similar to: Samba4, multi-domain Forest and Unix ID mapping

Hello everyone, I am trying to go after learning Samba4 from two directions. Code and implementing it. (If you know Samba4, please help me answer the questions after the brief explanation.) I have used the following scenario before, it is real and a way for me to learn things: My siblings and I are setting up some family services (over VPN, etc.). There are X of us, including 1 being

I am working with Samba 4. I think I have found a bug. It would only be a problem in the event that Samba4 starts doing inter-domain, forest level, and cross forest trusts. Domain Users is 100 on a setup that is provisioned to have the range 3000000, 4000000. This maps the local gid for users. This seems to be a bug to me. Shouldn't Domain Users be within the range and not be the same as the

Hello All, I am in the United States where we have e-discovery rules. Some organizations have to retain data for a certain amount of time, others are required to have a data retention policy. This means that while it should probably be possible for a user to "delete" an email so they do not see it. The server needs to store it, possibly in a tree that mirrors the folder setup of

Hi, I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: # kinit testuser1 testuser1 at S4DOM.TEST's Password: # klist -v Credentials cache: FILE:/tmp/krb5cc_0 Ticket etype: arcfour-hmac-md5, kvno 1 I can create keytabs containing

On 1/24/19 12:15 AM, Per Jessen wrote: > Trever L. Adams wrote: > >> I know that sieve doesn't do math. The file would be created >> externally. >> >> Based on examples in section 4.4 of >> https://tools.ietf.org/html/rfc5260#section-4 >> >> I figured something like this would work. >> >> if date :value "le" :originalzone

Hi Trever, things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: root at ubuntu1:~# kinit user09999 user09999 at S4DOM.TEST's Password: root at ubuntu1:~# klist -v Credentials cache: FILE:/tmp/krb5cc_0 Principal: user09999 at S4DOM.TEST Cache version: 4 Server: krbtgt/S4DOM.TEST at

Hello, I have tested Samba4 as an AD domain controller for a small group of computers and it works really great. My question is about multi-domains and forest. We plan to eventually use Samba4 for a large amount of entities (60+). These entitites should share resources between each other. As we have a central site, we were guessing to use Samba4 as to create a forest and create as much domains

I have found source4/scripting/devel/chgtdcpass for adding the aes types to machines. I know you have to change the password of normal users. How do you fix this for krbtgt? Can you just change the password? Is there a recommended method? Thank you for any help, Trever -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type:

When executing: doveadm search -A mailbox INBOX from SOMEBODY I am getting: doveadm(root): Error: user root: Invalid settings in userdb: userdb returned 0 as uid doveadm(root): Error: User lookup failed: Invalid user settings. Refer to server log for more information. doveadm(bin): Error: user bin: Couldn't drop privileges: Mail access for users with UID 1 not permitted (see first_valid_uid in

I know that sieve doesn't do math. The file would be created externally. Based on examples in section 4.4 of https://tools.ietf.org/html/rfc5260#section-4 I figured something like this would work. if date :value "le" :originalzone "date" "date" "2018-10-25" { ??????? fileinto "SPAM"; ??????? stop; } However, I get the following. spam: line

On 04/25/2011 09:12 AM, Trever L. Adams wrote: > > As I look at the code in the hg reference above, I think there is a bug. > If HOME should be preserved as first, and some of these others may be > critical to proper operation, they should be preserved automatically, no > matter what the configuration says. This seems to be contrary to the > code and to the top of the page

Thanks to Timo, I have solved all but one of my problems. For back ground, I am using Samba4 as an AD. I have the userdb working from LDAP just fine and kerberos authenetication for dovecot's IMAP server working fine. The problem is using dovecot's SASL with postfix. I also have plain/login working in imap and smtp. Both use pam_krb5 through pam to authenticate clients that don't have

I have been using Samba 4 kerberos and ldap with dovecot. Samba 4 changed a while back (resulting in me asking for help) which requires kerberos auth for ldap lookups. My setup worked perfectly before hand. Before and after were with dovecot-2.0.11 and the after also happens with 2.0.11. The only changes were (in my ldap.conf for dovecot -- changes are new lines starting with *, * is not in the

Hello All, I haven't seen the answer to this, maybe I am just using the wrong searches. I have two queries related to this: 1) I have seen how to configure for LDAP and Kerberos. AD uses both together. All user information is in AD/LDAP and authentication is AD/Kerberos. How can I configure Dovecot to use both appropriately? 2) I can cause Samba to create certain directories on login, etc.

Hi I have installed a plug-in an antispam and when I try to move the message to a folder a spam mutt produces an error "Failed to call dspam." Here's my configuration(all built from ports): dovecot 1.2.11 dovecot-antispam 1.2_4,1 dspam 3.9.0_1 FreeBSD 8.0 Relevant sections from dovecot.conf: protocol imap { mail_plugins = antispam ... } plugin { antispam_signature =

I am not sure how to get the symbols necessary, however the following is the backtrace (this is Fedora 19 latest everything): Jul 8 03:23:02 MX dovecot: auth: Fatal: block_alloc(2147483648): Out of memory Jul 8 03:23:02 MX dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x5f437) [0x7f97a952f437] -> /usr/lib64/dovecot/libdovecot.so.0(+0x5f4fe) [0x7f97a952f4fe] ->

So, one of the problems I am seeing is that people are trying to fake users into revealing information by sending from an outside domain but with an internal reply to address and claiming to be administration, IT or what not. I can set up something that will reject if from is outside the domain by reply to is internal. The problem is in some setups, there are fetchmail setups. I do not want to

Well, this may not be unique to RC2. I believe this is the first time I have noticed it. It is definitely the first time I have vorbis encoded this song. Try encoding They Might Be Giants - Istanbul. Go to offset around 50 seconds. It should say "Maybe people just like it better that way." However, the maybe is pretty bassy (low pitch) and is just gone. Anyway, RC2 is so much

On 26.4.2011, at 20.12, Trever L. Adams wrote: > I am finding it interested that abrt seems to say that environment is > empty/corrupted. I am attaching more backtraces to the Fedora bug > (https://bugzilla.redhat.com/show_bug.cgi?id=697325). I think this is a generic bug in LDAP code when using SASL authentication. It just shouldn't be crashing here: > #6

Hello, I have a DC that sits on a different subnet from the CUPS server that I would like to use. I would rather not install CUPS on the DC. Is it possible to change the server name away from localhost for the CUPS backend and have it connect to that other server to get the printers (load printers = yes) and print to that server? Must I have a CUPS installation on the DC? Thank you, Trever