search for: vdmsv1

Displaying 20 results from an estimated 52 matches for "vdmsv1".

Did you mean: vdcsv1
2020 Oct 01
2
Freeradius logon with machine account...
With Samba in NT mode, i was able to enable wireless access using machine account, and worked decently. Now i want to try again in AD mode, but i've not found info, and i've just hit a trouble: Oct 1 14:31:55 vdmsv1 radiusd[13555]: rlm_ldap (ldap): Opening additional connection (25), 1 of 31 pending slots used Oct 1 14:31:55 vdmsv1 radiusd[13555]: (187) Login incorrect: [host/RUFUS.ad.fvg.lnf.it] (from client unifi-sv port 0 cli B8-EE-65-B1-73-D3 via TLS tunnel) Oct 1 14:31:55 vdmsv1 radiusd[13555]: (188...
2017 Dec 14
5
[Curiosity] 'netbios aliases' works in AD mode?
...seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is 'vdmsv1.ad.fvg.lnf.it', i need to do: > samba-tool spn add host/vdmsv1.ad.fvg.lnf.it filesv.ad.fvg.lnf.it Right?! Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bo...
2019 Sep 24
2
'samba-tool testparm --section' bugs?
...t vdcsv1:~# samba-tool -V 4.5.16-Debian root at vdcsv1:~# samba-tool testparm --section sysvol [sysvol] path = /var/lib/samba/sysvol read only = No root at vdcsv1:~# samba-tool testparm --section-name=sysvol [sysvol] path = /var/lib/samba/sysvol read only = No in DM no: root at vdmsv1:~# samba-tool -V 4.8.12-Debian root at vdmsv1:~# samba-tool testparm --section users ERROR(<type 'exceptions.TypeError'>): uncaught exception - File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run return self.run(*args, **kwargs)...
2020 Oct 01
0
Freeradius logon with machine account...
....2020 14:46, skrev Marco Gaiarin via samba: > With Samba in NT mode, i was able to enable wireless access using > machine account, and worked decently. > > Now i want to try again in AD mode, but i've not found info, and i've > just hit a trouble: > > Oct 1 14:31:55 vdmsv1 radiusd[13555]: rlm_ldap (ldap): Opening additional connection (25), 1 of 31 pending slots used > Oct 1 14:31:55 vdmsv1 radiusd[13555]: (187) Login incorrect: [host/RUFUS.ad.fvg.lnf.it] (from client unifi-sv port 0 cli B8-EE-65-B1-73-D3 via TLS tunnel) > Oct 1 14:31:55 vdmsv1 radiusd[13...
2020 Oct 02
1
Freeradius logon with machine account...
Mandi! Klaus Ade Johnstad via samba In chel di` si favelave... > I can't offer any hints, but, this has been on my list of things to do > for some time, could you share with us exactly what you have done so > far, so other can follow and setup the same, maybe we either encounter > the same problems as you, or not. Oh, 'pretty nothing'. All work pretty automagically
2017 Dec 06
4
DM and ''offline'' PAM (and NSS?)...
I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,
2019 Sep 23
4
testparm comaprison
On 23/09/2019 13:42, Trenta sis via samba wrote: > Thanks, ntlm auth is temporary until we have solved some issues > getent is needed by filesystem acl > If you think you need the 'winbind enum' lines so that 'getent' works, then think again ;-) If you do not have the 'winbind enum 'lines 'getent passwd username' will still work. 'getent passwd'
2017 Dec 18
0
[Curiosity] 'netbios aliases' works in AD mode?
> Ahem no one reply me. Still no feedback. I've done some test by myself. a) i've added in smb.conf: netbios aliases = CUPSSV FILESV b) i've registered the alias as SPNs, now i've: root at vdcsv1:~# samba-tool spn list vdmsv1$ vdmsv1$ User CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it has the following servicePrincipalName: HOST/VDMSV1 HOST/vdmsv1.ad.fvg.lnf.it HOST/filesv.ad.fvg.lnf.it HOST/FILESV HOST/CUPSSV HOST/cupssv.ad.fvg.lnf.it (for google, the correct commandline seems...
2017 Nov 10
1
[Curiosity] Default domain, DC and DM...
...,11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators) in my DM, no, i've to explicitly set the domain: root at vdmsv1:~# id gaio id: gaio: no such user root at vdmsv1:~# id LNFFVG\\gaio uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain users),11001(sir),10999(unixadm),5001(BUILTIN\users),5000(BUILTIN\administrators) but if i set 'winbind use default domain = yes': root at vdmsv1:~# id gaio...
2017 Dec 06
2
[Curiosity] 'netbios aliases' works in AD mode?
...n your AD, > > > you cannot use "memberserver" as an alias on another machine) > > > > And you should register any such alias as a servicePrincpalName. > > Ahem, looking at the wiki ad google does not help me. > > > Supposing to have a DM like 'vdmsv1.ad.fvg.lnf.it', and i need to > create an alias 'file', i need to add 'file' to 'netbios aliases' and > also do something like: > > samba-tool spn add host/vdmsv1.ad.fvg.lnf.it file.ad.fvg.lnf.it > > > This lead me to another question: in this wa...
