similar to: steps for fileserver replacement

Mandi! Rowland Penny via samba In chel di` si favelave... > Not sure what you are proposing is going to work, AD expects every user > to be a member of Domain Users, even though there is nothing in AD to > show membership. Ah. > Do you require this user to visible on all domain machines ? [...] > It might help if you could explain how you are going to use your new > user

On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set

On 23/09/2019 13:42, Trenta sis via samba wrote: > Thanks, ntlm auth is temporary until we have solved some issues > getent is needed by filesystem acl > If you think you need the 'winbind enum' lines so that 'getent' works, then think again ;-) If you do not have the 'winbind enum 'lines 'getent passwd username' will still work. 'getent passwd'

Mandi! Andrew Bartlett via samba In chel di` si favelave... > I hope this clarifies things, Super-clear! Thanks! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t

Mandi! Rowland Penny via samba In chel di` si favelave... > > But my question really is: why this policy apply, if i've not enabled > > in GPO? > Probably because GPOs have no effect on a Samba AD DC, they will only > effect Windows clients. Rowland, i'm speaking about windows clients, not samba servers! I've enabled 'complexity checks' in samba servers,

Reading here i've understod that for LDAP query it is better to use SAMAccountName as 'login', but today i've found: https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname so, 'SAMAccountName' is a compatibility field with NT mode, limited to 20 chars. Someone here use 21 chars logins? ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66

Mandi! Rowland penny via samba In chel di` si favelave... > Yes, somebody moved the cache to a different directory and it now gets wiped > every time Samba is restarted, we have a bug report for it:? > https://bugzilla.samba.org/show_bug.cgi?id=14074 Ok, thanks. I suppose that cache get controlled by: idmap cache time = 604800 winbind cache time = 300 so, for a portable system,

Mandi! Rowland penny via samba In chel di` si favelave... > > Considering a 'full offline' DM client (supposing a portable), there's > > a 'winbind permanent nss cache' or a general nss cache (like > > nss-updatedb): > > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd > > have to be used? Thanks. > No, you cannot use

hi in samba/cifs/windows is there a thing similar to "su"? i'll explain: as root with "su" i can switch to another user without knowing his password i want to do the same thing, as domain admin, when i mount a share: mount the share impersonating another user without knowing his password i need it to test permissions on this share thanks in advance

You guys mix to things. > AFAIK is the 'privileges' that are host-specific. Is correct. >the policies are on the domain (in the LDAP data, > the root DN, look at them!). Yes, but only the GPO policies and these are not applied to the samba server. And because of that, samba-tools password settings needs to be set on every DC. Greetz, Louis > -----Oorspronkelijk

Hello, I'm running Samba 4.9.5 as domain member, when I bring down the current Window DC (10.50.50.187) the winbind seems to hang instead of switching to the other available DC (10.50.50.25) The "net ads" command show that Samba switched to the other available DC: net ads join -U 'administrator' -S 'PAVONE.HYPERFILE.LOCAL' 'HYPERFILE.LOCAL'^C root at

I was reading through this https://wiki.samba.org/index.php/User_Home_Folders My goal was to be able to have samba automatically create the share \\server\username I'm not sure what it means : "" Windows does not support this feature, and certain settings, such as folder redirection in an Active Directory (AD), require a workaround instead and you cannot use the official solution.

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > I dont get what your goal is, sorry.. :-/ And Rowland: > Why do you think you need 'netbios aliases' ? Simply: i was (ab)used to have, in my NT domain, some aliases for my servers, so i can change servers (and move services) but keeping things consistent. Eg, all my printers are connected to

Hai, @Rowland. Yes, the link is what i have setup, but in less steps without sssd. For the kerberos part, you only need to add the HTTP/UPN. After a join with winbind you have the host/UPN. I must say that the CUPS setup is working great. Only 1 or 2 problems in almost 2 years. @Marco, > ...but you have added 'locally' (eg, in /etc/group > and /etc/shadow) the user

Mandi! Rowland Penny via samba In chel di` si favelave... > Is this on a DC ? No, is a DM. > If it isn't, Try setting it up exactly like it is shown on the > wikipage, note that you only need the 'vfs objects' line if it isn't > set in [global] Wikipage say only: Create a new share. For details, see Setting up a Share Using Windows ACLs. and

Basically that was my initial question, should adding GID and UID to domain computers group (gid) and machine accounts (uid) be enough, and if it should, and it doesnt work - what else should be done to make it work, or what am I missong? I'm not sure what You mean about invalidating cache? Wysłano z mojego smartfona w PLAY <div>-------- Oryginalna wiadomość

Samba 4.8 (Louis debian repo), DM. Today i've had to recovery a deleted file in that share, that use 'vfs_recycle' modules: [Work] comment = Spazio di Lavoro Utente map acl inherit = Yes path = /srv/work read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit volume = Work full_audit:failure = none full_audit:success = mkdir rmdir read pread

I'm using 'winexe': https://sourceforge.net/projects/winexe/ but this repository, compiled against samba 4.5, and works like a charm: https://sourceforge.net/u/mstowe/winexe/ci/master/tree/ I've tried to recompile them against samba 4.8 (louis repo), and compile flawlessy, but if i try to run them: winexe[10549]: segfault at 138 ip 00007fb165a2f3a4 sp 00007ffdf432a880 error

I've read all docs on upgrades, from wiki to Louis notes, and i think i'm ready to upgrade. First step, move from stretch to jessie, and from 4.5 to 4.8, upgrade in place. But having a domain with 6 DCs, i'm a bit scared to upgrade all DC in one turn, and i'm think about something like: a) upgrade DC with FSMO roles, then wait 1-2 day to spot troubles b) then upgrade all DC in

Mandi! Rowland Penny via samba In chel di` si favelave... > I am not disputing what you say, I am just asking for concrete proof > that a computer account MUST have a uidNumber account. Rowland, it is not (only) a matter of authentication, it is a matter of 'act' with machine account. I've digged a bit but found nothing than (i use WPKG as deployment system, it is only an