Displaying 20 results from an estimated 10000 matches similar to: "Multiple domain and trust relationship"
2015 Oct 14
1
Multiple domain and trust relationship
Hello Klaus,
Am 12.10.2015 um 23:34 schrieb Klaus Hartnegg:
> Different domains have advantages if the network connection is bad, and
> if local admins want to create new ad objects themselves, e.g. new
> users.
This is also possible with AD sites. Even if the network connection is
temporary offline.
Each DC has a RID pool (default 500 RIDs). Until it's empty, you can
create new
2015 Oct 12
0
Multiple domain and trust relationship
Multi-sites AD does not mean multi-domain AD. You do not must build trust
relationship.
Building an AD for a company is not trivial. It's a structural piece of IT
which must be thought. Needing RTFM and understanding why you would go into
some direction or another.
Trust relationships can be what you need, but not necessarily. It depends
on what you need.
Microsoft does not advice to use
2014 Mar 12
4
Wiki should have Readme First
Many first time users of Samba-4 seem to struggle with the same issues.
I suggest the Wiki should have a Readme First similar like this:
http://www.klaus-hartnegg.de/gpo/14-03-12-samba4.html
It basicly says that Samba 4 can behave either like Samba 3, or as
AD-DC, in which case it should do nothing else. Then it lists the main
differences, limitations, and requirements.
I would love to see a
2014 Aug 30
2
Flexible Single-Master Operations (FSMO) documentation
Hello,
I wrote a major extension of the FSMO documentation:
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles
We often had questions on the list about the FSMO roles and the
consequences, when DCs owning roles are offline.
I hope this will be a good reference.
Regards,
Marc
2015 May 26
2
Need another workaround for FSMO transfer problem
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
I ran into that while trying to rebuild my LXC's as Debian 8. The
proposed work arrounds assume you have access to a Windows Domain
controller in your domain, and I don't. Is there anything else I can do
to get all 7 Roles moved to my other domain controller so I can rebuild it?
2014 Jun 27
4
Missing features, RLY?!? & readme1st again
Missing features from memory from following this mailinglist:
- Win7 join to AD still requires two registry changes.
- SYSVOL is not replicated, use a cronjob with rsync.
- Domain-Trust works only in one direction (which one?).
- winbind does not work on DCs, use a separate file server.
- Joining an AD requires one of its DCs in the same subnet?
- Cluster filesystems destroy TDB files, use CTDB.
-
2015 Oct 12
0
Multiple domain and trust relationship
Am 08.10.2015 um 18:20 schrieb Julien Deloubes:
> Now my company will open several sites in different countries.
> I was wondering what is the actual limitations of Samba4 concerning the
> multi domain (i'm not a Windows guy and have very limited knowledge about
> AD).
> I read about trust relationship limitations (can be trusted but cannot
> trust) so does this mean that for
2018 Oct 19
2
Samba 4.7+ - RODC and password change support
Hi,
I am working on a deployment of Samba as a domain controller, with one
central domain controller and several read-only DC.
The deployment works, and computers seems to interact with the RODCs
as they should, but sometimes computers leave the domain after a
password change.
This seems to happen only on RODC where the passwords have been
replicated - on one occasion the RODC was
2015 Feb 04
2
Problems with 2 DCs.
Hello,
I've set up 2 DCs.
The first as been set up using the command:
samba-tool domain provision ?
The second, using the command:
samba-tool domain join <realm> DC?
As far as command return status say the commands went well.
Using only the first DC, I can add windows client to the domain, I can
manage users, everything seems to be ok.
When adding the second DC, users database is
2015 May 28
2
Need another workaround for FSMO transfer problem
On 05/26/2015 07:34 AM, Rowland Penny wrote:
> On 26/05/15 03:05, John Lewis wrote:
>> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
>>
>>
>> I ran into that while trying to rebuild my LXC's as Debian 8. The
>> proposed work arrounds assume you have access to a Windows Domain
>> controller in
2018 Oct 23
3
Samba 4.7+ - RODC and password change support
On Tue, 23 Oct 2018 10:07:29 +1300
Garming Sam via samba <samba at lists.samba.org> wrote:
> Hi,
>
> On 20/10/18 1:26 AM, Julien Ropé via samba wrote:
> >
> > The deployment works, and computers seems to interact with the
> > RODCs as they should, but sometimes computers leave the domain
> > after a password change.
