similar to: Extending the AD schema

Hi Andrew, Thanks for the info. A backup before hand was always on the to do list. ;) Any idea when we can expect 4.5? It's looking like this "urgent" project can be delayed a bit if necessary. regards, John On 05/09/16 17:55, Andrew Bartlett via samba wrote: > On Mon, 2016-09-05 at 10:23 +1000, John Gardeniers via samba wrote: >> We're looking at implementing

On Mon, 2016-09-05 at 10:23 +1000, John Gardeniers via samba wrote: > We're looking at implementing Sudoers LDAP on our Samba 4 AD domain.  > While this worked perfectly in a test environment previously, I am  > always extremely nervous about the possibility of stuffing things up > on  > production. > > Given a domain with multiple DCs (two in our case), should I do add

Hi Andrew, I don't understand why 2 systems running the exact same version of Samba have different behaviour. Is this an option I can disable? regards, John On 19/04/16 11:29, Andrew Bartlett wrote: > On Tue, 2016-04-19 at 10:29 +1000, John Gardeniers wrote: >> I'm setting up a test domain in order to try out Sudoers LDAP and >> have >> run into a problem that has

Has anyone here managed to get sudo working with Samba 4 AD users, using either ldap or sssd, with sssd preferred? If so, can you please point me in the direction of whatever instructions you used? It seems like there are a bunch of tutorials on the subject, each with different, and sometimes conflicting, information but none of those I've tried work for me. regards, John

We're upgrading (Sernet) Samba 4.2 to 4.4. As recommended on this page: https://wiki.samba.org/index.php/Updating_Samba, I have upgraded one of out 2 DCs, the one that does not have any FSMO roles. We will spend the next week making sure everything works as expected. So far, so good. One thing I'm not clear on is whether I should move the FSMO roles to the upgraded DC before upgrading

I'm setting up a test domain in order to try out Sudoers LDAP and have run into a problem that has my puzzled. On our production domain I can run a query such as: ldapsearch -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b "dc=ourdomain,dc=com,dc=au" -s sub However, running an equivalent search on a freshly installed test domain, using the exact same version of Samba

On Mon, 2016-05-02 at 07:44 +1000, John Gardeniers wrote: > Hi Andrew, > > Please elaborate, as we're about to put it on Samba 4.2. Thanks. Please don't use 4.2 with the sudo schema. At a client, we have seen that cause database corruption when combined with multiple DCs, specifically duplicate values in the database that sssd really didn't like. It will also require you

On Thu, 21 Apr 2016, John Gardeniers wrote: > Good news, I now have this working. Once I finish writing my notes I'll make > them available to whoever might want them. Good to hear. I tried to get his working by following some of the online docs and the sudoers docs, and never did get it to work. It'd be great if someone could put this up on the Samba wiki when it's

On Thu, 2016-04-21 at 15:40 +1000, John Gardeniers wrote: > Good news, I now have this working. Once I finish writing my notes > I'll > make them available to whoever might want them. Just to clarify > things a > bit, here is what we have and what we wanted: > > * Linux users are authenticated by the Samba 4 domain controllers via > SSSD, which itself uses LDAP. >

Hi Rowland, You say that winbind can do anything that sssd can, yet I've not been able to find winbind instructions similar to these for sssd: http://jhrozek.livejournal.com/3860.html Do you know of such instructions? More particularly, do you know how with winbind we can lock sudoers down to specific OUs? We need to do a lot more than basic authentication and simple file sharing. From

Hi, testparm -v | grep 'ldap serve' Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press enter to see a dump of your service definitions ldap server require

Hi guys and congrats for bringing a fantastic project to the open source world. I' ve setup a samba4 pdc succefully and i am able to do domain logins. I was also able to add the automount schema into the ldb. But when it comes to sudoers schema i cant import it in. Further system details: Debian wheezy 7, samba 4.0.6 compiled from source, sudo-ldap standard binary package from repos. I have

Hi Rowland, Those low numbers you refer to are in fact the standard numbers assigned to those groups, so I fail to see the problem. As for mapping Administrator to root, I believe that's entirely optional, rather than required. Under normal circumstances we don't use the domain Administrator account at all. We have a root account we use instead. In regard to winbind, we have never

You either have to list the full group name in sudoers IE: DOMIN\groupname or use the option "winbind use default domain = yes" for one thing. I'm not sure if you need enumeration but I like seeing domain users and groups with getent so I have the options winbind enum users = yes winbind enum groups = yes On Mon, May 2, 2016 at 6:11 AM, Sketch <smblist at rednsx.org> wrote:

This uses time, ASLR and pid for randomisation. (Closes: #516774) Signed-off-by: Thorsten Glaser <tg at mirbsd.org> --- usr/include/stdlib.h | 2 + usr/klibc/Kbuild | 2 +- usr/klibc/mkstemp.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 96 insertions(+), 1 deletions(-) create mode 100644 usr/klibc/mkstemp.c diff --git a/usr/include/stdlib.h

Hi everyone i wish to add the Microsoft Active Directory schema from the sudo package to my samba4 ADC, from what i have researched this is what i should do, the Microsoft Active Directory schema and the instructions are from the sudo package, the sudo_user file is an example from the man page. ldbadd -H /etc/samba/private/sam.ldb \ schema.ActiveDirectory \ --option="dsdb:schema

We're using the Sernet Samba v4.2.4 with internal DNS and I can't find the DNS logs. Where does the Samba 4 internal DNS log queries? Thanks. regards, John

On 11/4/2015 4:13 PM, John Gardeniers wrote: > Nobody? Surely somebody knows where Samba 4 logs its DNS queries, or > was this was a huge oversight and the internal DNS doesn't get logged > at all, as appears to be suggested by my utter failure to locate such > logs. > > On 28/10/15 14:28, John Gardeniers wrote: >> We're using the Sernet Samba v4.2.4 with

IMHO: no real need to move FSMO before upgrading FSMO owner if no real load. FSMO are roles which make one DC different of others DC on one specific point (for each role). As long as you don't do something which requires FSMO role you won't use FSMO roles, so no matter. Things which triggers FSMO usage are modifying the schema (don't do that during upgrade), reaching RID pool limit on

Hi Rowland, I Upgraded from Samba 4.4.2 and we have tried the FQDN without success. regards, John On 21/11/16 08:02, Rowland Penny via samba wrote: > On Mon, 21 Nov 2016 07:42:30 +1100 > John Gardeniers via samba <samba at lists.samba.org> wrote: > >> Hi Louis, >> >> While it wasn't spelled out, it was firmly implied in my previous >> message that