hijacked the winbind threat.. but..
Really,.
If you want my opinion and you probably don't, people need to stop
thinking NT server if they connect to a samba4 AD server and start
thinking AD server, they are totally different.
. Novell NDS is much better the MS its (nds
On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote:
hijacked the winbind threat.. but..
Don't feel threatened. There _are_ alternatives.
I do like samba, but wiki/howtos are lots to improve.
To be fair, it's not just Samba. It's most open source stuff. There are
too many hobbyists
From: steve
On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote:
I do like samba, but wiki/howtos are lots to improve.
To be fair, it's not just Samba. It's most open source stuff.
There are
too many hobbyists and armchair users. As joe public, what we
should be
doing is
On Wed, 2013-07-24 at 01:26 -0700, Paul D. DeRocco wrote:
From: steve
On Wed, 2013-07-24 at 09:09 +0200, L.P.H. van Belle wrote:
I do like samba, but wiki/howtos are lots to improve.
To be fair, it's not just Samba. It's most open source stuff.
There are
too many hobbyists
to make a new big howto for samba.
Louis
-Oorspronkelijk bericht-
Van: st...@steve-ss.com [mailto:samba-boun...@lists.samba.org]
Namens steve
Verzonden: woensdag 24 juli 2013 11:08
Aan: samba@lists.samba.org
Onderwerp: Re: [Samba] RE Samba (winbind) troubles
On Wed, 2013-07-24 at 01:26
On Wed, 2013-07-24 at 00:49 +0200, steve wrote:
[SNIP]
For the record, sssd pulls all it's info from AD.
I never said otherwise.
A user does not need a gidNumber, it is drawn from the
primaryGroupID.For Linux clients it is vital that whatever the
primaryGroupID is contains the gidNumber
On 24 July 2013 11:59, Jonathan Buzzard jonat...@buzzard.me.uk wrote:
Hum, according to Rowland it uses the gidNumber in the users DN, though
his posted proof was flawed and it could have been coming from the
gidNumber of the users primary group just as Winbind does. I have
browsed the source
On Wed, 2013-07-24 at 11:59 +0100, Jonathan Buzzard wrote:
On Wed, 2013-07-24 at 00:49 +0200, steve wrote:
[SNIP]
For the record, sssd pulls all it's info from AD.
I never said otherwise.
A user does not need a gidNumber, it is drawn from the
primaryGroupID.For Linux clients it
On Wed, 2013-07-24 at 14:09 +0200, steve wrote:
[SNIP]
Hum, according to Rowland it uses the gidNumber in the users DN,
He was correct. I was wrong in assuming that you needed no gidNumber in
the user DN. It is indeed the gidNumber that is used for rfc2307,
exactly as openLDAP.
Thank you
,
Louis
-Oorspronkelijk bericht-
Van: rowlandpe...@googlemail.com
[mailto:samba-boun...@lists.samba.org] Namens Rowland Penny
Verzonden: maandag 22 juli 2013 23:45
Aan: steve
CC: samba@lists.samba.org
Onderwerp: Re: [Samba] Winbind troubles
If you want my opinion, this is just another example
On Tue, 2013-07-23 at 09:40 +0200, L.P.H. van Belle wrote:
Hai,
I'm having exactly the same problem with winbind as Matthew Daubenspeck.
also on ubuntu 12.04 with sernet packages. ( used sernet-samba-winbind 4.0.7 )
I remove the complete config atm but am at the point reinstalling now.
On Tue, 2013-07-23 at 10:15 +0200, steve wrote:
[SNIP]
+1
sssd just works: there is plain English documentation available and you
get rfc2307 out of the box. The same day;)
otoh, if you must stick with winbind there are reports of success here.
Just one more thought to bugzilla it.
On Tue, 2013-07-23 at 10:05 +0100, Jonathan Buzzard wrote:
It's probably still not working for him because he needs to clear the
now poluted cache/database that winbind has created from previous
attempts. Using net cache flush might work. Personally I would stop
samba delete the tdb files
On Tue, 2013-07-23 at 11:25 +0200, steve wrote:
On Tue, 2013-07-23 at 10:05 +0100, Jonathan Buzzard wrote:
It's probably still not working for him because he needs to clear the
now poluted cache/database that winbind has created from previous
attempts. Using net cache flush might work.
