On Wed, 17 Sep 2008, Waltari Harri wrote:
Does using winbind enum ... affect functionality somehow, like
performance-wise? Only difference I've noticed is that getent xxx does
not return AD users or groups, but eg. getent group ad-group does.
Still, setting permissions works for AD users. Are
On Tue, 16 Sep 2008, Andreas Ladanyi wrote:
I'm not a Samba developer but in the latest releases of the 3.0.x tree
you can use the idmap backend of nss to get the old behavior of
mapping the Windows account name to the same account name in Unix.
mmm for idmap backend the man smb.conf say:
On Tue, 1 Jul 2008, Urs Golla wrote:
Hi
I use winbind with ADS security for authentication. If I write ls -la
~username in bash or ksh and press TAB or escape to resolve the
HOMEDIR the shell hangs until I cancel with Ctrl+C. After that I have
to restart winbind!
If I press enter after ls -la
On Tue, 1 Jul 2008, Urs Golla wrote:
Hi
the problem is, if one of the developers does a cd ~usernameTAB
winbind hangs for ALL users and needs to be restartet. I think I will
disable the user/group enumeration in smb.conf.
You're not wrong that it sucks. There's a lack of threading someone
On Tue, 3 Jun 2008, Evan Koutsandreou wrote:
1. getent does not retrieve the list of domain users or groups (wbinfo
works fine)
Do you mean getent passwd, or getent passwd foo?
If you mean the former, then you need:
winbind enum groups = yes
winbind enum users = yes
jh
--
Woman was
On Thu, 24 Apr 2008, Helmut Hullen wrote:
Du (michaelh) meintest am 24.04.08:
You may set the SUID flag for mount,cifs and umount.cifs on the
server.
That could be a security hazard.
One mistake (from me): these flags must be set on the client. The client
tries to mount, and it uses its
On Wed, 19 Mar 2008, Pat Riehecky wrote:
Don't use NFS. It is trivial to compromise the security of NFS - you
simply need root on something, set your IP and su as needed. If the
tactic is not clear poke me off list. NFS is never the answer outside
of the data center.
Let's not unfairly
On Wed, 5 Mar 2008, Chuck Kollars wrote:
Server-side symlinks are needed for example when what
appears to the user to be a single mounted directory
is actually tens of little pieces tied together by
symlinks. Having those symlinks coalesces many mounts
that would all have to be perfect in
On Wed, 20 Feb 2008, Robert Cohen wrote:
Ok, I thought winbind was only relevant if you were using AD as a NSS (name
service source). We have all the users in the name service from LDAP or
NIS+. We're only getting the passwords from AD.
I guess this could be an unusual combination and could be
On Fri, 1 Feb 2008, Francis Galiegue wrote:
Le vendredi 01 février 2008, Serbülent ÜNSAL a écrit :
Hi all,
I can get a kerberos ticket sucessfully from my AD server, and i can check
it
with klist. ( with # kinit [EMAIL PROTECTED] )
But when i try to login to AD with # net ads join -U
On Fri, 18 Jan 2008, Jimmy Choo wrote:
I have successfully joined my Linux box(ubuntu feisty) to Active
Directory using Samba.
Now i have installed a new Linux distro(ubuntu gutsy) and want to join it to
AD.
The problem is that it is asking for some kind-of-password when i do
net ads testjoin.
On Fri, 18 Jan 2008, Jimmy Choo wrote:
Hi John,
0)Yes secrets.tdb was the file i was looking for.
1) But still a question remains -
After copying secrets.tdb i had to do net ads join -U username.
If you copied across secrets.tdb (and perhaps your krb5.keytab if you were
using it), surely
I'm trying to use CUPS with kerberos to forward on to smbspool. CUPS appears
to make the assumption that smbspool will use the environment variable
KRB5CCNAME, but it doesn't appear to, instead looking for the submitting
user's credential in the expected location in /tmp. This isn't much use in
13 matches
Mail list logo
