similar to: Guest Access/Computer Access when Security = ADS

Hello all, I've come a cross some strange GPO software deployment issue and below are some info. I've 2 DC + 1 Domain member (net ads join) AS per suggested, the 2 DC are only use for DC and GPO where the Domain member is working as the files sharing server. There are some strange issue happen where: 1. Win7 vm test maching can get the GPO software without problem 2. Win XP in LAN can

Dear Daniel, Klaus I've try that before But because of how samba work on the files. The Advise is No Without CTDB, you will just shoot yourself on the foot... On Thu, Jun 25, 2015 at 7:39 PM, Zerwes, Klaus <zerwes at rosalux.de> wrote: > Just some notes: > For master <-> master setup (bi-directional sync) you need AFAIK a cluster > filesystem. > I have no idea

Dear Louis, Just to check... Would it be possible to have more than 2 DC using Unison to sync? I was trying to make this to the samba wiki. But when reading the list I see Rowland talking about the SID and RID issue Because of built-in group SID is not sync across domain. Which I think samba should have their own way of dealing this or it will just be a mess in a long run. Did we have any

2015-06-25 14:44 GMT+02:00 Daniel Carrasco Mar?n <danielmadrid19 at gmail.com>: > > > 2015-06-25 14:12 GMT+02:00 Min Wai Chan <dcmwai at gmail.com>: > >> Dear Daniel, Klaus >> >> I've try that before >> But because of how samba work on the files. >> >> The Advise is No >> Without CTDB, you will just shoot yourself on the

Hi, If you are using windows as a client... Samba AD DC GPO do support client and host limitation with time limit. But I'm not too sure if that happen to any linux client... On Tue, Dec 9, 2014 at 1:30 AM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote: > Hello John, > > Am 08.12.2014 um 18:22 schrieb John Lewis: > > I am talking about using the Samba4-ad-dc in

Hello Sébastien Le Ray, The PC reply the following... The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one or more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). The

Hi, I was thinking about bidirectional sync of sysvol and i've a question: ?What about DRBD?. You can create a disk partition in every node, create a DRBD cluster and then mount that partition on sysvol folder. The sincronization is bidirectional and in real time. For now i've not tested this option, but i've plans to start some tests. What is your opinion about this? Greetings!!

Dear All, I've recently upgrade from samba 4.1.x to samba 4.2.14 and found that GPO are having issue Specifically when I'm adding new using they *never *got the gpupdate success fully. When I run samba-tool ntacl sysvolcheck or samba-tool ntacl sysvolreset But don't seem to got it fix.. Any suggestion? Thank in advance. #samba-tool ntacl sysvolcheck Processing section

Dear All, I've some strange entry on my getent as shown below. It seem that There are some strange value UID/GID 4294967295 <-- what number is this? I get this info from my Domain member which serving as a files server. Also some different GID from Samba AD DC E.g wbinfo from AD DC (default configuration after classical migratation) --> AD DC have no winbind configuration. wbinfo

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greeting, ~ I've setup my Red Hat 7.3 With samba 2.2.5 to be a PDC. Which at the same time, I'm having the same problem like *problems on windows part <http://marc.theaimsgroup.com/?t=103675771200004&r=1&w=2>*. Accessing from windows to Linux always not a problem. But I'm having a problem to access it reverse. (from Linux

Dear Belle, That produce the similar situation. Thus I'm trying osync And the result are much present according to my test case And configuration are much streamline. However, I'm not sure how it can work with 2 DC or more... Thank You On Mon, Jun 22, 2015 at 9:05 PM, L.P.H. van Belle <belle at bazuin.nl> wrote: > Hai Min Wai Chan, > > I have tested it as shown in

Hello Min Wai Chan, ? Can you explain more about,, the DC1 will remove any emptey directory on DC1. tested it here, but that does not occure here. i can create empty directories on DC1, and these are synced to DC2. empty or not. ? ?DC1 will overwrite any users/group change on DC2? if setup correctly, your sysvol rights on DC1 and DC2 are the same.. ? i suggest you to the following. get the

Dear Sébastien, Sorry for the delay, Please check on the log below. As for the word "存取被拒。" it should translate to Access Deny... Please help. - <Event xmlns="*http://schemas.microsoft.com/win/2004/08/events/event <http://schemas.microsoft.com/win/2004/08/events/event>*"> - <System> <Provider Name="*Microsoft-Windows-GroupPolicy*"

Dear All, Can help to advise if there are any name planing for dns? e.g: I've a domain amtb-m.org should my samba4 server be ad.amtb-m.org? OR should I create another non-reachable internal domain e.g: ad.amtb-m.lan For them? What is the benefit on this or that? Any documentation about that? Thank you.

Hello all, Just to ask have anyone try osync before? https://github.com/deajan/osync And would you think that this will fix our issue on https://wiki.samba.org/index.php/SysVol_Bidirectional_Replication Where DC2 files or folder will be removed? Thank You.

Dear all, Would need some of your advise. As I was the trying to get postfix sasl working with samba AD. I've try to search online for a few examples some use ldap, kerberos or pam. I'm using winbind on that system and I wonder if we can use winbind with sasl. Or anyone have a more correct on how it should be done. My existing setup was working with ldap before moving to samba4.

Dear All, I'm using gentoo as samba AD DC but was having issue with ldbedit or ldbsearch. And some small glitch. Can help to advise a better distro to use as an AD DC? Thank you. Regards, Chan Min Wai

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all, I''m a bit confused on the rules and would like your help. I''ve 4 NIC, eth0 --> WAN (net) eth1 --> OSPF1 (bb1) eth2 --> OSPF2 (bb2) I would like to enable all the icmp function (ping and traceroute) Wonder what effect will the following policy make. bb0 all ACCEPT info bb1

Dear Louis, I think I found something interesting on the script... https://wiki.samba.org/index.php/SysVol_Bidirectional_Replication Let say we removed the "--delete-after" which caused DC2 folder to be removed on the next sync... It seem that the location of the folder are part of the cause. If it is the 3rd or above... on the folder we sync... /AD.DOMAIN.NET/Policies/YourNewfolder

Dear All, I've found a strange behavior on Winbind + getent group If there are AD/winbind group didn't have any unix gid... getent group will only show local group. If all the AD/winbind group have unix gid getent will reply with all the group I have included the AD/winbind group. Did we have any bugs reported on this? Thank You.