Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [winbind]

Winbind is part of the Samba suite and provides an NSS and PAM layer for Unix/Linux systems to integrate authentication with a Windows domain

136 questions
3
votes
2 answers

Winbind/AD: Local users with identical AD usernames

We are getting ready to add Winbind/Samba to some CentOS servers. Identity Management for UNIX is running on our DC, and it's testing well so far. There is one scenario I'm having trouble with, and I'm pretty sure it's solved inside of…
verbalicious
  • 101
  • 1
  • 5
3
votes
1 answer

Best Management Practices for using Winbind?

I'm planning on migrating a few of our Linux servers to use AD authentication via SAMBA/Winbind. Operating system will be openSUSE 11.3 x64. Our AD environment does not have UNIX extensions installed. I've set up a server from scratch and it seems…
churnd
  • 4,077
  • 5
  • 34
  • 42
3
votes
0 answers

SSSD procedure for staying joined when renaming AD computer object

Shooting for the moon with this question here. In Windows if you join a client to an AD domain and later if you want to rename the computer object you can do so "seamlessly" without it breaking the AD membership of the client. I want to accomplish…
SeligkeitIstInGott
  • 179
  • 2
  • 5
  • 19
3
votes
2 answers

I have to manually restart winbind.service after every reboot. Ubuntu 18.04

S.O. Ubuntu 18.04.4, Samba version 4.7.6-Ubuntu I have this problem with this machine. Whenever the system restarts, winbind.service fail to start properly, and error "clock skew too great" is recorded in logs. winbind log: [2020/02/17…
giorgiline
  • 131
  • 1
  • 6
2
votes
1 answer

pam_winbind: unknown option require_membership_of

I'm trying to configure the VSFTPD with Winbind to restrict users authenticated by Active Directory, only to those that belong to specific group. I'm using a generic conf file for the vsftpd, with few changes: $ cat…
Joao Bernardes
  • 21
  • 2
2
votes
2 answers

winbind authentication through apache slow

I have a linux machine setup to authenticate users using Active Directory with samba/winbind. Apache is then setup to use that to authenticate the users. This is done using: AddExternalAuth pwauth…
Zitrax
  • 794
  • 2
  • 11
  • 21
2
votes
0 answers

Unable to authenticate to AD using Kinit - cache file not found

I'm trying to set up Winbind with PAM and Kerberos to authenticate CentOS 7 against active directory. So far this is what I've done: yum -y install authconfig krb5-workstation pam_krb5 samba-common oddjob-mkhomedir yum -y install…
GrahamBond
  • 21
  • 1
  • 1
  • 3
2
votes
1 answer

Set up Samba with Active Directory and local user authentication

My main goal is to set up a Samba-Server, to where users can connect to by using their Active-Directory credentials. Additionally, local linux users on the Samba-Server should be able to authenticate. First I tried to configure the Samba-Server to…
Soner Kalayci
  • 21
  • 1
  • 3
2
votes
3 answers

linux - windows ad authentication - why join domain?

When using Windows AD to authenticate users on Linux servers is there an advantage to using Winbind and "Joining the Domain" over just authenticating via Kerberos and looking up UID,GID, home dir, etc in LDAP?
fred
  • 21
  • 2
2
votes
0 answers

Samba doesn't seem to stay joined to Active Directory domain

I can initially join a linux box to the domain with these commands: sudo kinit administrator@WINDOWS.CORP.SPRINGVENTUREGROUP.COM sudo net ads join -k After a few hours or the next day, this happens: user@host:~$ sudo wbinfo -a administrator Enter…
Jonathan S. Fisher
  • 434
  • 4
  • 19
2
votes
1 answer

'realm join --client-software sssd' on centos-7 joins two realms (one with sssd and one with winbind)

On clean installed centos-7 host: realm join -U foo --client-software sssd AD.EXAMPLE.COM After running realm list output looks initially like this: AD.EXAMPLE.COM type: kerberos realm-name: AD.EXAMPLE.COM domain-name: ad.example.com …
Ben
  • 391
  • 1
  • 3
  • 11
2
votes
1 answer

Ubuntu 14.04 Active Directory auth fails after static ip config

I'm having 6 Ubuntu 14.04 servers that are joined to active directory (2003 domain functional level 2008r2 schema) All of the servers work's fine when network interface is configured to use DHCP. But the networks these servers will be located on…
user2782999
  • 123
  • 3
  • 8
2
votes
1 answer

Samba Shares Without Using Winbind

I am curious if it is possible to use samba shares without using winbind. In our current environment we are using SSSD, Kerberos, and Samba to complete the required tasks such as joining the windows domain and setting up active directory/LDAP. …
user2104891
  • 135
  • 2
  • 12
2
votes
2 answers

winbindd: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Cannot contact any KDC for requested realm

While looking for reasons why logging in to a samba machines joined to Active Directory is slow I have the strong impression that the following error in my log file could be a hint. Apr 3 14:44:14 eu2 winbindd[19632]: [2014/04/03 14:44:14.166820, …
WoJ
  • 3,607
  • 9
  • 49
  • 79
2
votes
0 answers

Authentization agains Samba4 domain controler and not working kinit

I've a problem with Samba 4 and Kerberos. If I call kinit, it writes Client not found in Kerberos database while getting initial credentials. I find out, that the Kerberos works with user name only, but the system identifies all domain users with…
Theodor Keinstein
  • 181
  • 1
  • 11
1 2
3
9 10