search for: rfc2037

So, just wanting to verify - since I *think* I understand but am not sure. [The Wiki article might be clarified re: rfc2037 - and avoid questions like this.] 2037 only comes into play if you're interested in controlling local access for *nix users on the local file system. Thus, if you are, for example, setting up a [or a pair, or more] DC only, which won't have local users - than 2037 won't matter. In my...

On 04/07/16 18:35, Raphaël RIGNIER wrote: > Hi samba team ! > > I try to resolve for hours a problem I have with a Linux Host (Samba > 4.3.9 ubutnu 16.04) as AD member.DCs are Windows 2008 R2, One is 2012 > R2. Forest level is 2003 R2. > > my smb.conf : > [GLOBAL] > netbios name = CR-DEV-01 > security = ADS > workgroup = ADDOMAIN >

On 05/07/16 17:56, Raphaël RIGNIER wrote: > The strange behavior is the different output between group object and > user object > > and > net ads search -U administrator > net ads search -P > > in Samba Wiki, primarygroupid refers to the one for User's "Unix > Attributes" tab. Which is in fact GidNumber. (I have made tests to > check this) > The

Le 05/07/2016 à 09:33, Raphaël RIGNIER a écrit : > Le 04/07/2016 à 20:09, Rowland penny a écrit : >> On 04/07/16 18:35, Raphaël RIGNIER wrote: >>> Hi samba team ! >>> >>> I try to resolve for hours a problem I have with a Linux Host (Samba >>> 4.3.9 ubutnu 16.04) as AD member.DCs are Windows 2008 R2, One is >>> 2012 R2. Forest level is 2003

On 05/07/16 08:33, Raphaël RIGNIER wrote: > Le 04/07/2016 à 20:09, Rowland penny a écrit : >> On 04/07/16 18:35, Raphaël RIGNIER wrote: >>> Hi samba team ! >>> >>> I try to resolve for hours a problem I have with a Linux Host (Samba >>> 4.3.9 ubutnu 16.04) as AD member.DCs are Windows 2008 R2, One is >>> 2012 R2. Forest level is 2003 R2.

Le 05/07/2016 à 19:40, Rowland penny a écrit : > On 05/07/16 17:56, Raphaël RIGNIER wrote: >> The strange behavior is the different output between group object and >> user object >> >> and >> net ads search -U administrator >> net ads search -P >> >> in Samba Wiki, primarygroupid refers to the one for User's "Unix >>

Hi samba team ! I try to resolve for hours a problem I have with a Linux Host (Samba 4.3.9 ubutnu 16.04) as AD member.DCs are Windows 2008 R2, One is 2012 R2. Forest level is 2003 R2. my smb.conf : [GLOBAL] netbios name = CR-DEV-01 security = ADS workgroup = ADDOMAIN realm = ADDOMAIN.COM idmap config *:backend = tdb idmap config *:range =

Le 05/07/2016 à 17:07, Rowland penny a écrit : > On 05/07/16 08:33, Raphaël RIGNIER wrote: >> Le 04/07/2016 à 20:09, Rowland penny a écrit : >>> On 04/07/16 18:35, Raphaël RIGNIER wrote: >>>> Hi samba team ! >>>> >>>> I try to resolve for hours a problem I have with a Linux Host >>>> (Samba 4.3.9 ubutnu 16.04) as AD member.DCs are

Running Samba 4.0.9, we have added a pair of Samba4 domain controllers to an existing Win2003 domain. How do we determine whether RFC2037 attributes already exist in the domain? And how would we go about adding them to an already existing domain?

...  root 4096 oct.  30 15:57 public drwr-xr-x  4  root  root 4096 oct.  30 15:57 services /etc/samba/smb.conf [global]   netbios name = svad01   realm = SITE.SOCIETE.LOCAL   workgroup = SITE   dns forwarder = 127.0.0.1   server role = active directory domain controller   idmap_ldb:use rfc2037 = yes   log level = 3 [netlogon]   path = /var/lig/samba/sysvol/site.societe.local/scripts   read only = No [sysvol]   path = /var/lib/samba/sysvol   read only = No [public]   path = /home/public   read only  = No *Philippe MALADJIAN Responsable informatique | administrateur s...

...u do not calculate an objectSID, AD > >> does this for you from the domain SID and the next available RID > > Dave, I'm afraid I can't do that. Since it would be an import from /etc flat files it won't be just as easy as typing `samba-tool user create $user`, transferring rfc2037 NIS data (including loginShell, uidNumber, gidNumber, homeDirectory etc) will be needed as well > > Who is Dave ? > > Never mind, can I introduce to the 'samba-tool domain classicupgrade' > command, see here: > > https://wiki.samba.org/index.php/Migrating_a_Samba_NT...

