[Samba] Changing a user's primary GID
I'm using samba version 3.0.10 on an Intel PC running Redhat Linux 3.0 AS. I am using winbind with the idmap_rid module to authenticate users to Windows AD. All the current Linux user account names are exactly the same as the corresponding Windows AD SAM acct names. Everything works beautifully EXCEPT for the GIDs generated from the from the AD Groups that the Windows accounts belong to. (The UIDs are NOT a problem.) It seems like they all belong to the same group of "Domain Users". This is what I DO NOT want! At a minimum I need to have users in one of 2 Linux groups - as their primary group - a faculty or a student group since our current utility programs use Linux group permissions to work properly. A student account can easily be determined from the SAMaccountName - if it starts with a lowercase "x". If not it is a faculty account. I DO NOT control the info in the Windows AD system. Is there a way to force a user be put into a particular (LOCAL) Linux group when logging into a Linux host running Samba winbind. This would be there primary group while logged in. I really have no use for the domain group. Is there a utility or would the code have to be hacked? If the latter is true what C programs need to be modified? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Idmap backend for winbind
I'm trying to set up an Idmap Backend LDAP server for winbind. I don't need a full blown SAMBA PDC; just a server to provide the SID to UID/GID mappings. We're using a Windows Active Directory server to authenticate against but we want the above mappings to be the same across multiple samba machines. Can we just stand up a simple ldap server and just add the mappings and that's it or do we have to have a full blown Samba PDC for this purpose? If just the mappings are built, what are the specifics? What entries do we have to add? All the documentation I've read talks about an idmap backend in the context of building a PDC. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind, rids, gids, uids
Is there any SIMPLE way to maintain consistent mappings between windows RIDs and UNIX/LINUX UIDs/GIDs among multiple samba servers servers running winbindd? Will that problem be addressed in future samba releases? I've read about the "idmap backend" possible solution but is that the only current one? Help!!! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris9 and winbind
I'm trying to use samba(winbind) to have Active Directory users login to a Solaris9 host. I'm using samba-3.0.7. So far I have sucessfully built samba and gotten wbinfo to work. The problem arises when I try to execute "getent passwd" or "getent group". All I get are the local entires. (I have already made the correct modifications to the nsswitch.conf File.) According to the How-to documentation there is a problem with Solaris9 and the winbind nss module. I've installed the recommended patch(112960 - at least version 14) but still no success. Is there something I'm missing? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Login restrictions through winbind
I have successfully setup a Red Hat Enterprise Linux AS 3.0 server that allows Windows AD Users to login to it(through winbind). The problem is that ALL such users can now do so. Is there a way to control which users are allowed to login while others are denied access? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem using pam_winbind to authenticate with Windows 2003 Active Directory Server.
Thanks, that worked beautifully. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 6:45 PM To: Wong, G. MR EECS Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Problem using pam_winbind to authenticate with Windows 2003 Active Directory Server. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wong, G. MR EECS wrote: | If sAMAaccountName = UserPrincipalName | user can Log in | Else | can't ( The error message from pam_winbind is: PAM | error was 10, NT error was NT_STATUS_NO_SUCH_USER ) | | Why is this occuring? Do I need to use other programs | in conjunction with samba to get this to work and if so | are there some instructions to do so? HELP! Recently fixed for the upcoming 3.0.7 release. Here's the patch. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQNz9IR7qMdg1EfYRAgdnAJ9raUexgprsxOGp8zc6red+rJPEhQCfQ9oW hAXpVmXSQFCK+QG4JBb1mzo= =xxGa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem using pam_winbind to authenticate with Windows 2003 Active Directory Server.
We're trying to have AD Domain Users authenticate to AD server to login to a Redhat Enterprise Linux AS (3.0) server. Were running samba 3.06 on the Linux box. We're using specifically winbind and pam_winbind for this purpose. I've followed all the instructions in the HOW-TO samba documentation on setting up windbind, kerberos, and pam_winbind. I've successfully logged into the LINUX box with certain AD user credentials but not with others, which are the majority. Here is what I've observed about the 2 sets of user accounts: If sAMAaccountName = UserPrincipalName user can Log in Else can't ( The error message from pam_winbind is: PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER ) Why is this occuring? Do I need to use other programs in conjunction with samba to get this to work and if so are there some instructions to do so? HELP! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba