Re: [Samba] File share permissions act different on member server than on DC

> > Regards > Marc Hi It looks like that on the DC, Administrator already has admin permissions on the share (like root in Linux) but on a file server he doesn't. You have to specify Administrator as an admin user or give him full posix rights on the share using setfacl. Summary.mAdministrat

Re: [Samba] getent group by name fails

On Fri, 2013-10-11 at 14:06 -0400, Lee Allen wrote: > Steve thank you for pointing that out. > > > I made those changes and it does not effect the results. > 'getent group UID' works > 'getent group groupname' does not work, for the same group > >

Re: [Samba] getent group by name fails

groups = yes > winbind use default domain = yes > winbind nested groups = yes > winbind separator = \ > idmap config * : backend = ad > idmap config * : range = 1-10 Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9

Re: [Samba] wbinfo -i domain_username issue

On Wed, 2013-10-09 at 10:18 +0200, Alessio Tomelleri wrote: > > Thx Steve for your quick replay. > > ...and sorry for my late, but I was away in last two days, anyway here > I'am... > > For first, nscd is not running anywhere... > > Secondly, I have to admit th

Re: [Samba] DNS frustration

n't know your domain names and finding the DN for the machine took some working out, but I've an example here: http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] wbinfo -i domain_username issue

getent command. Oh, and kill any nscd for the moment. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Should I forget sssd ?

On Tue, 2013-10-01 at 17:06 +1100, m...@electronico.nc wrote: > Le 01/10/2013 16:44, steve a écrit : > > Hi > > It looks as though the ad backend is broken in 1.11.1. At least I can't > > get it going with a similar sssd.conf: > > https://lists.fedorahosted.org/pip

Re: [Samba] Should I forget sssd ?

On Tue, 2013-10-01 at 15:48 +1100, m...@electronico.nc wrote: > Hi again, > > Thanks again, Denis, Steve and Rowland for your previous answers about > RFC2307 and winbind. > > Maybe I'm an dreamer but here is that I wanted to achieve : > Ubuntu server 12.04.3, samba

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

and guiNumber each time a new user is created from Windows > >>> Management Console ? > >>> > >> Even with RFC2307 domain provision, you will have to add the uidNumber & > >> gidNumber manually, as Steve says, you can do this with samba-tool, but > >

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

On Sat, 2013-09-28 at 17:11 +0200, Marc Muehlfeld wrote: > If you use the MMC, Hi. The op cannot use MMC. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] mount.cifs and kerberos failure

-ad.html It would be better not to use a regular user to mount the share but instead create an unprivileged domain user, e.g. cifsuser whos sole purpose is to mount the share. You can then mount it using the multiuser option if other users are required to use it. HTH Steve -- To unsubscribe fro

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

f that's the case, then the output of the domain level show command is incorrect as we can and do use all the rfc2307 attributes. I can see that the 2008 R2 schema which ships with Samba4 also includes the attributes. [1] I wonder if the 2012 AD schema has rfc2307? Cheers, Steve -- To unsu

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

On Sat, 2013-09-28 at 11:06 +1100, m...@electronico.nc wrote: > Le 27/09/2013 20:36, steve a écrit : > > On Fri, 2013-09-27 at 19:09 +1100, m...@electronico.nc wrote: > >> Hi all, > >> > >> (Trying to connect squid, postfix, dovecot, pptp, etc ... to AD) >

Re: [Samba] Adding RFC2307 attributes to an existing Win2003 AD domain?

attributes using the schema that comes with Samba4. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

sers, use a script and then add the attributes using ldbmodify. I'd recommend using nslcd or sssd so that getent will pull the information from AD. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Log in on Samba 4 AD DC using AD username

or your users in AD? Here's our version of how to do it with sssd: http://linuxcostablanca.blogspot.com.es/2013/04/sssd-in-samba-40.html HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] default idmap range in samba4

