Displaying 20 results from an estimated 10000 matches similar to: "AD, add computers delegation"
2016 Sep 02
1
AD, add computers delegation
Thank you Louis, I'll have a try!
And yep, you're so right about using groups rather than users, so that's
what we did ;)
I'll try to test that today and come back to tell yall how it went. Have
nice week-end if I can't come back today : )
M.
2016-09-02 16:09 GMT+02:00 L.P.H. van Belle via samba <samba at lists.samba.org
>:
> Hai Mathias.
>
> I think you
2015 Nov 04
1
Local Administrators (group) and delegation in AD
On 04/11/15 15:09, mathias dufresne wrote:
> As Davor wants to delegate I expect he does not want to give
> Administrator password to these persons ;) And using a keytab to
> avoid giving them the password is not a solution: they would be able
> to perform everything they want on samba, which is certainly far from
> the delegation he initially thought...
Ah, what I posted was
2015 Nov 03
2
Local Administrators (group) and delegation in AD
On 03/11/15 08:10, Davor Vusir wrote:
>
>
> No, Davor. That won't work. The delegated user account is not member
> of 'AD\Domain Admins' which is member of the group
> 'SERVER\Administrators'. You have to use the username map to be able
> to add the first AD-group or account to 'SERVER\Administrators'.
>
No, Davor, you don't have to use a
2016 Aug 30
3
AD, ACLs on LDAP objects not replicated?
Hi all,
Playing with delegation today we delegated rights to some user on some OU
and its contents for it can modify users inside that OU and children.
We used "advanced view" in ADUC then "properties" on our delegated OU, then
"security" tab, and finally we gave rights to our user.
Perhaps this process is not correct but we believe it is a valid process to
delegate
2015 Oct 29
2
Local Administrators (group) and delegation in AD
mathias dufresne skrev den 2015-10-29 14:31:
> I'm thick :D
> I don't really understand more :(
>
No. I'm having trouble explaining. Maybe these threads are more
enlightning:
https://lists.samba.org/archive/samba/2015-April/191020.html and
http://www.spinics.net/lists/samba/msg123646.html.
> Samba can share file, printers and when samba hosts a domain samba is also
2015 Oct 29
3
Local Administrators (group) and delegation in AD
On 2015-10-29 12:23, Rowland Penny wrote:
> On 29/10/15 09:47, Davor Vusir wrote:
>> On 2015-10-29 09:52, Rowland Penny wrote:
>>> On 29/10/15 08:34, Davor Vusir wrote:
>>>> Hi all!
>>>>
>>>> We have got many delegations in our AD. To add a certain
>>>> administrator group to the local Administrators group you can use
2015 Dec 07
2
Give users possibility to manage part of their AD account
Hi all,
Is there a way to give users (all AD users for a start) the possibility to
manage themselves some of their user attributes (as loginShell for example)?
Thanks and regards,
mathias
2016 Apr 05
2
DNS issues after FSMO seize
Ok Mathias..
I hoop this helps a bit.
https://technet.microsoft.com/nl-nl/library/cc816941(v=ws.10).aspx
now type :
nslookup -type=soa internal.domain.tld
or
nslookup -debug -type=soa internal.domain.tld
and look at
nslookup -debug -type=soa internal.domain.tld ip_of_a_NS1-server.
nslookup -debug -type=soa internal.domain.tld ip_of_a_NS2-server.
And see..
The soa record contains only
2015 Oct 30
2
Local Administrators (group) and delegation in AD
On 2015-10-29 21:32, Rowland Penny wrote:
> On 29/10/15 19:38, Davor Vusir wrote:
>>
>>
>> mathias dufresne skrev den 2015-10-29 14:31:
>>> I'm thick :D
>>> I don't really understand more :(
>>>
>>
>> No. I'm having trouble explaining. Maybe these threads are more
>> enlightning:
>>
2015 Oct 29
4
Local Administrators (group) and delegation in AD
On 2015-10-29 09:52, Rowland Penny wrote:
> On 29/10/15 08:34, Davor Vusir wrote:
>> Hi all!
