Displaying 20 results from an estimated 6000 matches similar to: "Samba4 DC, SPNs and a complex Windows stack"
2014 Dec 17
1
Samba4 DC, SPNs and a complex Windows stack
----- Original Message -----
> From: "David Bear" <dwbear75 at gmail.com>
> To: samba at lists.samba.org
> Sent: Wednesday, 17 December, 2014 5:25:48 PM
> Subject: Re: [Samba] Samba4 DC, SPNs and a complex Windows stack
>
> On 12/17/2014 01:35 AM, Luke Bigum wrote:
> > Hello,
> >
> > We're using Samba 4.1.11 as domain controllers and over
2015 Jun 23
2
domain join failure - error during DRS repl ADD: No objectClass found
Hello,
I am trying to join a third domain controller to an existing Samba 4 domain (sernet samba 4.2.1-17.el6.x86_64) and we're hitting a problem that looks like some bad replication data on certain objects. We get part way through replicating the tree and then it dies on a Sudo Rule object:
[root at dc03 ~]# /usr/bin/samba-tool domain join EXAMPLE.COM DC -U Administrator
2014 Dec 17
1
Samba4 domain function level W2008 R2
Dear all,
could someone explain in short about raising the domain function level to W
2008 R2.
I thougt I did provision my samba4 DC as W2008 R2 function level, but my
domain level show
has an output like??:
samba-tool domain level show
Domain and forest function level for domain 'DC=tplk,DC=loc'
Forest function level: (Windows) 2003
Domain function level: (Windows) 2003
Lowest function
2015 May 05
4
Managing Samba Active directory.
Hi,
I've never been a Windows user, but I'm curious to see how the AD
integration works in Linux, since it looks like we may need to have one
or two Windows desktops and I don't realy want to start setting up
Windows infrastructure. If I can have Samba as a domain controller that
makes things a lot simpler.
I have one question tho, the documentation suggests using the Microsoft
2015 Mar 09
1
password lockout policy issue after update to 4.2
Hello,
Quick observation after recently updating all DC's to 4.2.0 from
4.1.17. Several users received the notice "account is currently locked
out" after entering their password once. I updated the policy to a
minimum of 3 attempts before any user logged in initially. I opened
Microsoft ADUC tool and clicked the box to unlock their account. This
resulted in the user receiving
2015 Dec 04
3
How to set unix properties from command line
Samba version: 4.1.17
I want to use a Samba AD controller to manage access to both my Windows and
Linux boxes. I managed to import my old Samba users using pdbedit however
as I want to use the new Samba AD controller to manage access to the Linux
workstations too I want to configure Unix properties on all my accounts.
Unfortunately I cannot find any command-line tool on Linux that will allow
me
2015 Apr 15
2
Samba 4.2 Account Lockout logging
Hello,
We are using the account lockout feature in Samba 4.2. Unfortunately my own account is being locked out overnight and I can't figure out where from :-( Is there a level of logging on a Samba4 DC I can use to record the source address of any authentication failures, be they with Kerberos or native LDAP?
Thanks,
--
Luke Bigum
---
LMAX Exchange, Yellow Building, 1A Nicholas Road,
2015 May 06
0
Managing Samba Active directory.
Replying back to the list :-)
The Sudoers functionality is achieved by modifing the Samba schema, the sudo package itself distributes the schema change LDIF:
$ rpm -ql sudo | grep schema
/usr/share/doc/sudo/schema.ActiveDirectory
/usr/share/doc/sudo/schema.OpenLDAP
/usr/share/doc/sudo/schema.iPlanet
Technically if you could find the correct schema to store autofs data in AD then it should work.
2015 May 05
0
Managing Samba Active directory.
Hi James,
We use Samba 4.2 DCs and have Linux talking to the DC fine. This is using Kerberos via SSSD on CentOS 6 and various Fedoras - Password expiry works, nested Groups work, Sudo rules and Netgroups can be placed inside the AD tree as well.
A combination of the samba-tool command and pdbedit can achieve most things, however you will still need the Windows Management tools to interact with
2015 Apr 08
0
can't create folders under shared mailbox's INBOX
Hello,
I have a namespace / ACL problem with shared mailboxes that I can't figure out. I have a local user tam at crm.yb.lmax that shares it's INBOX and all other folders with on LDAP group. Members of that group can't create a folder under the shared local user's INBOX:
[08-Apr-2015 11:43:05 +0000]: [9501] S: * MYRIGHTS tam at crm.yb.lmax lrwstipekxcd
[08-Apr-2015 11:43:05
2017 Mar 19
1
kerberos issue (SPN not found) with windows Hyper-V ( samba 4.5.3 AD)
Hello,
This won't be a very helpful reply, but I can confirm I've had the exact same issue. I ran into this a few years ago and could not get HyperV migrations to work with a Samba DC. I even went so far as to install a Windows DC just to prove to myself that it is supposed to work, and it does, perfectly (with ADDC it even creates all the SPNs for you auto-magically).
Unfortunately at
2012 May 31
6
Manage but don't create resource
Hi,
I have certain situations where I want to manage user attributes, if the
user already exists on a system, but not actually create them if they are
missing. Is there a way to do this?
I tried removing the explicit "ensure => present", but this seems to have
no effect (i.e. missing users still created).
I am running 2.7.9.
Thanks,
Alan
--
You received this message because
2012 May 18
3
Hiera Questions: An array of :datadir: ?
In a posting a few days ago was this hiera.yaml source listing:
---------------------------------
:backends: - json
:hierarchy: - %{fqdn}
- %{lmax_role}_role
- %{lmax_env}_server
- %{pop}.tradefair
- common
:json:
:datadir: - /etc/puppet/private/
- /etc/puppet/environments/%{environment}/hiera_data_store/
-
2012 Apr 16
1
hiera puppet augeas and hash keys ?
Hi,
if possible can someone post a working example please ?
I am using hiera => puppet => augeas.
cat myserver.yaml
---
myserver:
"Birthday": ''1''
"Debug": ''5''
The no. of settings will change, so i would like to use a hash here.
The hiera lookup works already:
>hiera -c /etc/puppet/hiera.yaml -h myserver
2017 Mar 18
2
kerberos issue (SPN not found) with windows Hyper-V ( samba 4.5.3 AD)
I made some progress with the issue, but didn't solve it completely
It's basically a kind of bug (i'm not sure if it's on kerberos side or
samba, I think samba is the culprit here (?).
Microsoft uses kind of weird SPN for Hyper-V. Weird as there are
"spaces" in the string - which is kind of unique as far as SPN's go,
usually SPN form a complete string.
So I kind
2012 Apr 25
2
Unable to import a manifest file from a different directory to the one where site.pp is located using environments
Hi List,
Puppet Version: v2.7.13
Question - If I correctly setup multiple manifestdir''s in the puppet.conf
file how can I import a node pp file located in a different directory tree
to site.pp?
My configuration information is below.
In my puppet.conf file I have setup an environment called "stable", within
this environment I have setup the manifestdir, modulepath and
2012 Apr 27
15
puppet way of handling rdist and triggers
We have an existing "management system" of sorts, based on rdist. I''d like
to know the best way to migrate it to using puppet.
Currently, we have a local binaries tree, rdisted out nightly. We also
make use of rdist''s extra capability to trigger scripts when and if named
files are updated.
I''m not sure what the best method would be, of converting this to
2011 Dec 12
1
Re: Re: Variables not inheriting
Now thats wierd. I did. Different title, different body...how did it flag my quetion to an old thread?
jcbollinger <John.Bollinger@stJude.org> wrote:
>Please do not hijack existing threads. Create a new thread for a new
>question.
>
>
>John
>
>--
>You received this message because you are subscribed to the Google Groups "Puppet Users" group.
>To post
2012 Mar 23
11
Plugins and Hiera
Dear all,
This is a continuation of another thread, but I think the question diverged
enough to create a new one.
I have a hiera hierarchy like this:
:hierarchy:
- %{fqdn}
- %{secundary_group}
- %{primary_group}
- %{productname}
- all
And I need to define the secondary/primary groups as facts, on the nodes. Gary
has suggested me to use plugins, that they will provide the facts before
2012 May 04
16
forcing user resource provider to be local files only?
I see that there are an assorted bunch of "provider" types for resource
type user. Are there not any "local file" providers for it?
I have need of ensuring that certain local user accounts get created on all
machines, reguardless of what the system "/bin/password" and "useradd"
type mechanisms are set to.
It would be really nice to find a pre-written