similar to: Question to Primary Groups

On 18:06:54 wrote Andreas Hauffe: > Hi, > > if you use the UNIX attributes the primary group is ignored if you > use winbind and the primary group of the AD attributes is used. So > every user has the "Domain Users" group as primary group. I also > read that you are not supposed to change the AD primary group to > another than "Domain Users". Is there a

Basicly read: http://blogs.msmvps.com/acefekay/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records/ https://technet.microsoft.com/en-us/library/cc787370(WS.10).aspx ( you can set the registry changes in the GPO ) now check this very handy site. https://www.windows-security.org/75572f3b66d75af8132ec77996f09a0c/net-logon yeah, i

What's the password requirements when I enable the option: complexity=on ? How many characters ? What special characters?, etc. My regards.

Hello, Looking to use Windows to encrypt contents redirected to folders on a member server. It looks like I will need to designate the remote server as trusted for delegation. Is this currently supported by Samba 4.3.x? I plan to follow these two documents to achieve this. Thanks. https://technet.microsoft.com/en-us/library/cc757963%28v=ws.10%29.aspx

On Thu, 16 Feb 2017 07:30:03 +0100 Marc Muehlfeld via samba <samba at lists.samba.org> wrote: > > On Windows, the SYSTEM account is used by services on the local host > (in your case, the local host is your Samba server). For example, > virus scanners might use it to get access to all files. However, > there is nothing on your Samba server that uses the SYSTEM account. >

Am Montag, 2. Februar 2015, 17:44:53 schrieb Marc Muehlfeld: > Hello Andreas, > > Am 02.02.2015 um 13:00 schrieb Andreas Hauffe: > > I set up a new AD with the Sernet Samba 4.1 packages. I did the > > provisioning with "samba-tool domain provision --use-rfc2307 > > --interactive". I checked the dc, ldap, kerberos and dns services under > > linux.

Hi, When I change dsHeuristics=0000002001001 like M$ said: https://technet.microsoft.com/en-us/library/cc816788%28v=ws.10%29.aspx Not works.

Am 22.01.2015 um 17:19 schrieb John Yocum: >> When I change dsHeuristics=0000002001001 like M$ said: >> >> https://technet.microsoft.com/en-us/library/cc816788%28v=ws.10%29.aspx >> >> Not works. >> > > I've got anonymous binds enabled, using the instructions at > http://www.petri.com/anonymous_ldap_operations_in_windows_2003_ad.htm But everyone

Small sidenote in regards to the wiki, there is also an V6 since windows 10 aniversary. https://technet.microsoft.com/en-us/library/jj649079%28v=ws.11%29.aspx Am 03.05.2017 um 09:52 schrieb Rowland Penny via samba: > On Wed, 3 May 2017 09:15:30 +0200 > Jakub Kulesza via samba <samba at lists.samba.org> wrote: > >> [profiles] >> path =

a nice example about dns islanding. http://retrohack.com/a-word-or-two-about-dns-islanding/ and with only 2 dc's setup the resolv.confs like : DC01 Primary DNS 10.1.1.2 Secondary DNS 127.0.0.1 DC02 Primary DNS 10.1.1.1 Secondary DNS 127.0.0.1 http://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx says: If the loopback IP address is the first entry in the list of

Am 16.01.2018 um 17:26 schrieb Rowland Penny via samba: > On Tue, 16 Jan 2018 16:54:17 +0100 > Andreas Hauffe via samba <samba at lists.samba.org> wrote: > >> Ok, you are completely right. Here are the real numbers with changed >> user names: >> >> drwx------ 43 DOM\user1        DOM\domain-user  4096 Jan 10 08:00 >> user1 drwx------   5 DOM\user2       

Hello Marc, W dniu 2015-01-22 o 20:17, Marc Muehlfeld pisze: > Hello Micha?, > > Am 22.01.2015 um 07:13 schrieb Micha? P??rolniczak: >> When GPO tells you to change password after 30days, or you want to >> change it; ... > > At first: You can't define password policies via GPO, because they have > to be interpreted by the domain controller(s) and Samba

hello folks, About ad sites, would work on an infrastructure as shown in the link image below? https://i.imgur.com/tYoxaYi.png The subnets (public IP) for communication is different on each others, of course. :D -- Elias Pereira

Hey all, according to the whitepaper http://technet.microsoft.com/en-us/library/cc736591%28v=ws.10%29.aspx I would like to a windows shortcut on the desktop that allows me to open and run the "Group Policy Editor" *for my samba4/AD domain*. The shortcut command should be: "gpedit.msc /gpobject:"LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=mydom,

Hi Peter, thanks for your hints. The point is, that no /etc/krb5.conf was generated automatically when joining the domain (told in the wiki). Now I generated one manually and now it works. I'm not frustrated at all. I see a lot of advantages for me, even if it doesn't work. Right now we have a system with Bind9, OpenLDAP, Kerberos, NFS4, Samba3 on the server side. I had to configere

Micrososft changed this statement a several of times. The only reason they did is because people using Apple are complaining some services are not working "well" on their OSX and it's a pain to change the DNS name of your Business Server on Windows Server As said before, running on .alocal for Avahi works perfectly and mDNS is only for small networks, and setting up some proper DNS

Hello, I set up a new AD with the Sernet Samba 4.1 packages. I did the provisioning with "samba-tool domain provision --use-rfc2307 --interactive". I checked the dc, ldap, kerberos and dns services under linux. Everything seems to work fine. Then I join a Windows 8.1 Enterprise running in as VM to the domain and login as administrator of the domain. When I install the RSAT and try

Ok, you are completely right. Here are the real numbers with changed user names: drwx------ 43 DOM\user1        DOM\domain-user  4096 Jan 10 08:00 user1 drwx------   5 DOM\user2        DOM\domain-user  4096 Jan 11 08:13 user2 drwx------ 92 DOM\user3        DOM\domain-user   4096 Jan 16 08:39 user3 drwx------   3        133265        DOM\domain-user   4096 Sep  7 2015 user4 drwx------   7       

I'm not sure if I would not advise to use .local, sometimes it seems to be needed to make a proper location for a running domain where even .cityname cannot accomplish what you need. To be honest I don't run Avahi and will not either. Avahi and mdns are actually only designed because of of bad DNS management by system administrators and have (Apple) users use all their features, the same

Hello guys, On my other e-mail does not properly explain what I was looking for. I made the data replication between two domain controllers Samba 4. At this point everything is okay. When I create a user, for example in master, after a few seconds the slave already have this user. What I want to know is how can I verify that user replication between master and slave through the logs? -- Elias