7;d recommend storing the numbers in AD and using winbind, nss-ldapd or sssd to retrieve them _from AD_. If you go for the latter, you remove the need to know ranges completely. To bypass the idmap, set idmap_ldb use:rfc2307 = Yes in smb.conf and forget about the ranges. HTH Steve -- To unsubscr

Re: [Samba] setting permissions for unix users on samba shares

r read only = yes write list = SomeDomainUser with place.txt containing: !apache = SomeDomainUser HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Log on to Samba 4 AD DC using domain user

main user must have a uidNumber and a gidNumber to be able to authenticate to a Linux system such as Samba4. You can use winbind, nss-ldapd or sssd to do that. I'd recommend storing the numbers in AD and pulling them direct rather than a separate mapping. HTH Steve -- To unsubscribe from thi

Re: [Samba] Samba as DC Member

oup = MYDOMAIN security = ADS kerberos method = system keytab Make sure /etc/hosts has: 127.0.0.1 centos-client.mydomain.com centos-client localhost and that you can (at least) ping the 2008 box Then try to join the domain: net ads join -UAdministrator That may get you a little closer. HTH Steve

Re: [Samba] ldbedit syntax problem

On Sun, 2013-09-22 at 13:36 +0100, Rowland Penny wrote: > On 22/09/13 13:04, steve wrote: > > Hi > > How do I ldbedit this dn? > > > > CN=*,OU=auto.users,ou=automount,DC=bar,DC=foo > > > > It's the * that I can't get. > > > > Cheers, &

[Samba] ldbedit syntax problem

Hi How do I ldbedit this dn? CN=*,OU=auto.users,ou=automount,DC=bar,DC=foo It's the * that I can't get. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] group share directory

On Mon, 2013-09-16 at 09:58 -0700, David Christensen wrote: > On 09/16/13 02:10, steve wrote: > > How about a big hammer? cron: > > find /mnt/z/data -type f -exec chmod 777 {} \; > > as often as you think users may mv or cp. > > Try exec+ if they move a lot of files

Re: [Samba] automatically create users home directories samba 4.0.9

;\\mydomain\Users\xlinuxd" When that doesn't work, try this too: I think you'll need to set the permissions. wbinfo -i xlinuxd then chown uidNumber:gidNumber /home/Users/xlinuxd chmod 755 /home/Users/xlinuxd In windows, it'll then appear as H:\ HTH Steve -- To unsubscribe f

Re: [Samba] group share directory

On Sun, 2013-09-15 at 13:57 -0700, David Christensen wrote: > but copying and moving > didn't. How about a big hammer? cron: find /mnt/z/data -type f -exec chmod 777 {} \; as often as you think users may mv or cp. Try exec+ if they move a lot of files. HTH Steve -- To unsubscrib

Re: [Samba] group share directory

On Sat, 2013-09-14 at 23:42 -0700, David Christensen wrote: > samba: > > I am attempting to set up a "group share" directory on Debian "Wheezy" > where any user can create or place files and directories, and every > other user has full access to those files and directories. The > directory wil

Re: [Samba] Bind9 AD SDLZ driver failed to load

; include "/usr/local/samba/private/named.conf" > into /etc/bind/named.conf, Bind9 fails to start. Ho On Ubuntu, I think bind runs as user bind. Can bind read/get into to beable to read the dns partition at /sam.ldb.d, /dns and dns.keytab under /usr/local/samba/private? HTH Steve -- T

[Samba] BIND9_DLZ disallows ddns updates

, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No What's missing? Thanks, Steve -- To unsubscrib

Re: [Samba] samba4 upgradeprovision

bility to add rfc2307 attributes. samba-tool user add --help for the syntax details. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 and automount

On Fri, 2013-09-13 at 09:54 +0100, Rowland Penny wrote: > On 13/09/13 09:34, steve wrote: > > > Hi > I re-read your post with all the info and found these: > > DEFAULT_MASTER_MAP_NAME="CN=auto.master,CN=HOME,CN=defaultMigrationContainer30,DC=hh3,DC=site&

