Displaying 20 results from an estimated 4000 matches similar to: "Samba 4: Modify group members with LDAP"
2015 Feb 23
1
Samba 3.6 AD Domain Member
I'm playing around with Domain Membership to a WIndows 2012 AD Server. It
appears I'm able to join the AD domain, but the domain member doesn't seem
to authenticate anything against the DC once joined. Here is my smb.conf
netbios name = Member
workgroup = ZARTMAN
security = ADS
realm = ZARTMAN.LOCAL
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and
2014 Oct 29
3
Samba4 provision, change private dir?
When you first provision an AD DC, is there a way to control where
samba-tool puts all of the AD data files?
--
Greg J. Zartman
Board Member
Koozali Foundation, Inc.
2755 19th Street SE
Salem, Oregon 97302
Cell: 541-5218449
SME Server user and community member since 2000
2015 Feb 24
2
ADS Domain Member Workgroup vs Realm
I'm working to setup Samba as a domain member to a Windows Server active
directory, and I keep hitting road blocks. There's some real terminology
hurdles in the wiki.
In a nutshell, my problem is this: I setup a Windows 2012 Essentials ADS
domain and I ended up with zartman.local for my "domain" in Windows. So,
I've got a dns zone in windows server that is domain.local
2016 Oct 02
4
ldb-tools stand alone different than built-in?
I'm working with the Centos 7 packages for Samba 4.2.10 and I note that the
stock packages don't include the ldb tools (eg, ldbmodify, ldbsearch, etc).
I did find a stand along centos package that contains these tools from
here: https://wiki.samba.org/index.php/LDB
However, the stand along tools don't seem to be aware of the Active
Directory schema. For example, if I try to use
2016 Sep 11
2
Samba DNS Listening IP
Is it possible to change the DNS listening IP?
I'd like to run a dnscache service for primary LAN queries, but the only
way to do this with Samba seems to be iptables preroute configuration to
redirect port 53 requests.
Thanks,
--
Greg J. Zartman
Board Member, and Developer
Koozali SME Server
www.koozali.org
SME Server user, contributor, and community member since 2000
2014 Oct 25
4
Red Hat Implementation of Samba 4???
Does anyone know what Red Hat/Centos is going with Samba 4? I've looked at
their packages in COS 6.5 and 7 and it doesn't make sense. They seems to
be doing some kind of watered down or modified version of Samba 4 with some
of the tools disabled.
Are they still holding off from full AD implementation in their packages
because of the MIT Kerberos issues identified in previous
2014 Dec 28
1
Samba 4 Active Directory Quotas
On Sat, Dec 27, 2014 at 2:43 AM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
> Yes, samba4 comes with a script: oLschema2ldif
>
Humm... Not liking the errors in this method. Looking at the ldif, I
think we could rework this so that one could modify the LDAP schema
directly using LDAP syntax. In my case, I'm using Net::LDAP. Something
more like this:
dn:
2016 Aug 17
2
Storing Quotas in Active Directory
What is the best way to store file system quotas for users in the Active
Directory?
I'm not seeing any standard attributes for this, so it looks like the best
way is to extend the schema. Is this correct?
Thanks,
Greg
--
Greg J. Zartman
Board Member
Koozali SME Server
www.koozali.org
SME Server user, contributor, and community member since 2000
2016 Oct 03
2
ldb-tools stand alone different than built-in?
On Mon, Oct 3, 2016 at 10:39 AM, Sketch <smblist at rednsx.org> wrote:
>
> The standalone tools (as packaged by CentOS) don't have all of the
> extensions that are built when you build a Samba DC. If you have already
> rebuilt CentOS Samba packages with DC support, you need to add samba's ldb
> modules to ldb's module path.
>
This is what I suspected.
2016 Oct 03
2
ldb-tools stand alone different than built-in?
On Mon, Oct 3, 2016 at 12:10 PM, Sketch <smblist at rednsx.org> wrote:
>
> I would assume they would work if you built Samba against them so that
> it's ldb modules were built for the same version. But that seems like a
> lot of work when you can just use the CentOS ldb-tools package.