On 23 July 2013 10:05, Jonathan Buzzard jonat...@buzzard.me.uk wrote:
This is where Matthew went wrong, it's right there in the man page
(unlike three years ago). There are also a large smattering of posts
from myself on this list over the last two years on how important it is
not to have
On Tue, 2013-07-23 at 11:06 +0100, Rowland Penny wrote:
[SNIP]
OK, I see where you are coming from, but until testparm starts saying
'this will not work because' people will keep on having problems with
winbind, also why do you need to set up the ranges anyway.
testparm does not guarantee
On 23 July 2013 11:40, Jonathan Buzzard jonat...@buzzard.me.uk wrote:
On Tue, 2013-07-23 at 11:06 +0100, Rowland Penny wrote:
[SNIP]
OK, I see where you are coming from, but until testparm starts saying
'this will not work because' people will keep on having problems with
winbind,
On Tue, 2013-07-23 at 11:55 +0100, Rowland Penny wrote:
[SNIP]
I thought that testparm did exactly that, it tested all the parameters
in smb.conf, so if the ranges overlap, it should report the error.
You thought wrong then. It tests to see if they are valid so 1000-akjf
is
On Tue, 2013-07-23 at 11:25 +0200, steve wrote:
On Tue, 2013-07-23 at 10:05 +0100, Jonathan Buzzard wrote:
It's probably still not working for him because he needs to clear the
now poluted cache/database that winbind has created from previous
attempts. Using net cache flush might work.
OK, the documentation is better but people still get it wrong probably
because it is more complex than it needs to be, I personally find it easier
to set sssd up, but that is just me.
Why use a word like orthogonal?, just who knows what orthogonal means, I
have only being speaking english for 56
Could this be yet another reason to use sssd instead of winbind?
sssd does use the account gidNumber
testuser
primaryGroupID: 513
uidNumber: 3001106
gidNumber: 20513
getent passwd testuser
testuser:*:3001106:20513:testuser:/home/DOMAIN/testuser:/bin/bash
Rowland
On 23 July 2013 13:54,
On Tue, 2013-07-23 at 14:20 +0100, Rowland Penny wrote:
OK, the documentation is better but people still get it wrong probably
because it is more complex than it needs to be, I personally find it
easier to set sssd up, but that is just me.
Why use a word like orthogonal?, just who knows
On Tue, 2013-07-23 at 14:39 +0100, Rowland Penny wrote:
Could this be yet another reason to use sssd instead of winbind?
sssd does use the account gidNumber
testuser
primaryGroupID: 513
uidNumber: 3001106
gidNumber: 20513
getent passwd testuser
On 23 July 2013 14:53, Jonathan Buzzard jonat...@buzzard.me.uk wrote:
Orthogonal is a single word, is precise and describes what is required
exactly. It has been in my vocabulary for approaching 30 years. None
overlapping range is three words and more characters as well. I was not
aware that
On 23 July 2013 15:04, Jonathan Buzzard jonat...@buzzard.me.uk wrote:
Not what I said. The primaryGroupID is an identifier for a group in AD,
bit like a SID is (I don't get that either). So primaryGroupID 513 might
refer to a group called sambausers, which has a it's own set of
RFC2307bis
Hallo, Jonathan,
Du meintest am 23.07.13:
Why use a word like orthogonal?
Orthogonal is a single word, is precise and describes what is
required exactly.
Sorry - that depends.
I know this word as a synonym of rectangular, and I mostly know it in
a geometrical environment.