Re: [Samba] Sharing files while being member of an active directory

ill have: 'Users/groups having a uidNumber/gidNumber set in AD. . .'. The only other thing I can think of is the permissions on: /srv/samba/test kinit mik...@mikjaer.com smbclient //fileserver/test -Umikkel As a separate test, then from a root account, su to mikkel on the fileserver

Re: [Samba] Samba4 automount schema: convert from flat files to LDAP

On Mon, 2013-09-09 at 15:00 +0200, steve wrote: > Hi > I think I've managed to get the automount classes into the the schema: > > ldbsearch > --url=/usr/local/samba/private/sam.ldb.d/"CN=SCHEMA,CN=CONFIGURATION,DC=HH3,DC=SITE.ldb" > | grep "dn: CN=automou

[Samba] Samba4 automount schema: convert from flat files to LDAP

ne point me in the right direction? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4/Windows DNS replication and administration issue

> > Is this the correct way to generate the dns.keytab? Is there anything I'm > missing? Maybe you didn't recreate the keytab? Look for the timestamp: klist -kte /path/to/dns.keytab The only difference I can see with our keytab is that we have: DNS/fqdn@REALM and short-hostnam

Re: [Samba] How do I lock a shared file?

On Thu, 2013-09-05 at 10:25 -0700, Jeremy Allison wrote: > On Thu, Sep 05, 2013 at 06:25:15PM +0200, steve wrote: > > Hi > > Yeah, the lesson plan is a good idea! > > > > LibreOffice locks files as you'd expect:) Nothing else works though. I'm > > a

Re: [Samba] primary GID based access for user in 16 supplementary groups

laris/linux client. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] How do I lock a shared file?

On Thu, 2013-09-05 at 14:40 +0200, Helmut Hullen wrote: > Hallo, steve, > > Du meintest am 05.09.13: > > >>> School classes often have projects with files that many students > >>> will need to edit. > > [...] > > >> Also, nobody forces appl

Re: [Samba] How do I lock a shared file?

On Thu, 2013-09-05 at 14:14 +0200, Volker Lendecke wrote: > On Thu, Sep 05, 2013 at 02:08:27PM +0200, steve wrote: > > > This is a feature of the SMB protocol that a client can > > > explicitly request. It's called share modes. There is no > > > option where you

Re: [Samba] How do I lock a shared file?

On Thu, 2013-09-05 at 13:34 +0200, Volker Lendecke wrote: > On Thu, Sep 05, 2013 at 01:23:14PM +0200, steve wrote: > > On Thu, 2013-09-05 at 11:51 +0200, Volker Lendecke wrote: > > > On Thu, Sep 05, 2013 at 10:30:56AM +0200, steve wrote: > > > > 4.0.9 as a file serve

Re: [Samba] How do I lock a shared file?

On Thu, 2013-09-05 at 11:51 +0200, Volker Lendecke wrote: > On Thu, Sep 05, 2013 at 10:30:56AM +0200, steve wrote: > > 4.0.9 as a file server > > Hi > > We have a rw folder where we can share files. If a user opens a file, I > > would like it to be locked so the other u

[Samba] How do I lock a shared file?

acls = Yes getfacl /home/privado getfacl: Removing leading '/' from absolute path names # file: home/privado # owner: root # group: Domain\040Users user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:other::--- Cheers, Steve -- To unsubscribe from this

Re: [Samba] Samba 4 - nslcd setup on Debian

, you can use samba-tool to do this. Otherwise you can use ldbedit or ldbmodify. I doubt whether your debian install is recent enough. There are scripts here: http://linuxcostablanca.blogspot.com.es/p/s4bind.html I'd recommend building from source. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] smbd looking for non existent files

once. I've also tried asking on my distro list. Nada. > > Hi > > > > The problem is that each Linux client adds 0.7% to smbd. That's a > > constant load. I realise it's not a Samba issue. I'll have to either > > switch to another DE or reve

