search for: jonathonreinhart

...bsmbclient is, for some reason, using SMB1 but needs to be using SMB3_11. Note that the following command (which, like my code, forces the use of Kerberos) works just fine: $ smbclient -kN //dc1.example.com/sysvol -c 'notify /' See my proof-of-concept source code here: https://gitlab.com/JonathonReinhart/libsmbclient-notify-test Please let me know if I should proceed to open a bug. Cheers, Jonathon Reinhart

Hello, I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab environment, set up like this: https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up-a-samba-4-domain-controller-on-debian-9/ I would now like to configure this server to enable login via domain credentials. I'm aware that the Samba wiki recommends the following: - https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC - ht...

Hello My AD on Samba now are running! Thanks! # samba-tool -V samba-tool: no such subcommand: -V 4.13.2-Debian In the meantime Joining Computers and Servers, creat User Account and was successful to logon, NOce! One question, that confusing, to Manage this Samba AD using the Windows "Active Directory Users and Computers (GUI)" application Here if add a new User or jump to

...want add a new uidNumber and gidNumber to every user and > group in AD , how I can do that ? to use backend = ad , I want use > backend = ad . > You can write a script to do this using ldbmodify, or there is 'Adam' produced by one of regular poster, see here: https://gitlab.com/JonathonReinhart/adam Unfortunately, there appears to be a problem with his git at the moment :-( Or you can wait until 4.12.0 is released, samba-tool will then be able to do it for you. Rowland

Hi Howland, That is precisely what I cannot do. I do this by windows using Rsat, and when I select the NIS domain to be able to assign the gid or uid it does not appear, so I can't use samba just as a file server. Do you know if there is a way to reset or show NIS Domain? Is there any way to assign uidNumber & gidNumber attributes via console? Best regards, Gabriel Franca -----

...there other cases where the computer account is authenticating? Or should a DC (with "idmap_ldb:use rfc2307 = yes") also need to see computer accounts (e.g. in wbinfo -u)? Thanks in advance for reviewing this again, and providing any insight. Jonathon Reinhart [1] https://gitlab.com/JonathonReinhart/adman/issues/13 [2] https://lists.samba.org/archive/samba/2017-November/212259.html [3]: https://gitlab.com/JonathonReinhart/adman/-/blob/v0.2.3/adman/assign.py#L15-66 [4]: https://lists.samba.org/archive/samba/2019-June/223499.html

...h ADUC or mk_homedir > > Needed on the DC's with logins and members that used RID setup also set in /etc/nsswitch.conf > passwd: compat winbind > group: compat winbind I actually wrote a subsequent blog post, where I set up all of the winbind configuration: https://jonathonreinhart.com/posts/blog/2019/02/26/configuring-winbind-on-a-samba-ad-dc-on-debian-9 I did not include kerberos login, however, so thank you for that! Setting uidNumber, gidNumber, etc. from Microsoft tools is deprecated, so I plan to put together some solution to automatically assign them during/after use...

On Fri, 1 Mar 2019 08:21:54 -0500 Jonathon Reinhart via samba <samba at lists.samba.org> wrote: > Hello, > > I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab > environment, set up like this: > https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up-a-samba-4-domain-controller-on-debian-9/ There are a few 'not quite right' things there and at least one 'Nooooo, don't do that' ;-) The 'Nooooo, don't do that is: Don't change the UPN > > I would now like to configure t...

...themselves [2]. I'm certain a tool like this has been implemented by numerous sysadmins in the past. However, I haven't found a freely-available solution that behaves the way I want. So today I'm presenting ADAM ("Active Directory Automated Maintenance"): https://gitlab.com/JonathonReinhart/adam ADAM assigns UID/GID numbers sequentially from a user-defined range, and stores the next-highest values in LDAP (thanks, Rowland!) I received feedback from the Samba mailing list in the creation of this. [3] ADAM should work for either a Samba or Microsoft AD, and can run on any Linux machin...

Thanks for the answers. >Here is the tool: > > https://gitlab.com/JonathonReinhart/adam > > Also, look for my post on the mailing list: "Announcing "adam" - > Active Directory Automated Maintenance tool". > > Cheers, > Jonathon > > On Fri, Jun 21, 2019 at 9:46 AM Tom <kleyoneo at hotmail.com> wrote: > > > > It's re...

