search for: tranquilit

...the way, the issue can be reproduced on command line on the rodc (in the excerpt below, rodc-nantes is the rodc, srvads is the rwdc and everything works fine except this issue) : [root at rodc-nantes.tranq ~]# shorewall start [root at rodc-nantes.tranq ~]# kinit dcardon Password for dcardon at TRANQUILIT.LOCAL: [root at rodc-nantes.tranq ~]# shorewall clear [root at rodc-nantes.tranq ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: dcardon at TRANQUILIT.LOCAL Valid starting Expires Service principal 16/02/2015 11:22:47 16/02/2015 21:22:47 krbtgt/TRANQUILIT.LOCA...

Hello ! I'm trying to add new DC to my existent domain (18 Samba4 DC) but this time, domain join stuck after setting account password. I have tried so many things but at this point, i really don't know what to do. I can see the new dc111 computer object on smb4dc serveur but the object is disable. If someone have an idea... Best regards root at dc111:~# samba-tool domain join

...ne on the rodc (in the excerpt below, rodc-nantes is the >> rodc, srvads is the rwdc and everything works fine except this issue) : >> >> [root at rodc-nantes.tranq ~]# shorewall start >> >> [root at rodc-nantes.tranq ~]# kinit dcardon >> Password for dcardon at TRANQUILIT.LOCAL: >> >> [root at rodc-nantes.tranq ~]# shorewall clear >> >> [root at rodc-nantes.tranq ~]# klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: dcardon at TRANQUILIT.LOCAL >> >> Valid starting Expires Service princ...

...rly. In that case, the VPN had a star topology, with no icmp-unreachable reply (ie. DROP rules) when a branch tries to contact another branch, added 500ms latency through sat link. Changing the /etc/krb5.conf file did the trick. Something like this should to it: [libdefaults] default_realm = TRANQUILIT.LAN dns_lookup_realm=false [realms] TRANQUILIT.LAN = { kdc = 10.100.0.11 # itself kdc = 10.0.0.11 # hub site kdc } [domain_realms] .tranquilit.lan = TRANQUILIT.LAN tranquilit.lan = TRANQUILIT.LAN Once the DC is up and running, it should take into account the "site...

...uced on command > line on the rodc (in the excerpt below, rodc-nantes is the rodc, > srvads is the rwdc and everything works fine except this issue) : > > [root at rodc-nantes.tranq ~]# shorewall start > > [root at rodc-nantes.tranq ~]# kinit dcardon > Password for dcardon at TRANQUILIT.LOCAL: > > [root at rodc-nantes.tranq ~]# shorewall clear > > [root at rodc-nantes.tranq ~]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: dcardon at TRANQUILIT.LOCAL > > Valid starting Expires Service principal > 16/02/2015 11:22:47 1...

...operly. In that case, the VPN had a star topology, with no icmp-unreachable reply (ie. DROP rules) when a branch tries to contact another branch, added 500ms latency through sat link. Changing the /etc/krb5.conf file did the trick. Something like this should to it: [libdefaults] default_realm = TRANQUILIT.LAN dns_lookup_realm=false [realms] TRANQUILIT.LAN = { kdc = 10.100.0.11 # itself kdc = 10.0.0.11 # hub site kdc } [domain_realms] .tranquilit.lan = TRANQUILIT.LAN tranquilit.lan = TRANQUILIT.LAN Once the DC is up and running, it should take into account the "site...

Hi everyone, I am wondering what is the difference between the content in sam.ldb and sam.ldb.d/DC=MYDOMAIN,DC=LAN. In the two file I have my user entry: # ldbsearch -H /usr/local/samba/private/sam.ldb.d/DC\=TRANQUILIT\,DC\=LOCAL.ldb | grep dn | grep CN=dcardon dn: CN=dcardon,CN=Users,DC=tranquilit,DC=local # ldbsearch -H /usr/local/samba/private/sam.ldb | grep dn | grep CN=dcardon dn: CN=dcardon,CN=Users,DC=tranquilit,DC=local Is it some kind of legacy? I though that the entries should be in the partition fi...

Hi everyone, I would like to have some input on ressources access from a workstation logged on a RODC server that has to connect on hub site servers. After login in the remote windows workstation, I have LOGONSERVER environment variable set to the local RODC server (workstation and user credentials have been preloaded). Everything works fine on local server. However if I want to connect to

...press here but I'd like to share a different opinion (works for me) and maybe share some of my settings. BTW, Those views are my own, not those of my employer. I run a small AD at home. The setup is as follows: - two AD DCs (RHEL7.6 KVM virtual machines + Samba 4.8.7 rpms based on SPECs from TranquilIT/Fedora). - several Win10 laptops joined to the domain. - several RHEL7.6 clients/Machines running 'realmd' and joined to the domain. The AD users can log into those machines and their Linux account gets mapped appropriately. I set policies from a Win10 VM using RSAT and since there is a...

