search for: wirski

On Wed, 1 Nov 2017 19:49:32 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Wed, 1 Nov 2017 20:28:05 +0100 > Kacper Wirski <kacper.wirski at gmail.com> wrote: > > > I'm going to start with clean centos install, so I might as well use > > some additional guidelines, thank You. > > > > When You run kinit, does Your user have ticket already? What I > > noticed is that when user...

...AM did You manually edit system-auth, or with authconfig? After I do some tests later on, I will update with whatever I manage to find/debug. 1 lis 2017 18:51 "Rowland Penny via samba" <samba at lists.samba.org> napisał(a): > On Wed, 1 Nov 2017 17:41:14 +0100 (CET) > "k.wirski babkamedica.pl" <k.wirski at babkamedica.pl> wrote: > > > Thank You, > > > > /etc/hostname i set it myself, never seen issue with FQDN, I'll > > change it > > > > localdomain in /etc/hosts is from the default config > > > > this auto...

...in via samba <samba at lists.samba.org> </div><div>Data:09.19.2017 9:11 (GMT+01:00) </div><div>Do: samba at lists.samba.org </div><div>Temat: Re: [Samba] samba 4 ad member - idmap = ad for machine accounts </div><div> </div>Mandi! Kacper Wirski via samba In chel di` si favelave... > getent passwd gives same, OK result, still unable to authenticate I'm still curious to know how rfc23037 does not work, and RID insted work. Seems to me that assigning a GID to 'Domain Computers' is the same as using RID. Kacper: i don'...

On 03/06/2019 12:29, Kacper Wirski via samba wrote: > Hello, > > Since nobody picked this up I will try to answer myself (hopefully > correctly). > > I think I just misread documentation on wiki, but I would really > appreciate a clarification. In the wiki it states: > > "To enable other accounts th...

W dniu 21.11.2018 o 21:09, Rowland Penny via samba pisze: > On Wed, 21 Nov 2018 20:48:34 +0100 > Kacper Wirski via samba <samba at lists.samba.org> wrote: > >> So in my case - is it safe to delete directly using ldbdel or using >> windows ADSI gui ldap editor? Or is there another way? What is the >> right way to do it? >> >> something like: >> >> ldbdel -H...

...mschap2-only audit log shows Authentication_passwordType as "MSCHAP2" Not sure what's the case, maybe only starting with samba 4.7 ntlm_auth can send correct flag? Hope that helps. W dniu 26.03.2018 o 22:16, Jonathan Hunter via samba pisze: > On 26 March 2018 at 14:31, Kacper Wirski via samba <samba at lists.samba.org> > wrote: > >> Also I just facepalmed, as I double checked smb.conf right after sending >> mail, and in samba 4.7 there are new options available for "ntlm auth", as >> stated in docs: >> >> |mschapv2-and-ntlmv2...

...in output entries with: dNSTombstoned: TRUE Overall there are a couple hundred entries with as such. So now my question is: How can I safely remove them, any tips/guideliness? I thought that doing tombstone expunge would get rid of them - but apparently not. W dniu 21.11.2018 o 19:20, Kacper Wirski via samba pisze: > Hello, > > Since noone answered, I'll add some more information - maybe I'm > unclear about the nature of the issue? > > I re-read samba wiki, especially about DNS management and I didn't > find any information pointing to such behaviour. I was...

...4.9 new features release notes about scavenging but I'm not sure if it's the same thing as in the posted link and anyway - this feature only supposedly works only in new zones. W dniu 21.11.2018 o 20:27, Rowland Penny via samba pisze: > On Wed, 21 Nov 2018 19:39:53 +0100 > Kacper Wirski via samba <samba at lists.samba.org> wrote: > >> To answer my own question: >> >> Yes, it's seems like a feature. > Yes, it is a feature, an AD feature ;-) > >> I ran basic ldbsearch query: >> >> ldbsearch -H /usr/local/samba/private/sam.ldb -b...

...o.. But in krb5.conf try to match the failty one with a rule. auth_to_local = RULE:[1:SAMDOM:$1] Maybe it works maybe not, but imo, try-able ;-) , just an idee.. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Kacper Wirski via samba > Verzonden: woensdag 1 november 2017 22:01 > Aan: Rowland Penny > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] kerberos + winbind + AD authentication > for samba 4 domain member > > Ok, at least I know that it's not the fault of my configuration. >...

...there is a special "flag" that can be send with freeradius, that will force ntlmv1-mschpav2 response from AD DC even if ntlmv1 is overall disabled, that is how supposedly Microsoft solved it with their ad/nps implementation.. Maybe someone here wil have better advice? Regards, Kacper Wirski W dniu 26.03.2018 o 14:37, Rowland Penny via samba pisze: > On Mon, 26 Mar 2018 14:06:24 +0200 > "Dr. Peer-Joachim Koch via samba" <samba at lists.samba.org> wrote: > >> Hi, >> >> we have updated our samba AD domain from 4.4.x to 4.5.x. >> >> T...

