anonymous = 2 unix password sync = yes winbind enum groups = yes
winbind enum users = yes winbind nss info = rfc2307
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk
before just jumping on into it.
https://uisapp2.iu.edu/confluence-prd/display/~rmday/Linux+Integration+with+Active+Directory
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN
should start working for you. Perhaps have it sync with a time
server.
Robert
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU
winbind use default domain = Yes, so AD users
should be able to access with just their username and there should be no
need to pre-pend the domain and backslash.
Robert
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op
local
users, or is stuck just serving AD users?
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG
trying for alphabetizing the
response lists...(but it may be unnecessary).
---
-linda
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE
/Samba3_Release_Planning
Robert
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http
-to so that people can move from the
samba packages to RHEL's introduced samba3x packages. Perhaps that can
help you move over:
https://uisapp2.iu.edu/iukc-prd/pages/viewpage.action?pageId=137093
Robert
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http
tickets = yes
winbind offline logon = false
You will also want to keep in mind some incompatibilities if your AD is
pretty new (2008 or higher).
See the following for more info:
http://support.microsoft.com/kb/954387
http://support.microsoft.com/kb/957441
- --
Robert Freeman-Day
properly? You should at least have it looking like below:
passwd: compat winbind
group: compat winbind
shadow: compat
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op
.
Hope that helps differentiate them.
Robert
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG
in did not fully implement the rfc schema. I
would use the hash idmap backend:
http://www.samba.org/samba/docs/man/manpages-3/idmap_hash.8.html
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch
uses a more up to date version of samba and you can
migrate to that. Red Hat's release notes detail it a bit more.
There still may be ntlmv2 issues, but as long as there is kerberos
access, things should be okay.
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http
is the
cifs server running, Win (version) or Lin and if Lin, what version of
Samba? Finally, what is the KDC, Win (version) or Lin?
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
the
instructions: https://lists.samba.org/mailman/options/samba
- --
Robert Freeman-Day
LSP Services - UNIX/Linux
2711 E. 10th St.
Bloomington, IN 47405
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG
server parameter,
separated by spaces.
Depending on how your samba/winbind is implemented, and the default way
most windows domain member machines work, is that they will go to
kerberos first then go to lanman/ntlm/ntlmv2.
Robert
- --
Robert Freeman-Day
https://launchpad.net/~presgas
enctypes when working
with keytabs?
Thanks,
Robert
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG
a listing of a specific group:
getent group specificgrpname
Then winbind is working properly.
Why are you wanting that amount of output? There may be other commands
(net) that can get you the info you want.
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http
Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
://support.microsoft.com/kb/942564
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/04/2010 11:49 AM, Ray Van Dolson wrote:
On Thu, Nov 04, 2010 at 06:06:03AM -0700, Robert Freeman-Day wrote:
Ray,
There was indeed an issue with the old RHEL samba packages and 2008r2.
There was a bug report issued about it and RHEL
there:
https://wiki.uits.iu.edu/confluence-prd/pages/viewpage.action?pageId=116097702
It may be a good idea to migrate to it anyway to take advantages of
newer features.
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op
/domain-member.html
http://technet.microsoft.com/en-us/library/cc780455%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/bb742433.aspx
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch
and kill zombie processes that peg a processor. So if you
need super-ultra-resilient samba, don't use the sernet 3.5 strain.
I got forced into it because Red Hat didn't have a Samba version
compatible with Server 2008 when I had to build.
-=Andrew
- --
Robert Freeman-Day
https
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/23/2010 12:39 PM, Volker Lendecke wrote:
On Thu, Sep 23, 2010 at 11:35:29AM -0400, Robert Freeman-Day wrote:
If you pay for SerNet support, you may get those bugs fixed. Neither
Red Hat, nor Samba upstream will likely support SerNet provided
...@hp.com
+404-664-2596
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch
of what libraries you would want:
http://www.sunfreeware.com/programlistsparc10.html#samba
Thanks,
Robert
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE
than I
expected. I'm sorry if this is a silly question but what am I doing
wrong?
Thanks a lot,
Greg
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE
to
idmap backend = rid
correct?
Greg
On Tue, 2010-08-24 at 09:10 -0400, Robert Freeman-Day wrote:
I have been the most happy with the hash idmap. It really is the least
invasive and just works (does that need to be trademarked these
days?). Since it hashes the SID with the same algorithm, all
://bugs.opensolaris.org/bugdatabase/printableBug.do?bug_id=6534506
If you want to find out the encryption levels available to your system,
you can issue:
# cryptoadm list
Good luck!
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371
The smb.conf setup you have should not need to be modified.