90 degrees =
On Tue, 2013-07-23 at 14:53 +0100, Jonathan Buzzard wrote:
What gets me is people claiming that half a dozen lines of configuration
in smb.conf is more complicated than 30+ lines of configuration in an
entirely separate configuration file in addition to several lines in
smb.conf. It might
On Tue, 2013-07-23 at 15:23 +0100, Rowland Penny wrote:
On 23 July 2013 15:04, Jonathan Buzzard jonat...@buzzard.me.uk
wrote:
Not what I said. The primaryGroupID is an identifier for a
group in AD,
bit like a SID is (I don't get that either). So primaryGroupID
On Tue, 2013-07-23 at 15:04 +0100, Jonathan Buzzard wrote:
On Tue, 2013-07-23 at 14:39 +0100, Rowland Penny wrote:
Could this be yet another reason to use sssd instead of winbind?
sssd does use the account gidNumber
testuser
primaryGroupID: 513
uidNumber: 3001106
gidNumber:
On Tue, 2013-07-23 at 16:44 +0100, Jonathan Buzzard wrote:
On Tue, 2013-07-23 at 15:23 +0100, Rowland Penny wrote:
If you want my opinion and you probably don't, people need to stop
thinking NT server if they connect to a samba4 AD server and start
thinking AD server, they are
On 23 July 2013 16:44, Jonathan Buzzard jonat...@buzzard.me.uk wrote:
You don't seem to have taken on board that primaryGroupID is a numerical
identifier for an actual group. Now why Microsoft didn't use the group's
SID I have not the faintest idea.
I suppose that you have noticed that the
On 23/07/13 17:10, Rowland Penny wrote:
[SNIP]
But if the group identified by primaryGroupID 513 has gidNumber 20513
(which would be in my opinion best practice) without looking in the
source code of sssd you don't know whether sssd took the gidNumber of
the user or took the
On Tue, 2013-07-23 at 23:21 +0100, Jonathan Buzzard wrote:
On 23/07/13 17:10, Rowland Penny wrote:
[SNIP]
But if the group identified by primaryGroupID 513 has gidNumber 20513
(which would be in my opinion best practice) without looking in the
source code of sssd you
Have you tried 'getent passwd username'
Rowland
On 22 July 2013 19:56, Matthew Daubenspeck m...@oddprocess.org wrote:
I've rolled 2 virtual servers running Ubuntu 12.04 LTS and have
installed the SerNet packages. SRV1 has the AD setup and SRV2 is a
member server. I've followed the wiki
On Mon, Jul 22, 2013 at 08:41:09PM +0100, Rowland Penny wrote:
Have you tried 'getent passwd username'
Rowland
root@srv2:~# getent passwd Administrator
root@srv2:~# getent passwd user1
root@srv2:~# getent passwd user2
root@srv2:~# getent passwd user3
No results. They are all there
/etc/nsswitch.conf setup correctly?
On 22 July 2013 20:52, Matthew Daubenspeck m...@oddprocess.org wrote:
On Mon, Jul 22, 2013 at 08:41:09PM +0100, Rowland Penny wrote:
Have you tried 'getent passwd username'
Rowland
root@srv2:~# getent passwd Administrator
root@srv2:~# getent
On Mon, 2013-07-22 at 15:52 -0400, Matthew Daubenspeck wrote:
On Mon, Jul 22, 2013 at 08:41:09PM +0100, Rowland Penny wrote:
Have you tried 'getent passwd username'
Rowland
root@srv2:~# getent passwd Administrator
root@srv2:~# getent passwd user1
root@srv2:~# getent passwd user2
On Mon, Jul 22, 2013 at 10:27:36PM +0200, steve wrote:
Can you post smb.conf on SRV2?
Steve
Certainly:
[global]
workgroup = NWLTECH
security = ADS
realm = NWLTECH.ORG
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 70001-8
idmap config
On Mon, Jul 22, 2013 at 08:59:47PM +0100, Rowland Penny wrote:
/etc/nsswitch.conf setup correctly?
passwd: compat winbind
group: compat winbind
shadow: compat
snipped
--
To unsubscribe from this list go to the following URL and read the
instructions:
OK, that seems like it should work, I had the winbind ad backend working,
but found it difficult to setup so jumped ship to sssd
The idmap setup I used was:
idmap config *:backend = tdb
idmap config *:range = 1100-2000
idmap config DOMAIN:backend = ad
idmap config
On Mon, 2013-07-22 at 16:46 -0400, Matthew Daubenspeck wrote:
On Mon, Jul 22, 2013 at 10:27:36PM +0200, steve wrote:
Can you post smb.conf on SRV2?
