Displaying 20 results from an estimated 110 matches for "wirski".
2017 Nov 01
4
kerberos + winbind + AD authentication for samba 4 domain member
On Wed, 1 Nov 2017 19:49:32 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Wed, 1 Nov 2017 20:28:05 +0100
> Kacper Wirski <kacper.wirski at gmail.com> wrote:
>
> > I'm going to start with clean centos install, so I might as well use
> > some additional guidelines, thank You.
> >
> > When You run kinit, does Your user have ticket already? What I
> > noticed is that when user...
2017 Nov 01
2
kerberos + winbind + AD authentication for samba 4 domain member
...AM did You manually edit system-auth, or with
authconfig?
After I do some tests later on, I will update with whatever I manage to
find/debug.
1 lis 2017 18:51 "Rowland Penny via samba" <samba at lists.samba.org>
napisał(a):
> On Wed, 1 Nov 2017 17:41:14 +0100 (CET)
> "k.wirski babkamedica.pl" <k.wirski at babkamedica.pl> wrote:
>
> > Thank You,
> >
> > /etc/hostname i set it myself, never seen issue with FQDN, I'll
> > change it
> >
> > localdomain in /etc/hosts is from the default config
> >
> > this auto...
2017 Sep 19
3
ODP: Re: samba 4 ad member - idmap = ad for machine accounts
...in via samba <samba at lists.samba.org> </div><div>Data:09.19.2017 9:11 (GMT+01:00) </div><div>Do: samba at lists.samba.org </div><div>Temat: Re: [Samba] samba 4 ad member - idmap = ad for machine accounts </div><div>
</div>Mandi! Kacper Wirski via samba
In chel di` si favelave...
> getent passwd gives same, OK result, still unable to authenticate
I'm still curious to know how rfc23037 does not work, and RID insted
work.
Seems to me that assigning a GID to 'Domain Computers' is the same as
using RID.
Kacper: i don'...
2019 Jun 03
2
samba file server - sediskoperatorprivilege not being honored
On 03/06/2019 12:29, Kacper Wirski via samba wrote:
> Hello,
>
> Since nobody picked this up I will try to answer myself (hopefully
> correctly).
>
> I think I just misread documentation on wiki, but I would really
> appreciate a clarification. In the wiki it states:
>
> "To enable other accounts th...
2018 Nov 21
1
samba AD - bind - deleted DNS entries are not removed completely
W dniu 21.11.2018 o 21:09, Rowland Penny via samba pisze:
> On Wed, 21 Nov 2018 20:48:34 +0100
> Kacper Wirski via samba <samba at lists.samba.org> wrote:
>
>> So in my case - is it safe to delete directly using ldbdel or using
>> windows ADSI gui ldap editor? Or is there another way? What is the
>> right way to do it?
>>
>> something like:
>>
>> ldbdel -H...
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
...mschap2-only audit log shows Authentication_passwordType as
"MSCHAP2"
Not sure what's the case, maybe only starting with samba 4.7 ntlm_auth
can send correct flag?
Hope that helps.
W dniu 26.03.2018 o 22:16, Jonathan Hunter via samba pisze:
> On 26 March 2018 at 14:31, Kacper Wirski via samba <samba at lists.samba.org>
> wrote:
>
>> Also I just facepalmed, as I double checked smb.conf right after sending
>> mail, and in samba 4.7 there are new options available for "ntlm auth", as
>> stated in docs:
>>
>> |mschapv2-and-ntlmv2...
2018 Nov 21
2
samba AD - bind - deleted DNS entries are not removed completely
...in output entries with:
dNSTombstoned: TRUE
Overall there are a couple hundred entries with as such. So now my
question is:
How can I safely remove them, any tips/guideliness? I thought that doing
tombstone expunge would get rid of them - but apparently not.
W dniu 21.11.2018 o 19:20, Kacper Wirski via samba pisze:
> Hello,
>
> Since noone answered, I'll add some more information - maybe I'm
> unclear about the nature of the issue?
