Alex,
a combination of pam_krb5, and nss_ldap with samba providing the
kerberos registration of the computer will work in this situation.
I did a similar set up using the Vintella/Quest product VAS for a large
corporate a couple of years ago and have replicated the functionality
since using
Steve Rippl wrote:
On Wed, 2008-07-23 at 10:22 -0700, Howard Wilkinson wrote:
[snip]
Have you put POSIX attributes onto the users in the active directory?
idmap backend = ad:ldap://domain.fqdn
winbind nss info = rfc2307
Should work. You also need
use kerberos
Steve Rippl wrote:
Thanks David, yes I have tried all these and nothing seems to be
working!
Here's where I'm at... libnss-ldap is working with my AD server, with
just 'files ldap' in nsswitch.conf a getent passwd returns local users
and users from AD, but they seem to be treated as local, ie th
user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
Thnaks for your help
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection ar
g to do is to kinit before you make the call.
--
Howard Wilkinson
Phone:
+44(20)76907075
Coherent Technology Limited
Fax:
23 Northampton Square,
Mobile:
+44(7980)639379
United Kingdom, EC1V 0HL
Email:
erver =
into smb.conf to get this to work
Regards Howard.
--
Howard Wilkinson
Phone:
+44(20)76907075
Coherent Technology Limited
Fax:
23 Northampton Square,
Mobile:
+44(7980)639379
United Kingdom, EC1V 0HL
Ephi,
Can you please supply the smb.conf and krb5.conf from both machines,
this looks like a Unix end (i.e. client of AD) problem at first glance.
Also, if you have an LDAP browser see what has been set on the computer
accounts objects in the AD, rather than the sanitised version you see
through A
.
wbinfo -u does not show the computer object and it does not get listed
in the getent passwd output.
However, this works under 3.0.21c with the RFC2307 patches I supplied -
so something has been broken? ANy body got any ideas where I start looking?
I use nss_ldap not nss_winbind.
--
Howard
ly tdbsam and smbpasswd backends. Is this correct? If so,
perhaps I do need to rejoin the domain.
Thank you for the reply,
Dale
--
Howard Wilkinson
Phone:
+44(20)76907075
Coherent Technology Limited
Fax:
23 Northampton Square,
Mob
n option is not
being universally applied to groups in 3.0.23. As soon as I changed
my "valid users = +group" statements to the format "= +domain\group",
then this problem was fixed for us. Maybe it will do the trick for
you...
Cheers,
-D
At 07:41 AM 7/18/2006, Howard
expansion may be broken in 3.0.23?
Howard Wilkinson wrote:
No I already had this turned on!
Gautier, B (Bob) wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
] On Behalf Of Howard Wilkinson
Sent: 18 July 2006 11:50
To: samba@lists.samba.o
No I already had this turned on!
Gautier, B (Bob) wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
] On Behalf Of Howard Wilkinson
Sent: 18 July 2006 11:50
To: samba@lists.samba.org
Subject: [Samba] Problem with 3.0.23 upgrade from 3.0.22
ditional
log information that might help diagnose.
--
Howard Wilkinson
Phone:
+44(20)76907075
Coherent Technology Limited
Fax:
23 Northampton Square,
Mobile:
+44(7980)639379
London, United Kingdom, EC1V 0HL
Email:
Check that the backslashes are not being interpolated by the shell you may want
to try.
net ads join "United States\\Tredyffrin\\Resource\\Servers" -U trimblrd
Howard.
Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL,
United Kingdom
Telephone: +44 20 76907075 F
14 matches
Mail list logo