...ere's a good description of what to do: >> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_configure_laps.html#configuring-laps-for-samba-ad >> >> >> >> - Kees. >> >> > > Let me say at the start, I do not use LAPS, but isn't the TranquilIT > page about using the legacy version and there appears to be a new kid > in town ? > > Rowland I think that is SRP, which is described in the same document. - Kees.

Hi, did anybody try this already? Seems to be the easiest to set up, esp. when more than two DC's are involved. Bye... Dirk -- Dirk Heinrichs <dirk.heinrichs at altum.de> GPG Public Key: D01B367761B0F7CE6E6D81AAD5A2E54246986015 Sichere Internetkommunikation: http://www.retroshare.org Privacy Handbuch: https://www.privacy-handbuch.de

...iption of what to do: >>> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_configure_laps.html#configuring-laps-for-samba-ad >>> >>> >>> - Kees. >>> >>> >> >> Let me say at the start, I do not use LAPS, but isn't the TranquilIT >> page about using the legacy version and there appears to be a new kid >> in town ? >> >> Rowland > > I think that is SRP, which is described in the same document. > > - Kees. > > > Not sure you are correct there, 'legacy' uses 2 attrib...

On 01/07/2020 20:16, Lorenzo Milesi via samba wrote: > For the record, with the support of TranquilIT we added a new server for DC an "demoted" this one to fileserver only and it's working like a charm. > > So I suppose the "single server" solution is not viable anyomre, or at least it doesn't seem so. > We have never recommended using a DC as a fileserver, it i...

...#39;m using all internal > libraries ... Hi Sergio and Nico, I revisited nico's SPEC main samba 4.11 SPEC file last night to see if I had missed much and found huge similarities (we must have have forked Fedora's spec file at some point in the past - Mine was also mostly inspired by TranquilIT's SPEC file). The main difference is that the Nico rpms don't use the RHEL system libraries (gnutls, nettle..) e.g: Our SPEC file: %if 0%{?rhel} == 7 BuildRequires: gnutls-devel >= 3.3.26 %else BuildRequires: gnutls-devel >= 3.4.7 %endif Nico's file: %if 0%{?rhel} &a...

...rom local auth to AD auth, etc.. mostly because it's not > > my area of expertise) but it's been working fine for me so far. > > > > The only area of concern on el7 is to find a -reliable- Samba RPM builder > > for el7. So far, I've tried: > > > > - TranquilIT - https://dev.tranquil.it/wiki/Samba4 > > Their latest 4.8.x rpms are stuck on 4.8.5 and they don't provide > > source rpms unless you complain a lot. > > > > - http://azzurro.ezplanet.net : Seems pretty much out of updates > > > > - http://wing-net.ddo.jp/...

On Sat, 2019-04-13 at 07:43 -0400, Nico Kadel-Garcia via samba wrote: > On Fri, Apr 12, 2019 at 7:20 AM Andreas Habel via samba > <samba at lists.samba.org> wrote: > > > > Hi, > > > > I managed to compile 4.10.0 under CentOS 7.6. I did the following: > > I'll put muney down that you did not get it working as a full domain > controller.

...to move the > Samba servers from local auth to AD auth, etc.. mostly because it's not > my area of expertise) but it's been working fine for me so far. > > The only area of concern on el7 is to find a -reliable- Samba RPM builder > for el7. So far, I've tried: > > - TranquilIT - https://dev.tranquil.it/wiki/Samba4 > Their latest 4.8.x rpms are stuck on 4.8.5 and they don't provide > source rpms unless you complain a lot. > > - http://azzurro.ezplanet.net : Seems pretty much out of updates > > - http://wing-net.ddo.jp/wing : Web page still up but I...

> That's probably because you don't have a system-wide install of ldb on > your system. Here's what I have on mine: > > # rpm -qa libldb\* > libldb-1.4.6-2.el7.x86_64 > libldb-devel-1.4.6-2.el7.x86_64 > > # rpm -qf /usr/include/ldb.h > libldb-devel-1.4.6-2.el7.x86_64 > I have libldb-1.3.4-1.el7.x86_64 which is the stock CentOS 7.6 version. From where

For the record, with the support of TranquilIT we added a new server for DC an "demoted" this one to fileserver only and it's working like a charm. So I suppose the "single server" solution is not viable anyomre, or at least it doesn't seem so. -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - htt...

I have been using 'net ads testjoin' but the issue is it seems to ask for a password when the box is not joined to a domain (even if I specify '-U username%pass'). This *seems* like a bug - I would expect it to pass or fail using the creds passed in. Is this by design and if so, why? Is there a better alternative? ('net ads info'?) -aps