Displaying 20 results from an estimated 10000 matches similar to: "[OT?] VM or Container for an AD DC?"
2017 Sep 19
7
[OT?] VM or Container for an AD DC?
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> There is a limitation for containers regarding xattrs as I understand
> it, so you may need to go to a full DC.
...googling around seems to me that are ''old limitation'', now gone.
I've also hitted:
https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-November/012789.html
so seems that
2019 Jan 08
1
AD DC in a container: NTP
Hi Marco,
I could not find a way to enable time Management in an LXD container. Seems like it was/is possible with Docker but not with unprivileged LXD containers. And I’d anyway prefer to keep the container as lean as possible.
As for disabling hwtime access in NTPD, could you elaborate what you mean? Seeing as how ntpd in the container has, in fact, no access to the hwtime, how would this
2017 Sep 26
1
'check password script' ignored in AD mode?
I'm trying to play with 'check password script' in AD mode, and seems
to me that are simply ignored, at least when users logged on windows
clients and (try to) change the password.
I've also noted if i use other tools (eg, samba-tool for example) 'check password script'
get executed.
I've looked around, and seems that 'check password script' came back in
4.5,
2018 May 14
2
Samba, AD and devices compatibility...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> I hope this clarifies things,
Super-clear! Thanks!
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t
2018 Jul 20
4
Samba 4.5 and glusterfs...
Reding the thread in list about gluster, i've found that in your samba
packages 4.5.12+dfsg-2+deb9u2~bpo8+1 there's no vfs_glusterfs module, only
the manpage.
root at vdmsv1:~# grep glusterfs /var/lib/dpkg/info/samba*.list
/var/lib/dpkg/info/samba-vfs-modules.list:/usr/share/man/man8/vfs_glusterfs.8.gz
root at vdmsv1:~# grep /vfs/ /var/lib/dpkg/info/samba*.list
2019 Jan 25
3
Removing sites and DC...
I need to close a site. No, no people fired, i've defined sites and DC
because i hope that get (re)opened, but...
There's some care i need to have to remove a DC (clearly, without FSMO
roles)?
I've looked on wiki to 'remove a DC' but i was not able to find
something...
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra
2019 Jan 09
3
[Oddity] SAMAccountName and 20+ chars logins...
Reading here i've understod that for LDAP query it is better to use
SAMAccountName as 'login', but today i've found:
https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname
so, 'SAMAccountName' is a compatibility field with NT mode, limited to
20 chars.
Someone here use 21 chars logins? ;-)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
2018 Mar 21
2
Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
I've hitted the error in subject trying a backup of my sysvol.
Mar 21 11:13:31 vdcsv1 winbindd[3494]: [2018/03/21 11:13:31.234373, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Mar 21 11:13:31 vdcsv1 winbindd[3494]: Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!
Looking on internet/list archive leadme to recent post (november 2017)
and this
2018 Jun 21
3
Password complexity checks and local users...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > But my question really is: why this policy apply, if i've not enabled
> > in GPO?
> Probably because GPOs have no effect on a Samba AD DC, they will only
> effect Windows clients.
Rowland, i'm speaking about windows clients, not samba servers!
I've enabled 'complexity checks' in samba servers,
2018 Mar 26
3
[OT?] winbind e quota...
As was used to (in Samba NT/LDAP), i've enabled quota on /homes, and
homes are exported (as homedrive) for users.
Editing quotas (with edquota) works as expected, and in windows explorer
users get quota correctly reported, but a simple:
repquota -a
return nothing:
root at vdmsv1:~# repquota -a
*** Report for user quotas on device /dev/sdb1
Block grace time: 28days; Inode grace time:
2018 Nov 26
3
Different LDAP query in different DC...
I need to do a simple query, against some LDAP data in 'laster draft
schema' format i've added to te samba/AD schema.
All LDAP query return the same result on all (6) of the DC:
root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember
Enter LDAP Password:
2018 Sep 14
4
Winexe, samba 4.8, sigsev...
I'm using 'winexe':
https://sourceforge.net/projects/winexe/
but this repository, compiled against samba 4.5, and works like a
charm:
https://sourceforge.net/u/mstowe/winexe/ci/master/tree/
I've tried to recompile them against samba 4.8 (louis repo), and
compile flawlessy, but if i try to run them:
winexe[10549]: segfault at 138 ip 00007fb165a2f3a4 sp 00007ffdf432a880 error
2019 Jan 17
3
Winbind, cached logons and 'user persistency'...
I've noted that some weeks ago, but i was upgrading all my PVE cluster
so i've considered it benevolent.
Yesterday i've updated my main switch, disconnecting for a brief lag of
time all my ''infrastructutes''.
My SMTP server (exim) start to complain about 'unroutable addresses':
2019-01-16 18:32:40 1gjp3Q-0006aw-TG <= root at sv.lnf.it H=(3jane.sv.lnf.it)
2017 Jul 10
2
'Official' NT4-like domain decommission?
There are ''official'' plan (by Samba Team, but also by Microsoft) to
officially ''decommission'' support for NT-like domains?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
2017 Nov 08
2
Best practice for creating an RO LDAP User in AD...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> Why don't you do what most people do, use kerberos. Create the user
> with a random password, set password to never expire, set the users
> shell to /bin/false. Now set exim to use kerberos (don't ask me how, I
> don't use exim)
Seems not possible:
2017 Nov 14
2
ldb*, -H, multiple source?
There's some sintyax available to use, with ldb* tools, multiple
''server'', eg use multiple '-H', or write server in a roud-robin
style?
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
2017 Nov 24
2
Guest user in AD...
In NT mode 'smbldap-tools' provision also a guest user, and in my
smb.conf i've had:
guest account = guest
map to guest = Bad User
In AD mode, no guest user get created, so seems to me that the default
guest account ( = nobody ) is correct.
I'm curious if 'map to guest' have to be handled differently in AD
mode...
Thanks.
--
dott. Marco Gaiarin
2017 Dec 05
3
[Curiosity] 'netbios aliases' works in AD mode?
As stated in subject.
I suppose in 'DC mode' no, but as DM i can define an alias for the
machine?
Looking at:
https://bugzilla.samba.org/show_bug.cgi?id=1703
seems 'yes' to me...
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078
2018 Mar 21
2
log error about permissions in truncated share path...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> Is there a file that starts 'sysvo' in /var/lib/samba/usershares ?
root at vdcsv1:~# ls -la /var/lib/samba/usershares/
totale 8
drwxrwx--T 2 root sambashare 4096 set 19 2017 .
drwxr-xr-x 8 root root 4096 mar 19 11:58 ..
No.
> > I can disable 'usershares'?
> You shouldn't have to, by
2018 May 08
2
vfs_full_audit and facility 'auth'...
I've tried to setup VFS full audit facility in some share, like:
vfs objects = [...] full_audit
full_audit:prefix = %S|%d|%I|%M|%u
full_audit:success = mkdir rmdir read pread write pwrite rename unlink
full_audit:failure = none
full_audit:facility = auth
full_audit:priority = info
but samba refuse 'full_audit:facility = auth' as a good