similar to: Give users possibility to manage part of their AD account

Hi, Following that link https://support.microsoft.com/en-us/kb/932455 we created a delegation to permit some group to add computers into AD. That works except if some computer with same name was already added (even if this computer with same name was previously cleanly removed from AD). Anyone who has idea what we missed? Cheers, M.

2016-06-13 18:27 GMT+02:00 Rowland penny <rpenny at samba.org>: > On 13/06/16 13:13, mathias dufresne wrote: > >> I loved to find out how to achieve that. >> >> I did looked for information, all I found was that: >> >>

2015-06-30 12:42 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > On 30/06/15 11:17, mathias dufresne wrote: > >> @Andrew: I expect these lines came from RDP issue workaround which should >> be happening with previous Samba version. I removed all these lines as >> now, >> with 4.2.2 Samba version RDP and RSAT are working well without them. >>

Hi all, Playing with delegation today we delegated rights to some user on some OU and its contents for it can modify users inside that OU and children. We used "advanced view" in ADUC then "properties" on our delegated OU, then "security" tab, and finally we gave rights to our user. Perhaps this process is not correct but we believe it is a valid process to delegate

@Andrew: I expect these lines came from RDP issue workaround which should be happening with previous Samba version. I removed all these lines as now, with 4.2.2 Samba version RDP and RSAT are working well without them. I removed also each and every idmap lines, commented most of winbind lines too and now my smb.conf is: ------------------------------------------------------------ [global]

Thank you Louis, I'll have a try! And yep, you're so right about using groups rather than users, so that's what we did ;) I'll try to test that today and come back to tell yall how it went. Have nice week-end if I can't come back today : ) M. 2016-09-02 16:09 GMT+02:00 L.P.H. van Belle via samba <samba at lists.samba.org >: > Hai Mathias. > > I think you

Hi all, I'm wondering about winbind[d] behaviour. I tried the following with: auth methods = sam winbindd and the same with only one d: auth methods = sam winbind One user: ldbsearch -H $sam '(cn=another.fakeuser)' homeDirectory loginShell gidnumber uidnumber # record 1 dn: CN=another.fakeuser,OU=a,OU=Standards,OU=Utilisateurs,DC=ad,DC=dgfip homeDirectory: */home/another.fakeuser*

I loved to find out how to achieve that. I did looked for information, all I found was that: https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS Unfortunately it seems to list all users (I don't know these MS commands but "Get-AdUser -Filter"...) then sending that list to something to

Ok Mathias.. I hoop this helps a bit. https://technet.microsoft.com/nl-nl/library/cc816941(v=ws.10).aspx now type : nslookup -type=soa internal.domain.tld or nslookup -debug -type=soa internal.domain.tld and look at nslookup -debug -type=soa internal.domain.tld ip_of_a_NS1-server. nslookup -debug -type=soa internal.domain.tld ip_of_a_NS2-server. And see.. The soa record contains only

On 2015-11-10 at 13:57 +0000, Rowland Penny wrote: > On 10/11/15 13:42, mathias dufresne wrote: > >Thank you for this quick answer Louis. > > > >On DC: > > > >On DC I had to add one line to have winbind retrieving uidNumber AD field > >rather than having Winbind chosing some random UID for my users. > >This line is: > > > >idmap_ldb:use

I have to assume much, I'll try. So... - No AD, that's some NT4 domain. - No Winbind because Winbind is using samacccountname as user login and not UID. - Issue happens on Linux or UNIX clients. The question is what tool (SSSD, pam_ldap / nss_ldap, nslcd...) are you using to retrieve information from LDAP to forge users on system side. Once you get an answer to this previous question

Hi all, How can we configure winbind to retrieve uidNumber and gidNumber declared in AD? Thanks and regards, mathias

Thank you for this quick answer Louis. On DC: On DC I had to add one line to have winbind retrieving uidNumber AD field rather than having Winbind chosing some random UID for my users. This line is: idmap_ldb:use rfc2307 = yes as explained in https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD That's a start. Unfortunately winbind is still giving my users GID number set to 100,

Hi all, Is there a way to extract the whole attributes of objects, even hidden attributes, using ldbsearch or any samba tool? Hidden attributes have to be hidden from ldapsearch which can be used through network and so, remotely. ldbsearch can be used only locally by root, which [should] limit who is using it, so perhaps I thought it was possible : )

On 04/11/15 15:09, mathias dufresne wrote: > As Davor wants to delegate I expect he does not want to give > Administrator password to these persons ;) And using a keytab to > avoid giving them the password is not a solution: they would be able > to perform everything they want on samba, which is certainly far from > the delegation he initially thought... Ah, what I posted was

On 03/11/15 08:10, Davor Vusir wrote: > > > No, Davor. That won't work. The delegated user account is not member > of 'AD\Domain Admins' which is member of the group > 'SERVER\Administrators'. You have to use the username map to be able > to add the first AD-group or account to 'SERVER\Administrators'. > No, Davor, you don't have to use a

For me: - SOA means where updates can be sent. - SOA can be one or several. - NS is a record to help non-authoritative name servers to find a valid name server for the zone they receive a request and they don't know anything about that zone. - SOA is often declared as NS, I agree. I explained this is not mandatory. There is no link between these two notions except they share a zone. You are

2016-06-14 11:18 GMT+02:00 Rowland penny <rpenny at samba.org>: > On 14/06/16 09:50, mathias dufresne wrote: > >> >> >> 2016-06-13 18:27 GMT+02:00 Rowland penny <rpenny at samba.org <mailto: >> rpenny at samba.org>>: >> >> On 13/06/16 13:13, mathias dufresne wrote: >> >> I loved to find out how to achieve that.

On 20/10/15 11:43, mathias dufresne wrote: > 2015-10-20 11:10 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > >> On 20/10/15 09:05, mathias dufresne wrote: >> >>> 2015-10-19 18:08 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com >>> <mailto:rowlandpenny241155 at gmail.com>>: >>> >>> >>> On

On 20/10/15 09:05, mathias dufresne wrote: > > 2015-10-19 18:08 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com > <mailto:rowlandpenny241155 at gmail.com>>: > > On 19/10/15 16:46, mathias dufresne wrote: > > AD from Samba or Microsoft is mainly a database for storing > users (and > associated stuffs). It comes also with