Steve
Certainly:
[global]
workgroup = NWLTECH
security = ADS
realm = NWLTECH.ORG
encrypt passwords = yes
idmap
On Mon, Jul 22, 2013 at 10:15:10PM +0100, Rowland Penny wrote:
OK, that seems like it should work, I had the winbind ad backend
working, but found it difficult to setup so jumped ship to sssd
The idmap setup I used was:
idmap config *:backend = tdb
idmap config
On Mon, 2013-07-22 at 17:29 -0400, Matthew Daubenspeck wrote:
On Mon, Jul 22, 2013 at 10:15:10PM +0100, Rowland Penny wrote:
OK, that seems like it should work, I had the winbind ad backend
working, but found it difficult to setup so jumped ship to sssd
The idmap setup I used was:
On Mon, Jul 22, 2013 at 11:19:26PM +0200, steve wrote:
Similar to what I had when I used winbind, except the * range was lower
than the range we wanted. Try something like 3000-3500 and 3501-4
perhaps?
Like this?
idmap config *:backend = tdb
idmap config *:range = 3000-3500
idmap
If you want my opinion, this is just another example of why not to use
winbind, if you can wait until tomorrow , I will send you an howto on sssd
on Ubuntu 12.04
Rowland
On Jul 22, 2013 10:36 PM, steve st...@steve-ss.com wrote:
On Mon, 2013-07-22 at 17:29 -0400, Matthew Daubenspeck wrote:
On
On Mon, Jul 22, 2013 at 11:36:26PM +0200, steve wrote:
Amazing;)
Amazing all right. I have a headache :)
You'd lose control over uidNumber, gidNumber and you wouldn't be able to
specify your own home directories and login shells. It's also a
nightmare if you add a second DC.
So if I plan on
On Mon, Jul 22, 2013 at 10:45:28PM +0100, Rowland Penny wrote:
If you want my opinion, this is just another example of why not to use
winbind, if you can wait until tomorrow , I will send you an howto on sssd
on Ubuntu 12.04
Something like this?
On Wed, May 29, 2013 at 04:17:33PM +, Michael Schmitz wrote:
I setup winbind as an authentication method on my Ubuntu
server and the only issue I have is when I change a user's
group in Active Director it doesn't update after a
relogin. It shows up with a wbinfo -G but when I use the
It is not even installed. So no, im still lost
--Mike
-Original Message-
From: Volker Lendecke [mailto:volker.lende...@sernet.de]
Sent: Wednesday, May 29, 2013 2:42 PM
To: Michael Schmitz
Cc: samba@lists.samba.org
Subject: Re: [Samba] Winbind does not update groups
On Wed, May 29
[2013/05/13 07:08:58.730027, 3]
winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
[ 2367]: request location of privileged pipe
[2013/05/13 07:08:58.730252, 3]
winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
getpwnam nathan_adm
[2013/05/13 07:09:04.052509, 3]
Im not sure why this keeps getting scrubbed :(
Smb.conf http://pastebin.com/8hbKm1cm
Krb5.conf http://pastebin.com/kJvPFR05
Commands output: http://pastebin.com/XfVMNUeD
From: Nathan Frankish
Sent: Monday, 13 May 2013 7:12 AM
To: samba@lists.samba.orgmailto:samba@lists.samba.org
Subject: winbind
Jacob Seeley wrote:
Hello,
My question revolves around 'User Private Groups'. I noticed my AD users
UID's do not have matching GID's. I came across the following:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html#id2596644
This seems to indicate I cannot
On 15/04/13 22:12, Luc Lalonde wrote:
Hello Folks,
This directive works with Samba3 but does not seem to work with Samba-4.0.5:
winbind use default domain = Yes
I want to get a username that does not contain the domain (GIGL). Instead
here's what I get:
[root@roquefort ~]# getent passwd |
Hello Geza,
Here's my 'smb.conf':
[global]
workgroup = FOO
realm = foo.example.com
netbios name = ROQUEFORT
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc,
Hello Folks,
This directive works with Samba3 but does not seem to work with Samba-4.0.5:
winbind use default domain = Yes
I want to get a username that does not contain the domain (GIGL). Instead
here's what I get:
[root@roquefort ~]# getent passwd | grep GIGL
: [Samba] Winbind strip domain from username?
Hello Folks,
This directive works with Samba3 but does not seem to work with Samba-4.0.5:
winbind use default domain = Yes
I want to get a username that does not contain the domain (GIGL). Instead
here's what I get:
[root@roquefort ~]# getent
I also have this problem, using a very recent version from git. (see also:
http://www.mail-archive.com/samba@lists.samba.org/msg124657.html )
Periodically, winbind seems to simply crash, and getent passwd other ops
(e.g. htop) stall.
I'd also be happy to provide any debugging information
:48
An: tn
Cc: samba@lists.samba.org
Betreff: Re: [Samba] winbind problem
I also have this problem, using a very recent version from git. (see also:
http://www.mail-archive.com/samba@lists.samba.org/msg124657.html
http://www.mail-archive.com/samba@lists.samba.org/msg124657.html
2013-04-16 12:33 keltezéssel, Luc Lalonde írta:
Hello Geza,
Here's my 'smb.conf':
[global]
workgroup = FOO
realm = foo.example.com
netbios name = ROQUEFORT
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap,
2013-04-15 23:12 keltezéssel, Luc Lalonde írta:
Hello Folks,
This directive works with Samba3 but does not seem to work with Samba-4.0.5:
winbind use default domain = Yes
I want to get a username that does not contain the domain (GIGL). Instead
here's what I get:
[root@roquefort ~]# getent
On Wed, Apr 10, 2013 at 06:46:48PM -0400, Dylan Klomparens wrote:
I am trying to figure out why winbind is using 100% CPU on my file server.
I am using Samba version 4.0.4. Everything is fine for a few minutes when I
start winbind, however after a while it begins using 100% CPU. I haven't
been
Did you ever get a resolution to your issue with UIDs not matching?
I have the same problem and I cannot for the life of me get my UIDs to
come from Active Directory.
If you did solve it with using the
idmap config DOMAIN : backend = ad
would you be so kind as to share? I am only able to get
On Thursday, February 21, 2013 04:03:53 PM Ali Bendriss wrote:
Hello,
Could you please give me some precision about the current state of the
winbind support on a member server. I have tried to list what I understand
about it. (I suppose that the libnss_winbind symlink are correct in /lib
Hello Clodonil,
I just got to this point in my testing. Be sure you link the files to
/lib64 if you are running a 64 bit version of CentOS. I was having the same
problem and realized the files needed to go in /lib64.
--
To unsubscribe from this list go to the following URL and read the
Hello Thomas,
That was it. I made a link in / lib64 and resolved.
Clodonil
2012/12/13 Thomas Simmons twsn...@gmail.com
I just got to this point in my testing. Be sure you link the files to
/lib64 if you are running a 64 bit version of CentOS. I was having the same
problem and realized the
Peace,
To answer my own question/post, I seem to have found the culprit. It
looks like it is indeed something very simple, and I could even blame it
on the AD ( more or less)...
:o)
The userAccountControl attribute is a structure that contains flags
pertaining to the user account: (See
Hi Andrew,
The pipe is in /usr/local/samba/var/run/winbindd. The winbind this working
because the wbinfo returns successfully. I think that is something between
the centos
and the lib's winbind.
Clodonil
Prof. Msc. Clodonil H. Trigo
www.nisled.org
E-mail: clodo...@nisled.org
Classificação: ()
On 12/5/12, Clodonil Trigo clodo...@nisled.org wrote:
The pipe is in /usr/local/samba/var/run/winbindd. The winbind this working
because the wbinfo returns successfully. I think that is something between
the centos and the lib's winbind.