Re: [Samba] smbd looking for non existent files

On Sun, 2013-08-25 at 12:37 +0200, Michael Wood wrote: > On 24 August 2013 22:39, steve wrote: > On Sat, 2013-08-24 at 20:57 +0200, Michael Wood wrote: > > Hi > > > > On 24 August 2013 19:05, steve wrote: > > Hi

Re: [Samba] Not Obeying "require_membership_of" winbind.so when "User must change password at next logon"

On Sun, 2013-09-01 at 09:56 +0200, steve wrote: > On Thu, 2013-08-22 at 11:49 +, Jason Caylor wrote: > > Okay, so I have an Active Directory server running on Windows Server 2012 > > Standard > > I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC

Re: [Samba] Not Obeying "require_membership_of" winbind.so when "User must change password at next logon"

so, then: Put only the users you want. Then common-account: account requiredpam_succeed_if.so user ingroup mygroup man pam_succeed_if BTW, I'd strongly advise changing to the ad backend. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions:

Re: [Samba] objectClass:posixAccount missing

On Sat, 2013-08-31 at 20:17 +0200, Luca Olivetti wrote: > Al 31/08/13 18:00, En/na steve ha escrit: > > >> Hi > >> It doesn't work here either. The only way we can get it to authenicate > >> or join the domain is to add: > >> I.P.ADD.RRESS f.q.

Re: [Samba] objectClass:posixAccount missing

On Sat, 2013-08-31 at 17:53 +0200, steve wrote: > On Sat, 2013-08-31 at 17:25 +0200, Luca Olivetti wrote: > > Al 31/08/13 15:23, En/na steve ha escrit: > > > > > I feel we've made progress. Next time a winbind problem gets posted, > > > we'll be able t

Re: [Samba] objectClass:posixAccount missing

On Sat, 2013-08-31 at 17:25 +0200, Luca Olivetti wrote: > Al 31/08/13 15:23, En/na steve ha escrit: > > > I feel we've made progress. Next time a winbind problem gets posted, > > we'll be able to refer to 3 democratically produced howtos. Thanks to > > Marc for

Re: [Samba] objectClass:posixAccount missing

ime a winbind problem gets posted, we'll be able to refer to 3 democratically produced howtos. Thanks to Marc for listening to us and inviting us in on hos howtos, Luca his patience in hearing us out 'till EOT and to Rowland for keeping me sane. OpenSource at it's best. Cheers, Steve

Re: [Samba] objectClass:posixAccount missing

On Sat, 2013-08-31 at 00:14 +0200, Luca Olivetti wrote: > Al 30/08/13 23:44, En/na steve ha escrit: > > > Interesting point; you've now sampled winbind, nslcd and sssd to the > > same end. Have you made a decision as to which you'll be going with? > > Well,

Re: [Samba] objectClass:posixAccount missing

On Fri, 2013-08-30 at 18:42 +0200, Luca Olivetti wrote: > Al 30/08/13 18:15, En/na steve ha escrit: > > On Fri, 2013-08-30 at 16:05 +0100, Rowland Penny wrote: > >> On 30/08/13 15:48, Luca Olivetti wrote: > >>> Al 30/08/13 11:41, En/na Rowland Penny ha escrit: >

Re: [Samba] objectClass:posixAccount missing

l before compiling. > > > Note that I get the last error even if I add > > > > ldap_sasl_authid = Administrator > > Have you dumped the Administrator key to the keytab? If it isn't in the keytab it's not going to find a match either. Why not simply choose something which you _do_ have? ldap_sasl_mech = gssapi ldap_sasl_authid = something.you.do.have.in.the.keytab ldap_krb5_keytab = /etc/krb5.keytab HTH to get us closer. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] objectClass:posixAccount missing

On Fri, 2013-08-30 at 21:53 +0200, Luca Olivetti wrote: > > http://www.spinics.net/lists/cyrus-sasl/msg02004.html > > I'll try to build a version with the fix > Suerte. Good luck. ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.26.tar.gz -- To unsubscribe from this list go to the followin

Re: [Samba] objectClass:posixAccount missing

On Fri, 2013-08-30 at 19:21 +0200, Luca Olivetti wrote: > Al 30/08/13 18:54, En/na steve ha escrit: > > > Bueno, a ver: > > We can say for certain that /etc/krb5.keytab contains the key for > > nslcd-connect > > make sure you have: > > > > ldap_sasl_

Re: [Samba] objectClass:posixAccount missing

On Fri, 2013-08-30 at 20:45 +0200, Luca Olivetti wrote: > > Casi, casi... Bueno. Algo es algo, pero todavía nos falta los atributos procedentes de AD. Saludos, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/o

Re: [Samba] objectClass:posixAccount missing

On Fri, 2013-08-30 at 19:44 +0100, Rowland Penny wrote: > On 30/08/13 19:14, steve wrote: > > On Fri, 2013-08-30 at 18:58 +0100, Rowland Penny wrote: > >> On 30/08/13 18:21, Luca Olivetti wrote: > >>> Al 30/08/13 18:54, En/na steve ha escrit: > >>>

Re: [Samba] objectClass:posixAccount missing

g out loud but there have been problems with nslcd and I think winbind too before this. I don't know if this be possible and I know that the devs would frown upon it, but maybe we've reached the time for a rebuild over bare metal. Rowlands suggestion of a recompile gets a +

Re: [Samba] objectClass:posixAccount missing

On Fri, 2013-08-30 at 17:45 +0100, Rowland Penny wrote: > Hi Steve, lets just get something to work for the OP first. Agreed. It seems we now at least have a keytab that we can use for certain. Pls see my interim post. -- To unsubscribe from this list go to the following URL and read

Re: [Samba] objectClass:posixAccount missing

isn't averse to getting his hands dirty. It's always best when it's still fresh in your mind. Actually both the configuration proposed by steve and yours were OK. The > only problem was the hostname mismatch (causing the "server not found in > kerberos database" erro

Re: [Samba] objectClass:posixAccount missing

On Fri, 2013-08-30 at 18:58 +0100, Rowland Penny wrote: > On 30/08/13 18:21, Luca Olivetti wrote: > > Al 30/08/13 18:54, En/na steve ha escrit: > > > >> Bueno, a ver: > >> We can say for certain that /etc/krb5.keytab contains the key for > >

[Samba] front end for samba-tool user

Does anyone have a fill in the boxes type form to the new samba-tool user add? Under Linux? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 file-server usage

On Fri, 2013-08-30 at 11:25 +0200, Stéphane PURNELLE wrote: > Hi, > > I test samba 4 for AD authentification and file-server usage. > > My file-server use posix ACL (XFS filesystem) for manage acces between > user. > > So I must use some trick ("steve p

Re: [Samba] objectClass:posixAccount missing

able here: https://fedorahosted.org/released/sssd/sssd-1.11.0.tar.gz Salu2 y suerte, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 Member Server not working

On 29/08/13 20:29, Carlos Alberto Borges Garcia wrote: > > But if I run: > id test > id MYNET\test > id MYNET\\test > id t...@mynet.net > > > I get "No such ser" > That should be: id test not: id MYNET\\test -- To unsubscribe f

Re: [Samba] Samba4 Member Server not working

On Thu, 2013-08-29 at 15:29 -0300, Carlos Alberto Borges Garcia wrote: > Still not working :( Turn off nscd? Give up? Use nslcd or sssd instead? Can't think of anything else:( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/op

