similar to: Winbind rid + SID History creating duplicate per-user groups

Dovecot -n and version present at the bottom of the email for legibility. System is a Debian 10 + Virtualmin hosting setup for my domains ------------------------------------------------------------------- Hello everyone, my first post. Sorry for the long and confusing post, I'm pretty new to dovecot other than basic functionality. I recently in the last week went through the documentation

Hai Stefan, What happens on the DC itself. The dns `CLIENT queries` (resolving) goes through /etc/resolv.conf And uses these settings. for example, ping www.google.nl from the DC commandline. The PC in the lan use the DC DNS but NOT /etc/resolv.conf of the DC. That uses the DNS Server settings, internal samba, used the forward setting in smb.conf Or bind9_dlz + samba, used the forward

Samba version: 4.1.9 Using the idmap_rid backend Case: A Windows AD security group has a historical SID (sidHistory) whose RID matches the RID of a user in the "current domain" For example: (Note the different domain portions of the SID) Current SID of group G: S-1-5-21-1405700021-3363460546-1698178416-30661 Historical SID of group G:

I'm having a very strange permissions problem with Samba 3.4.7 (installed via backports.org) running on Debian Lenny: If a Windows 7 or Windows Vista client tries to use Windows Explorer to access a user's home directory with permissions 0700, the client gets a permission denied error. If the directory is made world readable, it works. (For one user, group readable also works. For

We are in an environment where several AD domains are being consolidated into one larger domain using sidhistory. The samba winbind configuration is using 'allow trusted domains = no' as we do not care about what is in the other domains (as well as the problem that many of them are unreachable from other locations meaning winbind will choke completely if we don't disallow them). The

Hi there. [I just asked this over the irc channel, but since I got no reply, I decided to cross-post here. Please forgive me if that is incorrect] I'm trying to migrate an Active Directory domain (that is being used only for authentication) to a samba3 domain. The network is small enough to rejoin the clients one by one and recreate the user accounts if necessary. However, the new user

On 21/02/15 19:26, Andrew Bartlett wrote: > On Thu, 2015-02-19 at 17:15 +0000, Rowland Penny wrote: >> This all leads me to my questions, why, when it comes to idmap.ldb, >> can >> a user also be a group and a group can also be a user and why was it >> setup like this in the first place ? , there must be a reason for it. > It goes like this: > > - Groups can

Ye ol' sidHistory edit attack in new disguise using samba4. I don't think you can consider it to be a hack but I had a lot of fun playing about with ldbedit. Samba4 is wikked, it really opens up AD, I had a lot of fun setting it up. Check my blogg for my little sidHistory priv escalation tutorial (domain admin to enterprise admin).

Just curious but how long has ESX support been in libvirt? Also I noticed this error when accessing one of my windows vms: error: internal error Expecting VMX entry 'scsi0.virtualDev' to be 'buslogic' or 'lsilogic' but found 'lsisas1068' Not sure whether this is an enhancement, defect, or not supported at this time. Thanks. -Jon

====================================================== "Stay positive and happy. Work hard and don't give up hope. Be open to criticism and keep learning. Surround yourself with happy, warm and genuine people." Tena Desae ====================================================== Release Announcements --------------------- This is the latest stable release

====================================================== "Stay positive and happy. Work hard and don't give up hope. Be open to criticism and keep learning. Surround yourself with happy, warm and genuine people." Tena Desae ====================================================== Release Announcements --------------------- This is the latest stable release

On 22/02/15 01:02, Andrew Bartlett wrote: > On Sat, 2015-02-21 at 21:37 +0000, Rowland Penny wrote: >> On 21/02/15 19:26, Andrew Bartlett wrote: >> >>> On Thu, 2015-02-19 at 17:15 +0000, Rowland Penny wrote: >>>> This all leads me to my questions, why, when it comes to idmap.ldb, >>>> can >>>> a user also be a group and a group can also

Are use using zarafaAccount=1 withing the search filters? I use this things like this : (&(objectClass=person)(zarafaAccount=1)(|(mail=%s)(otherMailbox=%s))) Or for groups. (&(objectclass=group)(zarafaAccount=1)(|(mail=%s)(otherMailbox=%s))) That helps a lot. ! If you switch to kopano beware to change the SCHEMA and filters zarafaAccount changed to kopanoAccount Greetz. Louis

In our native Win2K3 AD domain, several AD accounts have a sIDHistory that carry SIDs from before the AD domain migration in addition to the "primary" objectSID. Samba 3.0.21c winbindd (with idmap OpenLDAP backend) on domain member servers (running SuSE 9.3 Pro) allocates multiple uids for these SIDs with the same (AD) user name: Primary SID: # getent passwd myuser

Hi Rowland, many thanks for your help, On Wed, Nov 08, 2017 at 11:00:59AM +0000, Rowland Penny wrote: > > On Wed, 8 Nov 2017 11:18:10 +0100 > Ervin Hegedüs <airween at gmail.com> wrote: > > > > ======== > > open-ldap: ... > > -------- > > /etc/resolv.conf > > search core.mydomain.hu > > nameserver 127.0.0.1 > > nameserver

Hi, We're running dovecot 2.2.13, virtual users, with postfix. We have an olddomain and a new domainname. To 'translate' *@olddomain into *@newdomain, I have configured: > cat /etc/postfix/canonical > @olddomain.com @newdomain.com While this seems to work, lately we have noticed that dovecot occasionally creates mailboxes for non-existent users, like: >

Thanks again Rowland for getting back to me.  Here's my comments below: >> /etc/hosts: >> 127.0.0.1       localhost >> 192.168.0.17    ad.domain.intranet ad >> 192.168.0.21    domain-ad.domain.intranet     domain-ad > > Remove the line above, this is the old AD domain and shouldn't have > anything pointing to the new one. Have deleted this line. 

Hello, I am trying to access an ESXi host using libvirt but it seems that it requires netcat to be running on the ESX server. My ESX 4 does not have this installed and I am wondering if this is required or is there some other way to get this working? Thanks, Jon

Hello, I am trying to run ./configure --with-one --with-esx but I get the following error: checking pkg-config is at least version 0.9.0... yes checking for XMLRPC... no configure: error: You must install XMLRPC-C >= 1.14.0 to compile libvirt ONE driver However I have downloaded xmlrpc-c-client and built from sources version 1.16.31 root at sa251:~/libvirt-0.8.4# xmlrpc-c-config --version

Hello, | -|Hello everybody, -| -|1. Question -|When migration from an nt4 style domain to a new samba 3 -|style domain with ldapsam , -|it is necessary to preserve the old SIDs of the user to keep the users -|in touch with the old servers. M$ calles this SID history, which means -|that the old SID is added to new accounts in an AD. -|Does samba have any equal mechanism? so far i found