Yep, I wasn't correct: in Debian one can have the
Hello,
I solved the problem;
solution:
# ln-s / usr/local/samba/lib/libnss_winbind.so.2 / lib64/libnss_winbind.so
# ln-s / lib / libnss_winbind.so / lib/libnss_winbind.so.2
to:
# ln-s / usr/local/samba/lib/libnss_winbind.so.2 / lib64/libnss_winbind.so
# ln-s / lib64/libnss_winbind.so /
Hi Hleb,
I did not think the process of winbind, I believe it is internal to samba.
I did several test before migrating to the samba3 Samba4 and had success in
all cases. More time to make real the problem gave winbind.
What line you changed in smb.conf?
Prof. Msc. Clodonil H. Trigo
I used this howto. Several tests made prior to migration, and in any case
worked.
Its make a debug this?
Clodonil
2012/12/3 Rowland Penny rpe...@f2s.com
Hi, I take it that you have followed the upgrade howto at:
https://wiki.samba.org/index.**php/Samba4/samba-tool/domain/**
On 04/12/12 11:52, Clodonil Trigo wrote:
I used this howto. Several tests made prior to migration, and in any
case worked.
Its make a debug this?
Clodonil
2012/12/3 Rowland Penny rpe...@f2s.com mailto:rpe...@f2s.com
Hi, I take it that you have followed the upgrade howto at:
Yes, this Samba4 running. Add users normally. All other features of Samba4
this OK.
Only winbind not.
The Winbind there is pid or socket?
Clodonil
Prof. Msc. Clodonil H. Trigo
www.nisled.org
E-mail: clodo...@nisled.org
Classificação: () Confidencial (X) Interna
As informações contidas nesta
On 04/12/12 14:17, Clodonil Trigo wrote:
Yes, this Samba4 running. Add users normally. All other features of
Samba4 this OK.
Only winbind not.
The Winbind there is pid or socket?
Clodonil
Prof. Msc. Clodonil H. Trigo
www.nisled.org http://www.nisled.org
E-mail: clodo...@nisled.org
Hi,
Commands:
[root@lost var]# ps ax | grep samba
23756 ?S 0:00 /usr/local/samba/sbin/samba
23757 ?S 0:38 /usr/local/samba/sbin/samba
23758 ?S 0:03 /usr/local/samba/sbin/samba
23761 ?S 0:00 /usr/local/samba/sbin/smbd --option=server role
On 04/12/12 14:44, Clodonil Trigo wrote:
Hi,
Commands:
[root@lost var]# ps ax | grep samba
23756 ?S 0:00 /usr/local/samba/sbin/samba
23757 ?S 0:38 /usr/local/samba/sbin/samba
23758 ?S 0:03 /usr/local/samba/sbin/samba
23761 ?S 0:00
On 12/4/12, Clodonil Trigo clodo...@nisled.org wrote:
I did not think the process of winbind, I believe it is internal to samba.
There is no separate winbindd process in samba4. There are several
*.so providing this service.
I did several test before migrating to the samba3 Samba4 and had
On Mon, 2012-12-03 at 22:11 +0200, Hleb Valoshka wrote:
On 12/3/12, Clodonil Trigo clodo...@nisled.org wrote:
I am using centos 6.3 and did the migration from samba3 to Samba4. More the
getent passwd does not return users.
I made the link:
ln-s /usr/local/samba/lib/libnss_winbind.so.2 /
On 03/12/12 12:07, Clodonil Trigo wrote:
Hi,
I am using centos 6.3 and did the migration from samba3 to Samba4. More the
getent passwd does not return users.
I made the link:
ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so
ln-s /lib/libnss_winbind.so
On 03/12/12 17:01, Clodonil Trigo wrote:
On 03/12/12 12:07, Clodonil Trigo wrote:
* Hi, I am using centos 6.3 and did the migration from samba3 to Samba4. More the** getent passwd does not return users. I made the link:** ln-s
/usr/local/samba/lib/libnss_winbind.so.2 /
On 12/3/12, Clodonil Trigo clodo...@nisled.org wrote:
I am using centos 6.3 and did the migration from samba3 to Samba4. More the
getent passwd does not return users.
