>> Can I configure winbind to use 'local' users and groups from

On Tue, 3 Apr 2018 10:51:09 +0200 Francesco Malvezzi via samba <samba at lists.samba.org> wrote: > Il 21/02/18 16:20, L.P.H. van Belle ha scritto: > > Hai, > > > > Thank you for having trust in my packages.. :-) > > Now if you use my package, i suggest, do read the howto's also... > > All you need for a good setup on debian stretch is there. >