You will likely want to either reset or completely delete the
yetanothertest1 machine account in ADUC, as one of your messages says
the value exists.
Tell us if that works for you!
Robert Freeman-Day
https://launchpad.net/~presgas
so I would like samba to only query the location
with the valid user accounts. I'm running samba 3.0.1.
Thanks for any help/suggestions you can provide,
Brian
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup
.
I tried to find a ch Wikipedia article on this, but could not. Here is
the english one to look over:
http://en.wikipedia.org/wiki/NTLM#NTLM_and_modern_Windows_versions
Hope that explains it.
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jancio,
What do you see when you issue:
# net ads testjoin (with whatever flags you used when you did your first
join)
jancio_wod...@wp.pl wrote:
Hi,
I joined samba server (linux box centos 5.4) under samba 3.4.7 to
Windows Domain at windows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
jancio_wod...@wp.pl wrote:
W dniu 2010-04-09 14:04, Robert Freeman-Day pisze:
Jancio,
What do you see when you issue:
# net ads testjoin (with whatever flags you used when you did your first
join)
I see: Join is OK
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
3.0.37 is discontinued.
http://wiki.samba.org/index.php/Samba3_Release_Planning
Use at least 3.3.x, see if building fails, tell us how it failed (error
message, etc.) and then someone should be able to help.
Good Luck
Gregory D Jones wrote:
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Walter,
I do not know if anyone ever replied to your message, but I was able to
generally follow the directions for manually importing the key:
http://enterprisesamba.com/index.php?id=56
Instead of piping it to the keyring importer I redirected the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Allison wrote:
On Thu, Feb 18, 2010 at 12:02:22PM -0700, Jack Downes wrote:
Similar situation here, 484 printers at current count, 2120 users
(hospital), and we've been pretty happy with the Samba/CUPS solution.
However, recently, too
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kris and Johan,
Both of you have not appended your smb.conf files. Maybe doing that
would help as well.
- From what I am seeing, the pam stack Kris gave was authenticating via
winbind which would use either plaintext, lanman, ntlm or ntlmv2 and not
-Collection/samba-pdc.html
http://www.enterprisenetworkingplanet.com/nethub/article.php/1144701/Build-A-Primary-Domain-Controller-With-Samba.htm
- ---Robert Freeman-Day
- ---
I would really like you to be on my side,
but the side you show me isn't what I had in mind.
- -Judybats
GPG
.
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html
http://www.enterprisenetworkingplanet.com/nethub/article.php/10950_1144701_1
- ---Robert Freeman-Day
- ---
I would really like you to be on my side,
but the side you show me isn't what I had in mind.
- -Judybats
GPG
will have to google if you go to AD with unix kerberos is Cross
Realm Trust.
I will also say that we consolidated our Kerberos KCD to just using the AD
servers as KDCs. With some hickups, it works passably.
- ---Robert Freeman-Day
- ---
I would really like you to be on my side
. Additionally,
3.0.x is discontinued:
http://wiki.samba.org/index.php/Samba3_Release_Planning
No matter what, you will likely have to install an updated version from
source. While you are at it, you may want to look into using at least
3.2.x.
Good Luck!
- ---Robert Freeman-Day
any changes recently?
- ---Robert Freeman-Day
- ---
I would really like you to be on my side,
but the side you show me isn't what I had in mind.
- -Judybats
GPG Public Key:
http:keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version
for installing and configuring it.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
- ---Robert Freeman-Day
- ---
I would really like you to be on my side,
but the side you show me isn't what I had in mind
reason, I'm
unable to set a value over 1000is 1000 the max for it?
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
- ---Robert Freeman-Day
- ---
I would really like you to be on my side
the
instructions: https://lists.samba.org/mailman/options/samba
---Robert Freeman-Day
---
I would really like you to be on my side,
but the side you show me isn't what I had in mind.
-Judybats
GPG Public Key:
http:keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
to ADS . As a first step kinit is not working for me.
Here is the error
r...@web # kinit
Password for sa...@.edu:
localhost: RPC: Program not registered
no warning possible
r...@web #
How do I debug what is not working?
Thanks
Paras.
- --
Robert Freeman-Day
https
?
If there is no way per-se, would it be possible to modify windbindd to
authenticate via NTLM2 against the Radius server instead of AD?
- --
Robert Freeman-Day
https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gentlefolk,
I have a machine name collision issue on our 2008 DC and a samba domain
member machine got kicked off AD, but did not do an official net ads
leave. We have worked it out that the samba 3.0.x machine will change
its name, but want to
51 matches
Mail list logo