2017 Dec 18
0
[Curiosity] 'netbios aliases' works in AD mode?
...> > Ahem no one reply me. > > Still no feedback. I've done some test by myself. > > a) i've added in smb.conf: > > netbios aliases = CUPSSV FILESV > > b) i've registered the alias as SPNs, now i've: > > root at vdcsv1:~# samba-tool spn list vdmsv1$ > vdmsv1$ > User > CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,D > C=it has the following servicePrincipalName: > HOST/VDMSV1 > HOST/vdmsv1.ad.fvg.lnf.it > HOST/filesv.ad.fvg.lnf.it > HOST/FILESV > HOST/CUPSSV > HOST/cupssv.ad.fv...
2017 Dec 07
2
[Curiosity] 'netbios aliases' works in AD mode?
...search paths on the clients and then fully > > qualfied aliases as the client will ask for a ticket for exactly the > > name stated, not the FQDN as this avoids in-secure DNS being an attack > > point. > > Mmmhhh... i try to do an example. > > Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it' > in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in > LAN 2. > > If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2 > 'pp.lnf.it', i cannot alias 'file'...
2017 Dec 07
0
[Curiosity] 'netbios aliases' works in AD mode?
...> You can't even use DNS search paths on the clients and then fully > qualfied aliases as the client will ask for a ticket for exactly the > name stated, not the FQDN as this avoids in-secure DNS being an attack > point. Mmmhhh... i try to do an example. Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it' in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in LAN 2. If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2 'pp.lnf.it', i cannot alias 'file' on both because the tick...
2019 Oct 16
4
vfs_recycle permission bug?!
...it:prefix = %S|%d|%I|%M|%u recycle:exclude = *.TMP,*.tmp,*.temp,*.o,*.obj,~$* recycle:versions = yes recycle:keeptree = yes recycle:repository = .cestino/%U but i've misclick on user name, and found that i can read ALL deleted files of ALL users. ;-( Looking at file permissions: root at vdmsv1:~# ls -la /srv/work/.cestino/ totale 12 drwxrwxrwt 107 root domain users 4096 ott 16 14:53 . drwxr-xr-x 95 root root 4096 apr 5 2019 .. drwxr-xr-x 4 abarro domain users 61 set 30 11:51 abarro drwxr-xr-x 3 agnese domain us...
2017 Nov 29
2
LDAP query and result: better field for username?
Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 dat...
2017 Dec 05
2
[Curiosity] 'netbios aliases' works in AD mode?
On Tue, 2017-12-05 at 16:14 +0100, mj via samba wrote: > We haved used it on a domain member server, yes. > > Only one thing: when you have a compteraccount memberserver$ in your AD, > you cannot use "memberserver" as an alias on another machine) And you should register any such alias as a servicePrincpalName. Andrew Bartlett -- Andrew Bartlett
2017 Dec 18
2
DM and ''offline'' PAM (and NSS?)...
...LE:[1:SAMDOM\$1] > } Interesting! I've looked at that in the past, but i was not interested in SSO so i've probably skipped. Anyway, i've tried to comment out 'winbind use default domain = yes' and add this stanza to /etc/krb5.conf but seems does not work, eg: root at vdmsv1:~# getent passwd gaio root at vdmsv1:~# getent passwd LNFFVG\\gaio LNFFVG\gaio:*:10000:10513:Marco Gaiarin:/home/gaio:/bin/bash only the 'domainful' version of the account work. > Now, since im not sure this works ok, i dont use it on my debian servers, i use option2. > option2...
2018 Mar 26
3
[OT?] winbind e quota...
As was used to (in Samba NT/LDAP), i've enabled quota on /homes, and homes are exported (as homedrive) for users. Editing quotas (with edquota) works as expected, and in windows explorer users get quota correctly reported, but a simple: repquota -a return nothing: root at vdmsv1:~# repquota -a *** Report for user quotas on device /dev/sdb1 Block grace time: 28days; Inode grace time: 28days Block limits File limits User used soft hard grace used soft hard grace ----------------------------------------------...
2017 Nov 30
4
Troubles on Roaming Profiles...
...sed 'Eeveryone' to 'no access'). I've manually created 'gaio.V2' folder, setting it gaio:"Domain Users" 700, but profiles still get not saved. (supposing was a 'folder creation' trouble...) If i set 'profile path' in user data, eg: root at vdmsv1:/srv/samba/profiles# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)" profilePath | grep ^profilePath: profilePath: \\vdmsv1\profiles\gaio roaming profile works as expected. Boh... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La No...
2018 May 11
3
Moving roaming profiles between domains, risky?
...n the new domain following the wiki (https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles, 'using windows ACL') and for new profiles works like a charm. But i've tried to move/copy old profile to the new domain, and seems work, with no glitch. I've done simply: root at vdmsv1:/srv/samba/profiles# rsync -av --progress --xattrs --rsh=ssh <oldntserver>:/srv/samba/profiles/gaio.V2 . chown -R :"domain users" gaio.V2 <run a script that fix group permission, prevent settings ACL mask incorrectly> Clearly domains have different SID, and looking (some s...