Re: [Samba] objectClass:posixAccount missing

On Thu, 2013-08-29 at 20:17 +0200, Luca Olivetti wrote: > but then sssd complains that > > [[sssd[ldap_child[2300 [ldap_child_get_tgt_sync] (0x0100): > Principal > name is: [HP$@WETRON.ES] > [[sssd[ldap_child[2300 [ldap_child_get_tgt_sync] (0x0100): Using > keytab [/etc/krb5.keytab] > [[s

Re: [Samba] Samba4 Member Server not working

On Thu, 2013-08-29 at 14:59 -0300, Carlos Alberto Borges Garcia wrote: > Still not working: > > > I created a test user: > > > > > dn: CN=test,CN=Users,DC=mynet,DC=net > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: test > givenName: test

Re: [Samba] Samba4 Member Server not working

On Thu, 2013-08-29 at 19:46 +0200, steve wrote: > You can get sensible values for uidNumber from idmap e.g.: > wbinfo -i carlos ** Don't forget to change: idmap config MYNET:range = 500-4 to include your new values. Something like: 300-310 -- To unsubscribe from this

Re: [Samba] Samba4 Member Server not working

have the users, just edit their entries e.g.: ldbedit --url=/usr/local/samba/private/sam.ldb cn=carlos Add a minimum of: uidNumber: 1234567 gidNumber: 12345 Your winbind will then pull this information from AD when needed. You can get sensible values for uidNumber from idmap e.g.: wbinfo -i ca

Re: [Samba] nslcd / pam_ldap HowTo

On Thu, 2013-08-29 at 13:08 +0200, Marc Muehlfeld wrote: > > I think most companies running Samba in production don't use the latest > versions of everything, because they run enterprise distributions like > RHEL, SLES, Debian, etc. > > At work we only run self compiled software, when there's a

Re: [Samba] nslcd / pam_ldap HowTo

-b -k /tmp/nslcd.tkt - Switch bullets 6 and 7: edit /etc/nsswitch.conf _before_ you start nslcd. It's unfortunate we still have to cater for the old versions too. The extra mappings slow things down considerably for large domains especially as enumeration is enabled. HTH Steve -- To unsubscribe

Re: [Samba] objectClass:posixAccount missing

anca.blogspot.com.es/2013/04/sssd-in-samba-40.html sssd 1.11.1 was released today. I'll report back:) HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 Member Server not working

nbind > > group: compat winbind > > > > I can start the daemon without issues: > > > > smbd > > nmbd > > winbindd > > > > "wbinfo -u" list all my domain users > > > > "wbinfo -g" list all my domain groups > > > > > > Here is the problems: > > > > When I run "getent passwd", it lists only the local users. > > For performance reasons, by default we do not list users in the AD > domain. See winbind enum users in your smb.conf His smb.conf above shows that the OP has those lines for both users and groups. > > > When I run "id Administrator", it returns "No such user". > > You need to use 'id MYNET\\administrator' > smb.conf has: winbind use default domain = Yes Do we still need MYNET\\? Do your users have entries for: uidNumber and gidNumber in AD? Cheers Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] objectClass:posixAccount missing

On Wed, 2013-08-28 at 20:18 +0200, Luca Olivetti wrote: > Al 28/08/13 20:11, En/na steve ha escrit: > > > Hi > > Without objectClass: posixAccount > > you need the filter for nslcd. > > > > IOW, for AD, you either must add it yourself or use the nslcd filter

Re: [Samba] objectClass:posixAccount missing

On Wed, 2013-08-28 at 19:15 +0200, Luca Olivetti wrote: > Al 28/08/13 13:43, En/na steve ha escrit: > > >> > >> 0.8.12 is not recent enough and those filters are needed. > > > > I'll try 0.8.12 later but I doubt it will have changed: > > I have 0.8

Re: [Samba] nslcd: kerberos vs. simple bind

On Wed, 2013-08-28 at 19:27 +0200, Marc Muehlfeld wrote: > Am 28.08.2013 19:11, schrieb steve: > > If you're happy with plain text passwords being passed over the network > > then use them. There may be some admins that will not be able to do that > > though, so. .