...t needs > to be using SMB3_11. > > Note that the following command (which, like my code, forces the use > of Kerberos) works just fine: > > $ smbclient -kN //dc1.example.com/sysvol -c 'notify /' > > See my proof-of-concept source code here: > https://gitlab.com/JonathonReinhart/libsmbclient-notify-test > > Please let me know if I should proceed to open a bug. Yes, please open a bug but specify exactly what version of Samba (client and server) you're using for this. It may have already been fixed upstream (I remember Volker doing something around this :-). Th...

...er > > and > > group in AD , how I can do that ? to use backend = ad , I want use > > backend = ad . > > > You can write a script to do this using ldbmodify, or there is > 'Adam' > produced by one of regular poster, see here: > > https://gitlab.com/JonathonReinhart/adam > > Unfortunately, there appears to be a problem with his git at the > moment :-( > > Or you can wait until 4.12.0 is released, samba-tool will then be > able > to do it for you. Great many many Thanks, > Rowland > > > -- S?rgio M. B.

...39;t use samba just as a file server. > Do you know if there is a way to reset or show NIS Domain? > > Is there any way to assign uidNumber & gidNumber attributes via console? > Yes, numerous ;-) There is Jonathon Reinhart's ADAM? (seemingly renamed adman) : https://gitlab.com/JonathonReinhart/adman Unfortunately there seems to be a problem with his gitlab page at the moment. There is LAM: https://www.ldap-account-manager.org/lamcms/ You could script around ldb-tools or ldap-utils. Or wait for Samba 4.12.0 when samba-tool will finally be able to add rfc2307 attributes to existing u...

...ice (ADWS) >> >>> That is the operative line, a Samba AD DC doesn't run ADWS, I think > someone is working on it, but until then you will have to use other Unix > based tools. Such tools are 'samba-tool', LAM, personal scripts, ADMan >>> (https://gitlab.com/JonathonReinhart/adman/) or the upcoming cockpit > module. > >>> There are other tools available. >>> >>> Rowland > ok after complete new installation of Debian, Bind and Samba-AD-DC I have > here the stange error messages that mentioned in the first step > > samba-tools...

...g and with the sernet packages can not be installed alongside sssd anyway. Regards Christian Am 01.03.19 um 14:21 schrieb Jonathon Reinhart via samba: > Hello, > > I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab > environment, set up like this: > https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up-a-samba-4-domain-controller-on-debian-9/ > > I would now like to configure this server to enable login via domain > credentials. I'm aware that the Samba wiki recommends the following: > > - https://wiki.samba.org/index.php/Configuring_Winbi...

I have a script which carefully manages uidNumber and gidNumber attributes for users and groups. We just recently put it into production. I plan to release it as open source software soon -- and get Rowland's blessing :-) On Fri, Jun 21, 2019 at 3:42 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 21/06/2019 07:49, Pisch Tam?s via samba wrote: > > Hi, >

...y biggest concern was the ability to control which groups can login, but it looks like I can still do this with winbind by instead using /etc/security/access.conf: http://man7.org/linux/man-pages/man5/access.conf.5.html I wrote a second blog post which goes on to configure libnss-winbind: https://jonathonreinhart.com/posts/blog/2019/02/26/configuring-winbind-on-a-samba-ad-dc-on-debian-9 > Oh and just in passing, you probably do not have a forwarder set in > smb.conf This was somehat intentional. My machines are given a different DNS server via DHCP (both on pfSense). I've delegated the AD zone t...

...Needed on the DC's with logins and members that used RID setup also > > set in /etc/nsswitch.conf passwd: compat winbind > > group: compat winbind > > I actually wrote a subsequent blog post, where I set up all of the > winbind configuration: > https://jonathonreinhart.com/posts/blog/2019/02/26/configuring-winbind-on-a-samba-ad-dc-on-debian-9 I will go and read it. > > I did not include kerberos login, however, so thank you for that! > > Setting uidNumber, gidNumber, etc. from Microsoft tools is > deprecated, so I plan to put together some solu...

I am testing my new member server and have found the following. Found on the Sambawiki "Samba Member Server Troubleshooting" page: root at dtdc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ Users | grep 'gidNumber' root at dtdc01:~# My question is what is the best manner to add this uidNumber? Is there general instructions somewhere (that I have missed) for use

...> Jonathon Reinhart via samba > Verzonden: vrijdag 1 maart 2019 14:22 > Aan: samba at lists.samba.org > Onderwerp: [Samba] (no subject) > > Hello, > > I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab > environment, set up like this: > https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up- > a-samba-4-domain-controller-on-debian-9/ few minor points. REALM="ad.onthefive.com" Realm always in CAPS, this prevens problems with other programs. Most program's expect REALM in CAPS. For example postfix expect REALM in CAPS. I sugges...