Megachip 5 Posted January 12, 2015 Share Posted January 12, 2015 Where to setup external authentication sources? Link to comment Share on other sites More sharing options...
Megachip 5 Posted January 22, 2015 Author Share Posted January 22, 2015 Noone? Not possible? But why the "mapped domain security groups" entry? Link to comment Share on other sites More sharing options...
wind-e 1 Posted January 22, 2015 Share Posted January 22, 2015 When you click the SELECT box next to GROUP SID [found under ADMIN-->ACCESS RIGHTS-->MAPPED DOMAIN SECURITY GROUPS-->NEW], do you not get a list of all the groups in your domain? Link to comment Share on other sites More sharing options...
Megachip 5 Posted January 23, 2015 Author Share Posted January 23, 2015 When you click the SELECT box next to GROUP SID [found under ADMIN-->ACCESS RIGHTS-->MAPPED DOMAIN SECURITY GROUPS-->NEW], do you not get a list of all the groups in your domain? Nope, i got an error. Thats why I ask where I can configure it. Or is it a windows only feature which uses the local windows settings? (Running the appliance on centos) Link to comment Share on other sites More sharing options...
wind-e 1 Posted January 23, 2015 Share Posted January 23, 2015 Not familiar with LDAP for Centos. Could you just enter the group's SID manually? Link to comment Share on other sites More sharing options...
Megachip 5 Posted January 26, 2015 Author Share Posted January 26, 2015 Not familiar with LDAP for Centos. Could you just enter the group's SID manually? I could, but this has no effects. Cause it is an appliance, i think it is not recommended to chance anything on the hostsystem? No official statements? Guides? Link to comment Share on other sites More sharing options...
Megachip 5 Posted February 12, 2015 Author Share Posted February 12, 2015 So it looks like I have to join the appliance via winbindd to the existent samba domain? Is this anywhere documented? Link to comment Share on other sites More sharing options...
bootsoft 0 Posted February 12, 2015 Share Posted February 12, 2015 * standard domain joining process via winbind * make sure ldapsearch utility is in place, openldap-clients package on centos * tasks like "Static Group Synchronization" will have some hidden gems like LOGIN, takes form similar to "CN=connect-user,CN=Users,DC=your-domain,DC=com" depends on your LDAP structure. Link to comment Share on other sites More sharing options...
Megachip 5 Posted February 16, 2015 Author Share Posted February 16, 2015 * standard domain joining process via winbind * make sure ldapsearch utility is in place, openldap-clients package on centos * tasks like "Static Group Synchronization" will have some hidden gems like LOGIN, takes form similar to "CN=connect-user,CN=Users,DC=your-domain,DC=com" depends on your LDAP structure. Thx, will try a domain join later. A LDAP only user backend isn't possible? Link to comment Share on other sites More sharing options...
Megachip 5 Posted March 20, 2015 Author Share Posted March 20, 2015 (edited) ***PUSH*** A LDAP only user backend isn't possible? Any how to use ldap (openldap) as a direct authentication/syncronisation backend? Edited March 24, 2015 by Megachip Link to comment Share on other sites More sharing options...
ESET Staff michalp 20 Posted March 23, 2015 ESET Staff Share Posted March 23, 2015 On CentOS (or any Linux), Domain Mapped Groups will only work through Winbind. LDAP auth can only be used with static group synchronisation. ERA uses 'wbinfo' and 'ntlm_auth' commands to communicate with Winbind daemon and do the authentication. If you are able to configure Winbind to use LDAP, then it will work. Link to comment Share on other sites More sharing options...
Megachip 5 Posted March 23, 2015 Author Share Posted March 23, 2015 Can't get winbind running complete. wbinfo -u works, ntlm_auth works, but wbinfo -i meg failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user meg wbinfo -g failed to call wbcListGroups: WBC_ERR_INVALID_RESPONSE Error looking up domain groups Winbindd Version: 3.6.23-14.el6_6 OS: CentOS, ESET Appliance Any ideas or conclusions? Samba Settings: [global] workgroup = RZ server string = Samba Server Version %v security = DOMAIN log file = /var/log/samba/log.%m max log size = 50 wins server = 1xx.1x.1xx.1xx idmap config * : backend = tdb cups options = raw Link to comment Share on other sites More sharing options...
ESET Staff michalp 20 Posted March 26, 2015 ESET Staff Share Posted March 26, 2015 It is hard to say what is wrong. Winbind is very picky about its configuration. My experience is only with joining AD on domain controller and that requires: 1. DNS needs to be configured correctly. 2. Time needs to be synchronised with domain controller. 3. Kerberos needs to be configured. 4. Samba needs to be configured. 5. Domain join is necessary. All these steps are done automatically in ERA Server Appliance. If you want, you can deploy it as a test in VirtualBox (or VMWare Player) and go through manual installation. Afterwards you can look at created configuration files. There is also '/root/help-with-domain.txt' file that in more details explains all steps. Link to comment Share on other sites More sharing options...
Megachip 5 Posted March 26, 2015 Author Share Posted March 26, 2015 It is hard to say what is wrong. Winbind is very picky about its configuration. My experience is only with joining AD on domain controller and that requires: Mine to, and there works all fine But this is no AD. 1. DNS needs to be configured correctly. It is. 2. Time needs to be synchronised with domain controller. It is. 3. Kerberos needs to be configured. There is no Kerberos, it's an Samba 3 Domain. 4. Samba needs to be configured. It is. 5. Domain join is necessary. Join works fine. Missed to mentioned it in the post above. All these steps are done automatically in ERA Server Appliance. I'm using the Appliance. How can you automatically join the domain?! If you want, you can deploy it as a test in VirtualBox (or VMWare Player) and go through manual installation. Afterwards you can look at created configuration files. There is also '/root/help-with-domain.txt' file that in more details explains all steps. There is no such file in the appliance. Appliance was installed on 2015/01/08. Are there different versions? setting winbind use default domain = Yes let wbinfo -i <username> works, but wbinfo -g (which is used by eras) still not work. Link to comment Share on other sites More sharing options...
Megachip 5 Posted April 29, 2015 Author Share Posted April 29, 2015 (edited) Why ESET not using the net (rpc/ads) group command? Edited April 29, 2015 by Megachip Link to comment Share on other sites More sharing options...
Recommended Posts