>>
>> We have got many delegations in our AD. To add a certain
>> administrator group to the local Administrators group you can use GPO
>> for Windowsservers. As Samba does not understand GPO I have initially
>> used the "username map" feature to add a
2016 Apr 05
3
DNS issues after FSMO seize
For me:
- SOA means where updates can be sent.
- SOA can be one or several.
- NS is a record to help non-authoritative name servers to find a valid
name server for the zone they receive a request and they don't know
anything about that zone.
- SOA is often declared as NS, I agree. I explained this is not mandatory.
There is no link between these two notions except they share a zone.
You are
2016 Mar 29
2
Failed to modify SPNs on error in module acl: Constraint violation during LDB_MODIFY (19)
Hi Mathias and all.
Am Donnerstag, 24. März 2016, 13:26:12 CEST schrieb mathias dufresne:
> Hi,
>
> I'm glad that helped you : )
>
> About SPN, I found that link few days ago:
> https://adsecurity.org/?page_id=183
> It tries to list the string values available usable for SPN.
>
> And it gives also that link:
>
2015 Nov 16
2
No more replication for new DC
On 16/11/15 15:09, mathias dufresne wrote:
> That did not work. I've added DNS entries mentioned in that wiki page. I
> also forced creation of all entries mentioned by samba_dnsupdate
> --all-names --verbose.
> So I expect all needed DNS entries are present. If some are still missing
> they are not mentioned by samba_dnsupdate. And as samba_dnsupdate job is to
> create
2016 Mar 24
2
Failed to modify SPNs on error in module acl: Constraint violation during LDB_MODIFY (19)
Hi again,
Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann:
> Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne:
> Hi, Mathias and all
> thank you for your answer.
>
> > Hi all,
> >
> > SPN = servicePrincipalName
> >
> > A simple search returning all servicePrincipalName declared in your AD:
> > ldbsearch -H $sam
2016 May 23
1
linux server a memeber of AD (with use of realm) - and samba?
2016-05-19 19:06 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 19/05/16 17:37, lejeczek wrote:
>
>>
>>
>> On 19/05/16 16:49, Rowland penny wrote:
>>
>>> On 19/05/16 15:50, lejeczek wrote:
>>>
>>>> fellow users
>>>>
>>>> I'd like to ask is it possible, and if yes what's the correct way to
2016 Mar 03
3
AD, multiple DC, some DC without DNS at all
Hi all,
Thank you Mark for these precisions.
I did switch a DC to --dns-backend=NONE using samba-tool domain join. This
removed dns-<DCname> user for this DC and associated keytab.
We changed /etc/resolv.conf to use another DC - one with Bind running - as
nameserver.
Stopping there, running samba_dnsupdate gave error "NOTAUTH".
As we want our DC being able to push into DNS
2016 Aug 30
2
set UPN / SPN from samba-tool.
2016-08-30 16:10 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Tue, 30 Aug 2016 15:58:13 +0200
> mathias dufresne via samba <samba at lists.samba.org> wrote:
>
> > And reading last mails comforts me in believing the filter used by
> > client side to retrieve user is not correct, that filter should use
> > SPN then you won't need to
2016 Aug 30
2
set UPN / SPN from samba-tool.
And reading last mails comforts me in believing the filter used by client
side to retrieve user is not correct, that filter should use SPN then you
won't need to set up SPN into UPN field.
2016-08-30 15:55 GMT+02:00 mathias dufresne <infractory at gmail.com>:
> Hi Louis,
>
>
> 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba <
> samba at lists.samba.org>:
>
2016 Feb 05
2
[samba4ad] Duplicate attributes list ?
Hi all,
I just add into my AD a user with different values for attributes "CN" and
"name".
Here is an extract of the LDIF used to add this user:
------------------------------------------------------------------------------------
dc202:~# egrep 'cn:|name:' mathias.ldif
cn: Mathias Dufresne (CN)
*name: mathias.dufresne*
2016 Mar 29
5
Permission denied on GPT.ini (Event ID 1058)
Complete event id of :
> But still, events log show a warning about kerberos ticket from LsaSrv
> source and right after a permission denied on GPT.ini
And a getfacl of the problem GPO SID please, i'll check.
And a output of ipconfig /all on the problem pc.
And question, dedicated IP or dhcp IP?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba