Displaying 20 results from an estimated 40000 matches similar to: "Host based access control?"
2014 Dec 08
3
Host based access control?
I am talking about using the Samba4-ad-dc in conjunction with PAM or
some other method I haven't thought of to prevent users from logging on
to certain servers.
For example I want my web designers to be able to login to the web
server, but I don't want them to login to the VM server because they
aren't suppose to be managing the virtual machines.
I hope to manage it via group
2014 Dec 08
2
Host based access control?
Hi,
If you are using windows as a client...
Samba AD DC GPO do support client and host limitation with time limit.
But I'm not too sure if that happen to any linux client...
On Tue, Dec 9, 2014 at 1:30 AM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:
> Hello John,
>
> Am 08.12.2014 um 18:22 schrieb John Lewis:
> > I am talking about using the Samba4-ad-dc in
2016 Jul 21
3
gpo not working with samba 4 migrated
Hi,
First of all thanks for you answer, it seems that this can help, now some
change made to gpo are applied and we are not receiving error in event
viewer, but seem that some change are not applied, why and where I can find
some information, in samba log anv event viewer any error is reported
Also I have tried
# samba-tool ntacl sysvolreset
After this tried
# samba-tool ntacl sysvolcheck
2016 Jul 22
2
gpo not working with samba 4 migrated
On 21/07/16 22:18, Trenta sis wrote:
> I'm not sure what are you deatiling, is a bug in progress taht can cause
> this random problems with some gpos or this error can be ignored?
>
> 2016-07-21 20:37 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>
>> Hi,
>>
>> First of all thanks for you answer, it seems that this can help, now some
>> change
2014 Dec 08
3
How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
Le 08.12.2014 21:06, Marc Muehlfeld a ?crit :
> Hello Denis,
>
> Am 08.12.2014 um 20:25 schrieb (lists) Denis BUCHER:
>
>> We have perfectly working roaming profiles on Samba 3.3.10 (SuSE) with Windows 7 clients. We configured our new server with same domain name, Samba 4.1.11 (Debian). On the new server, for newly created profiles, it works perfectly, we can login, logout,
2015 Oct 06
3
gpo failure
Am 06.10.2015 um 21:26 schrieb mourik jan c heupink:
> I have checked all our policy directories on sysvol, and I have a
> "Registery.pol" only in some "/Machine" directories, and none in "/User"
> or "/Group Policy".
Do you have any policy in the User tree in the GPME in that GPO? If you
never defined one, then the file is missing. Try e. g.
2013 Dec 11
2
samba-tool gpo aclcheck error
G'day Guys,
We are running Centos 6.4, samba4.0.10, compiled from tgz.
Has anyone come up with this one before?
samba-tool gpo aclcheck
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File
2015 Feb 27
3
Is Server-side GPO Configuration possible? (for logon script)
On 26/02/15 16:54, Marc Muehlfeld wrote:
> Hello John,
>
> Am 26.02.2015 um 12:17 schrieb John:
>> Is it possible to make GPO changes from the server (i.e. without using
>> Windows) ?
> No. There's no tool for *nix, to edit GPOs. At least I've never seen
> one. :-)
>
>
> Regards,
> Marc
>
Shame, that. But I kind of expected that to be the answer.
2015 Feb 26
2
Is Server-side GPO Configuration possible? (for logon script)
Is it possible to make GPO changes from the server (i.e. without using
Windows) ?
I would like to include some configuration in my build-out script and
wonder if it is possible. Specifically, I am trying to provide a logon
script. Here's what I know.
1. I can identify the correct GPO GUID object using "samba-tool gpo
listall" or with something like this
$ ldbsearch -H
2015 Jan 22
2
Windows users can't change password 4.1.6
Hello,
When PDC was installed I remember that everybody could change thair passwords after first 24h after password reset via admin console.
(I remamber that I was searching for this and even if GPO was min 0 days for changing password you had to wait)
Anyway... Now noone is able to change password.
When GPO tells you to change password after 30days, or you want to change it; typing old
2016 Jul 21
2
gpo not working with samba 4 migrated
Hi,
I have migrated samba 3 domain to samba, and I have found that when you try
to use gpo this are not applied we receive in windwos event log errors with
permissions in sysvol, I have checked paths to sysvol gpos and are correct.
