Re: [Samba] Windows AD w/ Windows Services for Unix?
Can anyone verify the functionality of the RPM's for SuSE 9.3 located here? http://us3.samba.org/samba/ftp/Binary_Packages/SuSE/pre/x86_64/9.3/ I am leary of getting an unstable version setup. Thanks in advance. Doug VanLeuven wrote: Jason Gerfen wrote: Doug VanLeuven wrote: Jason Gerfen wrote: I can authenticate users on a default setup of Windows 2000 using 'Security = ADS'. However if I install Windows Services for Unix (http://www.microsoft.com/windowsserversystem/sfu/productinfo/features/default.mspx) I am not able to authenticate or view users from different Organizational Units in the default domain. ??? With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 & 3.5 on both client and server without side effects. I use: winbind nss info = template sfu security = ADS winbind trusted domains only = yes idmap backend = ad on the samba member servers. Perhaps you mean you're running samba PDC and using SFU on a client workstation? In that case, I would assume, for it to work, you would need to run an ldap backend and extend the schema for SFU. Then fill out the unix values. Anyone ever done that? Regards, Doug Odd, I attempted your suggestions: %> testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: "winbind nss info" Ignoring unknown parameter "winbind nss info" You must be using an older version of samba. I don't recall exactly when that was introduced. Somewhere around 3.0.14 maybe. Probably wouldn't find the "ad" loadable module either. They came in at the same time. The first scenario is correct, a ROLE_DOMAIN_MEMBER that authenticates file shares using nsswitch and winbind against the Windows 2000 domain. Prior to the XAD idmap_ad being pushed into samba, I compiled it and included it myself on older versions (and had to patch it too). Prior to samba 3.0 I was using SFU to export NFS shares on windows servers using user and group mapping. Unix had NIS then LDAP for auth. Only way I made the SFU/NIS/LDAP work with samba. You'll need to get current. Regards, Doug -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows AD w/ Windows Services for Unix?
Jason Gerfen wrote: Doug VanLeuven wrote: With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 & 3.5 on both client and server without side effects. I use: winbind nss info = template sfu security = ADS winbind trusted domains only = yes idmap backend = ad Odd, I attempted your suggestions: %> testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: "winbind nss info" Ignoring unknown parameter "winbind nss info" You may need a newer version of samba. What version are you using? -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows AD w/ Windows Services for Unix?
Jason Gerfen wrote: Doug VanLeuven wrote: Jason Gerfen wrote: I can authenticate users on a default setup of Windows 2000 using 'Security = ADS'. However if I install Windows Services for Unix (http://www.microsoft.com/windowsserversystem/sfu/productinfo/features/default.mspx) I am not able to authenticate or view users from different Organizational Units in the default domain. ??? With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 & 3.5 on both client and server without side effects. I use: winbind nss info = template sfu security = ADS winbind trusted domains only = yes idmap backend = ad on the samba member servers. Perhaps you mean you're running samba PDC and using SFU on a client workstation? In that case, I would assume, for it to work, you would need to run an ldap backend and extend the schema for SFU. Then fill out the unix values. Anyone ever done that? Regards, Doug Odd, I attempted your suggestions: %> testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: "winbind nss info" Ignoring unknown parameter "winbind nss info" You must be using an older version of samba. I don't recall exactly when that was introduced. Somewhere around 3.0.14 maybe. Probably wouldn't find the "ad" loadable module either. They came in at the same time. The first scenario is correct, a ROLE_DOMAIN_MEMBER that authenticates file shares using nsswitch and winbind against the Windows 2000 domain. Prior to the XAD idmap_ad being pushed into samba, I compiled it and included it myself on older versions (and had to patch it too). Prior to samba 3.0 I was using SFU to export NFS shares on windows servers using user and group mapping. Unix had NIS then LDAP for auth. Only way I made the SFU/NIS/LDAP work with samba. You'll need to get current. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows AD w/ Windows Services for Unix?
Doug VanLeuven wrote: Jason Gerfen wrote: I can authenticate users on a default setup of Windows 2000 using 'Security = ADS'. However if I install Windows Services for Unix (http://www.microsoft.com/windowsserversystem/sfu/productinfo/features/default.mspx) I am not able to authenticate or view users from different Organizational Units in the default domain. ??? With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 & 3.5 on both client and server without side effects. I use: winbind nss info = template sfu security = ADS winbind trusted domains only = yes idmap backend = ad on the samba member servers. Perhaps you mean you're running samba PDC and using SFU on a client workstation? In that case, I would assume, for it to work, you would need to run an ldap backend and extend the schema for SFU. Then fill out the unix values. Anyone ever done that? Regards, Doug Odd, I attempted your suggestions: %> testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: "winbind nss info" Ignoring unknown parameter "winbind nss info" The first scenario is correct, a ROLE_DOMAIN_MEMBER that authenticates file shares using nsswitch and winbind against the Windows 2000 domain. -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows AD w/ Windows Services for Unix?
Jason Gerfen wrote: I can authenticate users on a default setup of Windows 2000 using 'Security = ADS'. However if I install Windows Services for Unix (http://www.microsoft.com/windowsserversystem/sfu/productinfo/features/default.mspx) I am not able to authenticate or view users from different Organizational Units in the default domain. ??? With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 & 3.5 on both client and server without side effects. I use: winbind nss info = template sfu security = ADS winbind trusted domains only = yes idmap backend = ad on the samba member servers. Perhaps you mean you're running samba PDC and using SFU on a client workstation? In that case, I would assume, for it to work, you would need to run an ldap backend and extend the schema for SFU. Then fill out the unix values. Anyone ever done that? Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows AD w/ Windows Services for Unix?
I can authenticate users on a default setup of Windows 2000 using 'Security = ADS'. However if I install Windows Services for Unix (http://www.microsoft.com/windowsserversystem/sfu/productinfo/features/default.mspx) I am not able to authenticate or view users from different Organizational Units in the default domain. ??? -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