> >
> > This seems to
2015 Mar 02
2
Problems with 2 DCs.
Le 06/02/2015 17:49, Marc Muehlfeld a ?crit :
> Hello Jean-Fran?ois,
>
> Am 04.02.2015 um 17:51 schrieb Jean-Fran?ois Morcillo:
>> Troubles come into the place when I try to create a user on the 2nd DC,
>> I get the following error message:
>> samba-tool user create usr1 usr1
>> ERROR(ldb): Failed to add user 'usr1': -
>>
2015 Mar 13
2
Samba4 interdomain trust
On Tue, 2015-03-10 at 11:37 +0100, Klaus Hartnegg wrote:
> Am 10.03.2015 um 11:00 schrieb Sergio Rizzi:
> > By reading https://wiki.samba.org/index.php/Roadmap#Trust_support seems
> > that trust support is not finished yet, btw in changelogs seems that in
> > 4.2.* (with winbindd) interdomain trusts are now working.
>
> The release notes say that windindd "paves
2014 Dec 01
2
protocol SMB2 prevents start of program?
On 11/28/2014 9:23 AM, Klaus Hartnegg wrote:
>
> Is there anything else that I could try,
> or do I just have to stay on protocol NT1
> as long as we still use this old software?
>
> Klaus
Try in [global]
acl allow execute always=true
--
Regards
--------------------------------------
Gerald Drouillard
Technology Architect
Drouillard & Associates, Inc.
2015 May 13
2
Posix vs. Windows File/Directory Permissions
On Wed, May 13, 2015 at 1:20 PM, Klaus Hartnegg <hartnegg at uni-freiburg.de>
wrote:
> Am 13.05.2015 um 17:30 schrieb S?bastien Le Ray:
>
>> No they aren't
>>>
>>
>> Yes they are
>>
>
> Not sure about this, but mostly irrelevant anyway, because of this effect
> in the other direction:
>
> If you have set Windows ACLs, and then change
2015 Jun 10
4
Need another workaround for FSMO transfer problem
On 05/28/2015 04:18 AM, Rowland Penny wrote:
> On 28/05/15 01:33, John Lewis wrote:
>> On 05/26/2015 07:34 AM, Rowland Penny wrote:
>>> On 26/05/15 03:05, John Lewis wrote:
>>>> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
>>>>
>>>>
>>>>
>>>> I ran into that
2014 Jun 17
1
Secondary domain controller and promotion
I see the instructions about setting up a secondary domain controller at
https://wiki.samba.org/index.php/Join_a_domain_as_a_DC but I am unclear
on several points. I'm familiar with Kerberos/LDAP/DNS but not Windows
administration.
(1) This document talks about adding Samba as a slave to "an existing
Active Directory domain" (presumably running Windows).
Is it the same to
2015 Apr 24
4
"hosts allow" not working?
On Fri, 24 Apr 2015, Klaus Hartnegg wrote:
> Am 24.04.2015 um 01:02 schrieb Carl G. Riches:
>> I'm unable to join a Windows 7 PC
>> to the Samba 4 domain when "hosts allow" is defined
>
>> hosts allow = 127 10.208.29. 10.108.29.
>
> Maybe the new version insists there must be a dot after the 127.
>
I put the dot in, to no avail. I also modified the
2014 Jul 15
3
chown destroys ACLs
Hi,
Is it normal that "chown $user $file" and "chown :$group $file" destroy
the Windows-ACLs?
Is it normal that changing the file owner in Windows does not change the
file owner in Linux, but changing the file owner in Linux does change
the file owner in Windows?
This should be mentioned in
>
2014 Sep 03
1
Effect of setting "store dos attributes = no" in Samba 4.1.11
Thanks for your help and replies. Yes, I meant "store dos attributes".
It's pretty clear now that I need to keep the parameter 'store dos
attributes=no' since
1) the server is an AD member server and
2) the map* parameters don't do the right thing under ZFS / NFSV4 ACLs.
I've read that the steps Klaus Hartnegg listed resolves the issue on ZFS on
Linux; however, I