>
> I re-read samba wiki, especially about DNS management and I didn't
> find any information pointing to such behaviour. I was...
2018 Nov 21
2
samba AD - bind - deleted DNS entries are not removed completely
...4.9 new features release notes about scavenging but I'm
not sure if it's the same thing as in the posted link and anyway - this
feature only supposedly works only in new zones.
W dniu 21.11.2018 o 20:27, Rowland Penny via samba pisze:
> On Wed, 21 Nov 2018 19:39:53 +0100
> Kacper Wirski via samba <samba at lists.samba.org> wrote:
>
>> To answer my own question:
>>
>> Yes, it's seems like a feature.
> Yes, it is a feature, an AD feature ;-)
>
>> I ran basic ldbsearch query:
>>
>> ldbsearch -H /usr/local/samba/private/sam.ldb -b...
2017 Nov 01
0
kerberos + winbind + AD authentication for samba 4 domain member
...o..
But in krb5.conf try to match the failty one with a rule.
auth_to_local = RULE:[1:SAMDOM:$1]
Maybe it works maybe not, but imo, try-able ;-) , just an idee..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Kacper Wirski via samba
> Verzonden: woensdag 1 november 2017 22:01
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] kerberos + winbind + AD authentication
> for samba 4 domain member
>
> Ok, at least I know that it's not the fault of my configuration.
>...
2018 Mar 26
1
freeradius + NTLM + samba AD 4.5.x
...there is a special "flag" that can be send with freeradius,
that will force ntlmv1-mschpav2 response from AD DC even if ntlmv1 is
overall disabled, that is how supposedly Microsoft solved it with their
ad/nps implementation..
Maybe someone here wil have better advice?
Regards,
Kacper Wirski
W dniu 26.03.2018 o 14:37, Rowland Penny via samba pisze:
> On Mon, 26 Mar 2018 14:06:24 +0200
> "Dr. Peer-Joachim Koch via samba" <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> we have updated our samba AD domain from 4.4.x to 4.5.x.
>>
>> T...
2018 Mar 27
5
ODP: Re: freeradius + NTLM + samba AD 4.5.x
...t;MSCHAPv2"*}}
Without "--allow-mschapv2" You would see "passwordType":"NTLMv1".
Also I have no idea when ntlm_auth --allow-mschapv2 option was added?
W dniu 27.03.2018 o 10:06, Rowland Penny via samba pisze:
> On Tue, 27 Mar 2018 09:36:42 +0200
> "k.wirski via samba" <samba at lists.samba.org> wrote:
>
>> ok, tested it, and it works.
>>
>> so to summarize:
>> on samba ad 4.7.x in smb.conf "ntlm auth" is set to
>> "mschapv2-and-ntlmv2-only" fr + samba domain member (4.6 and 4.7) in
>&...
2018 Aug 16
1
explorer.exe crashes on security tab access
...pretty sure that a few weeks ago there was also a
post on this mailing list related to windows 10 + security tab issues,
but I can't find it right now. Maybe it's all related :).
W dniu 16.08.2018 o 18:04, Rowland Penny via samba pisze:
> On Thu, 16 Aug 2018 17:34:01 +0200
> Kacper Wirski via samba <samba at lists.samba.org> wrote:
>
>> I've noticed myself similiar issue.
>>
>> Windows 10 (v 1803) - window with security tab open crashes on
>> certain files (yes, just the window, not whole OS). Just before crash
>> i see unresolved SID which...
2018 Aug 16
2
explorer.exe crashes on security tab access
...is this:
> [Demo]
> path = /srv/samba/Demo/
> read only = no
>
> If it is crashing for you, we need to know why.
> What OS ?
> What version of Samba ?
> What is in your smb.conf ?
> What is the DC ?
>
> Rowland
>
>
--
Z poważaniem,
Kacper Wirski
tel. +48 608 421 424
tel: + 48 22 637 50 01
fax: + 48 22 637 50 04
Babka Medica Spółka z ograniczonš odpowiedzialnociš Spółka komandytowa
ul. Słomińskiego 19 lok.517, 00-195 Warszawa
Sšd Rejonowy dla M.St. Warszawy w Warszawie XII Wydział Gospodarczy KRS
0000491764
NIP 525-234-00-28
www....
