Can someone point me to information on how Samba handles SID History when using
security=ads and changing domains? I've done some prototyping in transferring the
idmaps from old to new SIDs when using an ldap backend, but would like to see a
recommended practice if one exists. I'm especially
We are using Samba for shares and Winbind for Active Directory authentication, and are
down
to a few problems.
If the AD goes down or reboots, Winbind loses its connection. In the winbind log, it
reports:
Could not open a connection to TEST1 for \PIPE\NETLOGON
We have a problem with our setup that exposed another problem in winbindd.
Setup: Samba 3.0.1, openLDAP 1.2.23 for idmap backend using port 1389,
security=ads (w2k). All works after we get the daemons started
successfully.
The first issue has to do with the initial setup of both a
Solaris 8, Samba 3.0.1, Winbind with LDAP backend and security = ads.
This may or may not be a problem, depending on what is expected behaviour.
We came across a user that was defined both locally and in AD. Their local
primary group, call it localgrp, was not the same as their global primary
This may be OT, since I don't think is related to samba, but since we
just made pam.conf changes for samba, we are on the top of the suspect
list.
Ocassionally, we are getting a running error in a .dt/errorlog stating:
TIMESTAMP
dtsession: pam_start status = 4
This *quickly* fills up the disk,
Config: Solaris 8, OpenLDAP winbind backend, using AD for global users.
Is there documentation on what service_name / module_type pairs are
supported by pam_winbind? I've gone through the Samba-3 HOWTO book
and internet searches, but haven't found anything difinitive. I have been
able to tell
-
From: Klinger, John (N-CSC)
Thank you for your response.
Bug 910 looks like a different issue.
We are using Samba on Solaris 8, with security = ads,
with AD running on a W2K server.
We cannot access someone else's file on Solaris that
is owned by a group that we are a member
: Wednesday, January 07, 2004 12:05 AM
To: Klinger, John (N-CSC)
Cc: Gerald (Jerry) Carter
Subject: Re: [Samba] Secondary Groups and Group Mapping
Hi,
this might be related to bug 910
domain admin rights only works for user, which primary group
is domain
admins
I submitted last week
-Original Message-
From: Klinger, John (N-CSC)
Sent: Friday, December 19, 2003 8:14 AM
| | Klinger, John (N-CSC) wrote:
| |
| | The first issue deals with the file sharing. Even if a file gives
| | full permission to one of a user's secondary groups, that user
| | cannot
| | Klinger, John (N-CSC) wrote:
| |
| | The first issue deals with the file sharing. Even if a file gives
| | full permission to one of a user's secondary groups, that user
| | cannot access the file. The user can only access the file (or
| | directory) if the file's group is the user's primary
?
We've downloaded 3.0.1 with hopes it helps resolve these issues. We still have the
above groupmap issues. We haven't tried the secondary group access yet.
john
-Original Message-
From: Klinger, John (N-CSC)
Sent: Monday, December 15, 2003 4:59 PM
To: '[EMAIL PROTECTED
We are having what appears to be two main issues in our attempt to setup Samba 3.0.0
compiled from src on Solaris 8. We are using Samba to provide Unix shares on W2K
clients, and to authenticate against a W2K Active Directory server. OpenLDAP is used
on the Samba side for the UID/GID to SID
12 matches
Mail list logo