Displaying 20 results from an estimated 4000 matches similar to: "Update from Samba 3.6 to 4.1 on Debian"
2018 Jan 19
1
idmap limit?
Hi,
yes, there are some things. But I have not found a nice complete
documentation.
One main point is the domain name as prefix of the username of the
parent domain, e.g. "DOM\user1", you have to use. I was not able to get
rid of it, as the client is member of the subdomain which is the
default. So you can't use the "default domain" option in smb.conf. The
backslash
2015 Feb 09
2
Transfer user passwords from Samba3 to Samba4
Hi,
I'm migrating a domain from Samba3 to Samba4. I now about the possibility to
transfer the domain (users and computers) during the provisioning (Upgrade
from Samba3 to Samba4).
Due to problems with the domain name (I have to change the domain name), SIDs
a.s.o. I want to create a new domain during provisioning. Then I want to
create/add all users with a script. Is there a way to
2017 May 24
1
Linux-Home share
Hi,
we did an update from samba 4.5.5 to 4.6.3. We are having a Linux-Home
share for the windows users, but this is not working anymore.
In the smb.conf we are having something like the following
...
[%U_Home]
comment = Home Directories
path = %H
...
It seems, that the "%H" is not replace correctly or at least as before.
--
Regards
Andreas Hauffe
Leiter des Forschungsfeldes
2017 Nov 02
0
Winbind, Kerberos, SSH and Single Sign On
Hi,
a new hint. If I change the default_realm in krb5.conf to EXAMPLE.DE
than the kerberized ssh is working for a user from example.de
(user1 at EXAMPLE.DE) and not working for a user from
subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE)
So with the actuall configuration I'm able to use kerberized ssh for
users from example.de or users from subdom2.subdom1.example.de
2018 Jan 16
2
idmap limit?
Ok, you are completely right. Here are the real numbers with changed
user names:
drwx------ 43 DOM\user1 DOM\domain-user 4096 Jan 10 08:00 user1
drwx------ 5 DOM\user2 DOM\domain-user 4096 Jan 11 08:13 user2
drwx------ 92 DOM\user3 DOM\domain-user 4096 Jan 16 08:39 user3
drwx------ 3 133265 DOM\domain-user 4096 Sep 7 2015 user4
drwx------ 7
2017 Aug 22
0
Winbind with krb5auth for trust users
Hi,
sorry for not reading the comment above idmap config. I uninstalled and
reinstalled samba and configs to remove all old id mappings and so on.
Then changed all configs as adviced. The id mapping is working correctly
(wbinfo -i) for local and trusted domain. But I still cannot logon with
wbinfo -K with a trusted domain account.
Andreas
Am 22.08.2017 um 12:59 schrieb Rowland Penny via
2018 Jan 19
0
idmap limit?
Hi Andreas,
i'm sorry to jump on your thread as i can't really help you here.
But as i have to setup an AD subdomain of a parent domain with the same
requirements as yours apparently (aka parent domain managed by Windows
server holds users/groups accounts on a distant location but the compute
ressources and the GPO will be managed locally under a subdomain), i'm just
wondering if you
2018 Jan 16
2
idmap limit?
Hi,
no, that's my fault. I changed the UIDs and user names in my "ls -l" to
unpersonalized/example data for my mail and didn't think about putting
these values into the range. A better unpersonalized data example would
look like:
----------
drwx------ 43 DOM\user1 DOM\group 4096 Jan 10 08:00 user1
drwx------ 5 DOM\user2 DOM\group 4096 Jan 11 08:13 user2
2018 Jan 16
2
idmap limit?
Hi,
we are running a file server as member server of a windows 2012 domain.
Now we are facing the problem, that some UIDs are not mapped to the user
names by the running winbindd process. This results in "nobody"
usernames for nfs shares mounted by other clients.
When doing an "ls -l" in the homes directory on the member server (file
server), the list looks like:
2018 Jan 16
3
idmap limit?
Am 16.01.2018 um 17:26 schrieb Rowland Penny via samba:
> On Tue, 16 Jan 2018 16:54:17 +0100
> Andreas Hauffe via samba <samba at lists.samba.org> wrote:
>
>> Ok, you are completely right. Here are the real numbers with changed
>> user names:
>>
>> drwx------ 43 DOM\user1 DOM\domain-user 4096 Jan 10 08:00
>> user1 drwx------ 5 DOM\user2
2017 Aug 22
0
Winbind with krb5auth for trust users
Hi,
hier are the file. I replaced the real domain/realm name by
"search&replace", so there should not be a typping error in my file
concernig the realm or domain names.