2018 Jul 21
2
samba 4.8 with bind - bugged dns entry in reverse lookup zone
On Sat, 21 Jul 2018 20:57:07 +0200
Kacper Wirski via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I found this bugged record with
>
> ldbsearch -H
> path/to/samba/bind-dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=SUBDOMAIN\,DC\=DOMAIN\,DC\=PL.ldb
> '(name=49)'
>
> So I have a couple of questions...
2018 Aug 02
1
ODP: Re: SAMBA 4 as Active Direcotry and Hyper-V
...additional logs.
I'm not sure what's the proper way to "fix it", cam samba be made
somehow "aware" of those 3 special hyper-v SPN's and rewrite requests?
W dniu 02.08.2018 o 20:19, Andrew Bartlett via samba pisze:
> On Thu, 2018-08-02 at 17:32 +0200, Kacper Wirski via samba wrote:
>> I have a suspicion that it is related to the specific SPNs that hyperv uses. Hyper-v tries to register 3 spn (typing from memory so I might be a bit off):
>> Microsoft hyper-v console/HOST.FQDN
>> Hyper-V Replication Servive/HOST.FQDN
>> Microsoft Hyper-V...
2017 Nov 01
5
kerberos + winbind + AD authentication for samba 4 domain member
...response. I'm glad that it's a mistake somewhere on
my side, it means it will work when I fix it :)
Ok, first of all:
Everything is on centos 7.4
All config files will be below, but to start off: behaviour is stranger
than I thought, but there is a pattern:
when doing
[DOMAIN\kacper_wirski at vs-files ~]$ kinit -V
Using default cache: /tmp/krb5cc_101003
Using principal: DOMAINkacper_wirski at AD.MYDOMAIN.COM
kinit: Client 'DOMAINkacper_wirski at AD.MYDOMAIN.COM' not found in
Kerberos database while getting initial credentials
but then when I do:
[DOMAIN\kacper_wirski at v...
2018 Nov 20
3
samba AD - bind - deleted DNS entries are not removed completely
Hello,
I've posted about this issue some time ago, but I maybe didn't explain
myself enough and/or didn't supply enough information.
My setup is centos 7.5 samba 4.8.4 AD DCwith BIND as dns backend.
I noticed that some windows clients stopped doing secure dns dynamic
updates because of insufficient rights error.
Upon further digging I realized that all of the entries, that were
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
...tool).
So that is is I suppose that special "flag" that is used by Microsoft
NPS/AD. I t h i n k I tested it before, but couldn't get it to work and
had to go back to "ntlmv1-permitted".
I'll test it out later today and give some feedback if needed.
Regards,
Kacper Wirski
||
W dniu 26.03.2018 o 14:37, Rowland Penny via samba pisze:
> On Mon, 26 Mar 2018 14:06:24 +0200
> "Dr. Peer-Joachim Koch via samba" <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> we have updated our samba AD domain from 4.4.x to 4.5.x.
>>
>&...
2017 Nov 01
0
kerberos + winbind + AD authentication for samba 4 domain member
On Wed, 1 Nov 2017 17:41:14 +0100 (CET)
"k.wirski babkamedica.pl" <k.wirski at babkamedica.pl> wrote:
> Thank You,
>
> /etc/hostname i set it myself, never seen issue with FQDN, I'll
> change it
>
> localdomain in /etc/hosts is from the default config
>
> this auto krb5.conf.DOMAIN - could it be, that by...
2018 Jul 03
1
samba 4.8.3 "apply group policy = yes" error
On Tue, 3 Jul 2018 08:06:44 +0200
Kacper Wirski via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I've realised that there was an error on this server, wrong
> idmap.ldb, 3000002 should be one of the built-in users or groups
> instead of machine own account. Unfortunately fixing idmap (I
> imported idmap.ldb...