similar to: ACLs on OUs

I need to create a couple of OUs under Users to separate my internal users from my external users that have LDAP backed accounts so I can put ACLs over the external users so I can limit what they can see on the tree. What options do I have to create the OUs and the ACLs in a Samba4 AD-DC domain?

Hi all, Still playing with a big database (120k users, 150k computers) I tried to split my users into a lot of OUs. This increased the database size and I was not able to finish to add users into the DB because database file has reached 4GB size which seems to be the limit. First: am I right to say file /var/lib/samba/private/sam.ldb.d/DC=example,DC=com.ldb has a maximum size of 4GB? Secondly:

Thank you all for these detailed answers. This size happened on DC where the import were done. Database with Samba 4 was always significantly bigger on this host than on the replicated ones. According to that I'll try the dump trick which would also teach me some things : ) I'll came back after tests... For LMDB the start seems to be there: https://jhrozek.fedorapeople.org/sambaxp

I have a system running Samba 4 Alpha 11, and I seem to have a corrupted LDB file in my directory. (Probably the result of taking a backup without using tdbbackup). Right now, running tdbbackup on the file produces an error message similar to the following: Failed to insert into DC=WWW,DC=EXAMPLE,DC=COM.ldb.bak.tmp failed to copy DC=WWW,DC=EXAMPLE,DC=COM.ldb If I run ldbsearch -H

On 15/02/15 18:27, Marc Muehlfeld wrote: > Hello John, > > Am 15.02.2015 um 18:56 schrieb John Lewis: >> I need to create a couple of OUs under Users to separate my internal >> users from my external users that have LDAP backed accounts so I can put >> ACLs over the external users so I can limit what they can see on the >> tree. What options do I have to create the

Hi all, if one by accident points the ldbsearch command to any file, which is not a ldb file, this file is silently converted to a tdb file ;-) . root at dc0:~# file /tmp/t2.ldif /tmp/t2.ldif: ASCII text root at dc0:~# ldbsearch -H /tmp/t2.ldif # returned 0 records # 0 entries # 0 referrals root at dc0:~# file /tmp/t2.ldif /tmp/t2.ldif: TDB database version 6, little-endian hash size 10000

Hello, I'm trying to automate the creation of several small samba AD DCs, each with a different domain. Samba tool works fine for creating a brand new domain, but I haven't seen any functionality for manipulating the directory structure of a new domain. Specifically, I'd like to automate the creation of a standard set of OUs, security groups and GPOs. I'm wondering whether

Hello guys! How I can create an organizationalUnit (OU)? Now I created an user into an OU already existent, but I need to create a new OU. I tried with: root at s1 :~#nano file.ldif dn: ou=MyOU,DC=dominio,DC=pdc,DC=cu objectClass: top objectClass: organizationalUnit ou: MyOU root at s1 :~#ldbadd --url=/var/lib/samba/private/sam.ldb file.ldif but when I search MyOU on the Active

I am writing this letter and I hope that I'll have answers about the generation of smb.conf by the way of smb.conf.master with testparm command. Like is described on page 5 of Samba3-HOWTO.pdf. The situation is: - The manual of smb.conf says that the default value of the parameter ?name resolve order? is ?lmhosts host wins bcast?, but when I type the command like: # testparm -s

Hi, We installed a samba4 AD controller using Gpo for a small group of users (5 users), everything is OK. (Samba4 beta 7 on Ubuntu 12.04) We installed another Samba4 AD controller as a BDC of the first one with the command "samba-tool domain join" with succes. After checking this new installation, we saw that the sysvol share was not replicated from the PDC and all the Policies are

This is a freshly provisioned Samba 4.0.0-rc5 installation. I provisioned the domain and created shares in the configuration file to match an existing Samba 3.5.x installation that we're moving away from (or at least, that's the plan...) for various reasons. I then moved all the contents of the shares over from the old server to the new server via rsync, including home directories and

Sorry I don't understand you answer. For me 32 bits platforms are dead on server side. So nobody would set up a new AD using Samba 4 above a 32 bits system. 2015-06-01 14:34 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>: > > Am 01.06.2015 um 14:09 schrieb mathias dufresne: > >> Still playing with a big database (120k users, 150k computers) I tried to >> split

I pretend not to use RSAT on Windows any more. I use Linux as workstation and I have to access a Wondows 7 Virtual Machine with RSAT in order to manage AD. Is there any web based project? I usually work with these topics: - Manage users and groups - Manage OUs - Manage GPOs - Manage DNS

Hello, I am working on migrating from OpenLDAP using the inetOrgPerson schema to Samba4. I would like to continue to provide backwards compatibility with our existing authentication service. In OpenLDAP, users are all contained inside the People organizational unit and referenced by uid, for example: dn: uid=myuser,ou=People,dc=example,dc=com When using samba-tool to add a user, it places the

Hi, You're quiet right, I'm using a 64 bits system and I was surprised by this file size limitation on such a system. My bad regarding the title : ) Cheers, mathias 2015-06-01 15:03 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: > On 01/06/15 13:47, mathias dufresne wrote: > >> Sorry I don't understand you answer. For me 32 bits platforms are dead on

Hi, I've updated my Sernet Samba AD from 4.2.1 to 4.2.2 an now i've problems with GPO on Windows 8.1. I've some GPO with group permissions to mount some network drives but after upgrade to latest version of Samba 4 are not working. When I check the GPO status it shows as "correct" but the drives are not in the machine. Even the "net" command don't show any

Hi all, I just add into my AD a user with different values for attributes "CN" and "name". Here is an extract of the LDIF used to add this user: ------------------------------------------------------------------------------------ dc202:~# egrep 'cn:|name:' mathias.ldif cn: Mathias Dufresne (CN) *name: mathias.dufresne*

Hai Mason, I only dont have the time to work this out now. But the 2 Stefan'ss have done this part. Script + proxymod : Stefan Kania, ask him if he is willing to share his vagrant vm setup. Preseed+script: Stefan W. : https://gist.github.com/stefangweichinger/66bfc5c6518c3838e5834287c681ae80 Look at line 220. You could change that to a script you make. And with something like this

On Mon, 2015-11-16 at 16:50 +0100, mathias dufresne wrote: > transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 Looking at that line in your version of Samba may give you some idea why it failed. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer,

Once more, my bad : ) I'm using Ext4 file system, so no limitation from there (or missed something) 2015-06-01 15:12 GMT+02:00 S?bastien Le Ray <sebastien-samba at orniz.org>: > Hi, > > Is there any possibility that you're using a filesystem which such > limitations? > > Regards > > > Le 01/06/2015 15:11, mathias dufresne a ?crit : > >> Hi,