similar to: Samba4 new policy templates

Displaying 20 results from an estimated 800 matches similar to: "Samba4 new policy templates"

2024 May 16
1
Security descriptors options of Group Policies
On 16-05-2024 18:46, Rowland Penny via samba wrote: > On Thu, 16 May 2024 17:40:45 +0200 > Olivier BILHAUT <obilhaut at fondation-misericorde.fr> wrote: > >> Thanks Rowland for once again, an analysis that looks good. >> >> To you, >> is there a workaround at this stage ? > Not from myself,it has been years since I looked into this and only > really got
2015 Feb 09
2
Samba4 - Corrupted group caused stop of replication - "Object class violation"
Hi Andrew, Thanks for your reply. We tried successfully the --full-sync option from first to second DC. Unfortunately, afterwards the second DC was still in a corrupted state. The "Deleted Objects" still contained the ugly groups with the missing attribute... So we achieved to get a successfull replication after editing the "deleted objects" with ldbedit. We have deleted
2012 Oct 10
1
Samba4 sysvolcheck issue
Hi! Since samba4 rc1 (we update it since beta1) the "./samba-tool ntacl sysvolcheck" command returns the following : ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 168, in _run return self.run(*args, **kwargs) File
2015 Feb 12
2
Samba4 kinit issue with principal and keytab file
Hi All ! Using Samba Version 4.1.12, updated from source from 4.0beta1 I've created a user, let say kerbuser, for a web server to authenticate with kerberos and provide SSO to the end-users. In my example, my domain is MYDOMAIN.LOCAL, the apache server is webserver.mydomain.local and the AD user is kerbuser I've added a principal on the user and exported everything in a keytab so
2023 May 26
1
samba-tool : how to remove expiry date of an account
Hi Rowland and list, I allow myself to give a UP to my message in case someone has an idea. Thanks, --Oliver Le 2023-05-24 15:55, Olivier BILHAUT via samba a ?crit : > Hi Rowland, and many thanks for fast reply, > > When using --noexpiry, > the userAccountControl is set to 66048, which disable expiry for > password as well (in MS console, "password never
2012 Nov 19
2
Is it possible to be sponsored by R?
Hi the list, I am a member of the organizing comity of the French Statistics Association (SFdS)'s conference. We are looking for sponsors. Some software (SAS, RITME, ...) are represented. Do you know if there is any possibility to be sponsored by R (or by an association close to R)? Do you think I can ask to the R fondation? Sincerely Christophe -- Christophe Genolini MaƮtre de
2023 May 24
1
samba-tool : how to remove expiry date of an account
Hi Rowland, and many thanks for fast reply, When using --noexpiry, the userAccountControl is set to 66048, which disable expiry for password as well (in MS console, "password never expires" is now checked). This means that the password expiry (let say, every 6 month) will never popup again to the user, which is in my sense a wrong behaviour. Is there a way to change ONLY
2023 May 26
1
samba-tool : how to remove expiry date of an account
On 26/05/2023 14:44, Olivier BILHAUT wrote: > Thanks Rowland, > > I'll give a try to ldbmodify, even if I prefer to avoid modifying > directly ldb files. > > What do you think samba-tool does ? Using samba-tool to set expiry, ultimately does this: setexp = """ dn: %s changetype: modify replace: userAccountControl userAccountControl: %u
2024 May 31
1
Place of functional levels in Samba4 roadmap
Hi Samba list, As you know, security is currently the buzzword for most critical organizations. Active Directory implementations are an important node of all the security chain. French security agency, called ANSSI release a tool to audit Active Directory implementations, called ORADAD : https://github.com/ANSSI-FR/ORADAD/releases This tool retrieves all configuration from your AD, and make
2012 Jun 13
0
Samba4 (S4) [homes] special share availability
I mates, We'd like to know if the beta version of S4 with the s3fs file system now allow to use the [homes] "special" share. Are we now allowed to use it in smb.conf, and does it works like in S3, as the home share of the user is converted by it's username? Sorry for my approximate english. Cheers. Thank you for your work. Good luck. O.Bilhaut
2018 Mar 18
0
Your advices regarding authentication methods compatible with S4
