similar to: Domain controller in a chroot

Le 17/03/2015 11:25, Sven Schwedas a ?crit : > On 2015-03-17 11:13, S?bastien Le Ray wrote: > >> I'm sucessfully running a fileserver on it, just wanting to avoid issues >> in case of network link outage. > So your users, which cannot connect due to network link outage, won't be > prevented from logging in? Sounds like a splendid idea. My users will be able to open

Le 17/03/2015 11:06, Sven Schwedas a ?crit : > Not really an option : :-) > total used free shared buffers cached > Mem: 496 470 25 0 58 82 > > That's why I'm targetting the chroot > You won't be able to run a usable file server *and* DC on this little > resources anyway. That's barely

Hi, The goal of the chroot is to split the two roles, not to provide any additional security Regards Le 17/03/2015 10:01, Sven Schwedas a ?crit : > On 2015-03-17 09:27, S?bastien Le Ray wrote: >> Hi list, >> >> Since it is considered ?harmful? to run a domain controller that acts a >> fileserver I was considering the option of putting the AD DC into a >>

Le 17/03/2015 10:43, Rowland Penny a ?crit : > Hi, you could do what a lot of people do, run the DC in a VM. > > Rowland > Not really an option : :-) total used free shared buffers cached Mem: 496 470 25 0 58 82 That's why I'm targetting the chroot

Le 17/03/2015 15:40, Peter Serbe a ?crit : > Hi S?bastien, > > S?bastien Le Ray schrieb am 17.03.2015 14:15: > >> So even with two interfaces and bind interfaces only you cannot do it? Sad > I am by no means an *nix epert. Maybe it is possible - but I don't know > anyone how ever talked about doing something like that. And given the > _very_ limited resources, You

On 2015-03-17 11:40, S?bastien Le Ray wrote: > > > Le 17/03/2015 11:25, Sven Schwedas a ?crit : >> On 2015-03-17 11:13, S?bastien Le Ray wrote: >> >>> I'm sucessfully running a fileserver on it, just wanting to avoid issues >>> in case of network link outage. >> So your users, which cannot connect due to network link outage, won't be >>

On 2015-03-17 11:13, S?bastien Le Ray wrote: > Le 17/03/2015 11:06, Sven Schwedas a ?crit : >> Not really an option : :-) >> total used free shared buffers cached >> Mem: 496 470 25 0 58 82 >> >> That's why I'm targetting the chroot >> You won't be able to run a usable file

Le 17/03/2015 14:45, Rowland Penny a ?crit : > On 17/03/15 13:29, S?bastien Le Ray wrote: >> >> >> Le 17/03/2015 14:25, Rowland Penny a ?crit : >>> Ah, but from my testing, winbindd on 4.2 works very similar to >>> winbind, it still ignores most of the RFC2307 attributes and as I >>> understand it, trusts still do not work. >> Mmmm

Today's episode of "why is AD break", brought to you by: > [2017/09/05 10:17:06.015617, 3] ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not registered with our KDC: Miscellaneous failure (see text): Server (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > [2017/09/05 10:17:06.015717, 0]

On Fri, May 05, 2017 at 10:21:05AM +0200, Sven Schwedas wrote: > On 2017-05-05 10:09, Volker Lendecke wrote: > > On Fri, May 05, 2017 at 09:42:47AM +0200, Sven Schwedas via samba wrote: > >>> root 9988 0.8 59.4 1571936 606488 ? S Apr26 114:41 /usr/sbin/samba > > > > Can you post /proc/9988/smaps somewhere? > > Sure,

/etc/hostname:villach-file /etc/hosts:# The following lines are desirable for IPv6 capable hosts /etc/hosts:::1 localhost ip6-localhost ip6-loopback /etc/hosts:ff02::1 ip6-allnodes /etc/hosts:ff02::2 ip6-allrouters /etc/hosts:127.0.0.1 localhost /etc/hosts:192.168.16.214 villach-file /etc/krb5.conf:[libdefaults] /etc/krb5.conf: default_realm = AD.TAO.AT /etc/krb5.conf: dns_lookup_realm = true

Le 17/03/2015 14:25, Rowland Penny a ?crit : > Ah, but from my testing, winbindd on 4.2 works very similar to > winbind, it still ignores most of the RFC2307 attributes and as I > understand it, trusts still do not work. Mmmm interesting. I've been looking for a while to 4.2 precisely for this reason (rfc2307 to get consistent UID on DC) and the commit I found was only a special

I've wasted the last two days trying to get various versions of samba 4 packages getting to run under Wheezy. ? Wheezy's own packages are incomplete betas. ? Inverse provides their own packages (for SOGo), but they only care about getting their one use case to work; smbd doesn't work all, winbind has problems, and the postinst script resets my smb.conf with nonsense. Before I try

Ok, rechecked this, your correct. This did work fine. In now at samba 4.6.7, you? This worked untill ( last i checked ) 4.6.5 :-(( now sysvolreset is totaly broken. :-(( New thing for my ToDo list.. Try this script, the rights are my defaults "after a sysvol reset" Place the script somewhere within /var/lib/samba Preffered that location . Run it with : bash script.sh sysvol/ !

> Keytabs look reasonable, as far as I can see, but why does > graz-dc-sem have the same SPN output as graz-dc-1b in > addition to its own? A snapshotted server/cloned server? I dont know but thats not correct. I suggest, cleanup the DS with FSMO roles. Then remove a failty server and re-add it as a new installed DC. ( the good DS with FSMO) First backup:

Am 28.09.2016 um 04:01 schrieb Steve Litt via samba: > Why would ANYBODY type a command when they could perform a bunch of > mouse clicks. Better yet, you can automate Windows tools with a screen > scraper and a keyboard injector, or with a top notch language like > Powershell or Visual Basic *lol* why would ANYBODY click in a GUI when he have a console - and i mean that really

Hi, I have installed a centos65_guest_1 system on a centos65 host with virt-manager. By default libvirt has a default network in NAT mode. At centos65_guest_1 when pinging to google it works. But I would like to use a routed mode for production enviroment with some services online, like http, ftp, ssh, etc. I have created the virtual network 192.168.100.0/24 with routed mode, and I have

On 2017-04-07 13:44, Sven Schwedas via samba wrote: > In the end I just upgraded all DCs to 4.5 and remote-deleted the broken > ones. Seemed to work without a hitch, manual removal was only necessary > to remove the IPs from DNS\_msdcs.ourdomain\gc\. Apparently not, adding new DCs failed with "WERR_DS_DATABASE_ERROR". `samba-tool dbcheck --fix` solved that. With that out of

On Mon, 13 Nov 2017 15:20:05 +0100 Sven Schwedas <sven.schwedas at tao.at> wrote: > > > PS, your configs are still wrong. > > It would be *really* helpful if you explained *why*. Sprinkling magic > pixie dust over random config files isn't exactly purposeful > debugging. > Lets start with /etc/krb5.conf Samba doesn't need most of what you will find in it,

On Thu, Dec 4, 2014 at 5:19 AM, Sven Schwedas <sven.schwedas at tao.at> wrote: > Tbh, you might get away with using PCEngines' APU boards (the successor > to their Alix boards with a massively upgraded CPU) if individual > machines don't need RAID (because everything is replicated anyway). > I considered that, but what would you use for storage?? They have an mSATA