search for: cleraly

...to do some testing, but before to hit by head on a known wall, i ask here. My AD domain get used (via PAM/Winbind) to give access to some other dervice, most notably here dovecot. When password expire (or users change it) the MUA try the old password some times, then ask for a new password; users cleraly get scared, press randomly 'OK' or 'Cancel', but if they press 2-3 time 'OK' too much wrong password try get done, and account get locked. This policy is under revision, but for now get is as-is, this is not the problem. Account get unlocked automatically after 10 minutes,...

...> attacker could take over an unprotected network connection and do evil > > things with it. > > See 'ldap server require strong auth'. > > Ok, so i suppose i've to test 'ldap server require strong auth', but > probably set it to 'NO', that lead cleraly to a very unsecure > configuration. > > > Because speaking with hardware vendor is sometime very difficult, how > can i ask them some clue in 'windows lingo'? > > Eg, i suppose that original windows server 2000 was not signed and > sealed, and sometime in windows...

...hit by head on a known wall, i > ask here. > > > My AD domain get used (via PAM/Winbind) to give access to some other > dervice, most notably here dovecot. > When password expire (or users change it) the MUA try the old password > some times, then ask for a new password; users cleraly get scared, > press randomly 'OK' or 'Cancel', but if they press 2-3 time 'OK' too > much wrong password try get done, and account get locked. > This policy is under revision, but for now get is as-is, this is not > the problem. > > > Account get unlocke...

...or SEAL negotiated, as an > attacker could take over an unprotected network connection and do evil > things with it. > See 'ldap server require strong auth'. Ok, so i suppose i've to test 'ldap server require strong auth', but probably set it to 'NO', that lead cleraly to a very unsecure configuration. Because speaking with hardware vendor is sometime very difficult, how can i ask them some clue in 'windows lingo'? Eg, i suppose that original windows server 2000 was not signed and sealed, and sometime in windows server os version this became mandatory....

I'm trying to test/move some of my LDAP-enabled devices from my actual OpenLDAP server(s) to my new samba AD domain. For now, i'm poking with printers, and i'm testing a Konica-Minolta BizHub C224e. Defining user autentication to external source, i can set (between LDAP, NTLM, NDS, ...) 'Active Directory', and i can/must provide the domain naime. After that, DNS and kerberos

...39;t added is IDMU and this just > makes the Unix attributes tab work in ADUC. You can however use other > tools to create Unix users etc. > Beside what i mentioned earlier you are rigth that the RFC2307 attributes are still around, but reading a blog entry from 2016 in technet it's cleraly stated that one should look on other alternatives as it may go in future realease. Here the comment: "I am using Windows Server IDMU/NIS Server role today, what should I do? We recommend to start planning for alternatives, for example: native LDAP, Samba Client, Kerberos or other non-Microso...

Am 23.02.19 um 15:48 schrieb Rowland Penny via samba: >>>>>>> If you have, as you have, 'files sss winbind' in the the passwd >>>>>>> & group line in nsswitch.conf, means this: >>>>>>> First /etc/passwd or /etc/group is searched and if the user or >>>>>>> group is found, this info is returned.