similar to: AD, add computers delegation

Thank you Louis, I'll have a try! And yep, you're so right about using groups rather than users, so that's what we did ;) I'll try to test that today and come back to tell yall how it went. Have nice week-end if I can't come back today : ) M. 2016-09-02 16:09 GMT+02:00 L.P.H. van Belle via samba <samba at lists.samba.org >: > Hai Mathias. > > I think you

On 04/11/15 15:09, mathias dufresne wrote: > As Davor wants to delegate I expect he does not want to give > Administrator password to these persons ;) And using a keytab to > avoid giving them the password is not a solution: they would be able > to perform everything they want on samba, which is certainly far from > the delegation he initially thought... Ah, what I posted was

On 03/11/15 08:10, Davor Vusir wrote: > > > No, Davor. That won't work. The delegated user account is not member > of 'AD\Domain Admins' which is member of the group > 'SERVER\Administrators'. You have to use the username map to be able > to add the first AD-group or account to 'SERVER\Administrators'. > No, Davor, you don't have to use a

Hi all, Playing with delegation today we delegated rights to some user on some OU and its contents for it can modify users inside that OU and children. We used "advanced view" in ADUC then "properties" on our delegated OU, then "security" tab, and finally we gave rights to our user. Perhaps this process is not correct but we believe it is a valid process to delegate

mathias dufresne skrev den 2015-10-29 14:31: > I'm thick :D > I don't really understand more :( > No. I'm having trouble explaining. Maybe these threads are more enlightning: https://lists.samba.org/archive/samba/2015-April/191020.html and http://www.spinics.net/lists/samba/msg123646.html. > Samba can share file, printers and when samba hosts a domain samba is also

On 2015-10-29 12:23, Rowland Penny wrote: > On 29/10/15 09:47, Davor Vusir wrote: >> On 2015-10-29 09:52, Rowland Penny wrote: >>> On 29/10/15 08:34, Davor Vusir wrote: >>>> Hi all! >>>> >>>> We have got many delegations in our AD. To add a certain >>>> administrator group to the local Administrators group you can use

Hi all, Is there a way to give users (all AD users for a start) the possibility to manage themselves some of their user attributes (as loginShell for example)? Thanks and regards, mathias

Ok Mathias.. I hoop this helps a bit. https://technet.microsoft.com/nl-nl/library/cc816941(v=ws.10).aspx now type : nslookup -type=soa internal.domain.tld or nslookup -debug -type=soa internal.domain.tld and look at nslookup -debug -type=soa internal.domain.tld ip_of_a_NS1-server. nslookup -debug -type=soa internal.domain.tld ip_of_a_NS2-server. And see.. The soa record contains only

On 2015-10-29 21:32, Rowland Penny wrote: > On 29/10/15 19:38, Davor Vusir wrote: >> >> >> mathias dufresne skrev den 2015-10-29 14:31: >>> I'm thick :D >>> I don't really understand more :( >>> >> >> No. I'm having trouble explaining. Maybe these threads are more >> enlightning: >>

On 2015-10-29 09:52, Rowland Penny wrote: > On 29/10/15 08:34, Davor Vusir wrote: >> Hi all! >> >> We have got many delegations in our AD. To add a certain >> administrator group to the local Administrators group you can use GPO >> for Windowsservers. As Samba does not understand GPO I have initially >> used the "username map" feature to add a

For me: - SOA means where updates can be sent. - SOA can be one or several. - NS is a record to help non-authoritative name servers to find a valid name server for the zone they receive a request and they don't know anything about that zone. - SOA is often declared as NS, I agree. I explained this is not mandatory. There is no link between these two notions except they share a zone. You are

Hi Mathias and all. Am Donnerstag, 24. März 2016, 13:26:12 CEST schrieb mathias dufresne: > Hi, > > I'm glad that helped you : ) > > About SPN, I found that link few days ago: > https://adsecurity.org/?page_id=183 > It tries to list the string values available usable for SPN. > > And it gives also that link: >

On 16/11/15 15:09, mathias dufresne wrote: > That did not work. I've added DNS entries mentioned in that wiki page. I > also forced creation of all entries mentioned by samba_dnsupdate > --all-names --verbose. > So I expect all needed DNS entries are present. If some are still missing > they are not mentioned by samba_dnsupdate. And as samba_dnsupdate job is to > create

Hi again, Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann: > Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: > Hi, Mathias and all > thank you for your answer. > > > Hi all, > > > > SPN = servicePrincipalName > > > > A simple search returning all servicePrincipalName declared in your AD: > > ldbsearch -H $sam

2016-05-19 19:06 GMT+02:00 Rowland penny <rpenny at samba.org>: > On 19/05/16 17:37, lejeczek wrote: > >> >> >> On 19/05/16 16:49, Rowland penny wrote: >> >>> On 19/05/16 15:50, lejeczek wrote: >>> >>>> fellow users >>>> >>>> I'd like to ask is it possible, and if yes what's the correct way to

Hi all, Thank you Mark for these precisions. I did switch a DC to --dns-backend=NONE using samba-tool domain join. This removed dns-<DCname> user for this DC and associated keytab. We changed /etc/resolv.conf to use another DC - one with Bind running - as nameserver. Stopping there, running samba_dnsupdate gave error "NOTAUTH". As we want our DC being able to push into DNS

2016-08-30 16:10 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Tue, 30 Aug 2016 15:58:13 +0200 > mathias dufresne via samba <samba at lists.samba.org> wrote: > > > And reading last mails comforts me in believing the filter used by > > client side to retrieve user is not correct, that filter should use > > SPN then you won't need to

And reading last mails comforts me in believing the filter used by client side to retrieve user is not correct, that filter should use SPN then you won't need to set up SPN into UPN field. 2016-08-30 15:55 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Hi Louis, > > > 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba < > samba at lists.samba.org>: >

Hi all, I just add into my AD a user with different values for attributes "CN" and "name". Here is an extract of the LDIF used to add this user: ------------------------------------------------------------------------------------ dc202:~# egrep 'cn:|name:' mathias.ldif cn: Mathias Dufresne (CN) *name: mathias.dufresne*

Complete event id of : > But still, events log show a warning about kerberos ticket from LsaSrv > source and right after a permission denied on GPT.ini And a getfacl of the problem GPO SID please, i'll check. And a output of ipconfig /all on the problem pc. And question, dedicated IP or dhcp IP? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba