Displaying 20 results from an estimated 90000 matches similar to: "Possible Security Hole (Bug?)"
2015 Apr 18
2
Possible Security Hole (Bug?)
2015-04-17 10:01 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
> On 16/04/15 19:26, David Willis wrote:
>>
>> Thank you for the reply.
>>
>> Forgive me if I am not understanding correctly, but..
>>
>> I have heard conflicting reports about whether or not to assign UID to
>> DOM\administrator, even from threads read on these lists :)
2014 Dec 10
2
Samba 4 two DCs no matching UID/GID
Am 10. Dezember 2014 22:26:52 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:
>On 10/12/14 21:05, Tim wrote:
>> Thanks for your answer and time you offer for me. That makes it a bit
>
>> clearer.
>>
>> I searched the web and found that rsat needs to have the nis tools
>> installed.
>
>Good luck with trying to install 'Service for
2014 Dec 10
2
Samba 4 two DCs no matching UID/GID
Thanks for your answer and time you offer for me. That makes it a bit clearer.
I searched the web and found that rsat needs to have the nis tools installed. Does it create Unix uid/gid automatically then? Without rfc2307 information it makes no sense to me to have a *nix machine for file services and another one for backup purposes, when uid and gid are not same (due to preserve acls).
And for
2014 Dec 10
2
Samba 4 two DCs no matching UID/GID
At the moment numbers start at 3000000 and counting. In my eyes it would make sense, that these number be stored in the AD when provisioned with rfc2307. Or it should be replicated by drs.
https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC#Configuring_RFC2307_and_NIS_Extensions_in_a_Samba_AD
says the following:
No need for manual ID counting when using the default Microsoft tools. E. g.
2016 Sep 22
6
IDMAP + GETENT
Hi guys!
I'm looking for a way to solve the problem between my Samba 4.4.4 DC and my
samba 4.3 File Server.
The users and groups ids are not the same in both servers and i can't find
the solution for this.
Can anyone help me?
This is the environment:
DC: Samba 4.4.4
------------------------
smb.conf:
[global]
interfaces = lo eth0
workgroup = DOMAIN
realm = DOMAIN.LOCAL
netbios
2015 Apr 17
0
Possible Security Hole (Bug?)
On 16/04/15 19:26, David Willis wrote:
> Thank you for the reply.
>
> Forgive me if I am not understanding correctly, but..
>
> I have heard conflicting reports about whether or not to assign UID to DOM\administrator, even from threads read on these lists :)
>
> However, are DOM\administrator and local "root" not two separate accounts...? One domain admin, one
2015 Apr 17
0
Possible Security Hole (Bug?)
Rowland,
In case of "B"
Do we know all folders which needs to be changed with rights?
Or is this only for all shares and folder/file rights.
Just asking so i can add it to my script.
And to take in mind, in both cases, i already added
the group "Domain Admins" to all privileges.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at
2018 Jan 16
3
Avoiding uid conflicts between rfc2307 user/groups and computers
Mandi! Kacper Wirski via samba
In chel di` si favelave...
> I understand the OP, I was asking some time ago similar question, but it was
> in relation to samba domain member.
Thanks, Kacper.
> I couldn't get backend: ad to work for
> machine accounts, so i switched to idmap: rid and it solved everything. I
> tried manually adding UID and GID to Domain Computer group and to
2014 Dec 10
2
Samba 4 two DCs no matching UID/GID
I will try this tomorrow. Possibly this is my fix.
When a domain is provisioned with rfc2307 it would make sense that Unix attributes especially uid/gid would automatically be set.
A member also needs this to be set for unique fs acls right?
Am 10. Dezember 2014 18:07:02 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:
>On 10/12/14 16:33, Tim wrote:
>> I think I will
2016 Oct 09
4
Problem with one User after upgrade to 4.5.0
On 10/09/2016 02:51 AM, Rowland Penny via samba wrote:
> Have you by any chance got another 3001108 'xidNumber' in idmap.ldb ?
> If you give a user a 'uidNumber' attribute, the contents of this will be
> used instead of the 'xidNumber' in idmap.ldb, hence you do not need to
> (and probably shouldn't) use numbers in the '3000000' range.
