Re: [Samba] Samba Domain member server - using domain part within authentication
Hello, Memberserver: With security=domain, your auth request will be send to your dc and to its success it needs domain\user password. If your logon fails the memberserver tries to authenticate the user local. The better way: work with BDCs/LDAP Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michal Bruncko Gesendet: Freitag, 27. Juli 2012 14:40 An: samba@lists.samba.org Betreff: [Samba] Samba Domain member server - using domain part within authentication Hello list, We are using several file servers in our enviroment in following way: - 1st fileserver is PDC - 2nd ... Xth are domain memeber server (with security = domain, and joined in domain via "net rpc join" command) When user is logging into 1st fileserver, he can be successfully authenticated with typing only "username" (without domain part) and his password from client computer which is NOT part of this domain. But when user is trying to log in to some domain member server, the authentication willl not be successful until hi use login in form "DOMAIN\username" and his password. I need to note here, that winbind is not running on member servers, just pure smbd and nmbd daemons. Is there any way how to authenticate to member servers without using domain part in authentication name? I am using: - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64 - on Client: windows 7 many thanks michal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba with pam_group.so: add group on log in
In order for all PAM management types to be used you need to disable encryption on both Samba server and client. Dragos On Sat, Jul 28, 2012 at 12:34 AM, Arokux B. wrote: > Hi, > > I am using pam_group.so to add some additional groups to the users. > However, although Samba obeys pam restrictions, it obeys only > "session" type of management. pam_group.so, however can be used only > with auth. That's why if a user logs in through Samba it won't have a > particular group added and so not enough permissions to work with a > share. > > How else can I add a group to a user account on the fly just after Samba > log in? > > Thanks > Arokux > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: 2DC domain. Which ldap:// address do I use, DC1 or DC2?
On Sun, Jul 29, 2012 at 11:43 AM, steve wrote: > 2 Samb4 DC's joined and replicating great. > Hi > I'm running some Linux scripts on DC2 which I copied from DC1. > > I changed the ldap://address for a script which I copied to DC2 to that of > DC2. If I now deliberately failover DC1, the script on DC2 complains that > the ldap addresss is invalid. > > Do I keep the scripts at the same ldap://address on BOTH DC's? Is, that > correct? I put both ldap servers (actually in my case 3 ldap servers and 3 DCs) on that line on both DCs. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: 2DC domain. Which ldap:// address do I use, DC1 or DC2?
2 Samb4 DC's joined and replicating great. Hi I'm running some Linux scripts on DC2 which I copied from DC1. I changed the ldap://address for a script which I copied to DC2 to that of DC2. If I now deliberately failover DC1, the script on DC2 complains that the ldap addresss is invalid. Do I keep the scripts at the same ldap://address on BOTH DC's? Is, that correct? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7: block an OU from the control panel
Hi In XP this is very easy to do by right clicking the OU and selecting properties-GPO. I've searched and tried but I can't get a way to do it in w7. Does anyone have a step by step? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba: read-only remote LDAP + additional local users
On Tue, 2012-07-24 at 10:06 +0200, Arokux B. wrote: > On Tue, Jul 24, 2012 at 7:55 AM, Daniel Müller > wrote: > > Why do not have all users work within samba? > > What is the reason? > > My server is a small private server of a small subdivision. Now and > then there are external people that come to us for short time and they > also need access to our Samba-shares. I cannot change anything on the > LDAP-Server and so cannot add them to it. Do you bind directly against the LDAP server as a samba passdb, or do you join the domain? It would be more normal to join the domain, and then you can have local unix users and local Samba users in your local passdb, while connecting to the main company domain as a domain member. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba