similar to: Samba BDC at company branch in different subnet?

Hi all, I have installed Samba AD Domain for testing and it works fine. Only problem is that when i create new user with "samba-tool user create $USERNAME --must-change-at-next-login" or via ADUC in RSAT with "user must change password at first login" i cannot change password at all. When i try login i get prompt that i have to change password so i write new password,

I didn't setup any ssh-keys for authentication yet. Sorry. > Karel Lang AFD <lang at afd.cz> hat am 23. Februar 2015 um 14:48 geschrieben: > > > Hi there, > isn't possible, that the problem is just very basic and you've got a > authentication set via ssh-key on admin locally on the server you try to > logon? > Just saying .. > > cheers :]

Hi, this reminds me of my troubles of setting up samba BDC at remote company branch. Connection was done by IPSEC tunnel between 2 mikrotik routers. Thing was, ipsec supports only unicast, but not multicast,nor broadcast. Solved it by adding L2TP tunnel that support the above mentioned mechanisms. So ended up with the l2tp (which has very weak encryption and is very old and vulnerable)

Hello, if anybody would kindly have anything to advice, please, please - do :-) SETUP: Fedora 28 + Samba 4.8.5 AD (testing environment consisting of 1 Samba server and 1 joined windows machine and 1 account) :-) PROBLEM: the "--must-change-at-next-login" is the problematic part after creating user, with this attribute the user is authenticated OK during FIRST Logon BUT!! when

ssh -v shows which authentication modules are used. Might be GSSAPI/Kerberos, e.g. On 2015-02-23 15:08, Tim wrote: > I didn't setup any ssh-keys for authentication yet. Sorry. > > > >> Karel Lang AFD <lang at afd.cz> hat am 23. Februar 2015 um 14:48 geschrieben: >> >> >> Hi there, >> isn't possible, that the problem is just very basic and

Hello guys, could someone help me better understand the mechanism of negotiating of the SMB protocol? I watch closely samba list and recently there was a talk about the 'smb.conf' parameters like eg. "max protocol =" etc. with regards to Windows 10 (and other windows clients of diff versions). I read Jeff_Layton-Linux-CIFS-Client.pdf and

Hi Rowland, Thanks for the informations. Yes, the Fedora Samba 4 package is built with MIT kerberos. I know it is still 'fresh' so that is what i do - run tests :-). Actually this thing with password expiration, is only thing i found so far, otherwise, it 'behaved' surprisingly well. Thanks again! Karel -- *Karel Lang* *Unix/Linux Administration* lang at afd.cz | +420 731 13

Hi, isn't it possible, that your new Samba4 server uses higher SMB protocol, than the old MS windows XP machine can understand/handle? Not sure about this, but might be worth checking? cheers :] -- *Karel Lang* *Unix/Linux Administration* lang at afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 03/06/2015 02:42 AM, Al Schapira wrote: > Hello, > > A

Hi all, guys, first and foremost, i apologize, as this is not really about samba, but i'm basically at 'ground zero' with windows 10 and how to stop them from snooping information of the LAN PC windows users. And i know there is some great people with windows network understanding here on list, that is why i ask here, so please don't stone me :-) I think everyone heard

On Wednesday, 12 September 2018 18:13:16 CEST Andrew Bartlett wrote: > On Wed, 2018-09-12 at 17:16 +0200, Karel Lang AFD via samba wrote: > > Hello, > > if anybody would kindly have anything to advice, please, please - do > > > > :-) > > > > SETUP: > > Fedora 28 + Samba 4.8.5 AD (testing environment consisting of 1 > > Samba > > server

Hi, I've configured sssd so far as advised in the wiki: https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd getent passwd/group works. Everything seems to be fine. But now I realized, that when I use my domain admin user account to login on that server via ssh, it is not asking for a password. Normal user must authenticate with a password. Where should I look

Hello, Our company is trying to implement central Windows Domain at HQ and replicated across all its regional offices. The implementation will have a PDC/LDAP-master on HQ and BDC/LDAP-slave on each regional office. In the hopes of saving bandwidth we are trying to avoid the use of WINS between WAN links. Is there any way of not using WINS and still have the clients find the PDC (for updating

Hi, We have an old domain with a samba-3 PDC and LDAP backend in our HQ and two BDC in our branch offices. Since we don't use the domain in our HQ anymore and one of the branches will be moved to our new domain (2003/2008) I'm thinking about decomissioning the PDC and promote both BDCs as PDC for their branch offices and networks. I would also get rid of LDAP. Changing the backend to

Hello all! First of all - I very new to Samba and don't really sure what i do all right. I'm ask some advise from community. I'm make this configuration in my company: PDC + Master LDAP: smb.conf: [global] # Base workgroup = hq netbios name = dc server string = DC Server security = domain hosts allow = 172.16.1. 192.168.1. 127. encrypt passwords = yes admin

Friends-- I'm stumped! Cannot get mount.cifs to work over a tun connection. How would you trouble-shoot this? 1. It cannot be openvpn causing the problem: I can ping across the connection both directions on all machines. 2. It cannot be samba causing the problem: I can mount.cifs the smb shares on the lan (using the identical credentials file) without any issue. 3. Have iptables

I have a Samba-LDAP PDC at an office and 5 BDC's at other offices. At corporate HQ I have a W2k Server and domain. I have properly configured an interdomain trust and Users in the Samba domain can get to sections on the W2k machine regardless of location. However, members in the W2K domain can only access shares on the PDC. Attempts to access shares on a BDC cause a user name

Hi, Maybe this was asked many time (although can't find it on google). Let's assume 2 scenarios: 1) I've got local network where PDC and BDC are set up. PDC is working fine so the BDC is. When it's possible for any XP client to use BDC instead of PDC? I read in samba docs that if PDC is slow client can use BDC - but what does it mean slow for the client? How the client knows

Hey Gordon, I do not have any security issue in this network. I need to connect to a remote network on a secure network. The options are pptp or l2tp(no ipsec encryption) so I do want to use l2tp like in (lac\lns) and I am looking for a client for CentOS. Note that it works in ubuntu so it is possible to achieve the same with CentOS but I do not know what is behind the gui that initiates the

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

OK So i took the time and finally built a RPM for the softether vpn server and client. I have not tested them for usage but I found out that only the server side can work with multiple protocols while the client side works only with one protocol. The actual protocol is called "ethernet overl HTTPS". More info on the product: http://www.softether.org/ The gui is only for windows as