I managed to
2015 Feb 22
6
Winbind backend : rid is too much underappreciated
> >
> > idmap config * :backend = tdb
> > idmap config * :range = 10000-99999
> > idmap config DOMAIN : backend = rid
> > idmap config DOMAIN : range = 100000-199999
> >
>
> Taking your example 'idmap config DOMAIN : range = 100000-199999' it is
> very easy, you just need users whose RIDs are larger than 200000, these
> users will be
2014 Dec 10
2
Samba 4 two DCs no matching UID/GID
I think I will only need uid and gid due to fs stuff. There are only Windows clients in that domain.
So when the IDs are the same on both DCs, all will be fine I think.
In RSAT there are no Unix attributes set. As an example: user1 has uid 3000021 on DC1 (first provisioned one). DRS seems fine. On DC2 user1 gets uid 3000017.
If I set ID in RSAT Unix attributes after choosing domain, the IDs
2014 Dec 01
4
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 17:16, steve wrote:
> On 01/12/14 18:11, Rowland Penny wrote:
>> On 01/12/14 17:09, steve wrote:
>>> On 01/12/14 17:31, Greg Zartman wrote:
>>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny
>>>> <rowlandpenny at googlemail.com>
>>>> wrote:
>>>>
>>>>>
>>>>>> I do what windows does,
2014 Dec 12
3
Samba 4 two DCs no matching UID/GID
Why only Domain Users and Domain Admins? I can't follow.
But a good idea you've had. So a script can possibly be run on every DC the same. I will check and verify.
What about built-in objects like system? These are not available in ADUC if my memory doesn't fail now.
Will there be a problem when other built-in objects get a rfc gid/uid. E.g. for now wbinfo resolves uid 0 for
2018 Nov 22
2
How to set same UID and GID for ADDC server and all Member server
I have setup a ADDC Samba server and a winbind member server
I have see that same user have UID/GID different from ADDC and
member server
# Addc (Fedora 29)[root at s-addc ~]# id d.lescauid=3000023(DOM\d.lesca)
gid=100(users)
gruppi=100(users),3000023(DOM\d.lesca),3000009(BUILTIN\users)[
root at s-addc ~]# rpm -q sambasamba-4.9.2-0.fc29.x86_64
# Member (Centos7)[root at s-dati ~]# id
2019 Mar 12
2
sometimes users fails to login
Sorry my bad, thanks for spotting it.
Should that explains also the failure to grab the mutex?
Andrea
Il 3/12/2019 12:14 PM, Rowland Penny via samba ha scritto:
> On Tue, 12 Mar 2019 12:01:08 +0100
> Andrea Cucciarre' <acucciarre at cloudian.com> wrote:
>
>> The OS is OmniOS, the DC is Windows Server (not sure about the
>> release), and below the smb.conf.
2015 Jun 11
4
idmap & migration to rfc2307
Yup, strange - right!
Samba 4.2.2
RFC2307 attributes were added as follows:
# sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \
-e 's/${NETBIOSNAME}/MYDOMAIN/g' \
-e 's/${NISDOMAIN}/MYDOMAIN/g' \
/usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif
# service samba4 stop
# ldbmodify -H
2015 Jan 09
3
Member Server SeDiskOperatorPrivilege
It's definitely a problem with backend ad. I don't know what, but with ad backend I also cannot list rpc rights on the server because it cannot find the user. With rid: no problem.
Bug?
Am 9. Januar 2015 17:56:59 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:
>On 09/01/15 16:48, Tim wrote:
>> Definitely.
>>
>> With backend=ad only two user can be
2016 Nov 02
1
getent not displaying builtin groups or users
hi Roland
> On Tue, 1 Nov 2016 11:00:15 +0000
> niya levi via samba <samba at lists.samba.org> wrote:
>
>> hi everyone
>>
>> i have configured 2 domain controllers and a domain member
>>
>> the domain member is joined to the domain and
>>
>> ad and rfc2307 is configured for idmap backend,
>>
>> wbinfo returns domain builtins for
2015 Jan 09
3
Member Server SeDiskOperatorPrivilege
Definitely.
With backend=ad only two user can be seen by getent passwd. Then changing backend=rid, all users are resolved by getent passwd
Am 9. Januar 2015 17:09:19 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>:
>On 09/01/15 15:45, Tim wrote:
>> That's what I tried to say. I set the gid/uid attribs in Unix tab.
>>
>> Am 9. Januar 2015 16:44:28 MEZ,