similar to: rfc2307 deprecated in Windows 2012 R2?

Ok, it's here: http://pastebin.com/JEnr5wUq The id_offset is that value because i initially didn't use rfc2307 attributes, but instead On 29 January 2015 at 23:27, Tim <lists at kiuni.de> wrote: > @Hans-Kristian: > I'd like to see it. How did you automate this? > > @Andrew: > In another thread I suggested to set the rfc2307 info automatically when a > domain

It is actually rather easy to set the attributes via powershell, and that is probably the best way to add them in a Server 2012 R2 environment. I wrote a powershell script to do this automatically for users and groups in an entire domain that should be pretty generic to be reused. It also mirrors the logic used in automatic winbind UID/GID generation to be able to coexist in an environment where

But if they take it away how to set them in future? Am 29. Januar 2015 19:50:22 MEZ, schrieb Andrew Bartlett <abartlet at samba.org>: >On Wed, 2015-01-28 at 17:22 +0100, Tim wrote: >> I got the chance to test samba 4 with windows 2012 R2 domain >> controller on its highest functional level. >> >> Possibly it's important to know that M$ says that the

On 29/01/15 22:56, Hans-Kristian Bakke wrote: > Something went wrong and the message got sent before it was finished. > Here is the complete one: > > Ok, it's here: http://pastebin.com/JEnr5wUq > > The id_offset is that value because i initially didn't use rfc2307 > attributes, but instead had > > idmap config EXAMPLE : range = 300000-499999 > > in

Something went wrong and the message got sent before it was finished. Here is the complete one: Ok, it's here: http://pastebin.com/JEnr5wUq The id_offset is that value because i initially didn't use rfc2307 attributes, but instead had idmap config EXAMPLE : range = 300000-499999 in smb.conf. To get identical uid/gids have to start with the same offset. If you have a fresh domain and

I do not understand the point about issues with administrator beeing mapped to a "random" rfc2307 UID. You need to explain the details surrounding that part to me as my experience is that this is OK and even necessary. The only reason for not giving Administrator a "random" UID/GID that I can think of is perhaps if you are doing some mapping of Administrator to root, something

@Hans-Kristian: I'd like to see it. How did you automate this? @Andrew: In another thread I suggested to set the rfc2307 info automatically when a domain is provisioned with --use-rfc2307. Possibly by an additional parameter. This would make things easier in my eyes. Thanks Tim Am 29. Januar 2015 22:02:14 MEZ, schrieb Hans-Kristian Bakke <hkbakke at gmail.com>: >It is actually

Am 29.01.2015 um 21:12 schrieb Tim: > But if they take it away how to set them in future? If you need NIS, you probably have POSIX systems attached. So you can always set RFC2307 attributes from POSIX systems. > Am 29. Januar 2015 19:50:22 MEZ, schrieb Andrew Bartlett <abartlet at samba.org>: >> On Wed, 2015-01-28 at 17:22 +0100, Tim wrote: >>> I got the chance to

On 29/01/15 22:27, Tim wrote: > @Hans-Kristian: > I'd like to see it. How did you automate this? > > @Andrew: > In another thread I suggested to set the rfc2307 info automatically when a domain is provisioned with --use-rfc2307. Possibly by an additional parameter. > This would make things easier in my eyes. > The problem with setting the rfc2307 info when the domain is

It's definitely a problem with backend ad. I don't know what, but with ad backend I also cannot list rpc rights on the server because it cannot find the user. With rid: no problem. Bug? Am 9. Januar 2015 17:56:59 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 16:48, Tim wrote: >> Definitely. >> >> With backend=ad only two user can be

Interesting: I rebuild everything. But after setting up the DCs they had the same issue - net rpc rights grant can't connect to server 127.0.0.1. I tried the following global parameters in smb.conf: bind interfaces only = yes interfaces = lo eth0 And like magic it worked! Samba is now bind to127.0.0.1?(lo) and eth0 and net rpc rights grant works. Try this also on a member server. Give it a

Definitely. With backend=ad only two user can be seen by getent passwd. Then changing backend=rid, all users are resolved by getent passwd Am 9. Januar 2015 17:09:19 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 15:45, Tim wrote: >> That's what I tried to say. I set the gid/uid attribs in Unix tab. >> >> Am 9. Januar 2015 16:44:28 MEZ,

That's what I tried to say. I set the gid/uid attribs in Unix tab. Am 9. Januar 2015 16:44:28 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 15:40, Tim wrote: >> When I switch back to backend ad, getent passwd returns nothing - >> getent group only returns by adding a dedicated group name. >> There is at least one user and one group with

When I switch back to backend ad, getent passwd returns nothing - getent group only returns by adding a dedicated group name. There is at least one user and one group with Id set in ad. Am 9. Januar 2015 16:29:39 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 15:19, Tim wrote: >> I switched to rid module of idmapping and now winbind offers all >>

I switched to rid module of idmapping and now winbind offers all groups and I can set SeDiskOperatorPrivilege. getent group and getent passwd are now working! Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 13:47, Tim wrote: >> Hello all, >> >> I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307

Tim, Thanks for the hint. Usermap for root applied, locally made requests fail now systematically with "Could not connect to server <server address> Connection failed: NT_STATUS_LOCK_NOT_GRANTED" It is kind of improvement :) Random things scare me. -Tom On Tue, Mar 24, 2015 at 7:40 PM, Tim <lists at kiuni.de> wrote: > Hi Tom, > > have a look at this: >

On one of your DCs? As in you run Samba for your DCs? This thread was using Server 2012 R2 as DCs, and that was what my response was aimed at. I am also using Server 2012 R2 for DCs. In this case the Administrator is "just a user" seen from the linux boxes. That Administrator is assigned a root-role in a Samba DC is not a surprise for me as it then becomes more than external windows

I still do not follow you. An additional reason for including administrator in the first place, not including that I actually want it to work against the linux boxes like every other domain user, was because winbind returns the exact same mapping when using idmap backend RID with range 300000-499999 (i.e not rfc2307 attributes) > wbinfo -i administrator

Thanks for your answer and time you offer for me. That makes it a bit clearer. I searched the web and found that rsat needs to have the nis tools installed. Does it create Unix uid/gid automatically then? Without rfc2307 information it makes no sense to me to have a *nix machine for file services and another one for backup purposes, when uid and gid are not same (due to preserve acls). And for

On 25/03/15 19:40, Tim wrote: > Don't be scared and take the challenge! :-) > > Reduce your smb.conf to the minimum as seen in the member server wiki and try it again. It should work then. > > Am 25. M?rz 2015 14:47:16 MEZ, schrieb "Tom S?derlund" <tom.k.soderlund at gmail.com>: >> Tim, >> >> Thanks for the hint. Usermap for root applied,