similar to: AD ldap, filter to exclude various kinds of expired, disabled etc etc users

Hi, I have setup samba4 as AD and hoping to have dovecot authenticate users against it. I am facing challenges though and I am unable to figure it out. I could do with a third eye to help me spot what is wrong. root at adc0:/etc# doveadm auth test -x service=imap odhiambo at newideatest.local Password: passdb: odhiambo at newideatest.local auth failed extra fields: temp Warning: auth-client:

Hi all, Samba 4.1 as AD/DC local postfix & dovecot hooked to AD via ldap queries (special user created in AD for that purpose). Everything works as expected, but : I'd like inactive users in AD not to be able to read/send emails (understandable I think). User status seems (sorry I'm AD newbie) to be controlled by the 'userAccountControl' field in AD. Created 2 test users

Hi, I hope you're all right. I describe below the scenario where the problem occurs. I'm trying to activate a master user [1] to be able to access all the boxes of all users by imap. I have configured the dovecot-master-users [2] file with the appropriate permissions. When I try to access, for example with roundcube, through user at mydomain.com*my_master_user at not-exist.com I see in the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, has anyone implemented a mail server with maildir, Postfix and Dovecot using Active Directory ad userbase and password authentication? Do I need Samba to authenticate users? Can I use credential caching just like mysql? Ciao, luigi - -- / +--[Luigi Rosa]-- \ This morning at breakfast, I noticed that Kellogg's have put a helpline number

Quick addendum: I just stumbled upon abandoned accounts receiving "password expired" notifications forever, even if they get disabled subsequently (by me). It might be helpful to include this in the script: uAC_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"

On Sat, 28 Oct 2023 13:50:31 +0200 Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> I consider this a big security omission: if? Samba is the source of > >> information but not the the authenticator of the user, that > >> application cannot block expired users ! > > But, Samba when running as an AD DC is the source of information AND >

Dovecot version: 2.0.19 ------------------------------------------------------- grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-ldap.conf hosts = server.domain.tld:389 ldap_version = 3 auth_bind = yes dn = vmail at domain.tld dnpass = somepassword base = ou=testou,dc=domain,dc=tld scope = subtree deref = never

Op 28-10-2023 om 13:22 schreef Rowland Penny via samba: > On Sat, 28 Oct 2023 11:54:34 +0200 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> Op 28-10-2023 om 09:37 schreef Rowland Penny via samba: >>> On Fri, 27 Oct 2023 23:48:22 +0200 >>> Kees van Vloten via samba <samba at lists.samba.org> wrote: >>> >>>> Hi

Op 28-10-2023 om 17:19 schreef Rowland Penny via samba: > On Sat, 28 Oct 2023 16:22:23 +0200 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: >>> On Sat, 28 Oct 2023 13:50:31 +0200 >>> Kees van Vloten via samba <samba at lists.samba.org> wrote: >>>

On Sat, 28 Oct 2023 11:54:34 +0200 Kees van Vloten via samba <samba at lists.samba.org> wrote: > > Op 28-10-2023 om 09:37 schreef Rowland Penny via samba: > > On Fri, 27 Oct 2023 23:48:22 +0200 > > Kees van Vloten via samba <samba at lists.samba.org> wrote: > > > >> Hi Team, > >> > >> Is it possible to make a LDAP-query that returns

Op 28-10-2023 om 17:19 schreef Rowland Penny via samba: > On Sat, 28 Oct 2023 16:22:23 +0200 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: >>> On Sat, 28 Oct 2023 13:50:31 +0200 >>> Kees van Vloten via samba <samba at lists.samba.org> wrote: >>>

On Sun, 29 Oct 2023 18:10:52 +0100 Kees van Vloten via samba <samba at lists.samba.org> wrote: > > Op 28-10-2023 om 17:19 schreef Rowland Penny via samba: > > On Sat, 28 Oct 2023 16:22:23 +0200 > > Kees van Vloten via samba <samba at lists.samba.org> wrote: > > > >> Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: > >>> On Sat, 28

Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: > On Sat, 28 Oct 2023 13:50:31 +0200 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >>>> I consider this a big security omission: if? Samba is the source of >>>> information but not the the authenticator of the user, that >>>> application cannot block expired users !

My ldap config. Would this store incoming email in maildir format? If so, can it be overriden? If so, where (possible place)? hosts = 192.168.0.12:389 ldap_version = 3 auth_bind = yes dn = llookup at domain.local dnpass = password base = OU=People,DC=domain,DC=local scope = subtree deref = never user_filter =

"userAccountControl:1.2.840.113556.1.4.803:=2" Sorry, I cannot read the Matrix. ;) Ole On 13.02.2017 17:19, Rowland Penny via samba wrote: > On Mon, 13 Feb 2017 16:46:12 +0100 > Ole Traupe via samba <samba at lists.samba.org> wrote: > > You could always replace: > >> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"

On Sat, 28 Oct 2023 16:22:23 +0200 Kees van Vloten via samba <samba at lists.samba.org> wrote: > > Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: > > On Sat, 28 Oct 2023 13:50:31 +0200 > > Kees van Vloten via samba <samba at lists.samba.org> wrote: > > > >>>> I consider this a big security omission: if? Samba is the source >

Mandi! Rowland penny via samba In chel di` si favelave... > yes, Provided you use the right attribute to search on ;-) Ah! ;-) Just i'm here, i test three condition in account flags, eg: UAC=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" userAccountControl | grep "^userAccountControl: " | cut -d ' ' -f 2-)

On Thu, 24 Aug 2023 21:12:38 +0800 Reese Wang via samba <samba at lists.samba.org> wrote: > I used `samba-tool user disable testuser` to disable a user and > `samba-tool user show testuser` to display the user object and found > nothing was changed. And I can still get the user using filter >

Guys needing some help with LDAP queries against samba4 this command works against MS AD's LDAP (&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) but with samba4 I get C:\Users\Administrator>dsquery * --filter (&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) I get the

Hi, i sync the passwords from samba to other backends using "samba-tool user syncpasswords" On my operative system (samba 4.10 and python2) all works fine. I upgraded my test-DC to samba 4.11 and python3 and now the samba-tool user syncpasswords --daemon crashes. Fri Oct 4 12:29:47 2019: pid[983]: Attached to logfile[/usr/local/samba/var/log.syncpw] Fri Oct 4 12:29:47 2019: