Displaying 11 results from an estimated 11 matches for "rootrudi".
2018 Aug 07
2
id <username> - doesnt list all groups
...# id user1
uid=10065(user1) gid=10036(domain users) Gruppen=10036(domain
users),3001(BUILTIN\users)
# id user2
uid=20578(user2) gid=10036(domain users) Gruppen=10036(domain
users),*10153(**restrictaccess**)*,3001(BUILTIN\users)
smb.conf on Domain Member:
[global]
security = ads
realm = rootrudi.de
workgroup = ROOTRUDI
idmap config *: backend = tdb
idmap config *: range = 3000-7999
idmap config rootrudi:backend = ad
idmap config rootrudi:range = 10000-999999
idmap config rootrudi:schema_mode = rfc2307
idmap config rootrudi:unix_nss_info = no
template shell = /bin/bash
tem...
2018 Jan 22
3
SAMBA 4.7.4 with MIT Keberos
...os i also installed libkrb5-dev and
krb5-kdc and compiled with the "--with-system-mitkrb5" option.
The installation runs pretty good (some dependencies problem, solved
manually). But now im not able to test kerberos:
# kinit administrator
--> kinit: Cannot find KDC for realm "ROOTRUDI.DE" while getting initial
credentials.
I followed all steps from samba.org:
-
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
-
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
--> hanging on "Verifying Kerbe...
2018 Jan 22
0
SAMBA 4.7.4 with MIT Keberos
...inhibit=yes --foreground
2159 ? S 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
2142 ? S 0:00 \_ samba
2144 ? S 0:00 \_ samba
2145 ? S 0:00 \_ samba
2146 ? S 0:00 \_ samba
Looks fine? But also got same error:
kinit: Cannot find KDC for realm "ROOTRUDI.DE" while getting initial credentials
THY
Micha
Am 22. Januar 2018 21:04:22 MEZ schrieb Micha Ballmann <ballmann at uni-landau.de>:
>Hello,
>
>i installed a SAMBA 4.7.4 AD Server on Ubuntu 18.04 (BETA). SAMBA4 was
>compiled from source. For MIT Keberos i also installed li...
2018 Nov 21
3
Testparm CUPS warning
...es.
Warning: Service printer01_null defines a print command, but parameter
is ignored when using CUPS libraries.
Warning: Service pcclient defines a print command, but parameter is
ignored when using CUPS libraries.
##############
My smb.conf:
##############
[global]
security = ads
realm = rootrudi.de
workgroup = ROOTRUDI
idmap config *: backend = tdb
idmap config *: range = 3000-7999
idmap config ROOTRUDI:backend = ad
idmap config ROOTRUDI:range = 10000-999999
idmap config ROOTRUDI:schema_mode = rfc2307
idmap config ROOTRUDI: unix_nss_info = no
domain master = No
local master = No
preferred...
2018 Aug 07
0
id <username> - doesnt list all groups
...en=10036(domain
> users),3001(BUILTIN\users)
>
> # id user2
>
> uid=20578(user2) gid=10036(domain users) Gruppen=10036(domain
> users),*10153(**restrictaccess**)*,3001(BUILTIN\users)
>
> smb.conf on Domain Member:
>
> [global]
> security = ads
> realm = rootrudi.de
> workgroup = ROOTRUDI
> idmap config *: backend = tdb
> idmap config *: range = 3000-7999
> idmap config rootrudi:backend = ad
> idmap config rootrudi:range = 10000-999999
> idmap config rootrudi:schema_mode = rfc2307
> idmap config rootrudi:unix_nss_info = no...
2018 Feb 06
1
GPOs not Working!
now, im on a phone and no browser, so limit help.
first thing i see.
CN=Bj”rn <User>,CN=Users,DC=rootrudi,DC=de
Bj”rn ?
is your system set to utf8?
i dont know, but this does not look right.
i see, wifi? yes, try utp.
langsame Verbindung:500 kbps
and do try the ignore systemacl.
that solves the user/group “nt authority\system” problems the easy way.
greetz
Louis
Op 6 feb. 2018 om 20:27 heeft...
2018 Aug 07
2
id <username> - doesnt list all groups
...r:
But i dont know understand why is following not working:
I want to restrict the ssh access for a special domain member:
In my "sshd_config" i added:
AllowGroups restrictaccess root
With user2 im able to login via ssh!
log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE
With user1 im not!
log: User user1 from 192.168.0.100 not allowed because none of user's
groups are listed in AllowGroups.
Have a look to my email previously "id user2" shows the group
"restrictaccess " and "id user1" doesn't show. And i guess thats the...
2018 Feb 06
0
GPOs not Working!
...Users
* Domain Admins
* Enterprise Admins
* ServerLogon
* SYSTEM
gpresult /v shows:
############################
Betriebssystem Microsoft (R) Windows (R) Gruppenrichtlinienergebnis-Tool
v2.0
Copyright (C) Microsoft Corp. 1981-2001
Am 06.02.2018, um 20:01:46 erstellt
RSOP-Daten fr ROOTRUDI\<User> auf CLIENTWIN701: Protokollmodus
---------------------------------------------------------------
Betriebssystemkonfiguration: Mitglied der Dom„ne/Arbeitsgruppe
Betriebssystemversion: 6.1.7601
Standortname: Nicht zutreffend
Zwischengespeichertes Profil:Nicht zutref...
2018 Feb 06
5
GPOs not Working!
On 2/6/2018 1:42 PM, Robert Marcano via samba wrote:
> On 02/06/2018 01:44 PM, Micha Ballmann via samba wrote:
>> Hello,
>>
>> i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT
>> Kerberos (clean, not upgraded). I just wan to create/activating a
>> simple GPOs.
>>
>> # Interactive logon: Do not require CTRL + ALT + DEL -> activate
2018 Jan 26
6
Adding Share Windows ACL
...hanging at "Adding a Share"
# mkdir -p /srv/samba/Demo/
# chown root:"Domain Admins" /srv/samba/Demo/
*--> chown: ungültige Gruppe: »root:Domain Admins“*
# net rpc rights list privileges SeDiskOperatorPrivilege -U "SAMDOM\administrator"
SeDiskOperatorPrivilege:
ROOTRUDI\Domain Admins
BUILTIN\Administrators
Do i need enable the UNIX Attribute for this group? I cant find any advice.
Best regards
Micha
2018 Jan 26
0
Adding Share Windows ACL
.../Demo/
> > # chown root:"Domain Admins" /srv/samba/Demo/
> > *--> chown: ungültige Gruppe: »root:Domain Admins?*
> >
> > # net rpc rights list privileges SeDiskOperatorPrivilege -U
> > "SAMDOM\administrator" SeDiskOperatorPrivilege:
> > ROOTRUDI\Domain Admins
> > BUILTIN\Administrators
> >
> > Do i need enable the UNIX Attribute for this group? I cant find any
> > advice.
> >
> > Best regards
> > Micha
> >
>
> There are two schools of thought here, yes AND no :-)
>
> Yes,...