search for: keesvanvloten

This is very interesting. Could you share your setup ? All the best. On 20 Oct 2023 at 17:41 +0200, Kees van Vloten <keesvanvloten at gmail.com>, wrote: > > I have the configuration setup on the Samba-side and indeed it works on > Windows with machine-account authentication. It connects to wifi before > a user logs in and there is no chance of lockout due to an expired user > password in the wifi configuratio...

On Mon, 6 Nov 2023 at 14:32, Kees van Vloten <keesvanvloten at gmail.com> wrote: > > > Op 06-11-2023 om 14:58 schreef Jonathan Hunter: > > Interestingly, I've now found that (on my current DCs, running > > 4.18.5), ldbsearch *does* seem to return the expected result, but the > > same query via ldapsearch does not. > >...

...a: > This is very interesting. Could you share your setup ? Here is a first version of the collected bits and pieces: https://github.com/kvvloten/samba_integrations/tree/main/authentication/enterprise_wifi - Kees. > > All the best. > On 20 Oct 2023 at 17:41 +0200, Kees van Vloten <keesvanvloten at gmail.com>, wrote: >> I have the configuration setup on the Samba-side and indeed it works on >> Windows with machine-account authentication. It connects to wifi before >> a user logs in and there is no chance of lockout due to an expired user >> password in the wifi c...

Op 06-11-2023 om 15:40 schreef Jonathan Hunter: > On Mon, 6 Nov 2023 at 14:32, Kees van Vloten <keesvanvloten at gmail.com> wrote: >> >> Op 06-11-2023 om 14:58 schreef Jonathan Hunter: >>> Interestingly, I've now found that (on my current DCs, running >>> 4.18.5), ldbsearch *does* seem to return the expected result, but the >>> same query via ldapsearch does no...

On 16-05-2024 18:46, Rowland Penny via samba wrote: > On Thu, 16 May 2024 17:40:45 +0200 > Olivier BILHAUT <obilhaut at fondation-misericorde.fr> wrote: > >> Thanks Rowland for once again, an analysis that looks good. >> >> To you, >> is there a workaround at this stage ? > Not from myself,it has been years since I looked into this and only > really got

Hi Michael and Samba-team, I found below message on the list, but it looks like nobody replied to it. I have the configuration setup on the Samba-side and indeed it works on Windows with machine-account authentication. It connects to wifi before a user logs in and there is no chance of lockout due to an expired user password in the wifi configuration. I would love to have the same working on

need to remember to mail from my samba.org address :-) -------- Forwarded Message -------- Subject: Re: [Samba] Wsearch Date: Fri, 17 Feb 2023 16:28:29 +0000 From: Noel Power <nopower at suse.de> To: Kees van Vloten <keesvanvloten at gmail.com>, npower via samba <samba at lists.samba.org> Hi Kees On 17/02/2023 10:56, Kees van Vloten via samba wrote: > Hi Noel, > > > As we discussed on the list, I busy getting the bits and pieces in > place to be able to test your windows search work. > > I...

Op 06-11-2023 om 14:58 schreef Jonathan Hunter: > Thank you Kees. > > On Mon, 6 Nov 2023 at 09:37, Kees van Vloten via samba > <samba at lists.samba.org> wrote: >> I am currently running at 4.19.2 but I have run 4.18.6 and 4.18.5. I did >> not experience any issues with nested group lookups, which many of the >> filters rely on. > Interestingly, I've now

Hi Noel, As we discussed on the list, I busy getting the bits and pieces in place to be able to test your windows search work. I am running all my stuff on Debian Bullseye, with Samba code in 3 lxc-containers. Two are for the DCs, one is the fileserver. Everything is managed by Ansible code, I try to avoid manual changes to my environment(s) as much as possible. Generally manual changes are

Op 17-01-2023 om 13:49 schreef Peter Milesson via samba: > Hi folks, > > Is a default route and gateway mandatory on a Samba member server? > > The AD DCs, the workstations and the Samba member server are on the > same network segment. As the member server only serves files to the > local network, I assume that neither gateway, nor default route are > necessary. For

On 03-03-2023 22:27, Rowland Penny via samba wrote: > > > On 03/03/2023 20:27, Peter Pollock via samba wrote: >> Thank you Andrew and Roland. >> >> I appreciate it. I haven't built one for a few years. Last time I did >> so I >> used a walk through that I think Lois Van Belle wrote. Is that still >> available anywhere or is there another such

Op 14-04-2023 om 11:31 schreef Rowland Penny via samba: > > > On 14/04/2023 10:03, Kees van Vloten via samba wrote: >> >> You could try what Rowland suggests: setup AD and add the users in it. >> >> There is no (strict) need to join the client machines, the AD-DC >> provides a KDC and a LDAP server. You can still use kinit on the >> clients to

On 29-05-2023 14:43, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> The latest version of this wiki page works for myself: >> https://wiki.samba.org/index.php/PAM_Offline_Authentication > Mee too, but does not work. ;( > > >> Every so often, I attempt to login as a domain user and so far it works, >>

Hi Team, I just noticed the html man-pages on samba.org are not update for 4.18. The problemetic page I found is: https://www.samba.org/samba/docs/current/man-html/vfs_full_audit.8.html, the list of operations is invalid for 4.18 (it was correct for 4.17) and indeed the vfs_full_audit.8.xml in the source-tree has the correct values. Are the html man-pages not generated as part of the

Hi Team, Did anybody solve the issue of FScrawler crawling over multiple shares, preferably from a single job or from a single service? Setting up a service for FScrawler per share does not scale very nice... - Kees.

Op 22-08-2023 om 08:48 schreef Joachim Lindenberg via samba: >> On a DC both the standard vfs objects will definitely be turned off if you set 'vfs objects = full_audit' anywhere. If you set that option in a share on a Unix domain member, it will >> override any 'vfs objects' set in global. If you set vfs objects on a share is overrides the global setting. It is

Op 18-10-2023 om 11:32 schreef Ingo Asche via samba: > Hi Michael, > > thanks for the info - and your work... > > As Bookworm for Raspberry isn't that far away, I can live with that. > This is "just" my playground... I have recently migrated my Raspberry Pi machines from Raspbian to Debian bookworm. It has several advantages: - All Debian packages are

Hi Team, I am currently looking into enterprise wifi with the machine account. I did find some clues on the internet but the peice that is missing is the password of the machine account. Is it possible foor user root to extract that password in clear text from the secrets database where winbind has stored it? /var/lig/samba/private/secrets.tdb? seems to contain the info and tdbdump can

Op 25-10-2023 om 16:45 schreef Alex via samba: > Hi! > > Is there a recommended way to set all the Samba DC's to use the same TLS > Root CA certificate? In smb.conf put a line, like this to let it use a specific ca-cert: tls cafile = /etc/ssl/certs/ca.pem Now it is just a matter of distributing that to all the DCs - Kees. > > Thanks, > > Peter

Hi Team, Is it possible to make a LDAP-query that returns whether an account is expired or not? I am aware that it is possible to do the maths against the "accountExpires" attribute, but that requires some scripting around the query. - Kees.