similar to: Choosing a samba version for DC use

On Fri, 2 Dec 2016 09:33:31 +0000 Brian Candler via samba <samba at lists.samba.org> wrote: > Do people have any recommendations on which Samba version to choose > for production use, as a domain controller and authentication > database for 802.1x only? (i.e. no file sharing) > > I note that: > > * CentOS 7 comes with samba 4.2.10 - labelled as "do not use"

On 02/12/2016 09:48, Rowland Penny wrote: > It all depends on what you mean by 'compelling';-) I was thinking of any important new functionality that I wouldn't want to be without. As one example: I read that Samba isn't (or wasn't) able to replicate SYSVOL automatically: having that implemented would save me having to rsync SYSVOL around. Looking at the history page

Under ubuntu 16.04, compiling samba 4.5.1 from source, I've created an initial DC and a replica DC by following: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory For the second one I had to add the extra DNS records as per:

I tried to run this script on a system running 4.5.15 built from source under Ubuntu 16.04, but I get the following exception: # PYTHONPATH="/usr/local/samba/lib/python2.7/site-packages/" ./samba_CVE-2018-1057_helper --lock-pwchange Temporarily overriding 'dsdb:schema update allowed' setting Traceback (most recent call last):   File "./samba_CVE-2018-1057_helper",

I am trying to install samba 4.5.1 from source, as a domain controller only, under Ubuntu 16.04, with ZFS filesystem (actually inside an lxd container with ZFS backing). Out-of-the-box, samba-tool domain provision does not like the filesystem: ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix

4.4.5 seems to work fine for me too, so I guess it is a regression from changes added to 4.4.6 and 4.5.0? On 10/21/2016 3:12 PM, Arthur Ramsey wrote: > I can confirm that rolling back to 4.4.4 resolved the issues for me. > I had the same problem with 4.4.6. > > Thanks, > Arthur This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH

On 06/12/2016 16:06, Brian Candler wrote: > Ah OK... I've just seen Rowland's reply, "Just don't use ZFS". That's > clear enough :-) FYI, I rebuilt the system using btrfs but initially I got the same issue [^1] It turns out this came from running inside an unprivileged lxd container. After setting "security.privileged true" it was happy. So I guess

Hi I'm getting Jun 11 13:12:46 "Fatal: Can't open configuration file /home/dovecot/dovecot-pgsql.conf: Permission denied this file have fulle permissions and has belonged to dovecot and root but still no joy what am i missing must be something stupid on this side Thanks for the previos comments about scripting I am swithcing to postgress for the mail env and will look at mysql

I inherited an AD "domain" which is running Ubuntu 14.04, with Samba 4.1.6 with "built-in" AD-DNS. The network has only one AD server, which runs on KVM as a guest - (convenient so I can make backups and test stuff without breaking my network. We have around 500 users on the system, and I'm trying to upgrade to 16.04 and a more current version of Samba without making all

I have recently added a DC to my AD - Former DC was Samba 4.1.6, new DC is 4.3.11 (latest supported by Ubuntu). There's also a Window 2008 server I had tried to join as an AD - that server, wouldn't completely join and replicate to the 4.1.6 samba AD, and now it will not Un-join the AD "domain" either via dcpromo. This brings me to my actual question - Now that I have

On Tue, 2 Jun 2020 at 18:48, Brian Candler <b.candler at pobox.com> wrote: [about ssh -Q ssh_config_keyword] > There is also "-Q key-sig" in recent versions (not sure exactly how recent, but 7.6 doesn't have it) Added in the same commit (Feb this year), first released in 8.3: https://github.com/openssh/openssh-portable/commit/d4d9e1d40514e2746f9e05335d646512ea1020c6 --

Hello, I have a linux server that is joined to our domain that has multiple Domain Controllers at multiple sites. The DCs are all synced together and this is a Windows Server 2003 environment. I configured a linux server to join the domain using winbind (security = ads). That is, it was joined with "net ads join -U user@DOMAIN.COM" When I configured the server, I installed krb5 but

On 09/12/2016 15:55, Rowland Penny wrote: >> But did you give Domain Users a gid? If you don’t do that, winbind >> and getent will not find any UNIX users (doesn’t matter if the users >> have a uid and gid within the range you’ve specified in smb.conf). >> It’s been a while since I had this problem - my memory is it’s not >> clearly mentioned in the wiki at all.

The following program is a minor variant on the sample given in the README with eventmachine-0.8.1. I am running under CentOS 4.5 (kernel 2.6.9-55.0.2.plus.c4) with a ruby-1.8.5 RPM from the CentOS testing repository. When I run it, I find that set_comm_inactivity_timeout doesn''t do anything. That is, if I client opens a connection, it stays open indefinitely. However, if I comment out

Hi! I just gave GlusterFS a try and experienced two problems. First some background: - I want to set up a file server with synchronous replication between branch offices, similar to Windows DFS-Replication. The goal is _not_ high-availability or cluster-scaleout, but just having all files locally available at each branch office. - To test GlusterFS, I installed two virtual machines

Hi Guys, I have 2 servers with a fresh install of glusterfs and I am seeing a very high CPU load.? I am trying to just do a very basic config to get this started and for the life of me, I don't know what could be causing it.? The CPU goes up to 100% across all 4 CPU's on each gluster node and I am seeing timeouts coming from the vms that I am testing with.? I simply copied the

Hello, I'm compiling glusterfs for a debian squeeze. When I do a make command, I see These parameter: GlusterFS configure summary =========================== FUSE client: yes Infiniband verbs: yes epoll IO multiplex: yes argp-standalone: no fusermount: no readline: no georeplication: yes I would like to create a package that can be used both as a client and a server. I'm not interested

On 12/11/2016 8:59 AM, Brian Candler via samba wrote: > On 10/12/2016 16:25, Brian Candler wrote: >> I think there's plenty of emphasis now, but I think there is a part >> which is misleading: >> >> > To enable Samba to retrieve user and group information from Active >> Directory (AD): >> > >> > * Users must have at least the uidNumber

Yeah, i have an output of log level 10 while i do a wbinfo -u. As for the packages below. 4.1.17, yes, im upgrading these as we speak, but now on hold due to this problem. 4.2.20 .. error typo, is Version 4.2.10-Debian 4.3.7.. yeah, but 4.3.8 is not in debian, the 4.3.7 is the package version debian used for the latest CVE fixes. Im waiting until 4.4.2 is out of experimental so i can

On 30/01/2020 12:53, Michael Str?der wrote: > On 1/30/20 1:27 PM, Brian Candler wrote: >> I am trying to work out the best way to issue SSH certificates in such >> way that they only allow access to specific usernames*and* only to >> specific groups of host. > I also thought about this for a while. The only idea I came up with is > to have separate CAs used as trust