On 18/07/2020 13:52, RhineDevil wrote:> Fri, 17 Jul 2020 19:44:37 +0100 Rowland penny via samba <samba at lists.samba.org>: >> On 17/07/2020 19:31, RhineDevil via samba wrote: >>> And by that I mean, where are the dbs, what should I rm -rf? >> On Debian just remove /var/lib/samba and /var/cache/samba >>> By the way how do I obtain current machine netbios name? >> Depends on which netbios name, if you are referring to the one that is >> in smb.conf 'netbios name = ?????', that is just the short hostname in >> uppercase. If you are referring to the netbios domain name (aka >> workgroup) then you can find this with wbinfo: >> >> wbinfo --own-domain >> >> Rowland >> > I tried to add ypServ30 using ldapi socket "ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi, it said > > `ERR: insufficient access rights : "LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS <acl: unable to get access to CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld> <>" on DN CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld at block before line 5` > > Shouldn't give me access by default if I'm using the private system socket?No, you still need to authenticate as a user with the required permissions e.g. Administrator Also, as you are trying to update the schema, you will need to add '/--option="dsdb:schema update allowed"=true' to the ldbmodify command/ /Rowland/ / /
On 18/07/2020 14:19, Rowland penny via samba wrote:> On 18/07/2020 13:52, RhineDevil wrote: >> Fri, 17 Jul 2020 19:44:37 +0100 Rowland penny via samba >> <samba at lists.samba.org>: >>> On 17/07/2020 19:31, RhineDevil via samba wrote: >>>> And by that I mean, where are the dbs, what should I rm -rf? >>> On Debian just remove /var/lib/samba and /var/cache/samba >>>> By the way how do I obtain current machine netbios name? >>> Depends on which netbios name, if you are referring to the one that is >>> in smb.conf 'netbios name = ?????', that is just the short hostname in >>> uppercase. If you are referring to the netbios domain name (aka >>> workgroup) then you can find this with wbinfo: >>> >>> wbinfo --own-domain >>> >>> Rowland >>> >> I tried to add ypServ30 using ldapi socket >> "ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi, it said >> >> `ERR: insufficient access rights : "LDAP error 50 >> LDAP_INSUFFICIENT_ACCESS_RIGHTS <acl: unable to get access to >> CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld> <>" on DN >> CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld at block >> before line 5` >> >> Shouldn't give me access by default if I'm using the private system >> socket? > > No, you still need to authenticate as a user with the required > permissions e.g. Administrator > > Also, as you are trying to update the schema, you will need to add > '/--option="dsdb:schema update allowed"=true' to the ldbmodify command/ > > /Rowland/ > > / > / > >No idea where the forward slashes came from, it should be '--option="dsdb:schema update allowed"=true' Rowland
Sat, 18 Jul 2020 14:19:25 +0100 Rowland penny via samba <samba at lists.samba.org>:> On 18/07/2020 13:52, RhineDevil wrote: > > Fri, 17 Jul 2020 19:44:37 +0100 Rowland penny via samba <samba at lists.samba.org>: > >> On 17/07/2020 19:31, RhineDevil via samba wrote: > >>> And by that I mean, where are the dbs, what should I rm -rf? > >> On Debian just remove /var/lib/samba and /var/cache/samba > >>> By the way how do I obtain current machine netbios name? > >> Depends on which netbios name, if you are referring to the one that is > >> in smb.conf 'netbios name = ?????', that is just the short hostname in > >> uppercase. If you are referring to the netbios domain name (aka > >> workgroup) then you can find this with wbinfo: > >> > >> wbinfo --own-domain > >> > >> Rowland > >> > > I tried to add ypServ30 using ldapi socket "ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi, it said > > > > `ERR: insufficient access rights : "LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS <acl: unable to get access to CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld> <>" on DN CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld at block before line 5` > > > > Shouldn't give me access by default if I'm using the private system socket? > > No, you still need to authenticate as a user with the required > permissions e.g. Administrator > > Also, as you are trying to update the schema, you will need to add > '/--option="dsdb:schema update allowed"=true' to the ldbmodify command/ > > /Rowland/ >Since I'm (g)root how could I avoid inputting any password at all? Should be possible since samba-tool never asks you a password as root Also what's the point of having a more private socket in /var/lib/samba/private/ldap_priv/ldapi if it asks auth credential like the "less private" socket /var/lib/samba/private/ldapi? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: Firma digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20200718/f400c860/attachment.sig>
On 18/07/2020 14:30, RhineDevil wrote:> Sat, 18 Jul 2020 14:19:25 +0100 Rowland penny via samba <samba at lists.samba.org>: >> On 18/07/2020 13:52, RhineDevil wrote: >>> Fri, 17 Jul 2020 19:44:37 +0100 Rowland penny via samba <samba at lists.samba.org>: >>>> On 17/07/2020 19:31, RhineDevil via samba wrote: >>>>> And by that I mean, where are the dbs, what should I rm -rf? >>>> On Debian just remove /var/lib/samba and /var/cache/samba >>>>> By the way how do I obtain current machine netbios name? >>>> Depends on which netbios name, if you are referring to the one that is >>>> in smb.conf 'netbios name = ?????', that is just the short hostname in >>>> uppercase. If you are referring to the netbios domain name (aka >>>> workgroup) then you can find this with wbinfo: >>>> >>>> wbinfo --own-domain >>>> >>>> Rowland >>>> >>> I tried to add ypServ30 using ldapi socket "ldapi://%2Fvar%2Flib%2Fsamba%2Fprivate%2Fldap_priv%2Fldapi, it said >>> >>> `ERR: insufficient access rights : "LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS <acl: unable to get access to CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld> <>" on DN CN=ypServ30,CN=RpcServices,CN=System,DC=mydomain,DC=mytld at block before line 5` >>> >>> Shouldn't give me access by default if I'm using the private system socket? >> No, you still need to authenticate as a user with the required >> permissions e.g. Administrator >> >> Also, as you are trying to update the schema, you will need to add >> '/--option="dsdb:schema update allowed"=true' to the ldbmodify command/ >> >> /Rowland/ >> > Since I'm (g)root how could I avoid inputting any password at all? > Should be possible since samba-tool never asks you a password as rootThen do what samba-tool does, fall back to the computers kerberos ticket and add '-P' to the ldbmodify command> Also what's the point of having a more private socket in /var/lib/samba/private/ldap_priv/ldapi if it asks auth credential like the "less private" socket /var/lib/samba/private/ldapi?Even more security ;-) Rowland