>
Well the ldb-tools package from COS doesn't work, as we've discussed
2016 Aug 19
1
Storing Quotas in Active Directory
On Thu, Aug 18, 2016 at 7:07 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
> Hi Greg, I take it what we discussed last time didn't work.
>
I did in fact create some custom schema mods that can store the quota
information, but it just seems to be an odd way to do it. I am surprised
that others uses Samba 4 on *nix file servers don't talk about this
2014 Dec 27
2
Samba 4 Active Directory Quotas
I've been messing around with disk quotas for users and have seen some who
have extended the Samba 4 AD schema to include a quota attribute. For
example, I found this schema extension here:
http://fossies.org/linux/quota/ldap-scripts/quota.schema
Is there a common method for doing this?
--
Greg J. Zartman
Board Member
Koozali SME Server
www.koozali.org
SME Server user, contributor, and
2014 Nov 12
1
Query AD from commandline
I'm working on building some perl code to query a Samba AD and list various
things.
I'm wondering if there is something like samba-tool for query user from the
AD other than just the username? I see that I can use and LDAP perl
module to query the LDAP side of the AD, but wanted to see if Samba has a
utility for doing this.
Thanks!
--
Greg J. Zartman
Board Member
Koozali Foundation,
2014 Nov 12
2
Samba 4 "Trigger" when user is created???
I am working to deploy Samba4 on the SME Server: A customized version of
Centos with a web management GUI and configuration API.
One of the challenges we see is how we synchronize our SME Server
configuration API with users who are created using tools outside of *nix.
For example if a user were created using the windows administration tools.
Are there any triggers in Samba that could be set to
2014 Dec 01
5
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On Mon, Dec 1, 2014 at 11:09 AM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
> NO NO I can't take anymore :-D
>
> Please read the rest of the thread, it will explain all.
People seriously use this in a production environment?
The lack of documentation and confusion surrounding pretty basic posix auth
is extremely surprising. I'm no noob at *nix admin and
2015 Feb 24
0
ADS Domain Member Workgroup vs Realm
I would say that workgroup = ZARTMAN should be right. Workgroups normally don't have dots in their name.
Than you should also try:
idmap config ZARTMAN:backend = ad
idmap config ZARTMAN:schema_mode = rfc2307
idmap config ZARTMAN:range = 10000-99999
One more thing is that it's not recommended to have a .local domain realm.
Have a look at this above glibc...
2015 Feb 24
1
idmap_ad and UID vs UIDnumber
I note from the man pages, that idmap_ad will only map users/groups IF you
set the UIDnumber in the active directory. In lookin in my active
directory, there is a "Unix Attributes" tab with "UID" in that tab that you
can set. There is also and "Attributes Editor" tap where you can look at
all attributes and edit the "UIDnumber"
I just want to verify that
2014 Dec 01
3
uidNumber. ( Was: What is --rfc2307-from-nss ??)
Greg,
> Unfortunately, these attributes do not exist as standard, so you would
> either have to add a user with ADUC or manually add them yourselves with
> ldbedit. As standard on windows, they both start at '10000', though you
> can set them to whatever you require, just make sure that they do not
> interfere with any local Unix users.
If you like to manage Unix users
2014 Dec 01
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On Mon, Dec 1, 2014 at 11:18 AM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
>
> Yes it is used in production :-)
>
> Samba has changed a little bit since 2001 :-D
>
Yes, I know it has. My point was that I've been working with Samba for
quite some time, so this is not all new to me. I've also been contributing
to the SME Server project on this front for
2014 Dec 02
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On Mon, Dec 1, 2014 at 11:39 AM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
> I understand where you are coming from, I have written my own scripts to
> maintain an S4 AD DC but as you say the documentation is a bit limited, so
> I had to search and experiment to find out how to do things. The
> documentation is getting better, but it will take time, if you have any