Displaying 20 results from an estimated 20000 matches similar to: "Some hint on migration from a set of NT4 domains to an AD domain..."
2017 Aug 31
0
Some hint on migration from a set of NT4 domains to an AD domain...
Hi Marco,
> I've lurked (and posted) on that list by some month, getting many
> vaulable informations, but still i've many doubts.
>
> Most of my doubt i think came from the fact that 'AD' (generally) a is
> a very complex beast, and if samba in NT4 mode fit very well in a UNIX
> environment (and mind ;), samba in AD mode forced me to think in some
>
2017 Nov 08
4
Best practice for creating an RO LDAP User in AD...
I dont beleave it.
That 5 years old now, normaly i'll dig into it, but exim... I dropped exim about 15 years ago..
First thing i do on debian...
apt-get install --purge postfix
That installs postfix and removes exim and purges exims config.. ;-)
The setup for the Ad in the link below is the same but if you want access without auth,
Have you tried to query the GC ports. ( 3268 or 3269
2017 Jul 10
2
'Official' NT4-like domain decommission?
There are ''official'' plan (by Samba Team, but also by Microsoft) to
officially ''decommission'' support for NT-like domains?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
2017 Oct 27
2
Some hint reading password expiration data...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> It is an operational attribute. simply add
> msDS-UserPasswordExpiryTimeComputed
> to the list of attributes requested when searching for the user.
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge
# record 1
dn:
2018 May 11
3
Moving roaming profiles between domains, risky?
OK, now i've to start to move the big part of my users from my old
NT-like domains to my new AD domain.
I've setup roaming profile in the new domain following the wiki
(https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles, 'using
windows ACL') and for new profiles works like a charm.
But i've tried to move/copy old profile to the new domain, and seems
work, with
2019 Nov 15
3
Account locked and delayed user data propagation...
I need to do some testing, but before to hit by head on a known wall, i
ask here.
My AD domain get used (via PAM/Winbind) to give access to some other
dervice, most notably here dovecot.
When password expire (or users change it) the MUA try the old password
some times, then ask for a new password; users cleraly get scared,
press randomly 'OK' or 'Cancel', but if they press 2-3
2018 Jul 20
4
Samba 4.5 and glusterfs...
Reding the thread in list about gluster, i've found that in your samba
packages 4.5.12+dfsg-2+deb9u2~bpo8+1 there's no vfs_glusterfs module, only
the manpage.
root at vdmsv1:~# grep glusterfs /var/lib/dpkg/info/samba*.list
/var/lib/dpkg/info/samba-vfs-modules.list:/usr/share/man/man8/vfs_glusterfs.8.gz
root at vdmsv1:~# grep /vfs/ /var/lib/dpkg/info/samba*.list
2018 Mar 21
2
Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > The trouble came from 'root' or groups '3000002' and '3000003'?
> No and very very probably no & no ;-)
> > How can i fix them? Thanks.
> Fix what? The owner has to be 'root', and you can find out just who
> '3000002' & '3000003' are by opening
2018 May 14
2
Samba, AD and devices compatibility...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> I hope this clarifies things,
Super-clear! Thanks!
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t
2019 Jan 09
3
[Oddity] SAMAccountName and 20+ chars logins...
Reading here i've understod that for LDAP query it is better to use
SAMAccountName as 'login', but today i've found:
https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname
so, 'SAMAccountName' is a compatibility field with NT mode, limited to
20 chars.
Someone here use 21 chars logins? ;-)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
2019 Dec 10
2
DC in trash...
Debian stretch, louis packages 4.9.16+dfsg-0.1~stretch~1 .
After some time (roughly: two weeks) my DC with FSMO roles (seems that
other DC are unaffected) goes suddenly on trash: memory jump from 50%
(3GB) to 100%, container start to swap and slow down (load 10-15) al
the phisical server.
A simple restart solve all the troubles.
Some hint on how to debug that? Thanks.
--
dott. Marco Gaiarin
2019 Jan 25
3
Removing sites and DC...
I need to close a site. No, no people fired, i've defined sites and DC
because i hope that get (re)opened, but...
There's some care i need to have to remove a DC (clearly, without FSMO
roles)?
I've looked on wiki to 'remove a DC' but i was not able to find
something...
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra
2018 Sep 27
1
[OT?] passing group name with spaces to ntlm_auth...
On Thu, 2018-09-27 at 12:27 +0200, L.P.H. van Belle via samba wrote:
> Hai marco,
>
> More info on squid config might help here and no smb.conf..
> Ahead of things...
>
> And you better use something like this, change to negotiate auth. (
> and use SSO ).
>
> auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
> --kerberos
2018 Nov 26
3
Different LDAP query in different DC...
I need to do a simple query, against some LDAP data in 'laster draft
schema' format i've added to te samba/AD schema.
All LDAP query return the same result on all (6) of the DC:
root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember
Enter LDAP Password:
2018 Jun 21
3
Password complexity checks and local users...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > But my question really is: why this policy apply, if i've not enabled
> > in GPO?
> Probably because GPOs have no effect on a Samba AD DC, they will only
> effect Windows clients.
Rowland, i'm speaking about windows clients, not samba servers!
I've enabled 'complexity checks' in samba servers,
2019 Oct 16
4
vfs_recycle permission bug?!
Samba 4.8 (Louis debian repo), DM.
Today i've had to recovery a deleted file in that share, that use
'vfs_recycle' modules:
[Work]
comment = Spazio di Lavoro Utente
map acl inherit = Yes
path = /srv/work
read only = No
store dos attributes = Yes
vfs objects = acl_xattr recycle full_audit
volume = Work
full_audit:failure = none
full_audit:success = mkdir rmdir read pread
2018 Mar 26
3
[OT?] winbind e quota...
As was used to (in Samba NT/LDAP), i've enabled quota on /homes, and
homes are exported (as homedrive) for users.
Editing quotas (with edquota) works as expected, and in windows explorer
users get quota correctly reported, but a simple:
repquota -a
return nothing:
root at vdmsv1:~# repquota -a
*** Report for user quotas on device /dev/sdb1
Block grace time: 28days; Inode grace time:
2019 Sep 13
4
NT domain, Win10 1903 and profiles...
Not only NT domains, but also Samba 3.6! Wow! I'm a retro-sysadmin! ;-)
I know i'm asking a rather hard thinks but... we are upgrading, but
also solving some troubles.
We have ''decently'' integrated some W10 1803 in a NT domain, but now
with some other 1903 there's no way to make roaming profiles work.
Looking at samba logs, seems that the client don't try at
2018 Mar 21
2
Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
I've hitted the error in subject trying a backup of my sysvol.
Mar 21 11:13:31 vdcsv1 winbindd[3494]: [2018/03/21 11:13:31.234373, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Mar 21 11:13:31 vdcsv1 winbindd[3494]: Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!
Looking on internet/list archive leadme to recent post (november 2017)
and this
2019 Oct 01
5
Upgrade DC 4.5 -> 4.8, timings?
I've read all docs on upgrades, from wiki to Louis notes, and i think
i'm ready to upgrade.
First step, move from stretch to jessie, and from 4.5 to 4.8, upgrade
in place.
But having a domain with 6 DCs, i'm a bit scared to upgrade all DC in
one turn, and i'm think about something like:
a) upgrade DC with FSMO roles, then wait 1-2 day to spot troubles
b) then upgrade all DC in