...just a SID, but you do not calculate an objectSID, AD > does this for you from the domain SID and the next available RID Dave, I'm afraid I can't do that. Since it would be an import from /etc flat files it won't be just as easy as typing `samba-tool user create $user`, transferring rfc2037 NIS data (including loginShell, uidNumber, gidNumber, homeDirectory etc) will be needed as well > >>> Is ActiveDirectory fully retrocompatible with NT4? > >> No > > So I guess I can't use an ldif file made for NT4 for populating an AD, right? > No, definitely not,...

Le 04/07/2016 à 20:09, Rowland penny a écrit : > On 04/07/16 18:35, Raphaël RIGNIER wrote: >> Hi samba team ! >> >> I try to resolve for hours a problem I have with a Linux Host (Samba >> 4.3.9 ubutnu 16.04) as AD member.DCs are Windows 2008 R2, One is 2012 >> R2. Forest level is 2003 R2. >> >> my smb.conf : >> [GLOBAL] >> netbios

...ind > 'ad' backend, you will need to give your users and groups RFC2307 > attributes though. Windows (when using RSAT) starts the IDs at > '10000' and it is suggested to use that start number. This means that even if I deployed the Domain with "--use-rfc2307" the RFC2037 attributes are not already populated? > If this is the DC, you don't need '192.168.100.50 > sambatest1.modiano.com sambatest1' in /etc/hosts Yep sorry for not trashing the line... We are using an IP alias for ssh access and another one for samba. so the sambatest1 is just the en...

On Mon, 23 Jul 2018 16:46:50 +0800 d tbsky <tbskyd at gmail.com> wrote: > 2018-07-23 16:04 GMT+08:00 Rowland Penny via samba > <samba at lists.samba.org>: > >> >>> idmap config SAMDOM:range = 1000-999999 > >> idmap config SAMDOM:unix_primary_group = yes > > > > That isn't a bug, it is a feature ;-) > > Before 4.6.0

...kend, you will need to give your users and groups RFC2307 > > attributes though. Windows (when using RSAT) starts the IDs at > > '10000' and it is suggested to use that start number. > > This means that even if I deployed the Domain with "--use-rfc2307" the > RFC2037 attributes are not already populated? > All that using '--use-rfc2307' does is allow the use of rfc2307 attributes such as 'uidNumber' and 'gidNumber', it does not populate any of the rfc2307 attributes. DCs works slightly different from Unix domain members, they use &...

...h "unix_primary_group =no", all users need to have a valid primary group id. but maybe now there are new method to setup primary group id I don't know. in old days we need to use windows ADUC or ldbmodify to set up primary group id. or as you said, let "domain users" has an rfc2037 gid. they are working fine until recent 4.6/4.7

...name = svad01 >   realm = SITE.SOCIETE.LOCAL >   workgroup = SITE >   dns forwarder = 127.0.0.1 Sorry, but you cannot forward dns to 127.0.0.1, you need to forward to a dns server outside your Samba domain. >   server role = active directory domain controller >   idmap_ldb:use rfc2037 = yes >   log level = 3 > > [netlogon] >   path = /var/lig/samba/sysvol/site.societe.local/scripts I hope 'lig' is a typo. >   read only = No > > [sysvol] >   path = /var/lib/samba/sysvol >   read only = No > > [public] >   path = /home/public...

...E.SOCIETE.LOCAL >>   workgroup = SITE >>   dns forwarder = 127.0.0.1 > Sorry, but you cannot forward dns to 127.0.0.1, you need to forward to > a dns server outside your Samba domain. > >>   server role = active directory domain controller >>   idmap_ldb:use rfc2037 = yes >>   log level = 3 >> >> [netlogon] >>   path = /var/lig/samba/sysvol/site.societe.local/scripts > I hope 'lig' is a typo. > >>   read only = No >> >> [sysvol] >>   path = /var/lib/samba/sysvol >>   read only = No &...

...ID, but you do not calculate an objectSID, AD >> does this for you from the domain SID and the next available RID > Dave, I'm afraid I can't do that. Since it would be an import from /etc flat files it won't be just as easy as typing `samba-tool user create $user`, transferring rfc2037 NIS data (including loginShell, uidNumber, gidNumber, homeDirectory etc) will be needed as well Who is Dave ? Never mind, can I introduce to the 'samba-tool domain classicupgrade' command, see here: https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgra...