search for: domain2

...;>>> 1. Create a user for the SPN >>>> >>>> samba-tool user create web-intranet-macmini >>>> <provided password when prompted> >>>> >>>> 2. Add the SPN: >>>> >>>> samba-tool spn add HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD <mailto:HTTP/hostname.domain2.domain1.tld at domain2.domain1.tld> web-intranet-macmini >>>> <succeeded without error> >>>> >>>> 3. Export the keytab file to be used on the intranet host: >>>> >>&...

...cipal) >> >> Steps taken to recreate: >> >> 1. Create a user for the SPN >> >> samba-tool user create web-intranet-macmini >> <provided password when prompted> >> >> 2. Add the SPN: >> >> samba-tool spn add HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD web-intranet-macmini >> <succeeded without error> >> >> 3. Export the keytab file to be used on the intranet host: >> >> samba-tool domain exportkeytab ~/intranet-macmini.keytab —principal=HTTP/hostname.domain2.domain1.tld at...

...ate: >>> >>> 1. Create a user for the SPN >>> >>> samba-tool user create web-intranet-macmini >>> <provided password when prompted> >>> >>> 2. Add the SPN: >>> >>> samba-tool spn add >>> HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD >>> <mailto:HTTP/hostname.domain2.domain1.tld at domain2.domain1.tld> >>> web-intranet-macmini >>> <succeeded without error> >>> >>> 3. Export the keytab file to be used on the intranet host: >>>...

...h of setting up an AD DC I want to change my dhcp server setting to put client's into the new AD Domain but am a little hesitant as it is all working so nicely with DDNS I'm starting to think all I need to do is edit just my dhcpd.conf and change occurrences of DOMAIN1.SUBDOMAIN.TLD to AD.DOMAIN2.SUBDOMAIN.TLD A little touch up of db.self and comment out and eventually remove DOMAIN1 entries as everything is working as I like. My concern is moving from allow-update { key rndc-key; }; notify yes; to update-policy { grant AD.DOMAIN2.SUBDOMAIN.TLD ms-se...

...lly nice to learn but you add a lot of complexity in > your process, I think. > Why not using DLZ to access your AD zones? I expect Bind to be able to mix > its behaviour: flat file for some zone, DLZ for others... > > Now regarding: > update-policy { > grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA; > grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A > AAAA SRV CNAME; > grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA > SRV CNAME; > }; > For me this means: > grant AD.DOMAIN2.SUBDOMAIN.TLD m...

...to use Winbindd in SLES 11 SP3 (Samba version 3.6.3-17.25.1) to fetch AD (Windows 2008 R2) identities into the Linux box and currently running into some problem w.r.t domain local groups and thought I could get some help here.. I have a two domain setup, in which DOMAIN1 is the parent domain and DOMAIN2 is the child domain. I have 2 users DOMAIN1\user1, DOMAIN2\user2 and they are part of a global group DOMAIN1\group1 and DOMAIN2\group2 respectively. I have joined my SLES box to the DOMAIN1 (net ads join -U Administrator). I have also created a new domain local group in DOMAIN2 called DOMAIN2\domai...

...process, I think. >>> Why not using DLZ to access your AD zones? I expect Bind to be able to >>> mix >>> its behaviour: flat file for some zone, DLZ for others... >>> >>> Now regarding: >>> update-policy { >>> grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA; >>> grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard >>> * A >>> AAAA SRV CNAME; >>> grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A >>> AAAA >>> SRV CNAME; >>&...

...not using DLZ to access your AD zones? I expect Bind >> to be able to mix >> its behaviour: flat file for some zone, DLZ for others... >> >> Now regarding: >> update-policy { >> grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * >> A AAAA; >> grant >> Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A >> AAAA SRV CNAME; >> grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD >>...

...refetch), I am unable to avoid the second search to the user backend (ldap). Could give me any advice or tips to achieve my goal? Thanks a lot, Hector M. Jacas My ldap has the following structure: search base: ou=Domains,dc=test,dc=local ******************************* domains tree: domain2.com: dc=domain2.com,ou=Domains,dc=test,dc=local Definition of mailuser1 on domail2.com: dn: uid=mailuser1,dc=domain2.com,ou=Domains,dc=test,dc=local uid: mailuser1 cn: User mailuser1 sn: User 1 displayName: User mailuser1 objectClass: inetOrgPe...

Consider this topology domain1-server1 domain2-server2 | | laptop - domain1-server1 ---- domain2-server1 Laptop has two ssh identities, domain1 and domain2. I don't wish to store identity locally in any of the servers. As far as I understand, there isn't any way to limit ss...

