search for: rootrudi

...# id user1 uid=10065(user1) gid=10036(domain users) Gruppen=10036(domain users),3001(BUILTIN\users) # id user2 uid=20578(user2) gid=10036(domain users) Gruppen=10036(domain users),*10153(**restrictaccess**)*,3001(BUILTIN\users) smb.conf on Domain Member: [global]  security = ads  realm = rootrudi.de  workgroup = ROOTRUDI  idmap config *: backend = tdb  idmap config *: range = 3000-7999  idmap config rootrudi:backend = ad  idmap config rootrudi:range = 10000-999999  idmap config rootrudi:schema_mode = rfc2307  idmap config rootrudi:unix_nss_info = no  template shell = /bin/bash  tem...

...os i also installed libkrb5-dev and krb5-kdc and compiled with the "--with-system-mitkrb5" option. The installation runs pretty good (some dependencies problem, solved manually). But now im not able to test kerberos: # kinit administrator --> kinit: Cannot find KDC for realm "ROOTRUDI.DE" while getting initial credentials. I followed all steps from samba.org: - https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC - https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller --> hanging on "Verifying Kerbe...

...inhibit=yes --foreground 2159 ? S 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground 2142 ? S 0:00 \_ samba 2144 ? S 0:00 \_ samba 2145 ? S 0:00 \_ samba 2146 ? S 0:00 \_ samba Looks fine? But also got same error: kinit: Cannot find KDC for realm "ROOTRUDI.DE" while getting initial credentials THY Micha Am 22. Januar 2018 21:04:22 MEZ schrieb Micha Ballmann <ballmann at uni-landau.de>: >Hello, > >i installed a SAMBA 4.7.4 AD Server on Ubuntu 18.04 (BETA). SAMBA4 was >compiled from source. For MIT Keberos i also installed li...

...es. Warning: Service printer01_null defines a print command, but parameter is ignored when using CUPS libraries. Warning: Service pcclient defines a print command, but parameter is ignored when using CUPS libraries. ############## My smb.conf: ############## [global] security = ads realm = rootrudi.de workgroup = ROOTRUDI idmap config *: backend = tdb idmap config *: range = 3000-7999 idmap config ROOTRUDI:backend = ad idmap config ROOTRUDI:range = 10000-999999 idmap config ROOTRUDI:schema_mode = rfc2307 idmap config ROOTRUDI: unix_nss_info = no domain master = No local master = No preferred...

...en=10036(domain > users),3001(BUILTIN\users) > > # id user2 > > uid=20578(user2) gid=10036(domain users) Gruppen=10036(domain > users),*10153(**restrictaccess**)*,3001(BUILTIN\users) > > smb.conf on Domain Member: > > [global] >  security = ads >  realm = rootrudi.de >  workgroup = ROOTRUDI >  idmap config *: backend = tdb >  idmap config *: range = 3000-7999 >  idmap config rootrudi:backend = ad >  idmap config rootrudi:range = 10000-999999 >  idmap config rootrudi:schema_mode = rfc2307 >  idmap config rootrudi:unix_nss_info = no...

now, im on a phone and no browser, so limit help. first thing i see.   CN=Bj”rn <User>,CN=Users,DC=rootrudi,DC=de Bj”rn ?  is your system set to utf8? i dont know, but this does not look right. i see, wifi? yes, try utp. langsame Verbindung:500 kbps and do try the ignore systemacl.  that solves the user/group “nt authority\system” problems the easy way. greetz Louis Op 6 feb. 2018 om 20:27 heeft...

...r: But i dont know understand why is following not working: I want to restrict the ssh access for a special domain member: In my "sshd_config" i added: AllowGroups restrictaccess root With user2 im able to login via ssh! log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE With user1 im not! log: User user1 from 192.168.0.100 not allowed because none of user's groups are listed in AllowGroups. Have a look to my email previously "id user2" shows the group "restrictaccess " and "id user1" doesn't show. And i guess thats the...

...Users * Domain Admins * Enterprise Admins * ServerLogon * SYSTEM gpresult /v shows: ############################ Betriebssystem Microsoft (R) Windows (R) Gruppenrichtlinienergebnis-Tool v2.0 Copyright (C) Microsoft Corp. 1981-2001 Am 06.02.2018, um 20:01:46 erstellt RSOP-Daten fr ROOTRUDI\<User> auf CLIENTWIN701: Protokollmodus --------------------------------------------------------------- Betriebssystemkonfiguration: Mitglied der Dom„ne/Arbeitsgruppe Betriebssystemversion: 6.1.7601 Standortname: Nicht zutreffend Zwischengespeichertes Profil:Nicht zutref...

On 2/6/2018 1:42 PM, Robert Marcano via samba wrote: > On 02/06/2018 01:44 PM, Micha Ballmann via samba wrote: >> Hello, >> >> i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT >> Kerberos (clean, not upgraded). I just wan to create/activating a >> simple GPOs. >> >> # Interactive logon: Do not require CTRL + ALT + DEL -> activate

...hanging at "Adding a Share" # mkdir -p /srv/samba/Demo/ # chown root:"Domain Admins" /srv/samba/Demo/ *--> chown: ungültige Gruppe: »root:Domain Admins“* # net rpc rights list privileges SeDiskOperatorPrivilege -U "SAMDOM\administrator" SeDiskOperatorPrivilege: ROOTRUDI\Domain Admins BUILTIN\Administrators Do i need enable the UNIX Attribute for this group? I cant find any advice. Best regards Micha

.../Demo/ > > # chown root:"Domain Admins" /srv/samba/Demo/ > > *--> chown: ungültige Gruppe: »root:Domain Admins?* > > > > # net rpc rights list privileges SeDiskOperatorPrivilege -U > > "SAMDOM\administrator" SeDiskOperatorPrivilege: > > ROOTRUDI\Domain Admins > > BUILTIN\Administrators > > > > Do i need enable the UNIX Attribute for this group? I cant find any > > advice. > > > > Best regards > > Micha > > > > There are two schools of thought here, yes AND no :-) > > Yes,...