Also I have tried with a new fresh domain (not migrated) and with this new
install works GPO
How can I debug this problems and find a solution?
Thanks
2016 Sep 19
2
Upgraded SAMBA4 DC's, now no logon scripts
On Mon, 2016-09-19 at 20:57 +0200, Marc Muehlfeld wrote:
> > Logon scripts assigned to a user do not execute when the user logs
> > on; it did before the upgrade.
> * What kind of upgrade are you talking about?
> NT4 to AD? (migration)
> x.y to 4.2?
AD 4.0.21 -> 4.2.x
This worked prior to the upgrade.
> * Is this an PDC or DC?
They are DCs.
> * Where have you
2017 Apr 03
6
GPO administration right on the station for ordinary user
Good morning people,
I need a help with a gpo to give administration right only on the
workstation for a normal user.
I tried 3 tutorials I found on google plus none worked.
How do you do when you need an ordinary user to have administration
right only on the workstation?
If you have a tutorial that is running in version 4.5.5 and can make it
available thank you very much.
Regards,
2015 Jan 15
4
Verification on different issues
Hello,
I'd like to know if the following issues happen to you too.
1. Sysvol permissions
After I edited a GPO with a user which is member of domain Admins, sysvolcheck runs on an error due to security settings of thisvedited GPO. Running sysvolreset makes it all for he again
2. GPO password policy
We have a policy that defines a password change interval of 32 days. On our clients (windows
2016 Jul 10
4
Compatibility with Windows Server 2012 R2
I had joined the Samba as a secondary DC. At first he imported all (accounts, groups, users and gpo).I can see all the objects that were imported. But the version of Schema Samba came as 69. The errors that I notice is regarding DNS and ForestDNS synchronization.It seems that the error is displayed when you synchronize Samba for Windows. When Windows to Samba, the commands do not return error.
2015 May 19
3
Deny login for a specific user in a specific machine in a samba domain
PDC. I'm using samba 3, I need scripts to apply GPO?
Citando Tim <lists at kiuni.de>:
> PDC or ADDC? You could achieve this with a GPO.
>
> Regards
> Tim
> ?
> Am 18. Mai 2015 18:20:28 MESZ, schrieb Rodrigo Abrantes Antunes
> <rodrigoantunes at pelotas.ifsul.edu.br>:
>> Hi, I have samba as a PDC and I need to deny login for a specific user
>> in
2015 Feb 27
2
Is Server-side GPO Configuration possible? (for logon script)
On 27/02/15 14:34, Marc Muehlfeld wrote:
> Am 27.02.2015 um 09:42 schrieb John:
>> Shame, that. But I kind of expected that to be the answer.
>>
>> I guess the next best thing is to script it on Windows. Provide a script
>> (perhaps in sysvol/scripts) that can be run on a windows box as a domain
>> admin to finish the configuration. I guess this would be a Windows
2014 Dec 08
3
How to copy roaming profiles to new server ? ("Group policy client service failed. The logon access is denied")
Am 08.12.2014 um 22:55 schrieb Rowland Penny:
> Hi, It sounds very much like a SID problem to me.
>
> the user 'Fred' with the SID-RID
> 'S-1-5-21-4036476082-4153129556-3089177936-1005' is **NOT** the same
> user as 'Fred' with the SID-RID
> 'S-1-5-21-2025076216-3455336656-3842161122-1005'
>
> You need to change the domain SID on the new
2017 Apr 03
3
GPO administration right on the station for ordinary user
Hi Louis,
Am 03.04.2017 um 17:01 schrieb L.P.H. van Belle via samba:
> But thats missing info.. :-(
>
> Maybe its also a good thing to add just after the first picture on the wiki.
> That the security filter on the GPO MUST have "authenticated users" or Domain computer group.
> You decide.
thanks for bringing this up. I will verify this later.
I'm 85% sure, I never
2015 Oct 07
3
gpo failure
Am 07.10.2015 um 12:00 schrieb mourik jan c heupink:
> I have defined two Default Domain Policies, confirmed by the settings
> tab in the Group Policy Management editor:
>
> 1st - computer config, policies, windows settings, scripts, shutdown
> 2nd - user configuration, preferences, windows settings, drive maps
>
> Unless these two happen to be policies that do NOT need a