search for: krutskikh

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf:...

...same >network, is is no problem, because the domain would have the same name, >SID, etc. I did more or less so and it resulted in subj problem. I guess some experiments is needed 2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>: > Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan: > > Let me explain myself here. We ship video surveillance systems with > > build-in ad domain controllers on 2 servers. Right now we have 4 active > > projects and 3 more this year. Provisioning dc's by hand each time is a > > pain I would like to avoid. > >...

We actually sell whole systems with isolated lan and centralized authentication and password management. Typically about 7 servers and 5 workstations. 2015-10-19 18:58 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 19/10/15 16:23, Krutskikh Ivan wrote: > >> And if you really want to work with cloning, then provision the first, >>> join the second, do all your change, take a snapshot of both. Then you >>> have the same setup again for the next customer. As long as the >>> customers never will met and...

...om windows login and a some specific password age settings. But if I would have to do this manually for every new system... So please advise me how to make a template domain for this setup. 2015-10-19 16:33 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 19/10/15 14:07, Krutskikh Ivan wrote: > >> ok =( Guess I should repeat all the work from scratch. So just to check if >> I got it right: >> >> 1) Create a new container. Provision a ad dc on it. Can I join some >> machine >> to apply some gpo's and to create users at this point? I&...

On Wed, 2015-08-26 at 13:15 +0300, Krutskikh Ivan wrote: > Thanks, that helped me a lot =) But it doesn't seem that sam.ldb > holds any password data. I found something similar in file (my domain > is NOVO.MTT) > > /usr/local/samba/private/sam.ldb.d/DC=NOVO,DC=MTT.ldb Correct, the sam.ldb is a wrapper that loads module...

.../dns 3) Create another template for the second domain. Clone it and attach for each new dc from 2) Will this work? The dc's would work in different lan's. 2015-10-19 15:39 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>: > Hello Ivan, > > Am 19.10.2015 um 12:42 schrieb Krutskikh Ivan: > > I think, I've done something stupid here. At first I've created 2 lxc > > containers and provisioned one as dc.office.mtt and joined second one to > > the first ad bdc.tsnr.mtt. > > You should not name your DC something like "backup" (bdc). If the...

On Tue, 2015-08-25 at 20:08 +0100, Rowland Penny wrote: > On 25/08/15 19:42, Krutskikh Ivan wrote: > > Hi everyone, > > > > We are installing a big system which uses samba 4 ad dc. Our > > customer asked > > if we can prove that passwords are stored securely in dc. How can > > we do in > > in a most interactive way? > > > > Th...

...dos filemode = true' and 'force unknown acl user = true' for service sysvol And more repeating lines about xattrs and idmap. I think, this is due to some misconfiguration on bdc. 2015-10-03 18:46 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 03/10/15 16:20, Krutskikh Ivan wrote: > >> Hm, can I fix it manually? Maybe sysvolcheck stumbles on the first error >> and misses something more severe later on. >> >> 2015-10-03 12:09 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>: >> >> > You need to look further,...

Hm, can I fix it manually? Maybe sysvolcheck stumbles on the first error and misses something more severe later on. 2015-10-03 12:09 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 03/10/15 00:50, Krutskikh Ivan wrote: > >> Hi everyone. >> >> I ran into notorios gpo error on windows clients. When I go to my dc >> controller and run >> samba-tool ntacl sysvolcheck >> >> I get an error: >> >> ERROR(<class 'samba.provision.ProvisioningError&...

Hi everyone, A quick question: Is check password script option working for ad dc setup? I believe, ad on it's own cannot provide password protection against dictionaries.

Hi everyone, I need an active directory instance with some non-standart policies to users passwords: 1) Group users minimal length is 6, Group Administrators 12 2) Should have special symbols (!#$) and numbers are required 3) Password must not be dictionary words or based on them ( no admin, user, sysop etc) 4) Each new password must differ to the old one by 50%. Can I do all those in samba ad?

On 19/10/15 16:23, Krutskikh Ivan wrote: >> And if you really want to work with cloning, then provision the first, >> join the second, do all your change, take a snapshot of both. Then you >> have the same setup again for the next customer. As long as the >> customers never will met and two of your syst...

Hi everyone. I ran into notorios gpo error on windows clients. When I go to my dc controller and run samba-tool ntacl sysvolcheck I get an error: ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /usr/local/samba/var/locks/sysvol/tsnr.mtt/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}

On 19/10/15 14:07, Krutskikh Ivan wrote: > ok =( Guess I should repeat all the work from scratch. So just to check if > I got it right: > > 1) Create a new container. Provision a ad dc on it. Can I join some machine > to apply some gpo's and to create users at this point? I'll delete it > afterwards...

On 04/10/15 12:00, Krutskikh Ivan wrote: > ok, I've investigated the problem more closely. First of all, I didn't > mention that I have 2 domain controllers: dc(initial) and bdc (backup). > Rsync command > > /usr/bin/rsync -XAavz --delete-after dc:/usr/local/samba/var/locks/sysvol/* > /usr/local/samba...

Hi everyone, I think, I've done something stupid here. At first I've created 2 lxc containers and provisioned one as dc.office.mtt and joined second one to the first ad bdc.tsnr.mtt. Then I've cloned those containers several times and changed ip adresses and dns names of new containers to different subnets. The name of domain stayed the same. At first everything seemed fine, but when

Hi everyone, We are installing a big system which uses samba 4 ad dc. Our customer asked if we can prove that passwords are stored securely in dc. How can we do in in a most interactive way? Thanks in advance!

...3] ../source4/kdc/kpasswdd.c:375(kpasswd_process_request) KURSK\Administrator (S-1-5-21-1939327600-330022255-2124521309-500) is changing password of xviewsion at kursk.mtt [2015/05/27 10:09:07.841347, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) 2015-05-27 6:24 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hi everyone, > > > A quick question: Is check password script option working for ad dc setup? > I believe, ad on it's own cannot provide password protection against > dictionaries. >

Hello Ivan, Am 19.10.2015 um 12:42 schrieb Krutskikh Ivan: > I think, I've done something stupid here. At first I've created 2 lxc > containers and provisioned one as dc.office.mtt and joined second one to > the first ad bdc.tsnr.mtt. You should not name your DC something like "backup" (bdc). If the first one (dc) gets los...

Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan: > Let me explain myself here. We ship video surveillance systems with > build-in ad domain controllers on 2 servers. Right now we have 4 active > projects and 3 more this year. Provisioning dc's by hand each time is a > pain I would like to avoid. > > There's not mu...