similar to: Samba4 new policy templates

Hi Andrew, Thanks for your reply. We tried successfully the --full-sync option from first to second DC. Unfortunately, afterwards the second DC was still in a corrupted state. The "Deleted Objects" still contained the ugly groups with the missing attribute... So we achieved to get a successfull replication after editing the "deleted objects" with ldbedit. We have deleted

Hi! Since samba4 rc1 (we update it since beta1) the "./samba-tool ntacl sysvolcheck" command returns the following : ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 168, in _run return self.run(*args, **kwargs) File

Hi All ! Using Samba Version 4.1.12, updated from source from 4.0beta1 I've created a user, let say kerbuser, for a web server to authenticate with kerberos and provide SSO to the end-users. In my example, my domain is MYDOMAIN.LOCAL, the apache server is webserver.mydomain.local and the AD user is kerbuser I've added a principal on the user and exported everything in a keytab so

Hi Rowland and list, I allow myself to give a UP to my message in case someone has an idea. Thanks, --Oliver Le 2023-05-24 15:55, Olivier BILHAUT via samba a ?crit : > Hi Rowland, and many thanks for fast reply, > > When using --noexpiry, > the userAccountControl is set to 66048, which disable expiry for > password as well (in MS console, "password never

Hi the list, I am a member of the organizing comity of the French Statistics Association (SFdS)'s conference. We are looking for sponsors. Some software (SAS, RITME, ...) are represented. Do you know if there is any possibility to be sponsored by R (or by an association close to R)? Do you think I can ask to the R fondation? Sincerely Christophe -- Christophe Genolini Maître de

Hi Rowland, and many thanks for fast reply, When using --noexpiry, the userAccountControl is set to 66048, which disable expiry for password as well (in MS console, "password never expires" is now checked). This means that the password expiry (let say, every 6 month) will never popup again to the user, which is in my sense a wrong behaviour. Is there a way to change ONLY

On 26/05/2023 14:44, Olivier BILHAUT wrote: > Thanks Rowland, > > I'll give a try to ldbmodify, even if I prefer to avoid modifying > directly ldb files. > > What do you think samba-tool does ? Using samba-tool to set expiry, ultimately does this: setexp = """ dn: %s changetype: modify replace: userAccountControl userAccountControl: %u

I mates, We'd like to know if the beta version of S4 with the s3fs file system now allow to use the [homes] "special" share. Are we now allowed to use it in smb.conf, and does it works like in S3, as the home share of the user is converted by it's username? Sorry for my approximate english. Cheers. Thank you for your work. Good luck. O.Bilhaut

Hi, Maybe this page might be helpful. I don't know how up to date it is, but the expectation seems to be that it should be able to work with alternative forms of authentication (with Kerberos PKINIT). https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login Cheers, Garming On 16/03/18 22:43, Olivier BILHAUT via samba wrote: > > > Hi to Samba list, dev, contributors and all

Hai Olivier, Looks to me its a small problem, but lets start here. First, can you post your: cat /etc/samba/smb.conf cat /etc/nsswitch.conf cat /etc/resolv.conf cat /etc/hosts dpkg --get-selections | egrep "samba|winbind|libnss|pam|avahi|dbus" (some people may see libnss(-mdns)/avahi/dbus not needed, yes, thats correct, but i use this for my airprint solution.) Last, check this

Hello, we've updated to 3.6.1 yesterday, and since encounter problems with printing for some users. There's a descriptive error in the log.smbd, but I can't see what to do about it really (the rest of the, admittedly fairly ancient system, is the same base system as the previous 3.5.5 - only a couple of security updates were patched in during downtime). The message in log.smbd is:

Hi, I have installed a virtual testing network consisting of one samba4 PDC (latest git master) and one Windows XP Pro SP3 (fully updated)machine. I have successfully provisioned an AD Domain and joined the XP machine to it. When I run the gpmc on the XP Pro machine and select: Forest: <domain name> -> Domains -> <domain name> -> Group Policy Objects -> Default Domain

Hi Rowland, Yes, I read this documentation carefully. I have two working Apache2 with kerberos authentication working. My question is more about troubleshooting a keytab. If I need to test manually a keytab file chalenging a specific principal, what's the prefered method ? I thougt that a kinit could be done using a principal name, but I am unable to kinit with somehting else than the

Hi list :) I am looking for the right command to achieve my goal. I would like to remove the account expiry date of an ACCOUNT with a samba-tool command (account never expires) Options of "samba-tool user setexpiry" are : --filter=FILTER LDAP Filter to set password on --days=DAYS Days to expiry --noexpiry Unfortunately, the "noexpiry" parameter just set another option

Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at

Hi friends. This morning waking up is painfull. We've got a great CUPS+Samba+Winbind print server sharing 30+ printers to our windows clients. Until this morning no issue, used on production for a couple of weeks. Today, the printer shares became unbrowsable from windows. We can see the printers names from samba share : "\printserver", but when we click on the "Show

Hi ! I bounce on the Mr Sloop's post ([Samba] DDNS / DHCPd && Internal DNS or BIND_DLZ) to ask what's the easiest way to allow Linux clients to update themself their DNS record in the Samba4 AD server (with BIND_DLZ Dns server). It works well with windows clients, but with Linux clients joined to the domain, with a valid Kerberos ticket, the client receive a error

Hi to Samba list, dev, contributors and all the community. We are samba users for a long time now, and S4 since the early alpha version. We run now 5 DC for 700 users in our hospital and are very enthusiastic. This is definitely a great project. But now, we face a new challenge. We look over a new authentication method rather than the old user/password. Because we have many users switching

Hi Samba List! We are using Samba Version 4.1.12 on two master DC. We've noticed that a corrupted group has been created, we tried to delete it, and since then, the replication fail between the two DC. The result of the command : "samba-tool drs showrepl" is the following : On the first DC, INBOUND NEIGHBORS : Last attempt @ Wed Feb 4 11:26:41 2015 CET failed, result 58

On Mon, 2018-03-19 at 11:55 +1300, Garming Sam via samba wrote: > Hi, > > Maybe this page might be helpful. I don't know how up to date it is, but > the expectation seems to be that it should be able to work with > alternative forms of authentication (with Kerberos PKINIT). > > https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login Yeah, I think something that