Displaying 20 results from an estimated 34 matches for "krutskikh".
2015 May 27
1
check password script for samba 4 ad dc
I would like to bump my question
2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>:
> Hmm, looks like it's not. I've just set the password for something that
> cracklib-check would argue using both ad management tools and at windows
> login. Should it work that way or I'm missing something?
>
> My dc's smb.conf:...
2015 Oct 19
3
unique index violation on objectSid on samba ad
...same
>network, is is no problem, because the domain would have the same name,
>SID, etc.
I did more or less so and it resulted in subj problem. I guess some
experiments is needed
2015-10-19 18:13 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
> Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan:
> > Let me explain myself here. We ship video surveillance systems with
> > build-in ad domain controllers on 2 servers. Right now we have 4 active
> > projects and 3 more this year. Provisioning dc's by hand each time is a
> > pain I would like to avoid.
> >...
2015 Oct 20
1
unique index violation on objectSid on samba ad
We actually sell whole systems with isolated lan and centralized
authentication and password management. Typically about 7 servers and 5
workstations.
2015-10-19 18:58 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 19/10/15 16:23, Krutskikh Ivan wrote:
>
>> And if you really want to work with cloning, then provision the first,
>>> join the second, do all your change, take a snapshot of both. Then you
>>> have the same setup again for the next customer. As long as the
>>> customers never will met and...
2015 Oct 19
3
unique index violation on objectSid on samba ad
...om windows login and a some
specific password age settings.
But if I would have to do this manually for every new system...
So please advise me how to make a template domain for this setup.
2015-10-19 16:33 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 19/10/15 14:07, Krutskikh Ivan wrote:
>
>> ok =( Guess I should repeat all the work from scratch. So just to check if
>> I got it right:
>>
>> 1) Create a new container. Provision a ad dc on it. Can I join some
>> machine
>> to apply some gpo's and to create users at this point? I&...
2015 Aug 26
2
Proof of samba 4 ad storing passwords in a secure manner
On Wed, 2015-08-26 at 13:15 +0300, Krutskikh Ivan wrote:
> Thanks, that helped me a lot =) But it doesn't seem that sam.ldb
> holds any password data. I found something similar in file (my domain
> is NOVO.MTT)
>
> /usr/local/samba/private/sam.ldb.d/DC=NOVO,DC=MTT.ldb
Correct, the sam.ldb is a wrapper that loads module...
2015 Oct 19
2
unique index violation on objectSid on samba ad
.../dns
3) Create another template for the second domain. Clone it and attach for
each new dc from 2)
Will this work? The dc's would work in different lan's.
2015-10-19 15:39 GMT+03:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
> Hello Ivan,
>
> Am 19.10.2015 um 12:42 schrieb Krutskikh Ivan:
> > I think, I've done something stupid here. At first I've created 2 lxc
> > containers and provisioned one as dc.office.mtt and joined second one to
> > the first ad bdc.tsnr.mtt.
>
> You should not name your DC something like "backup" (bdc). If the...
2015 Aug 26
3
Proof of samba 4 ad storing passwords in a secure manner
On Tue, 2015-08-25 at 20:08 +0100, Rowland Penny wrote:
> On 25/08/15 19:42, Krutskikh Ivan wrote:
> > Hi everyone,
> >
> > We are installing a big system which uses samba 4 ad dc. Our
> > customer asked
> > if we can prove that passwords are stored securely in dc. How can
> > we do in
> > in a most interactive way?
> >
> > Th...
2015 Oct 04
2
sysvol acl's broken beyond repair
...dos filemode = true' and
'force unknown acl user = true' for service sysvol
And more repeating lines about xattrs and idmap. I think, this is due to
some misconfiguration on bdc.
2015-10-03 18:46 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 03/10/15 16:20, Krutskikh Ivan wrote:
>
>> Hm, can I fix it manually? Maybe sysvolcheck stumbles on the first error
>> and misses something more severe later on.
>>
>> 2015-10-03 12:09 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>>
>>
> You need to look further,...
2015 Oct 03
2
sysvol acl's broken beyond repair
Hm, can I fix it manually? Maybe sysvolcheck stumbles on the first error
and misses something more severe later on.
2015-10-03 12:09 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 03/10/15 00:50, Krutskikh Ivan wrote:
>
>> Hi everyone.
