I have created a DC01 & DC02 with Louis's (generation one) scripts. I have noticed, during some testing that 'pam-auth-update' shows PAM profiles Kerberos, Unix & Winbind listed on DC01. The DC02 only lists Kerberos & Unix and Winbind is missing. I thought that the two DC's were suppose to be identical? If DC01 goes "down" DC02 cannot carry a winbind request? Am I miss understanding the principle of two DC's? Louis, what is you "take" on this? -- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" Links: ------ [1] http://www.donelsontrophy.com
Hai Bob,
On my servers, both DC1 and DC2,
i see..
PAM profiles to enable:
??
?? [*] Kerberos authentication
??
?? [*] Unix authentication
??
and wbinfo works ok..
wbinfo -u
Administrator
Guest
.... etc ..
Yes, both do winbind request, but...
I do login only with 1 user on my servers on linux.
This is a separated user. samba handles only the windows request..
I keep this separated for security..
No windows user can login for example with ssh on my DC's... its just not
allowed.
For the i do create a "Maintainence user"
But on the member servers i do enable this, there its allowed for some windows
users to login with ssh.
This all is for the safety on my DC's.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: bob at donelsontrophy.net
>[mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson Trophy
>Verzonden: maandag 2 februari 2015 20:03
>Aan: SAMBA MailList
>Onderwerp: [Samba] DC01 & DC02 differences?
>
>
>
>I have created a DC01 & DC02 with Louis's (generation one) scripts.
I
>have noticed, during some testing that 'pam-auth-update' shows PAM
>profiles Kerberos, Unix & Winbind listed on DC01.
>
>The DC02 only lists Kerberos & Unix and Winbind is missing.
>
>I thought that the two DC's were suppose to be identical? If DC01 goes
>"down" DC02 cannot carry a winbind request?
>
>Am I miss understanding the principle of two DC's?
>
>Louis, what is you "take" on this?
>
>--
>
>-------------------------
>
>Bob Wooden of Donelson Trophy
>
>615.885.2846 (main)
>www.donelsontrophy.com [1]
>
>"Everyone deserves an award!!"
>
>
>Links:
>------
>[1] http://www.donelsontrophy.com
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
What i forgot to mention. The "maintainence user" is a linux user.. but what are you trying to do? or whats the goal further.. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org] >Namens L.P.H. van Belle >Verzonden: dinsdag 3 februari 2015 8:46 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] DC01 & DC02 differences? > >Hai Bob, > >On my servers, both DC1 and DC2, >i see.. > > PAM profiles to enable: > > > ?? > ?? [*] Kerberos authentication > > > ?? > ?? [*] Unix authentication > > > ?? >and wbinfo works ok.. >wbinfo -u >Administrator >Guest >.... etc .. > >Yes, both do winbind request, but... >I do login only with 1 user on my servers on linux. >This is a separated user. samba handles only the windows request.. >I keep this separated for security.. >No windows user can login for example with ssh on my DC's... >its just not allowed. >For the i do create a "Maintainence user" >But on the member servers i do enable this, there its allowed >for some windows users to login with ssh. > >This all is for the safety on my DC's. > > >Greetz, > >Louis > > > >>-----Oorspronkelijk bericht----- >>Van: bob at donelsontrophy.net >>[mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson Trophy >>Verzonden: maandag 2 februari 2015 20:03 >>Aan: SAMBA MailList >>Onderwerp: [Samba] DC01 & DC02 differences? >> >> >> >>I have created a DC01 & DC02 with Louis's (generation one) scripts. I >>have noticed, during some testing that 'pam-auth-update' shows PAM >>profiles Kerberos, Unix & Winbind listed on DC01. >> >>The DC02 only lists Kerberos & Unix and Winbind is missing. >> >>I thought that the two DC's were suppose to be identical? If DC01 goes >>"down" DC02 cannot carry a winbind request? >> >>Am I miss understanding the principle of two DC's? >> >>Louis, what is you "take" on this? >> >>-- >> >>------------------------- >> >>Bob Wooden of Donelson Trophy >> >>615.885.2846 (main) >>www.donelsontrophy.com [1] >> >>"Everyone deserves an award!!" >> >> >>Links: >>------ >>[1] http://www.donelsontrophy.com >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: https://lists.samba.org/mailman/options/samba >> >> > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >
As I may have mentioned, I have DC01, DC02 and a member server. I was looking for differences because I cannot access the member server via Windows Explorer on a W7 client. I am attempting to follow the instructions in "Setup and configure file shares with Windows ACLs". Under "Setup share permissions" when I "Connect to another computer" Windows security requests my user name and password and denies every user I have including the domainAdministrator. So, I found no 'winbind' on DC02 (pam-auth-update) and I am wondering if that has anything to do with 'no access' to member server. (Also, no 'winbind' in /usr/share/pam-configs like the DC01.) I can access DC01 and DC02 thru Windows explorer on the same W7 client and can "see" there 'sysvol' & 'netlogon' folders but, any access is being denied to the member server. Therefore I cannot access (for example) the profiles folder to adjust any user file permissions as instructed in the wiki. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-02-03 01:59, L.P.H. van Belle wrote:> What i forgot to mention. > > The "maintainence user" is a linux user.. > but what are you trying to do? or whats the goal further.. > > Greetz, > > Louis > -----Oorspronkelijk bericht----- Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle Verzonden: dinsdag 3 februari 2015 8:46 Aan: samba at lists.samba.org Onderwerp: Re: [Samba] DC01 & DC02 differences? Hai Bob, On my servers, both DC1 and DC2, i see.. PAM profiles to enable: ? ? [*] Kerberos authentication ? ? [*] Unix authentication ? and wbinfo works ok.. wbinfo -u Administrator Guest .... etc .. Yes, both do winbind request, but... I do login only with 1 user on my servers on linux. This is a separated user. samba handles only the windows request.. I keep this separated for security.. No windows user can login for example with ssh on my DC's... its just not allowed. For the i do create a "Maintainence user" But on the member servers i do enable this, there its allowed for some windows users to login with ssh. This all is for the safety on my DC's. Greetz, Louis -----Oorspronkelijk bericht----- Van: bob at donelsontrophy.net[mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson Trophy Verzonden: maandag 2 februari 2015 20:03 Aan: SAMBA MailList Onderwerp: [Samba] DC01 & DC02 differences? I have created a DC01 & DC02 with Louis's (generation one) scripts. I have noticed, during some testing that 'pam-auth-update' shows PAM profiles Kerberos, Unix & Winbind listed on DC01. The DC02 only lists Kerberos & Unix and Winbind is missing. I thought that the two DC's were suppose to be identical? If DC01 goes "down" DC02 cannot carry a winbind request? Am I miss understanding the principle of two DC's? Louis, what is you "take" on this? -- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] [1 [1]] "Everyone deserves an award!!" Links: ------ [1] http://www.donelsontrophy.com [1] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [2] -- To unsubscribe from this list go t o the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [2] Links: ------ [1] http://www.donelsontrophy.com [2] https://lists.samba.org/mailman/options/samba