...rs systems (VM)? That could be really nice to learn but you add a lot of complexity in your process, I think. Why not using DLZ to access your AD zones? I expect Bind to be able to mix its behaviour: flat file for some zone, DLZ for others... Now regarding: update-policy { grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA; grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA SRV CNAME; grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA SRV CNAME; }; For me this means: grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA; Grant any authenti...

...a lot of complexity in >> your process, I think. >> Why not using DLZ to access your AD zones? I expect Bind to be able to mix >> its behaviour: flat file for some zone, DLZ for others... >> >> Now regarding: >> update-policy { >> grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * A AAAA; >> grant Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A >> AAAA SRV CNAME; >> grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD wildcard * A AAAA >> SRV CNAME; >> }; >> For me this means: >> gr...

...k. > Why not using DLZ to access your AD zones? I expect Bind > to be able to mix > its behaviour: flat file for some zone, DLZ for others... > > Now regarding: > update-policy { > grant AD.DOMAIN2.SUBDOMAIN.TLD ms-self * > A AAAA; > grant > Administrator at AD.DOMAIN2.SUBDOMAIN.TLD wildcard * A > AAAA SRV CNAME; > grant DOMAIN2$@ad.DOMAIN2.SUBDOMAIN.TLD > wildcard * A A...

.../samba/netcmd/domain.py", line 129, in run net.export_keytab(keytab=keytab, principal=principal) Steps taken to recreate: 1. Create a user for the SPN samba-tool user create web-intranet-macmini <provided password when prompted> 2. Add the SPN: samba-tool spn add HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD web-intranet-macmini <succeeded without error> 3. Export the keytab file to be used on the intranet host: samba-tool domain exportkeytab ~/intranet-macmini.keytab —principal=HTTP/hostname.domain2.domain1.tld at DOMAIN2.DOMAIN1.TLD <Get the error liste...

Hi, I have two LDAP domains, which has some equal users, eg: abc at domain1.com abc at domain2.com I sat up this config: domain1 users maildirs are stored in /home/vmail/username domain2 users maildirs are stored in /home/vmail/domain2/username This works fine except one thing: i cant set up the ldap query to choose the correct maildir if the user names are equal. Is it possible to use a u...

...#39; , 'net ads keytab list', 'net testjoin -k' reflected positive results. I can successfully join to the forest without any issues. i also ran 'net ads status -k' to verify if a machine account can be queried from the member server. For example, When i ran 'wbinfo -n DOMAIN2\\user1`, i can get a SID back without issues. And, based on my privileges in AD, i can verify the SID is equal as what i can see from ADUC. But, when i ran 'wbinfo -i DOMAIN\\user1', i always get "Could not convert sid [the-long-SID] NT_STATUS_NO_SUCH_USER" error in my samba.log (...

...now dead in the water. It refuses to autenticate, and from the logs it looks like it's not find the SambaDomainName entry in the LDAP tree. Here is a diagram of how my LDAP tree is set up. dc=mycompany,dc=com |___ ou=computers |___ ou=people |___ ou=groups |___ sambaDomain=domain1 |___ ou=domain2 |___ ou=computers |___ ou=people |___ ou=groups |___ sambaDomain=domain2 In domain1's smb.conf, I have: ldap suffix = dc=mydomain,dc=com In domain2's smb.conf, I have: ldap suffix = ou=domain2,dc=mydomain,dc=com Domain2 is working flawlessly. Domain1, however, is not. When I do a...

Hi, On Fri, 2 Jun 2017, Sandbox wrote: I have two LDAP domains, which has some equal users, eg: > > abc at domain1.com > abc at domain2.com > > This works fine except one thing: i cant set up the ldap query to choose > the correct maildir if the user names are equal. > | Well the most problem is that you have two LDAP servers with different content. Unfortunately i cant do anything with this. :S Is it possible to u...

...l_location - it takes aliased instead real domain, so lmtp is creating domain and user directory. Lmtp doesn't make sql lookup. I need lmtp delivery to real domain and i don't want to create symlinks. mail_location = maildir:/home/mail/%d/%n/Maildir real domain: domain1.com aliased domain: domain2.com rcpt: user at domain2.com lmtp deliver message to /home/mail/domain2.com/user/Maildir instead /home/mail/domain1.com/user/Maildir -- Lampa

I've struggled with this for a couple of weeks, and have looked at countless posts and at the Samba documentation collection with no real solution. I'm setting up a lab that needs to have multiple domains (for machine / user segregation politics) for around 40 windows XP professional machines. I have a single Linux server running Suse 9.2. I would like for this server to be able to