similar to: Choosing a samba version for DC use

On Fri, 2 Dec 2016 09:33:31 +0000 Brian Candler via samba <samba at lists.samba.org> wrote: > Do people have any recommendations on which Samba version to choose > for production use, as a domain controller and authentication > database for 802.1x only? (i.e. no file sharing) > > I note that: > > * CentOS 7 comes with samba 4.2.10 - labelled as "do not use"

On 02/12/2016 09:48, Rowland Penny wrote: > It all depends on what you mean by 'compelling';-) I was thinking of any important new functionality that I wouldn't want to be without. As one example: I read that Samba isn't (or wasn't) able to replicate SYSVOL automatically: having that implemented would save me having to rsync SYSVOL around. Looking at the history page

Under ubuntu 16.04, compiling samba 4.5.1 from source, I've created an initial DC and a replica DC by following: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory For the second one I had to add the extra DNS records as per:

I tried to run this script on a system running 4.5.15 built from source under Ubuntu 16.04, but I get the following exception: # PYTHONPATH="/usr/local/samba/lib/python2.7/site-packages/" ./samba_CVE-2018-1057_helper --lock-pwchange Temporarily overriding 'dsdb:schema update allowed' setting Traceback (most recent call last):   File "./samba_CVE-2018-1057_helper",

I am trying to install samba 4.5.1 from source, as a domain controller only, under Ubuntu 16.04, with ZFS filesystem (actually inside an lxd container with ZFS backing). Out-of-the-box, samba-tool domain provision does not like the filesystem: ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix

4.4.5 seems to work fine for me too, so I guess it is a regression from changes added to 4.4.6 and 4.5.0? On 10/21/2016 3:12 PM, Arthur Ramsey wrote: > I can confirm that rolling back to 4.4.4 resolved the issues for me. > I had the same problem with 4.4.6. > > Thanks, > Arthur This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH

On 06/12/2016 16:06, Brian Candler wrote: > Ah OK... I've just seen Rowland's reply, "Just don't use ZFS". That's > clear enough :-) FYI, I rebuilt the system using btrfs but initially I got the same issue [^1] It turns out this came from running inside an unprivileged lxd container. After setting "security.privileged true" it was happy. So I guess

Hi I'm getting Jun 11 13:12:46 "Fatal: Can't open configuration file /home/dovecot/dovecot-pgsql.conf: Permission denied this file have fulle permissions and has belonged to dovecot and root but still no joy what am i missing must be something stupid on this side Thanks for the previos comments about scripting I am swithcing to postgress for the mail env and will look at mysql

I inherited an AD "domain" which is running Ubuntu 14.04, with Samba 4.1.6 with "built-in" AD-DNS. The network has only one AD server, which runs on KVM as a guest - (convenient so I can make backups and test stuff without breaking my network. We have around 500 users on the system, and I'm trying to upgrade to 16.04 and a more current version of Samba without making all

I have recently added a DC to my AD - Former DC was Samba 4.1.6, new DC is 4.3.11 (latest supported by Ubuntu). There's also a Window 2008 server I had tried to join as an AD - that server, wouldn't completely join and replicate to the 4.1.6 samba AD, and now it will not Un-join the AD "domain" either via dcpromo. This brings me to my actual question - Now that I have

On Tue, 2 Jun 2020 at 18:48, Brian Candler <b.candler at pobox.com> wrote: [about ssh -Q ssh_config_keyword] > There is also "-Q key-sig" in recent versions (not sure exactly how recent, but 7.6 doesn't have it) Added in the same commit (Feb this year), first released in 8.3: https://github.com/openssh/openssh-portable/commit/d4d9e1d40514e2746f9e05335d646512ea1020c6 --

Hello, I have a linux server that is joined to our domain that has multiple Domain Controllers at multiple sites. The DCs are all synced together and this is a Windows Server 2003 environment. I configured a linux server to join the domain using winbind (security = ads). That is, it was joined with "net ads join -U user@DOMAIN.COM" When I configured the server, I installed krb5 but

On 09/12/2016 15:55, Rowland Penny wrote: >> But did you give Domain Users a gid? If you don’t do that, winbind >> and getent will not find any UNIX users (doesn’t matter if the users >> have a uid and gid within the range you’ve specified in smb.conf). >> It’s been a while since I had this problem - my memory is it’s not >> clearly mentioned in the wiki at all.

The following program is a minor variant on the sample given in the README with eventmachine-0.8.1. I am running under CentOS 4.5 (kernel 2.6.9-55.0.2.plus.c4) with a ruby-1.8.5 RPM from the CentOS testing repository. When I run it, I find that set_comm_inactivity_timeout doesn''t do anything. That is, if I client opens a connection, it stays open indefinitely. However, if I comment out

Hi! I just gave GlusterFS a try and experienced two problems. First some background: - I want to set up a file server with synchronous replication between branch offices, similar to Windows DFS-Replication. The goal is _not_ high-availability or cluster-scaleout, but just having all files locally available at each branch office. - To test GlusterFS, I installed two virtual machines

Hi Guys, I have 2 servers with a fresh install of glusterfs and I am seeing a very high CPU load.? I am trying to just do a very basic config to get this started and for the life of me, I don't know what could be causing it.? The CPU goes up to 100% across all 4 CPU's on each gluster node and I am seeing timeouts coming from the vms that I am testing with.? I simply copied the

Hello, I'm compiling glusterfs for a debian squeeze. When I do a make command, I see These parameter: GlusterFS configure summary =========================== FUSE client: yes Infiniband verbs: yes epoll IO multiplex: yes argp-standalone: no fusermount: no readline: no georeplication: yes I would like to create a package that can be used both as a client and a server. I'm not interested

On 12/11/2016 8:59 AM, Brian Candler via samba wrote: > On 10/12/2016 16:25, Brian Candler wrote: >> I think there's plenty of emphasis now, but I think there is a part >> which is misleading: >> >> > To enable Samba to retrieve user and group information from Active >> Directory (AD): >> > >> > * Users must have at least the uidNumber

On 30/01/2020 12:53, Michael Str?der wrote: > On 1/30/20 1:27 PM, Brian Candler wrote: >> I am trying to work out the best way to issue SSH certificates in such >> way that they only allow access to specific usernames*and* only to >> specific groups of host. > I also thought about this for a while. The only idea I came up with is > to have separate CAs used as trust

The following construct is an ActiveSupport-ism: returning(Foo.new) do |foo| ... end I don''t especially like it, since it''s both more verbose and less efficient than the direct alternative: foo = Foo.new ... foo It doesn''t occur many times in Merb, so does anyone agree with me that it should be removed? I tried doing this (patch attached) and I find