On 14/07/12 17:50, Nick Triantos wrote:
Hi,
I'm still having trouble getting Samba 3.6.3 / Winbind to fetch UIDs from AD
2008 R2 with the Services for Unix feature installed. My users have uidNumber
fields which contain the UIDs I want. I'm on Ubuntu 12.04
The global part of my smb.conf.
Hi Quinn,
here's the output of klist on my samba 3 client and the
samba 4 server. Ssh based login works fine on the samba 3
machine - but requires GSSAPIStrictAcceptorCheck no on
the samba 4 host.
I'm still not sure, weather this is a multi-home issue - it
could also be caused by case
Hi,
Thanks for the info. I am now trying two ways to get, for example, the
nslcd service to work with samba4 kerberos.
Note: Spaces around @ are intentional and exist only on the list.
Method 1: The non-integration-with-samba method
Yes. Mensage access denied. have you idea?
Em 16/07/2012 02:58, Daniel Müller muel...@tropenklinik.de escreveu:
Hi,
should work!?
Just try on your windows client STRG+ALT+DEL
and go on.
Daniel
---
EDV Daniel Müller
Leitung EDV
Tropenklinik
Hi Steve,
I was taking nslcd as an example and I know that one workaround is the way
you describe it, but I see more than just nslcd/k5start service that uses
the HOST/hostname.domain.net principal to authenticate - for example, ssh
with GSSAPI seems to do the same thing unless you use
And like that?:
First your linux users to samba
smbpasswd -ae your linux user
Use smbpasswd
smb.conf:
unix password sync = yes
passwd program = /usr/bin/smbpasswd %u
passwd chat = *New*password* %u\n *Re*ype*new*password* %u\n \
On 16/07/12 13:21, Quinn Plattel wrote:
Hi Steve,
I was taking nslcd as an example and I know that one workaround is the
way you describe it, but I see more than just nslcd/k5start service that
uses the HOST/hostname.domain.net
Hi Quinn
Sorry. I thought you were still with the nslcd
Hello list today I update my samba4 to samba4 Version
4.0.0beta4-GIT-dff29e4, everythings is ok, but when I try to create a GPO
(Group Politic Object) say me Deny Access and this politic do not aplicate
to pc, I try with user administrator and I have the same problem.
somebody can help me?
--
I think I take this back. This more a workaround than a solution. The
workaround makes sshd use any principal found in the database, but a proper
kerberos setup would look for the client's hostname principal only.
The search goes on for a proper samba4 kerberos setup. :-)
br,
Quinn
On Tue, Jul
Hi,
Is there a way to see what principals exist in the samba4 domain? I could
list the principals in a keytab file, but that does not reflect what is in
the samba4 domain.
br,
Quinn
--
To unsubscribe from this list go to the following URL and read the
instructions:
Steve,
An alternate workaround to steps 3,4,5 is to do the following:
3: samba-tool domain exportkeytab /etc/krb5.keytab --principal=nslcd-service
4: edit /etc/default/nslcd and add the line:
K5START_PRINCIPAL=nslcd-service
5: start nslcd with service nslcd start
So now we have two principals we
Hi Quinn,
for Active Directory or Samba 4 DC this may be quite
tricky:
In Active Directory exists a principal alias list, that applies
to all (?) SPN objects - so you may only see a HOST/ principal, but
this one may also be valid for a whole bunch of other names,
like cifs/ ... HTTP/ ...
Hello Everyone.
It seems we have a problem with locked files in 3.6.6.
Symptoms are:
- office 2010 .tmp files do not get deleted
- smbstatus crashes with segmentation fault (in traverse_fn
according to gdb) when the next line should display the mentionend
.tmp-file.
It seems that smbstatus
other errors that I have when I try to join BDC with samba 4 is the follow
Try the mounting the filesystem with the 'acl' option.)
Deleted
CN=DANTES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=eccmg,DC=cupet,DC=cu
ERROR(class 'samba.provision.ProvisioningError'): uncaught
On 16/07/12 15:18, Quinn Plattel wrote:
Steve,
An alternate workaround to steps 3,4,5 is to do the following:
3: samba-tool domain exportkeytab /etc/krb5.keytab --principal=nslcd-service
4: edit /etc/default/nslcd and add the line:
K5START_PRINCIPAL=nslcd-service
5: start nslcd with service
Hello,
Last week I have detected with Zabbix that a member of my Samba domain
had been downloading at a rate of around 8 Mbps for two days and a half.
When asking the person to whom belonged the machine, he didn't know he
was downloading anything but he said he had observed his machine had
Thanks. done.
Em 16/07/2012 08:27, Daniel Müller muel...@tropenklinik.de escreveu:
And like that?:
First your linux users to samba
smbpasswd -ae your linux user
Use smbpasswd
smb.conf:
unix password sync = yes
passwd program = /usr/bin/smbpasswd %u
passwd chat =
I noticed you tried to comment out the default idmap section. The range
also starts very low, (too low). I think you might be running into
uid/gid collisions because of that.
Something like this is more preferrable (in addition to setting your
ranges):
idmap config * : backend = tdb
Thanks Jonathan, but it didn't work for me. I updated my config to look like
this:
security = ADS
realm = CORP.mycompany.COM
allow trusted domains = yes
winbind use default domain = yes
winbind nested groups = YES
winbind enum groups = yes
winbind enum users = yes
winbind
Thanks Heather.
It was my understanding, from reading one of the doc pages, that the range
acted as a filter, and would invalidate any users who didn't match the range,
so I purposely made it cover a broader range (from 900 onward). In AD, my first
user maps at 1001. On the local machine, all
We are proud to a announce another beta release of Samba 4.0, beta4
What's new in Samba 4.0 beta4
=
Samba 4.0 will be the next version of the Samba suite and incorporates
all the technology found in both the Samba4 alpha series and the
stable 3.x series. The primary
The branch, master has been updated
via c92a567 pytdb: Check if the database is closed before we touch it
via a8e8833 pytdb: Check for errors parsing strings into TDB_DATA
from dff29e4 auth/credentials: Look in the secrets.tdb for the machine
account
The branch, master has been updated
via a7d5d08 Revert Remove XSLT script to generate image dependencies,
instead rely on make
from c92a567 pytdb: Check if the database is closed before we touch it
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log
The branch, master has been updated
via db33ef7 VERSION: Move on to beta5!
via 3a6f1f9 VERSION: Mark as the beta4 release
via 4b44002 WHATSNEW: prepare for 4.0 beta4
from a7d5d08 Revert Remove XSLT script to generate image dependencies,
instead rely on make
The annotated tag, samba-4.0.0beta4 has been created
at 89611de731f3d4b5af8445701463107e8e849b48 (tag)
tagging 3a6f1f9ac537bc8d722aa075e67e1e50e7fe6e44 (commit)
replaces ldb-1.1.8
tagged by Andrew Bartlett
on Tue Jul 17 14:32:02 2012 +1000
- Log
The branch, v4-0-test has been updated
via 3a6f1f9 VERSION: Mark as the beta4 release
via 4b44002 WHATSNEW: prepare for 4.0 beta4
via a7d5d08 Revert Remove XSLT script to generate image dependencies,
instead rely on make
via c92a567 pytdb: Check if the database is
The branch, v4-0-stable has been updated
via 3a6f1f9 VERSION: Mark as the beta4 release
via 4b44002 WHATSNEW: prepare for 4.0 beta4
via a7d5d08 Revert Remove XSLT script to generate image dependencies,
instead rely on make
via c92a567 pytdb: Check if the database
27 matches
Mail list logo