>>
>> I ran into notorios gpo error on windows clients. When I go to my dc
>> controller and run
>> samba-tool ntacl sysvolcheck
>>
>> I get an error:
>>
>> ERROR(<class 'samba.provision.ProvisioningError&...
2015 May 27
2
check password script for samba 4 ad dc
Hi everyone,
A quick question: Is check password script option working for ad dc setup?
I believe, ad on it's own cannot provide password protection against
dictionaries.
2015 Jun 02
2
Samba AD with advance password policies
Hi everyone,
I need an active directory instance with some non-standart policies to
users passwords:
1) Group users minimal length is 6, Group Administrators 12
2) Should have special symbols (!#$) and numbers are required
3) Password must not be dictionary words or based on them ( no admin, user,
sysop etc)
4) Each new password must differ to the old one by 50%.
Can I do all those in samba ad?
2015 Oct 19
0
unique index violation on objectSid on samba ad
On 19/10/15 16:23, Krutskikh Ivan wrote:
>> And if you really want to work with cloning, then provision the first,
>> join the second, do all your change, take a snapshot of both. Then you
>> have the same setup again for the next customer. As long as the
>> customers never will met and two of your syst...
2015 Oct 02
3
sysvol acl's broken beyond repair
Hi everyone.
I ran into notorios gpo error on windows clients. When I go to my dc
controller and run
samba-tool ntacl sysvolcheck
I get an error:
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: DB ACL on GPO directory
/usr/local/samba/var/locks/sysvol/tsnr.mtt/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
2015 Oct 19
0
unique index violation on objectSid on samba ad
On 19/10/15 14:07, Krutskikh Ivan wrote:
> ok =( Guess I should repeat all the work from scratch. So just to check if
> I got it right:
>
> 1) Create a new container. Provision a ad dc on it. Can I join some machine
> to apply some gpo's and to create users at this point? I'll delete it
> afterwards...
2015 Oct 04
0
sysvol acl's broken beyond repair
On 04/10/15 12:00, Krutskikh Ivan wrote:
> ok, I've investigated the problem more closely. First of all, I didn't
> mention that I have 2 domain controllers: dc(initial) and bdc (backup).
> Rsync command
>
> /usr/bin/rsync -XAavz --delete-after dc:/usr/local/samba/var/locks/sysvol/*
> /usr/local/samba...
2015 Oct 19
3
unique index violation on objectSid on samba ad
Hi everyone,
I think, I've done something stupid here. At first I've created 2 lxc
containers and provisioned one as dc.office.mtt and joined second one to
the first ad bdc.tsnr.mtt. Then I've cloned those containers several times
and changed ip adresses and dns names of new containers to different
subnets. The name of domain stayed the same.
At first everything seemed fine, but when
2015 Aug 25
2
Proof of samba 4 ad storing passwords in a secure manner
Hi everyone,
We are installing a big system which uses samba 4 ad dc. Our customer asked
if we can prove that passwords are stored securely in dc. How can we do in
in a most interactive way?
Thanks in advance!
2015 May 27
0
check password script for samba 4 ad dc
...3]
../source4/kdc/kpasswdd.c:375(kpasswd_process_request)
KURSK\Administrator (S-1-5-21-1939327600-330022255-2124521309-500) is
changing password of xviewsion at kursk.mtt
[2015/05/27 10:09:07.841347, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
2015-05-27 6:24 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>:
> Hi everyone,
>
>
> A quick question: Is check password script option working for ad dc setup?
> I believe, ad on it's own cannot provide password protection against
> dictionaries.
>
2015 Oct 19
0
unique index violation on objectSid on samba ad
Hello Ivan,
Am 19.10.2015 um 12:42 schrieb Krutskikh Ivan:
> I think, I've done something stupid here. At first I've created 2 lxc
> containers and provisioned one as dc.office.mtt and joined second one to
> the first ad bdc.tsnr.mtt.
You should not name your DC something like "backup" (bdc). If the first
one (dc) gets los...
2015 Oct 19
0
unique index violation on objectSid on samba ad
Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan:
> Let me explain myself here. We ship video surveillance systems with
> build-in ad domain controllers on 2 servers. Right now we have 4 active
> projects and 3 more this year. Provisioning dc's by hand each time is a
> pain I would like to avoid.
>
> There's not mu...