I made the link:
ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so
ln-s /lib/libnss_winbind.so
- Original Message -
From: Heather Choi hceute...@gmail.com
To: Steve Snedeker st...@imninjas.com
Cc: samba@lists.samba.org
Sent: Friday, September 28, 2012 11:12:11 PM
Subject: Re: [Samba] Winbind issue using samba 3.6.3
Looks like you have a potentially conflicting idmap block here:
idmap
find name for
group ID 10513
- Original Message -
From: Heather Choihceute...@gmail.com
To: Steve Snedekerst...@imninjas.com
Cc: samba@lists.samba.org
Sent: Friday, September 28, 2012 11:12:11 PM
Subject: Re: [Samba] Winbind issue using samba 3.6.3
Looks like you have a potentially
Looks like you have a potentially conflicting idmap block here:
idmap backend = rid:DOMAN=1-2
and here:
idmap uid = 1-2
idmap gid = 1-2
This is more contemporary with Samba 3.6:
idmap config * : backend = tdb
idmap config * : range = 20001-3
idmap config
On 24/09/12 22:31, Steve Snedeker wrote:
We have a cross platform environment with a Windows 2008 server running Active
Directory and many of our workstations are running ubuntu 10.10 using winbind
for user authentication. The version of samba running on these boxes is 3.5.4
We are looking to
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why
Hey Steve,
I knew the error Can't initialize directory with the auto-create
method of pam+winbind for home directories as well,
but I think my setup is a little bit different than yours...
My setup looks like this:
- 50 linux-server
- 5 AD secondary DC's (Active Directory w2k8 R2)
- 1 Master-DC
On 08/08/12 08:49, steve wrote:
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least
On 08/08/12 10:40, Jonathan Buzzard wrote:
On 08/08/12 08:49, steve wrote:
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh?
On 08/08/12 16:41, steve wrote:
On 08/08/12 10:40, Jonathan Buzzard wrote:
On 08/08/12 08:49, steve wrote:
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012
On Wed, Aug 08, 2012 at 09:40:02AM +0100, Jonathan Buzzard wrote:
Do you think it is likely that I would have a production file server
system in place with over 900 active SMB connections using an Alpha
release piece of software?
I don't even use 3.6 yet because it is showing too many
On 08/08/2012 05:57 PM, Jonathan Buzzard wrote:
On 08/08/12 16:41, steve wrote:
On 08/08/12 10:40, Jonathan Buzzard wrote:
On 08/08/12 08:49, steve wrote:
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why a single home directory? We have a single NFS share containing
folders for the two domains and inside those a folder for each home.
We are
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why a single home directory? We have a single NFS share containing
folders for the two domains and inside those
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why a single home directory? We have a single NFS share containing
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why a single home directory? We have a single NFS
NdK wrote:
Il 04/08/2012 12:00, steve ha scritto:
You have many ways to obtain that same mapping objective. I chose to
use rid 'cause I couldn't modify my AD schema. But the preferred way is
extend AD schema and specify there the UIDs and GIDs.
You don't have to extend the schema. You can
Il 05/08/2012 12:32, Jonathan Buzzard ha scritto:
A supported version of Windows Server 2003 (aka the 2003R2) has the
RFC2307 extensions in the schema. The installation of the R2 service
pack extends the schema to include RFC2307, your windows admins simply
don't get a choice over that bit.
Il 03/08/2012 16:21, steve ha scritto:
That's quite easy in Samba3 but which tdb's must I remove in Samba4? In
fact, how would I rejoin the DC to itself?
You shouldn't use DCs for anything else other than DC. No file server.
No gateway. *Nothing*. They're a crytical piece of your network
On 04/08/12 09:39, NdK wrote:
Il 03/08/2012 16:21, steve ha scritto:
That's quite easy in Samba3 but which tdb's must I remove in Samba4? In
fact, how would I rejoin the DC to itself?
You shouldn't use DCs for anything else other than DC. No file server.
No gateway. *Nothing*. They're a
1 - 100 of 1256 matches
Mail list logo
