search for: acasta

...4 AD. Simplistically, I'm trying initially to SSH into my AD server (working) using nslcd. I've tried method #1 from https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns lcd My simple config is: uid nslcd gid nslcd uri ldap://127.0.0.1:389 base cn=Users,dc=acasta,dc=intra binddn cn=nslcd-connect,cn=Users, dc=acasta,dc=intra bindpw xxxxx filter passwd (objectClass=user) filter group (objectClass=group) map passwd uid sAMAccountName map passwd homeDirectory unixHomeDirectory map passwd gecos...

...ember_Server" doesn't work on my Debian Wheezy box - I don't see libnss_winbind.so on my system. And 'apt-get install winbind' says I'm already on the latest version... Anyone any pointers on the best approach? smb.conf: # Global parameters [global] workgroup = ACASTA realm = ACASTA.INTRA netbios name = KEPLER server role = active directory domain controller dns forwarder = 192.168.100.1 idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/acasta.intra/scripts read only = No [sysvol]...

Hi Rowland - thank you for replying. I have now demoted and removed the temporary DC with the intention of repeating the exercise from scratch later this week. It was a Ubuntu Server 18.04.1 and the smb.conf was very vanilla: [global] workgroup = ACASTA realm = ACASTA.INTRA netbios name = UBUNTU server role = active directory domain controller dns forwarder - 192.168.200.3 idmap_ldb:use rfc2307 = yes The join worked successfully. DNS checked out. Kerberos checked out. I could see everything in my RSAT tools. Everything appeared to be working, ex...

...drwxr-xr-x 7 JohnDoe Domain Users 4.0K Aug 24 20:47 ./ drwxr-xr-x 11 root root 4.0K Dec 1 16:50 ../ -rw-r--r-- 1 JohnDoe Domain Users 439K Aug 14 2013 Book.xlsx -rw-r--r-- 1 JohnDoe Domain Users 30K Mar 4 2012 planner.xls -rwxr-xr-x+ 1 3000000 Domain Users 4.2M Feb 10 2017 acasta.ics* Any ideas how to fix this? -- Rob Mason 07770 578764 From: Rob Mason Sent: 30 November 2018 18:28 To: 'samba at lists.samba.org' <samba at lists.samba.org> Subject: Domain Admins default ownership is BUILTIN\Administrators I've now spun up a second DC ready for a migratio...

> On Wed, 2 Jan 2019 14:42:39 +0000 > Rob Mason <rob at acasta.co.uk<mailto:rob at acasta.co.uk>>> wrote: > >> Many thanks Rowland. Yes, I don't understand idmaps, but I _think_ >> I'm getting it. I have added the gid of 60002 for Domain Admins and >> undertaken some 'chgrp' tasks. I've now got a domain...

...create the passwd/group entries on my new DC in order to gain the old uid/gid values? I’ve copied the idmap.ldb as suggested in the text, and whilst wbinfo returns the domain users, getent doesn’t show the domain accounts, only the local passwd entries. Have I missed something obvious?? thanks Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013. Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB. VAT Registered 934 6797 75.

...ddir=/var/run/samba --with-pammodulesdir=/lib/x86_64-linux-gnu/security --libdir=/usr/lib/x86_64-linux-gnu --with-modulesdir=/usr/lib/x86_64-linux-gnu/samba --datadir=/usr/share --with-lockdir=/var/run/samba --with-statedir=/var/lib/samba --with-cachedir=/var/cache/samba Thanks -- Rob Mason Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013. The original of this email was scanned by the Acasta SMTP mail relay for known viruses at 17:38 on 04/12/2015 and was found to be virus free - ClamAV 0.98.7/21134/Fri Dec 4 13:36:45 2015. Acasta Ltd. Registered in Engla...

...Subject: RE: [Samba] Adding a new DC - ID Mappings Hi Rowland - thank you for replying. I have now demoted and removed the temporary DC with the intention of repeating the exercise from scratch later this week. It was a Ubuntu Server 18.04.1 and the smb.conf was very vanilla: [global] workgroup = ACASTA realm = ACASTA.INTRA netbios name = UBUNTU server role = active directory domain controller dns forwarder - 192.168.200.3 idmap_ldb:use rfc2307 = yes The join worked successfully. DNS checked out. Kerberos checked out. I could see everything in my RSAT tools. Everything appeared to be working, ex...

...workgroup = SAMDOM idmap_ldb:use rfc2307 = yes template shell = /bin/bash winbind use default domain = true winbind offline logon = false winbind nss info = rfc2307 winbind enum users = yes winbind enum groups = yes [netlogon] path = /var/lib/samba/sysvol/acasta.intra/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [data] path = /data read only = No -- Rob Mason Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013. Registered in England 6619191. 42 Pitt...

Hi List, I have an unusual problem concerning the Windows XP "Rotate" image explorer shell extension. I have a share called "Archives" defined with a number of sub-directories. Whilst I have read/write permission to all directories, I am unable to use the Windows XP "Rotate Clockwise" or "Rotate Counter Clockwise" image command on JPG's contained

...anges for users & groups. If you do give a user a 'uidNumber' attribute, or a group a 'gidNumber' attribute, these will be used on a DC instead of the 'xidNumber' attributes, though you will probably need to run 'net cache flush' Rowland -- Rob Mason Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013. Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB. VAT Registered 934 6797 75.

...on? Therefore, I must replicate > my old DC sysvol to the new DC before transferring FMSO roles and > demoting the old DC?? You still need to manually sync Sysvol between DCs and you should also sync idmap.ldb from the DC holding the 'PdcEmulation' FSMO role to all other DCs Rowland Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013. Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB. VAT Registered 934 6797 75.

<snip> > > > I do hope you are not thinking of using GPO's, you have just stopped > > > > > Domain Admins from owning things in Sysvol. > > > > > > > > > > Rowland > > > > <facepalm/> Thanks Rowland - you must be getting pretty tired of my > > dumb questions... > > The only dumb question is the one

On 12/6/2018 3:40 AM, Rowland Penny via samba wrote: > On Wed, 5 Dec 2018 17:36:43 -0500 > Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote: > >> >> On 12/5/2018 3:10 PM, Rowland Penny via samba wrote: >>>> >>>> That sucks. I'm assuming Centos has the same problems? >>> >>> No, Centos has an even bigger

...n users:x:60001: I don't see Domain Admins or other groups and builtin users on the member server. This means I cannot grant Domain admins ownership of directories when I create shares. Does this mean I will have to manually re-map the uid/gid attributes in the AD DC??? Thanks -- Rob Mason Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013. Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB. VAT Registered 934 6797 75.

<snip> Hi Rowland - I've spent the past few days going over the wiki and mailing lists. I think I've got the hang of idmaps. May I clarify a couple of things: ~ I have two DC's and one large fileserver (member). I'm using the 'ad' backend. ~ The only only windows group that needs a gidNumber attribute is Domain Users to map this across to the member server. ~ Other