Regards,
Andreas
client:~ # more /etc/hostname
client.loc.example.de
client:~ # more /etc/hosts
#
# hosts This file describes a number of hostname-to-address
# mappings for the TCP/IP
2015 Feb 03
2
File-Server update from Samba 3.6 to Samba 4.1
Hello,
I'm preparing a update from a heterogen environment with the services OpenLDAP,
Kerberos, Bind9, Samba 3.6 (NT-Domain), NFS4 to a Samba4 AD. I'm setting up a test
environment with a separate DC and a file server.
There are some questions about the file server which is a debian file server with some TB
of data right now.
The first question is, what to do with the existing TB of
2015 Feb 02
3
Can't create users with RSAT - "An error occurred. Contact you system administrator"
Am Montag, 2. Februar 2015, 17:44:53 schrieb Marc Muehlfeld:
> Hello Andreas,
>
> Am 02.02.2015 um 13:00 schrieb Andreas Hauffe:
> > I set up a new AD with the Sernet Samba 4.1 packages. I did the
> > provisioning with "samba-tool domain provision --use-rfc2307
> > --interactive". I checked the dc, ldap, kerberos and dns services under
> > linux.
2017 Aug 21
1
idmap backends and home directories
Am 21.08.2017 um 15:55 schrieb Rowland Penny via samba:
> On Mon, 21 Aug 2017 15:43:00 +0200
> Andreas Hauffe via samba <samba at lists.samba.org> wrote:
>
>> Am 21.08.2017 um 15:22 schrieb Rowland Penny via samba:
>>> On Mon, 21 Aug 2017 14:56:50 +0200
>>> Andreas Hauffe via samba <samba at lists.samba.org> wrote:
>>>
>>>> Hi,
2017 Aug 21
2
idmap backends and home directories
Am 21.08.2017 um 15:22 schrieb Rowland Penny via samba:
> On Mon, 21 Aug 2017 14:56:50 +0200
> Andreas Hauffe via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> is there any idmap backend, beside idmap_ad, where the home directory
>> is taken from the backend and not from the template homedir option?
>>
>>
>> Regards,
>>
2015 Feb 13
2
Problem with "kerberos method = secrets and keytab"
Hi Peter,
thanks for your hints. The point is, that no /etc/krb5.conf was generated automatically when
joining the domain (told in the wiki). Now I generated one manually and now it works.
I'm not frustrated at all. I see a lot of advantages for me, even if it doesn't work. Right now we
have a system with Bind9, OpenLDAP, Kerberos, NFS4, Samba3 on the server side. I had to
configere
2015 Feb 15
2
Question to Primary Groups
Hi,
if you use the UNIX attributes the primary group is ignored if you use winbind
and the primary group of the AD attributes is used. So every user has the
"Domain Users" group as primary group. I also read that you are not supposed
to change the AD primary group to another than "Domain Users". Is there a way
to set the UNIX primary group to another group without causing
2015 Feb 02
4
Can't create users with RSAT - "An error occurred. Contact you system administrator"
Hello,
I set up a new AD with the Sernet Samba 4.1 packages. I did the provisioning
with "samba-tool domain provision --use-rfc2307 --interactive". I checked the
dc, ldap, kerberos and dns services under linux. Everything seems to work
fine.
Then I join a Windows 8.1 Enterprise running in as VM to the domain and login
as administrator of the domain. When I install the RSAT and try
2017 Aug 22
2
Winbind with krb5auth for trust users
Hi,
the external trust, we have, is a one directional external trust. So
users of the trusted dom can logon on local dom clients, but not the
other way around. In case of "wbinfo -a" all communication is between
the client and the domain controller of the local domain, which is the
proxy for the auth process. In case of "wbinfo -K" all communication is
between the client
2015 Feb 11
2
Problem with "kerberos method = secrets and keytab"
Hi,
I'm using the smb.conf from
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
to add a member server as file server to the domain.
If I'm using the original smb.conf with "kerberos method = secrets and
keytab", I'm not able to see any share on a Windows Client in the domain. If I
use the default "kerberos method = secrets" everything works.