search for: lilliput

Op 20-10-2023 om 18:35 schreef Luis Peromarta via samba: > This is very interesting. Could you share your setup ? Here is a first version of the collected bits and pieces: https://github.com/kvvloten/samba_integrations/tree/main/authentication/enterprise_wifi - Kees. > > All the best. > On 20 Oct 2023 at 17:41 +0200, Kees van Vloten <keesvanvloten at gmail.com>, wrote:

Mandi! Piviul via samba In chel di` si favelave... > Well, I can understand that System account use AD machine account to do > things so a uid for a machine account is needed but I don't think the pc > account need an home, didn't it? If you use mkhomedir in pam_winbind > module, home folders are created even using idmap AD backend or it's a > problem only of

I've a Ubuntu client that connect via OpenVPN to my network; client is joined to the AD domain, and need the 'join' (in loose meaning) to access some remote share. But sometime the client connect and, for example, an 'getent passwd <domain_user>' return nothing. User can access the share, but without membership the ACL on files and folders block the user. Restarting

I'm trying to enable offline auth in a Ubuntu 22.04 box, following: https://wiki.samba.org/index.php/PAM_Offline_Authentication using standard ubuntu samba package (4.15.13+dfsg-0ubuntu1.1). I've enabled workaround 'lock directory = /var/cache/samba'. Still does not work, and behave very badly with no conectivity or bad connectivity (wireless): sometime the

Mandi! Kees van Vloten via samba In chel di` si favelave... > To me it looks identical to this > https://lists.samba.org/archive/samba/2021-July/236850.html Yes, seems the same... > Unfortunately that thread never came to a solution. ;-( Rowland, can you post your config files on detail? -- Firma il contratto, non farti pregare se vuoi far parte delle persone serie (E.

Mandi! Rowland Penny via samba In chel di` si favelave... >> Probably, but first, I will install Ubuntu 22.04 with that god awful GDM >> and see if I can get that to work. As just stated, i really doubt it is gnome or GDM the fault... > I give up with Ubuntu What was... ah, 'Debian': an ancient English word that mean: i was not able to install Ubuntu. ;-) -- Per

Mandi! Ralph Boehme via samba In chel di` si favelave... > just fyi: > https://lists.samba.org/archive/cifs-protocol/2023-July/004004.html I see the reference from a Microsoft man on an internal ticket: TrackingID#2307130040007086 Can be plausible a client-side solution, via a registry/policy patch? Someone have some clue? Thanks. -- Il backup ? quella cosa che andava fatta

Yesterday Microsoft released KB5029244 for Win10 (and companion patches for other OS releases...). Someone have just some feedbacks if this solved the 'Join to NT domains' troubles? Thanks... -- Does anybody here remember Vera Lynn? (Pink Floyd)

I'm using an AD group in cupsd configuration: SystemGroup printops in cups-files.conf, where 'printops' is an AD group. I hoped that systemd 'self healing' would suffices, but not: cups start before wibind, does not found 'printops' group and fail. There's some better way to force a deps; I'm thinking of an: systemctl edit cups.service adding: [Unit]

Mandi! ?????????????? ???????????? ?????????????????? via samba In chel di` si favelave... > We need to migrate our AD from NT PDC Schema Version 88 to Samba PDC, but we can't join our Samba to NT PDC or migrate SID History and Account Passwords to Samba PDC. > Our company is over 3000 NT Servers and over 5000 Users and we need to migrate to Samba without Servers rejoin and Passwords

Mandi! Fyodor Kravchenko via samba In chel di` si favelave... > Thank you, nesting is set to 1. Is there anything else we could check? AFAIK, no. Next step is use a privileged container, but really in this vase better using a VM. -- Berlusconi: "Da oggi sono a dieta" Il Paese lo ? gi? da 4 anni (Il Ruggito del Coniglio)

I need to access the LDAP AD server from a debian box, but i don't need shares nor winbind. For a sake of simplicity i'm thinking to use machine account (-P). I can join the box, but if i keep winbind and nmbd/smbd off, how can i renew machine account? Thanks. -- M.C.S.E: Minesweeper Consultant & Solitaire Expert

Mandi! Kees van Vloten via samba In chel di` si favelave... >> For a sake of simplicity i'm thinking to use machine account (-P). > There is "net changetrustpw" to do this. Ok, i've missed that. Thanks. > If you just have a service that does LDAP-queries, I would create an > ordinary user-account for it (and start it's name e.g. with "svc_").

Mandi! Douglas G. Oechsler via samba In chel di` si favelave... > Somebody get this problem or can help please? Probably the access to USB devices (and other things) are granted via some local groups, so if you have AD/winbind users, they does not have this group. For this, i use typically 'pam_group' module, with a simple config like: *; *; *; Al0000-2400;

Mandi! Anantha Raghava via samba In chel di` si favelave... > We are observing on some domain members we are observing, when we open > the user or group's properties, we are not seeing either the real user > names (Member Names) or group names instead only SIDs are shown. I've never reported this, because i'm currently using an old samba version (4.9.18+dfsg-0.1stretch1)

Mandi! Kees van Vloten via samba In chel di` si favelave... > There is "net changetrustpw" to do this. I've correctly just joined the firewall to the domain, i can check join status: root at vfwacpn1:~# net ads testjoin Join is OK but if i try to renew credentials i catch: root at vfwacpn1:~# net ads changetrustpw -I 10.172.1.8 Changing password for principal:

[ Received no feedback, i resend it... ] A little strange things, but i'm hitting my head on the wall... I needed to 'enlarge' my main filesystem (XFS backed-up), that contain my main samba share and a brick for a GFS share; i've setup a new volume (for the VM), formatted XFS, move all the file taking care to umount and stop GFS (so, syncing the brick, not the GFS filesystem)

In a fresh samba AD domain i'm setting up the 'Profiles' share for roaming profiles, following the wiki: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs leading to: [profiles] comment = Network Profiles Share csc policy = disable map acl inherit = Yes path = /srv/samba/profiles read only =

Mandi! Rowland Penny via samba In chel di` si favelave... >> acl_xattr:default acl style = windows >> acl_xattr:ignore system acls = yes > Why have you added those two last lines ? Ahem, really you need an answer?! ;-) I don't remember... ;-((( >> What i'm missing?! Thanks. > Well, because you have added this line: > acl_xattr:ignore system

Mandi! Rowland Penny via samba In chel di` si favelave... > The latest version of this wiki page works for myself: > https://wiki.samba.org/index.php/PAM_Offline_Authentication Mee too, but does not work. ;( > Every so often, I attempt to login as a domain user and so far it works, > without any delays. As I said, lightdm flashes up a message during the > logon, but it goes