search for: sanvito

Displaying 20 results from an estimated 22 matches for "sanvito".

2018 May 15
0
Query for DC in the same site...
...site: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=Subnets,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=10.5.0.0/16)" siteObject # record 1 dn: CN=10.5.0.0/16,CN=Subnets,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it siteObject: CN=SanVito,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it # returned 1 records # 1 entries # 0 referrals and doing the simple lookup, i can get the DC: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=SERVERS,CN=SanVito,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it&...
2018 Apr 24
3
[OT?] Group Policy, drive maps and Cliend Site Caching...
...d, and when go to another site... is another site, eg does not fined the domain, so simply CSC 'work'' as expected. Now that i'm moving computer to the new domain, that is the same domain across all sites, i'm not able to make CSC properly work. Supposing i have two site 'SanVito' and 'Pasian'. In 'Sanvito', a site policy map W: to \\ARMITAGE\users and M: to \\DIXIE\media; in site 'Pasian', another site policy maps W: to \\STREGATTO\users and M: to \\AKELA\media. Because for the portable in which i need CSC i need ''fixed mappings',...
2018 Jan 10
1
NTLM, MSCHAPv2, squid & freeradius...
Currently (samba 4 NT-like domains) i use extensively NTLM auth in freeradius and more mildly in squid, respectively with: Freeradius (mschap module): ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=SANVITO --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" squid3: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=SANVITO --require-membership-of="SANVITO\\domusers" I'm using deb...
2018 Feb 01
1
Guest access to a foreign NT domain fail...
I'm migrating from a (set of) NT domain, say SANVITO, to an AD domain, say LNFFVG. Both domain live in the same network, so there's no firewall/routing/... in the middle. In SANVITO domain, there's a share (say \\MEDIA\Software) with public access enabled. In SANVITO domain, public access works as expected. The same share are accessible wi...
2018 Apr 25
0
[OT?] Group Policy, drive maps and Cliend Site Caching...
...her > site, eg does not fined the domain, so simply CSC 'work'' as expected. > > Now that i'm moving computer to the new domain, that is the > same domain > across all sites, i'm not able to make CSC properly work. > > > Supposing i have two site 'SanVito' and 'Pasian'. > > In 'Sanvito', a site policy map W: to \\ARMITAGE\users and M: to > \\DIXIE\media; in site 'Pasian', another site policy maps W: to > \\STREGATTO\users and M: to \\AKELA\media. > > Because for the portable in which i need CSC i need...
2019 Dec 06
2
Account locked and delayed user data propagation...
...you would have to filter > the result of the ldap search. I can confirm: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account-Control-Computed # record 1 dn: CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it msDS-User-Account-Control-Computed: 16 [...] # returned 4 records # 1 entries # 3 referrals root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(msDS-User-Account-Control-Computed:1.2.840.113...
2018 Apr 25
2
[OT?] Group Policy, drive maps and Cliend Site Caching...
...gt; he really needs to investigate the direction Microsoft is moving or > one day he might just find that whilst he has a fully working PDC, > none of his windows clients will talk to it. Arg, i saw this line (below), assuming its and AD domain. >> Supose that this OU is 'OU=FVG,OU=SanVito,OU=Computers,OU=Portatili', and the pc 'andrew'.. in that OU. << > > Better to jump ship before it sinks. Totaly agree ... > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://list...
2017 Dec 14
5
[Curiosity] 'netbios aliases' works in AD mode?
Ahem no one reply me. A little fast-rewind: i need to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is
2019 Dec 08
3
Account locked and delayed user data propagation...
...; > > > root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b > > DC=ad,DC=fvg,DC=lnf,DC=it > > '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account- > > Control-Computed > > # record 1 > > dn: > > CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it > > msDS-User-Account-Control-Computed: 16 > > [...] > > # returned 4 records > > # 1 entries > > # 3 referrals > > > > root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b > > DC=ad,DC=fvg,DC=lnf,DC...
2018 Nov 28
2
Different LDAP query in different DC...
...vg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" uid | grep ^uid Enter LDAP Password: uid: gaio Seems really to me an ACL trouble, note also: root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep ^rfc822MailMember Enter LDAP Password: rfc822MailMember: gaio rfc822MailMember: marco.gaiarin But how can i check ACLs data on different DCs? > Compare the non-working computer...
