similar to: Give users possibility to manage part of their AD account

Displaying 20 results from an estimated 10000 matches similar to: "Give users possibility to manage part of their AD account"

2016 Sep 02
4
AD, add computers delegation
Hi, Following that link https://support.microsoft.com/en-us/kb/932455 we created a delegation to permit some group to add computers into AD. That works except if some computer with same name was already added (even if this computer with same name was previously cleanly removed from AD). Anyone who has idea what we missed? Cheers, M.
2016 Jun 14
3
Changing default UID/GID beginning for AD
2016-06-13 18:27 GMT+02:00 Rowland penny <rpenny at samba.org>: > On 13/06/16 13:13, mathias dufresne wrote: > >> I loved to find out how to achieve that. >> >> I did looked for information, all I found was that: >> >>
2015 Jun 30
2
Several questions about winbind[d]
2015-06-30 12:42 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 30/06/15 11:17, mathias dufresne wrote: > >> @Andrew: I expect these lines came from RDP issue workaround which should >> be happening with previous Samba version. I removed all these lines as >> now, >> with 4.2.2 Samba version RDP and RSAT are working well without them. >>
2016 Aug 30
3
AD, ACLs on LDAP objects not replicated?
Hi all, Playing with delegation today we delegated rights to some user on some OU and its contents for it can modify users inside that OU and children. We used "advanced view" in ADUC then "properties" on our delegated OU, then "security" tab, and finally we gave rights to our user. Perhaps this process is not correct but we believe it is a valid process to delegate
2015 Jun 30
2
Several questions about winbind[d]
@Andrew: I expect these lines came from RDP issue workaround which should be happening with previous Samba version. I removed all these lines as now, with 4.2.2 Samba version RDP and RSAT are working well without them. I removed also each and every idmap lines, commented most of winbind lines too and now my smb.conf is: ------------------------------------------------------------ [global]
2016 Sep 02
1
AD, add computers delegation
Thank you Louis, I'll have a try! And yep, you're so right about using groups rather than users, so that's what we did ;) I'll try to test that today and come back to tell yall how it went. Have nice week-end if I can't come back today : ) M. 2016-09-02 16:09 GMT+02:00 L.P.H. van Belle via samba <samba at lists.samba.org >: > Hai Mathias. > > I think you
2015 Jun 25
3
Several questions about winbind[d]
Hi all, I'm wondering about winbind[d] behaviour. I tried the following with: auth methods = sam winbindd and the same with only one d: auth methods = sam winbind One user: ldbsearch -H $sam '(cn=another.fakeuser)' homeDirectory loginShell gidnumber uidnumber # record 1 dn: CN=another.fakeuser,OU=a,OU=Standards,OU=Utilisateurs,DC=ad,DC=dgfip homeDirectory: */home/another.fakeuser*
2016 Jun 13
2
Changing default UID/GID beginning for AD
I loved to find out how to achieve that. I did looked for information, all I found was that: https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS Unfortunately it seems to list all users (I don't know these MS commands but "Get-AdUser -Filter"...) then sending that list to something to
2016 Apr 05
2
DNS issues after FSMO seize
Ok Mathias.. I hoop this helps a bit. https://technet.microsoft.com/nl-nl/library/cc816941(v=ws.10).aspx now type : nslookup -type=soa internal.domain.tld or nslookup -debug -type=soa internal.domain.tld and look at nslookup -debug -type=soa internal.domain.tld ip_of_a_NS1-server. nslookup -debug -type=soa internal.domain.tld ip_of_a_NS2-server. And see.. The soa record contains only
2015 Nov 11
4
How to configure Winbind to use uidNumber and gidNumber
On 2015-11-10 at 13:57 +0000, Rowland Penny wrote: > On 10/11/15 13:42, mathias dufresne wrote: > >Thank you for this quick answer Louis. > > > >On DC: > > > >On DC I had to add one line to have winbind retrieving uidNumber AD field > >rather than having Winbind chosing some random UID for my users. > >This line is: > > > >idmap_ldb:use