Re: [Samba] objectClass:posixAccount missing

ix > $ LC_ALL=en id pruebaunix > id: pruebaunix: no such user Hi OK then, so just compare the DN of aimaretti with that of pruebauinx. Post them here if you like: ldbsearch --url=/usr/local/samba/private/sam.ldb cn=aimaretti and ldbsearch --url=/usr/local/samba/private/sam.ldb cn=pruebaunix

Re: [Samba] nslcd: kerberos vs. simple bind

On Wed, 2013-08-28 at 18:37 +0200, Marc Muehlfeld wrote: > In your > blog you use k5start for that. Also Fedora 19 and RHEL6 doesn't have it > in their repositories. So something more to compile and to be ensured > that it starts and run. :-) A quick google shows that both Fedora and Red Hut P

Re: [Samba] nslcd: kerberos vs. simple bind

On Wed, 2013-08-28 at 18:37 +0200, Marc Muehlfeld wrote: > Hello, > > I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it > was drifting away from it's origin question :-) > > I played this afternoon a bit with nslcd and kerberos for extending my > Wiki HowTo. But as more as

Re: [Samba] objectClass:posixAccount missing

On Wed, 2013-08-28 at 13:17 +0200, Luca Olivetti wrote: > Al 28/08/13 09:58, En/na steve ha escrit: > >> filter passwd (objectclass=user) > >> > >> to /etc/nslcd.conf > >> > >> and that gave me the missing users. > >> I suppose I sh

Re: [Samba] Problem with nslcd and samba

incipal=ADMIN01$ klist -k Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem with nslcd and samba

On Wed, 2013-08-28 at 10:34 +0200, Stéphane PURNELLE wrote: > Hi, > > I try to use nslcd with samba 4 for get suers and group for AD. > if I do a ldapsearch, I have a message : > > Server not in kerberos database Hi You get those errors when you are not joined to the domain. Is this the DC or a

Re: [Samba] objectClass:posixAccount missing

. All that is needed is: uid nslcd gid nslcd uri ldap://your.f.q.d.n base dc=foo,dc=bar map passwd uid samAccountName map passwd homeDirectory unixHomeDirectory sasl_mech GSSAPI sasl_realm SOME.REALM krb5_ccname /tmp/nslcd.tkt hth to speed things up a little. Steve -- To unsubscribe from this

Re: [Samba] objectClass:posixAccount missing

ctly the same nslcd.conf but be sure to use version 0.8.10 or above which contains all the AD stuff. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Change default GID of users

On Tue, 2013-08-27 at 16:07 -0300, Bruno Vane wrote: > Hi Steve, > > > Seems that this attribute does not matter, see my user "bruno.vane": > primaryGroupID: 513 > gidNumber: 100 Hi How are you obtaining the infromation from AD? If you set: gidNumber: 100 in th

Re: [Samba] objectClass:posixAccount missing

On Tue, 2013-08-27 at 20:11 +0200, Marc Muehlfeld wrote: > Do posixAccount/posixGroup > objectClasses have to be there normally? No. With the AD schema, you can use all of rfc2307 without the need for the objectclassed which define them. Just add the attributes. HTH Steve -- To unsub

Re: [Samba] Change default GID of users

On Tue, 2013-08-27 at 14:33 -0300, Bruno Vane wrote: > Hi Steve, > > > I did what you said, and when create the user, nothing changes: Hi Sorry, you have to add: gidNumber: 100 to the DN of each user too. Make sure that you clear the nscd cache after making any change to AD. Ste

