similar to: Samba4 With extern LDAP

Displaying 20 results from an estimated 2000 matches similar to: "Samba4 With extern LDAP"

2017 May 05
2
Memory leak in samba-ad-dc on 4.5.x not related to aio?
On Fri, May 05, 2017 at 10:21:05AM +0200, Sven Schwedas wrote: > On 2017-05-05 10:09, Volker Lendecke wrote: > > On Fri, May 05, 2017 at 09:42:47AM +0200, Sven Schwedas via samba wrote: > >>> root 9988 0.8 59.4 1571936 606488 ? S Apr26 114:41 /usr/sbin/samba > > > > Can you post /proc/9988/smaps somewhere? > > Sure,
2016 Sep 28
2
Good Bye SAMBA?!?!?
Am 28.09.2016 um 04:01 schrieb Steve Litt via samba: > Why would ANYBODY type a command when they could perform a bunch of > mouse clicks. Better yet, you can automate Windows tools with a screen > scraper and a keyboard injector, or with a top notch language like > Powershell or Visual Basic *lol* why would ANYBODY click in a GUI when he have a console - and i mean that really
2017 Aug 24
5
sysvolreset doesn't reset all ACLs
Ok, rechecked this, your correct. This did work fine. In now at samba 4.6.7, you? This worked untill ( last i checked ) 4.6.5 :-(( now sysvolreset is totaly broken. :-(( New thing for my ToDo list.. Try this script, the rights are my defaults "after a sysvol reset" Place the script somewhere within /var/lib/samba Preffered that location . Run it with : bash script.sh sysvol/ !
2017 Sep 05
3
Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
Today's episode of "why is AD break", brought to you by: > [2017/09/05 10:17:06.015617, 3] ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not registered with our KDC: Miscellaneous failure (see text): Server (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > [2017/09/05 10:17:06.015717, 0]
2017 May 18
4
Does WannaCry Ransmonware affect Samba?
Hello, Up till today I have only heard that it affects Windows clients and Servers. However I received this today that sparked my question https://ics-cert.us-cert.gov/sites/default/files/FactSheets/ICS-CERT_FactSheet_WannaCry_Ransomware.pdf This suggests blocking port 445 for Samba specifically. First wouldn't blocking port 445 break all file and printer sharing functionality?
2017 Sep 05
4
Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
> Keytabs look reasonable, as far as I can see, but why does > graz-dc-sem have the same SPN output as graz-dc-1b in > addition to its own? A snapshotted server/cloned server? I dont know but thats not correct. I suggest, cleanup the DS with FSMO roles. Then remove a failty server and re-add it as a new installed DC. ( the good DS with FSMO) First backup:
2019 Jul 29
2
Upgrading your Samba AD-DC from Stretch to Buster, used samba 4.10.6.
Hai guys, After a few messages on the list on Buster, i decided to upgrade one of my production AD-DC's and see what happens. If noticed a few things here, so here are the steps and changes i made to upgrade and have a correct working AD-DC after the upgrade. Setup is as followed: Debian Stretch AD-DC with Bind9 DLZ and ntp time. This is still the base i used for my AD-DC
2017 May 05
2
Memory leak in samba-ad-dc on 4.5.x not related to aio?
On somewhat long-running samba AD DC instances (4.5.8-Debian, Stretch), we're seeming massive RAM utilization even with little/no clients connected: > USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND > root 9937 0.0 0.7 532004 7364 ? Ss Apr26 0:00 /usr/sbin/samba > root 9980 0.0 0.4 532004 4304 ? S Apr26 0:00
2019 Apr 23
2
How to get users last Login time
On Tue, 23 Apr 2019 17:12:37 +0200 Sven Schwedas via samba <samba at lists.samba.org> wrote: > https://docs.microsoft.com/en-us/windows/desktop/adschema/a-lastlogontimestamp > > Works on Samba AD as on Windows and can be queried by any LDAP client > and used in Bash/Powershell scripts. There's probably finished scripts > somewhere you can use. > Yes, you could use
2017 Aug 24
4
sysvolreset doesn't reset all ACLs
> root at graz-dc-1b:~# samba --version > Version 4.5.8-Debian > root at graz-dc-1b:~# samba-tool ntacl sysvolreset && echo "no error" > no error > root at graz-dc-1b:~# samba-tool ntacl sysvolcheck > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory
2019 Jun 14
5
Spring Cleanup / Migrating Samba 4.5 to 4.10
With some slight delay, we did actually manage to get all our old wonky compatibility solutions nuked (turned out there were a few more lurking in the shadows than expected?). Mail servers are no longer domain joined, and unencrypted LDAP is finally gone, together with the terrible PHP scripts that needed it. Which allowed me to finally cleanup all the samba setups:
2017 Nov 13
2
Winbind error "Could not fetch our SID - did we join?"
