search for: sanvito

...site: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=Subnets,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=10.5.0.0/16)" siteObject # record 1 dn: CN=10.5.0.0/16,CN=Subnets,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it siteObject: CN=SanVito,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it # returned 1 records # 1 entries # 0 referrals and doing the simple lookup, i can get the DC: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=SERVERS,CN=SanVito,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it&...

...d, and when go to another site... is another site, eg does not fined the domain, so simply CSC 'work'' as expected. Now that i'm moving computer to the new domain, that is the same domain across all sites, i'm not able to make CSC properly work. Supposing i have two site 'SanVito' and 'Pasian'. In 'Sanvito', a site policy map W: to \\ARMITAGE\users and M: to \\DIXIE\media; in site 'Pasian', another site policy maps W: to \\STREGATTO\users and M: to \\AKELA\media. Because for the portable in which i need CSC i need ''fixed mappings',...

Currently (samba 4 NT-like domains) i use extensively NTLM auth in freeradius and more mildly in squid, respectively with: Freeradius (mschap module): ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=SANVITO --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" squid3: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=SANVITO --require-membership-of="SANVITO\\domusers" I'm using deb...

I'm migrating from a (set of) NT domain, say SANVITO, to an AD domain, say LNFFVG. Both domain live in the same network, so there's no firewall/routing/... in the middle. In SANVITO domain, there's a share (say \\MEDIA\Software) with public access enabled. In SANVITO domain, public access works as expected. The same share are accessible wi...

...her > site, eg does not fined the domain, so simply CSC 'work'' as expected. > > Now that i'm moving computer to the new domain, that is the > same domain > across all sites, i'm not able to make CSC properly work. > > > Supposing i have two site 'SanVito' and 'Pasian'. > > In 'Sanvito', a site policy map W: to \\ARMITAGE\users and M: to > \\DIXIE\media; in site 'Pasian', another site policy maps W: to > \\STREGATTO\users and M: to \\AKELA\media. > > Because for the portable in which i need CSC i need...

...you would have to filter > the result of the ldap search. I can confirm: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account-Control-Computed # record 1 dn: CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it msDS-User-Account-Control-Computed: 16 [...] # returned 4 records # 1 entries # 3 referrals root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(msDS-User-Account-Control-Computed:1.2.840.113...

...gt; he really needs to investigate the direction Microsoft is moving or > one day he might just find that whilst he has a fully working PDC, > none of his windows clients will talk to it. Arg, i saw this line (below), assuming its and AD domain. >> Supose that this OU is 'OU=FVG,OU=SanVito,OU=Computers,OU=Portatili', and the pc 'andrew'.. in that OU. << > > Better to jump ship before it sinks. Totaly agree ... > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://list...

Ahem no one reply me. A little fast-rewind: i need to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is

...; > > > root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b > > DC=ad,DC=fvg,DC=lnf,DC=it > > '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account- > > Control-Computed > > # record 1 > > dn: > > CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it > > msDS-User-Account-Control-Computed: 16 > > [...] > > # returned 4 records > > # 1 entries > > # 3 referrals > > > > root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b > > DC=ad,DC=fvg,DC=lnf,DC...

...vg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" uid | grep ^uid Enter LDAP Password: uid: gaio Seems really to me an ACL trouble, note also: root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep ^rfc822MailMember Enter LDAP Password: rfc822MailMember: gaio rfc822MailMember: marco.gaiarin But how can i check ACLs data on different DCs? > Compare the non-working computer...

> Ahem no one reply me. Still no feedback. I've done some test by myself. a) i've added in smb.conf: netbios aliases = CUPSSV FILESV b) i've registered the alias as SPNs, now i've: root at vdcsv1:~# samba-tool spn list vdmsv1$ vdmsv1$ User CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it has the following servicePrincipalName: HOST/VDMSV1 HOST/vdmsv1.ad.fvg.lnf.it HOST/filesv.ad.fvg.lnf.it HOST/FILESV HOST/CUPSSV HOST/cupssv.ad.fvg.lnf.it (for google, the correct commandline seems: samba-tool spn add HOST/cupssv.ad.fvg.lnf.it vd...

...ted,DC=ad,DC=fvg,DC=lnf,DC=it -b > DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" uid | grep ^uid Enter LDAP > Password: uid: gaio > > Seems really to me an ACL trouble, note also: > > root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D > CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it -b > DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep > ^rfc822MailMember Enter LDAP Password: rfc822MailMember: gaio > rfc822MailMember: marco.gaiarin > > But how can i check ACLs data on different DCs? > > > &g...

...39;ve done some test by myself. > > a) i've added in smb.conf: > > netbios aliases = CUPSSV FILESV > > b) i've registered the alias as SPNs, now i've: > > root at vdcsv1:~# samba-tool spn list vdmsv1$ > vdmsv1$ > User > CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,D > C=it has the following servicePrincipalName: > HOST/VDMSV1 > HOST/vdmsv1.ad.fvg.lnf.it > HOST/filesv.ad.fvg.lnf.it > HOST/FILESV > HOST/CUPSSV > HOST/cupssv.ad.fvg.lnf.it > > (for google, the correct commandline seems: &g...

> Why?! Sorry but... someone can point me in the right direction? Really i don't know how to look for that problem... I summarize: a) an LDAP lookup for some data works in ALL DC past one b) in that non-working DC, a direct query against the sam.ldb reveal that data are here (so, seems to me an ACL problem) c) checking sync status between DCs reveal no sync troubles. Where i can

On 05/12/2019 09:15, Andrew Bartlett via samba wrote: > On Thu, 2019-12-05 at 09:44 +0100, Marco Gaiarin via samba wrote: >> Mandi! Rowland penny via samba >> In chel di` si favelave... >> >>> As I said, if 'lockoutTime' isn't set or it is set to '0', then the user >>> isn't locked out, anything else and it is, but I do not believe

...Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) 18 0.087401 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [FIN, ACK] Seq=1964 Ack=880 Win=9056 Len=0 TSval=121084520 T...

...Seq=1621 Ack=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) 18 0.087401 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [FIN, ACK] Seq=1964 Ack=880 Win=9056 Len=0 TSval=121084520 T...

...ck=372 Win=7984 Len=0 TSval=121084519 TSecr=361924304 > 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree > 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se > 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) > 18 0.087401 10.5.1.202 -> 10.5.1.25 TCP 66 40258→389 [FIN, ACK] Seq=1964 Ack=880 Win=9056 Len=0 TSval=1...

Mandi! Andrew Bartlett via samba In chel di` si favelave... > > There's some way to ''tight'' that configuration , eg permit 'ldap server require strong auth = > > no' only by some hosts? > > Or some other smb.conf options that i've missed? > Nothing at this stage. Ok. > The issue is that they need to do fully signed or sealed Kerberos

...Win=7984 Len=0 TSval=121084519 TSecr=361924304 >> 15 0.085792 10.5.1.202 -> 10.5.1.25 LDAP 402 searchRequest(4) "dc=ad,dc=fvg,dc=lnf,dc=it" wholeSubtree >> 16 0.086364 10.5.1.25 -> 10.5.1.202 LDAP 574 searchResEntry(4) "CN=gaio,OU=Roaming,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it" | searchResRef(4) | searchResRef(4) | searchResRef(4) | se >> 17 0.087354 10.5.1.202 -> 10.5.1.25 LDAP 73 unbindRequest(5) >> 18 0.087401 10.5.1.202 -> 10.5.1.25 TCP 66 40258???389 [FIN, ACK] Seq=1964 Ack=880 Win=9056 Len=0...