similar to: AD domain member with sssd: any downside not running winbindd?

Hi, Starting a fresh new thread, the ones about sssd x winbind are getting boring, biased and personal. :) I'd like to bring this to an admin point-of-view to be more useful for other Samba users (aka admins). Consider a network with about 200+ employees, most of them windows user. Happens that one need to provide other non-windows services like e-mail, proxy and many others to them,

Hi, I am testing Samba 4.1.4 Sernet packages on Ubuntu 12.04 to replace our old Samba 3.x server. I edited pam common-session file and added '<https://wiki.samba.org/index.php/Setting_up_a_home_share>session required pam_mkhomedir.so skel=/etc/skel/ umask=0027' just before pam_unix.so and pam_sss.so. If I shell-login on the server it create its homedir as expected using

Hi all, I installed SerNet samba packages on a Ubuntu 12.04.3 server and provisioned samba with dns-backend=BIND9_DLZ, but when I start bind it throws "samba_dlz: ldb: Unable to find backend for '/var/lib/samba/private/dns/sam.ldb' - do you need to set LDB_MODULES_PATH?" on syslog. I tried to install ldb-tools, but it conflicts with samba: root at dc01:~# aptitude install

Hi Rowland, thank you for your prompt reply, I sent you the testparam output hence lots of defaults (i presumed would be better), here is crude smb.conf: root at araucaria:~# cat /etc/samba/smb.conf [global]     netbios name = ARAUCARIA     realm = AD.TLD     server role = active directory domain controller     workgroup = A1     server services = -dns     ldap server require strong auth

Hi folks, I run a legacy mailserver that i had replaced courier-imap for dovecot 1.2. Everything is fine except for shared namespace. Maildir structure has been created using dot '.' as folder separator. It happens that all our users are created as name.surname as default. So when I want to select a shared folder, MUA end up with the following IMAP command: select

G'Day Marcio and gabben, Douglas (CC'ed) is going to try and look into why this doesn't 'just work' with Samba. No promises, but at least a trained eye will look over the process. If you could help him get set up and understand what works and doesn't that will leave him more time for actual debugging. The Azure AD sync feature is a big of an oddity in Samba, because it

Hi, I have a running samba 4.7.6+dfsg~ubuntu-0ubuntu2.15 on a ubuntu 18.04 server and would like to upgrade to van Belle latest repo. My plan is plain simple: 1. Deploy a new ubuntu 18.04 server 2. Add van Belle repo 3. Install and *then* join the domain as a DC 4. Demote and remove the old one Is this OK? Thanks, best regards. -- *Marcio Merlone*

We joined one MS Windows 2012 R2 server to our Samba DC fleet and pointed the Azure AD sync tool to that new Windows AD server and Azure password sync is working well now. I don?t have any experience with distribution groups. Good Luck! > On May 4, 2020, at 10:21 AM, Marcio Merlone via samba <samba at lists.samba.org> wrote: > > So, testing samba 4.12 on a Debian buster I found

On 2016-09-19 14:08, Marcio Vogel Merlone dos Santos via samba wrote: > Em 09/09/2016 12:48, Luc Lalonde via samba escreveu: > >> We have some machines that have updated to the Windows 10 anniversary update (1607) that are having roaming profile sync problems. >> >> Before I search the event logs or provide details, has anyone experience profile sync wierdness? >>

Em 04/05/2020 14:25, gabben escreveu: > We joined one MS Windows 2012 R2 server to our Samba DC fleet and pointed the Azure AD sync tool to that new Windows AD server and Azure password sync is working well now. Good to know. > I don?t have any experience with distribution groups. There was this *one* test group which had no permission to receive from outside the company, while all

Hai guys, I've updated the Ubuntu Bionic packages for Samba 4.10.2, 4.9.6 *(both amd64 only). Repo info : https://apt.van-belle.nl Build logs: http://downloads.van-belle.nl/samba4/Buildlogs/ubuntu/ Quick repo setup: Optional: apt-get install apt-transport-https Import my public key: wget -O - http://apt.van-belle.nl/louis-van-belle.gpg-key.asc | apt-key add - # Example repo bionic

Hello all, How can I support this effort? What can I provide to assist? Cheers > On May 7, 2020, at 3:18 AM, Andrew Bartlett <abartlet at samba.org> wrote: > > G'Day Marcio and gabben, > > Douglas (CC'ed) is going to try and look into why this doesn't 'just > work' with Samba. No promises, but at least a trained eye will look > over the process.

I implemented a domain Samba 4, but I have the following questions: 1) Primary DC (DC 1) Do I need to Install winbind? 2) Secondary DC (DC 2) Do I need to install the NTP server? 3) Ubuntu 14 Workstations What are the packages needed to join the station in the domain? Regards, Márcio

>>>>> "Marcio" == Marcio Merlone via dovecot <dovecot at dovecot.org> writes: Marcio> Sounds a lot like my problem, which I described some days ago Marcio> here on the list, but no luck. Please report to the list if Marcio> you make any progress. Marcio, Looking at your passdb { } block, you don't have the "result_sucess = continue" option.

Hi, > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marcio Merlone via samba > Verzonden: donderdag 19 maart 2020 20:59 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] One more upgrade question > > Great, many thanks! > > I expect to also upgrade some 4.7 member file servers on a further >

Hi Rowland, Those tests were made on DC (araucaria), not a domain member. root at araucaria:~# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press

I didn't setup any ssh-keys for authentication yet. Sorry. > Karel Lang AFD <lang at afd.cz> hat am 23. Februar 2015 um 14:48 geschrieben: > > > Hi there, > isn't possible, that the problem is just very basic and you've got a > authentication set via ssh-key on admin locally on the server you try to > logon? > Just saying .. > > cheers :]

We're using a bunch of AD groups ? all users/groups are created and managed with ADUC. Domain Users is the primary group for all users, plus a few for our departments (and Domain Admins). All groups have their posixGroup attributes filled out. wbinfo --group-info and getent group show the correct membership for all groups except Domain Users. smb.conf: http://pastebin.com/ymrXZJ5u Already

I have a samba4 Domain Controller, there are no other samba4 domain member servers in the network, there is one other samba 3 member server in the network. I've setup the DC with: idmap_ldb:use rfc2307 = yes On the samba4, do we use the idmap attributes? # idmap config * : backend = tdb # idmap config * : range = 70001-999999 # idmap config IAPP : backend = ad #

Dear Dev's, The release notes highlight the improvements of winbindd for the AD-DC. But I wonder: is there any impact on the configuration of a member server? TIA & Best regards Peter