/etc/hostname:villach-file /etc/hosts:# The following lines are desirable for IPv6 capable hosts /etc/hosts:::1 localhost ip6-localhost ip6-loopback /etc/hosts:ff02::1 ip6-allnodes /etc/hosts:ff02::2 ip6-allrouters /etc/hosts:127.0.0.1 localhost /etc/hosts:192.168.16.214 villach-file /etc/krb5.conf:[libdefaults] /etc/krb5.conf: default_realm = AD.TAO.AT /etc/krb5.conf: dns_lookup_realm = true
2019 Aug 26
2
CPU and Memory requirements for host OS ( CentOS 7.6) on Dell Poweredge R630 server
Hi, I am running Dell R630 Poweredge 1U with 32 cores vCPU's and 96 GB RAM. What should be the minimum numbers of CPU cores and memory that should be reserved for host OS (CentOS 7.6) and the remaining CPU cores and memory resources to be allocated for Guest OS? I look forward to hearing from you and thanks in advance. Best Regards, Kaushal
2017 Nov 13
2
Winbind error "Could not fetch our SID - did we join?"
On Mon, 13 Nov 2017 14:32:11 +0100 Sven Schwedas via samba <samba at lists.samba.org> wrote: > Making no additional changes to the configuration, using "net ads > join" instead of "samba-tool domain join" immediately worked. I'd be > really curious where's the difference between the two and why > samba-tool pretends to not have run into any errors…
2017 Apr 20
2
NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
On 2017-04-07 13:44, Sven Schwedas via samba wrote: > In the end I just upgraded all DCs to 4.5 and remote-deleted the broken > ones. Seemed to work without a hitch, manual removal was only necessary > to remove the IPs from DNS\_msdcs.ourdomain\gc\. Apparently not, adding new DCs failed with "WERR_DS_DATABASE_ERROR". `samba-tool dbcheck --fix` solved that. With that out of
2017 Mar 30
1
NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC
> > – I noticed a typo in the server's `netbios name` setting, corrected > it, and restarted the DC Where did you change this, in smb.conf or /etc/hosts ?? By default netbios name is adapted from the hostname. If you changed the hostname you might have found the source of your problem. > > – Noticed I had problems with the LDAP SSL certificates for this node > and
2017 Sep 08
3
Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
On 2017-09-08 14:21, Rowland Penny via samba wrote: > OK, you have convinced me ;-) If you know any other part of AD DNS that is tricky, I'd be interested to know before AD blows up again. ;-) > Seeing how you seem to know the required 'magic', do you feel up to > sharing it, if you do I will add a page to the Samba wiki. What magic? How to set up dnsmasq as caching proxy?
2017 Nov 13
2
Winbind error "Could not fetch our SID - did we join?"
On Mon, 13 Nov 2017 15:20:05 +0100 Sven Schwedas <sven.schwedas at tao.at> wrote: > > > PS, your configs are still wrong. > > It would be *really* helpful if you explained *why*. Sprinkling magic > pixie dust over random config files isn't exactly purposeful > debugging. > Lets start with /etc/krb5.conf Samba doesn't need most of what you will find in it,
2019 Apr 24
1
How to get users last Login time
On Wed, 24 Apr 2019 11:00:39 +0200 Sven Schwedas via samba <samba at lists.samba.org> wrote: > > https://blogs.technet.microsoft.com/askds/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works/ > > It was literally designed for *this exact use case*. > Yes, but not very well ;-) It actually says 'the lastLogontimeStamp will be 9-14
2018 Jan 23
2
a word of warning
Hi, I'd like to report something here, so it will not happen to others. We moved all disabled users in our samba AD to a dedicated folder in ADUC, which we called 'disabled'. A little while after we did that, our network started 'falling apart'. Some things still worked, others did not. I could for example no longer start ADUC, some users could not logon or map drives, etc,