...t;MSCHAPv2"*}} Without "--allow-mschapv2" You would see "passwordType":"NTLMv1". Also I have no idea when ntlm_auth --allow-mschapv2 option was added? W dniu 27.03.2018 o 10:06, Rowland Penny via samba pisze: > On Tue, 27 Mar 2018 09:36:42 +0200 > "k.wirski via samba" <samba at lists.samba.org> wrote: > >> ok, tested it, and it works. >> >> so to summarize: >> on samba ad 4.7.x  in smb.conf "ntlm auth" is set to >> "mschapv2-and-ntlmv2-only" fr + samba domain member (4.6 and 4.7) in >&...

...pretty sure that a few weeks ago there was also a post on this mailing list related to windows 10 + security tab issues, but I can't find it right now. Maybe it's all related :). W dniu 16.08.2018 o 18:04, Rowland Penny via samba pisze: > On Thu, 16 Aug 2018 17:34:01 +0200 > Kacper Wirski via samba <samba at lists.samba.org> wrote: > >> I've noticed myself similiar issue. >> >> Windows 10 (v 1803) - window with security tab open crashes on >> certain files (yes, just the window, not whole OS). Just before crash >> i see unresolved SID which...

...is this: > [Demo] > path = /srv/samba/Demo/ > read only = no > > If it is crashing for you, we need to know why. > What OS ? > What version of Samba ? > What is in your smb.conf ? > What is the DC ? > > Rowland > > -- Z poważaniem, Kacper Wirski tel. +48 608 421 424 tel:   + 48 22 637 50 01 fax:   + 48 22 637 50 04 Babka Medica Spółka z ograniczonš odpowiedzialnoœciš Spółka komandytowa ul. Słomińskiego 19 lok.517, 00-195 Warszawa Sšd Rejonowy dla M.St. Warszawy w Warszawie  XII Wydział Gospodarczy KRS 0000491764 NIP 525-234-00-28 www....

On Sat, 21 Jul 2018 20:57:07 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > > I found this bugged record with > > ldbsearch -H > path/to/samba/bind-dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=SUBDOMAIN\,DC\=DOMAIN\,DC\=PL.ldb > '(name=49)' > > So I have a couple of questions...

...additional logs. I'm not sure what's the proper way to "fix it", cam samba be made somehow "aware" of those 3 special hyper-v SPN's and rewrite requests? W dniu 02.08.2018 o 20:19, Andrew Bartlett via samba pisze: > On Thu, 2018-08-02 at 17:32 +0200, Kacper Wirski via samba wrote: >> I have a suspicion that it is related to the specific SPNs that hyperv uses. Hyper-v tries to register 3 spn (typing from memory so I might be a bit off): >> Microsoft hyper-v console/HOST.FQDN >> Hyper-V Replication Servive/HOST.FQDN >> Microsoft Hyper-V...

...response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003 Using principal: DOMAINkacper_wirski at AD.MYDOMAIN.COM kinit: Client 'DOMAINkacper_wirski at AD.MYDOMAIN.COM' not found in Kerberos database while getting initial credentials but then when I do: [DOMAIN\kacper_wirski at v...

Hello, I've posted about this issue some time ago, but I maybe didn't explain myself enough and/or didn't supply enough information. My setup is centos 7.5 samba 4.8.4 AD DCwith BIND as dns backend. I noticed that some windows clients stopped doing secure dns dynamic updates because of insufficient rights error. Upon further digging I realized that all of the entries, that were

...tool). So that is is I suppose that special "flag" that is used by Microsoft NPS/AD. I t h i n k I tested it before, but couldn't get it to work and had to go back to "ntlmv1-permitted". I'll test it out later today and give some feedback if needed. Regards, Kacper Wirski || W dniu 26.03.2018 o 14:37, Rowland Penny via samba pisze: > On Mon, 26 Mar 2018 14:06:24 +0200 > "Dr. Peer-Joachim Koch via samba" <samba at lists.samba.org> wrote: > >> Hi, >> >> we have updated our samba AD domain from 4.4.x to 4.5.x. >> >&...

On Wed, 1 Nov 2017 17:41:14 +0100 (CET) "k.wirski babkamedica.pl" <k.wirski at babkamedica.pl> wrote: > Thank You, > > /etc/hostname i set it myself, never seen issue with FQDN, I'll > change it > > localdomain in /etc/hosts is from the default config > > this auto krb5.conf.DOMAIN - could it be, that by...

On Tue, 3 Jul 2018 08:06:44 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > Hello, > > I've realised that there was an error on this server, wrong > idmap.ldb, 3000002 should be one of the built-in users or groups > instead of machine own account. Unfortunately fixing idmap (I > imported idmap.ldb...