2017 Dec 18
0
[Curiosity] 'netbios aliases' works in AD mode?
> Ahem no one reply me. Still no feedback. I've done some test by myself. a) i've added in smb.conf: netbios aliases = CUPSSV FILESV b) i've registered the alias as SPNs, now i've: root at vdcsv1:~# samba-tool spn list vdmsv1$ vdmsv1$ User CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it has the following servicePrincipalName: HOST/VDMSV1 HOST/vdmsv1.ad.fvg.lnf.it HOST/filesv.ad.fvg.lnf.it HOST/FILESV HOST/CUPSSV HOST/cupssv.ad.fvg.lnf.it (for google, the correct commandline seems: samba-tool spn add HOST/cupssv.ad.fvg.lnf.it vd...
2018 Nov 28
0
Different LDAP query in different DC...
...ted,DC=ad,DC=fvg,DC=lnf,DC=it -b > DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" uid | grep ^uid Enter LDAP > Password: uid: gaio > > Seems really to me an ACL trouble, note also: > > root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D > CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it -b > DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep > ^rfc822MailMember Enter LDAP Password: rfc822MailMember: gaio > rfc822MailMember: marco.gaiarin > > But how can i check ACLs data on different DCs? > > > &g...
2017 Dec 18
0
[Curiosity] 'netbios aliases' works in AD mode?
...39;ve done some test by myself. > > a) i've added in smb.conf: > > netbios aliases = CUPSSV FILESV > > b) i've registered the alias as SPNs, now i've: > > root at vdcsv1:~# samba-tool spn list vdmsv1$ > vdmsv1$ > User > CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,D > C=it has the following servicePrincipalName: > HOST/VDMSV1 > HOST/vdmsv1.ad.fvg.lnf.it > HOST/filesv.ad.fvg.lnf.it > HOST/FILESV > HOST/CUPSSV > HOST/cupssv.ad.fvg.lnf.it > > (for google, the correct commandline seems: &g...
2018 Nov 28
2
Different LDAP query in different DC...
> Why?! Sorry but... someone can point me in the right direction? Really i don't know how to look for that problem... I summarize: a) an LDAP lookup for some data works in ALL DC past one b) in that non-working DC, a direct query against the sam.ldb reveal that data are here (so, seems to me an ACL problem) c) checking sync status between DCs reveal no sync troubles. Where i can
2019 Dec 05
2
Account locked and delayed user data propagation...
On 05/12/2019 09:15, Andrew Bartlett via samba wrote: > On Thu, 2019-12-05 at 09:44 +0100, Marco Gaiarin via samba wrote: >> Mandi! Rowland penny via samba >> In chel di` si favelave... >> >>> As I said, if 'lockoutTime' isn't set or it is set to '0', then the user >>> isn't locked out, anything else and it is, but I do not believe
2018 May 10
2
Samba, AD and devices compatibility...
...Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) 18 0.087401 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [FIN, ACK] Seq=1964 Ack=880 Win=9056 Len=0 TSval=121084520 T...
2018 May 11
4
Samba, AD and devices compatibility...
...Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) 18 0.087401 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [FIN, ACK] Seq=1964 Ack=880 Win=9056 Len=0 TSval=121084520 T...
2018 May 11
0
Samba, AD and devices compatibility...
...ck=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 > 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree > 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se > 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) > 18 0.087401 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [FIN, ACK] Seq=1964 Ack=880 Win=9056 Len=0 TSval=1...
2018 May 11
4
Samba, AD and devices compatibility...
Mandi! Andrew Bartlett via samba In chel di` si favelave... > > There's some way to ''tight'' that configuration , eg permit 'ldap server require strong auth = > > no' only by some hosts? > > Or some other smb.conf options that i've missed? > Nothing at this stage. Ok. > The issue is that they need to do fully signed or sealed Kerberos
2018 May 11
0
Samba, AD and devices compatibility...
...Win=7984 Len=0 TSval=121084519 TSecr=361924304 >> 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree >> 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se >> 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) >> 18 0.087401 10.5.1.202 -> 10.5.1.25 TCP 66 40258???389 [FIN, ACK] Seq=1964 Ack=880 Win=9056 Len=0...