Hi, Maybe this page might be helpful. I don't know how up to date it is, but the expectation seems to be that it should be able to work with alternative forms of authentication (with Kerberos PKINIT). https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login Cheers, Garming On 16/03/18 22:43, Olivier BILHAUT via samba wrote: > > > Hi to Samba list, dev, contributors and all
2017 Aug 10
0
Blank printers names while browsing remote printers
Hai Olivier, Looks to me its a small problem, but lets start here. First, can you post your: cat /etc/samba/smb.conf cat /etc/nsswitch.conf cat /etc/resolv.conf cat /etc/hosts dpkg --get-selections | egrep "samba|winbind|libnss|pam|avahi|dbus" (some people may see libnss(-mdns)/avahi/dbus not needed, yes, thats correct, but i use this for my airprint solution.) Last, check this
2012 Jan 25
1
printing issue after update to 3.6.1
Hello, we've updated to 3.6.1 yesterday, and since encounter problems with printing for some users. There's a descriptive error in the log.smbd, but I can't see what to do about it really (the rest of the, admittedly fairly ancient system, is the same base system as the previous 3.5.5 - only a couple of security updates were patched in during downtime). The message in log.smbd is:
2012 Oct 24
3
SYSVOL ACLs and GPOs
Hi, I have installed a virtual testing network consisting of one samba4 PDC (latest git master) and one Windows XP Pro SP3 (fully updated)machine. I have successfully provisioned an AD Domain and joined the XP machine to it. When I run the gpmc on the XP Pro machine and select: Forest: <domain name> -> Domains -> <domain name> -> Group Policy Objects -> Default Domain
2015 Feb 12
1
Samba4 kinit issue with principal and keytab file
Hi Rowland, Yes, I read this documentation carefully. I have two working Apache2 with kerberos authentication working. My question is more about troubleshooting a keytab. If I need to test manually a keytab file chalenging a specific principal, what's the prefered method ? I thougt that a kinit could be done using a principal name, but I am unable to kinit with somehting else than the
2023 May 24
1
samba-tool : how to remove expiry date of an account
Hi list :) I am looking for the right command to achieve my goal. I would like to remove the account expiry date of an ACCOUNT with a samba-tool command (account never expires) Options of "samba-tool user setexpiry" are : --filter=FILTER LDAP Filter to set password on --days=DAYS Days to expiry --noexpiry Unfortunately, the "noexpiry" parameter just set another option
2015 Feb 13
1
Samba4 kinit issue with principal and keytab file
Hi Rowland, Hi looks like the "-c" option is optional. My problem is not really the kerberos cache file, but the "principal" linked to the user kerbuser. The principal is HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL I would like to use kinit and give this principal as parameter. something like : > kinit -k -t /root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at
2024 May 16
1
Security descriptors options of Group Policies
Hi Samba List, hope you're doing well all. We have realized a security audit of our Samba4 Active Directory. It returns that the security descriptors options of all our GPO objects are wrong. They should be : SE_DACL_AUTO_INHERITED SE_DACL_PRESENT instead of this, the options are by default : SE_DACL_PROTECTED SE_DACL_PRESENT We can change the options, but the "sysvolreset"
2017 Aug 10
1
Blank printers names while browsing remote printers from windows
Hi friends. This morning waking up is painfull. We've got a great CUPS+Samba+Winbind print server sharing 30+ printers to our windows clients. Until this morning no issue, used on production for a couple of weeks. Today, the printer shares became unbrowsable from windows. We can see the printers names from samba share : "\printserver", but when we click on the "Show
2013 Apr 09
1
(D)DNS Updates with GNU/Linux clients in a samba 4 AD environment (BIND_DLZ)
Hi ! I bounce on the Mr Sloop's post ([Samba] DDNS / DHCPd && Internal DNS or BIND_DLZ) to ask what's the easiest way to allow Linux clients to update themself their DNS record in the Samba4 AD server (with BIND_DLZ Dns server). It works well with windows clients, but with Linux clients joined to the domain, with a valid Kerberos ticket, the client receive a error