2016 Oct 12
6
samba with customized ldap backend
I have to assume much, I'll try. So... - No AD, that's some NT4 domain. - No Winbind because Winbind is using samacccountname as user login and not UID. - Issue happens on Linux or UNIX clients. The question is what tool (SSSD, pam_ldap / nss_ldap, nslcd...) are you using to retrieve information from LDAP to forge users on system side. Once you get an answer to this previous question
2015 Nov 10
2
How to configure Winbind to use uidNumber and gidNumber
Hi all, How can we configure winbind to retrieve uidNumber and gidNumber declared in AD? Thanks and regards, mathias
2015 Nov 10
2
How to configure Winbind to use uidNumber and gidNumber
Thank you for this quick answer Louis. On DC: On DC I had to add one line to have winbind retrieving uidNumber AD field rather than having Winbind chosing some random UID for my users. This line is: idmap_ldb:use rfc2307 = yes as explained in https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD That's a start. Unfortunately winbind is still giving my users GID number set to 100,
2016 Jul 04
2
[samba as AD] Hidden attributes
Hi all, Is there a way to extract the whole attributes of objects, even hidden attributes, using ldbsearch or any samba tool? Hidden attributes have to be hidden from ldapsearch which can be used through network and so, remotely. ldbsearch can be used only locally by root, which [should] limit who is using it, so perhaps I thought it was possible : )
2015 Nov 04
1
Local Administrators (group) and delegation in AD
On 04/11/15 15:09, mathias dufresne wrote: > As Davor wants to delegate I expect he does not want to give > Administrator password to these persons ;) And using a keytab to > avoid giving them the password is not a solution: they would be able > to perform everything they want on samba, which is certainly far from > the delegation he initially thought... Ah, what I posted was
2015 Nov 03
2
Local Administrators (group) and delegation in AD
On 03/11/15 08:10, Davor Vusir wrote: > > > No, Davor. That won't work. The delegated user account is not member > of 'AD\Domain Admins' which is member of the group > 'SERVER\Administrators'. You have to use the username map to be able > to add the first AD-group or account to 'SERVER\Administrators'. > No, Davor, you don't have to use a
2016 Apr 05
3
DNS issues after FSMO seize
For me: - SOA means where updates can be sent. - SOA can be one or several. - NS is a record to help non-authoritative name servers to find a valid name server for the zone they receive a request and they don't know anything about that zone. - SOA is often declared as NS, I agree. I explained this is not mandatory. There is no link between these two notions except they share a zone. You are
2016 Jun 14
2
Changing default UID/GID beginning for AD
2016-06-14 11:18 GMT+02:00 Rowland penny <rpenny at samba.org>: > On 14/06/16 09:50, mathias dufresne wrote: > >> >> >> 2016-06-13 18:27 GMT+02:00 Rowland penny <rpenny at samba.org <mailto: >> rpenny at samba.org>>: >> >> On 13/06/16 13:13, mathias dufresne wrote: >> >> I loved to find out how to achieve that.
2015 Oct 20
3
Samba 4 + Squidguardian
On 20/10/15 11:43, mathias dufresne wrote: > 2015-10-20 11:10 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > >> On 20/10/15 09:05, mathias dufresne wrote: >> >>> 2015-10-19 18:08 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com >>> <mailto:rowlandpenny241155 at gmail.com>>: >>> >>> >>> On
2015 Oct 20
2
Samba 4 + Squidguardian
On 20/10/15 09:05, mathias dufresne wrote: > > 2015-10-19 18:08 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com > <mailto:rowlandpenny241155 at gmail.com>>: > > On 19/10/15 16:46, mathias dufresne wrote: > > AD from Samba or Microsoft is mainly a database for storing > users (and > associated stuffs). It comes also with