Re: [Samba] Change default GID of users

gt; the GID of group"users" in my linux machines? All users I create with ADUC > is getting UID "513". This machines are joined in the domain. Hi Add the attribute: gidNumber: 100 to the DN of Domain Users. The easiest way to do that is to: ldbedit --url=/user/local/sa

Re: [Samba] nslcd / pam_ldap HowTo (was: OpenSSH auth in SAMBA4 LDAP)

On Tue, 2013-08-27 at 01:39 +0200, Marc Muehlfeld wrote: > Hello Steve, > > thanks for your suggestions. > > > > Am 27.08.2013 00:40, schrieb steve: > > 1. Nested groups work fine with nslcd. Please use the latest version: > > man nslcd.conf(5) > > I

Re: [Samba] OpenSSH auth in SAMBA4 LDAP

On Tue, 2013-08-27 at 00:28 +0200, Luca Olivetti wrote: > Al 26/08/13 22:54, En/na steve ha escrit: > > On Mon, 2013-08-26 at 20:12 +0200, Luca Olivetti wrote: > >> Al 26/08/13 19:09, En/na Marc Muehlfeld ha escrit: > >> > >>> - Now you should be able to

Re: [Samba] nslcd / pam_ldap HowTo (was: OpenSSH auth in SAMBA4 LDAP)

On Tue, 2013-08-27 at 00:12 +0200, Marc Muehlfeld wrote: > Am 25.08.2013 09:27, schrieb Bruno Vane: > > I have some Ubuntu LTS servers running openssh server authenticating to > > external openldap. I installed a new Ubuntu LTS server with Samba4 to > > create a domain and is working very well. I m

Re: [Samba] OpenSSH auth in SAMBA4 LDAP

On Mon, 2013-08-26 at 18:02 -0300, Bruno Vane wrote: > Hi Steve, > > > I'm adding users through ADUC, in Remote Server Administration Tool. > new users/groups added > > via samba-tool or windows didn't appear. > > Ah, I see. It

Re: [Samba] OpenSSH auth in SAMBA4 LDAP

r=45678 --home-directory=/some/place --login-shell=/bin/bash HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] OpenSSH auth in SAMBA4 LDAP

On Mon, 2013-08-26 at 19:09 +0200, Marc Muehlfeld wrote: >passwd: files ldap >shadow: files ldap >group: files ldap @marc Just curious, but why are you trying to pull shadow from the directory? -- To unsubscribe from this list go to the following URL and read the inst

Re: [Samba] issue with multiple Samba DC and uid/gid assignment.

ePath etc) to each user. > You just need to set up samba on the fileservers to pull and use this > information. > > If you use sssd to do this, you will use kerberos, so very little extra > needs to be added other than sssd, sssd-tools and krb5. > > Rowland Hi The OP is run

Re: [Samba] issue with multiple Samba DC and uid/gid assignment.

On Sat, 2013-08-24 at 23:27 +, dahopk...@comcast.net wrote: > A quick follow-on ... if I examine the local sam.ldb on the server2 via > ldbedit, it appears the information is correct, but wbinfo still reports > different numbers: > Replication OK then. > wbinfo -i Test24.User > Domain\Tes

Re: [Samba] issue with multiple Samba DC and uid/gid assignment.

rname for debugging. Lose the capitalisation and the dot. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] smbd looking for non existent files

On Sat, 2013-08-24 at 20:57 +0200, Michael Wood wrote: > Hi > > On 24 August 2013 19:05, steve wrote: > Hi > 4.0.8 file server in a 4.0.8 domain > > After a user logs in on a Linux client which is joined to the > domain, >

[Samba] smbd looking for non existent files

.SITE security = ADS kerberos method = secrets and keytab username map = /home/steve/smbmap log level = 3 [users] path = /home/users read only = No smbmap: !Administrator = HH3\Administrator Client: [global] workgroup = HH3 realm = HH3.SITE security = ADS kerberos method = system keytab Tested with

  1   2   3   4   5   6   7   8   9   10   >