Displaying 20 results from an estimated 2000 matches similar to: "Domain member server: user access"
2017 Sep 26
1
Domain member server: user access
On Tue, 26 Sep 2017 12:49:26 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > Im pretty sure this is a bug in the DC part.
>
> Ahem, sorry, but i'm lost in following this therad. I've hust setup my
> test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,
2017 Nov 10
1
[Curiosity] Default domain, DC and DM...
In my DC, without setting explicitly a 'winbind default domain', i can
check logins domainless:
root at vdcsv1:~# id gaio
uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication
2017 Nov 29
2
LDAP query and result: better field for username?
Currently for my user:
root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$"
cn: gaio
name: gaio
sAMAccountName: gaio
uid: gaio
msSFU30Name: gaio
what field is betetr to use for querying for user 'gaio'?
'uid' no (because RFC2307 data can be missing), so?
'sAMAccountName'? or
2017 Oct 20
2
Some hint reading password expiration data...
In my current ''production'' NT-like domain (samba 4.2, OpenLDAP
backend), password policies seems to ''get written'' to user data.
EG, if i set:
pdbedit -P "maximum password age" -C 7776000
and i change my password, 'Password must change' have a meningful value,
eg 90 days more then the last password change:
root at armitage:~# pdbedit -v
2018 Sep 04
4
Upgraded a member server to 4.8, rfc2307 data?
I'm starting to upgrade my domain members to debian stretch/samba 4.8,
using louis packages.
Domain controllers still on jessie/samba45.
Upgrade went smooth, but after upgrade seems that the DM was not able
anymore to retrieve rfc2307 data, eg:
root at vdmsv2:~# getent passwd gaio
gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false
root at vdmsv2:~# ldbsearch -H
2019 Feb 15
6
Demoted/removed a DC, and the NS records?
Following:
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
i've demoted and removed a DC. Seems all went as expected:
root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
Password for [LNFFVG\gaio]:
Deactivating inbound replication
Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize
2018 Nov 26
3
Different LDAP query in different DC...
I need to do a simple query, against some LDAP data in 'laster draft
schema' format i've added to te samba/AD schema.
All LDAP query return the same result on all (6) of the DC:
root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember
Enter LDAP Password:
2017 Sep 19
1
[OT?] VM or Container for an AD DC?
2017-09-19 17:25 GMT+02:00 Marco Gaiarin via samba <samba at lists.samba.org>:
>
> > ...googling around seems to me that are ''old limitation'', now gone.
>
> No.
>
>
For me Samba AD DC is running without any problem in an Ubuntu privileged
LXC container.
Best regards,
Marcel
2017 Sep 26
0
Domain member server: user access
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> Im pretty sure this is a bug in the DC part.
Ahem, sorry, but i'm lost in following this therad. I've hust setup my
test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,
lous) on a debian jessie.
Very minimal configuration:
root at vdcsv1:~# samba-tool testparm
Press enter to see a dump of your
2018 Mar 28
5
How to change Domain password as normal user?
On Tue, 27 Mar 2018 13:38:56 -0400 Mark Foley wrote:
>
> On Mon, 26 Mar 2018 08:08:53 +0200 Michael Wandel <m.wandel at t-online.de> wrote:
> >
> > Am 26.03.2018 um 06:31 schrieb Mark Foley via samba:
> > > As a normal user, I want to change my Domain Password. I've tried:
> > >
> > > $ samba-tool user setpassword myuserId
2017 Nov 09
2
Best practice for creating an RO LDAP User in AD...
On Thu, 9 Nov 2017 11:08:26 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > I dont beleave it.
>
> Eh. «De gustibus non disputandum est». ;-)
>
>
> > The setup for the Ad in the link below is the same but if you want
> > access without auth, Have you tried to
2018 Nov 22
2
NTP strangeness...
In our network we found some client with clock differences.
Some machine have effectively some troubles, eg have NO 'Windows Time'
service defined, probably some glitches happened when moving from our
old NT-like domain.
Anyway, catching for that, we have found some other strangeness.
Windows time service run:
C:\Users\gaio>sc query w32time
NOME_SERVIZIO: w32time
TIPO
2017 Nov 08
4
Best practice for creating an RO LDAP User in AD...
I dont beleave it.
That 5 years old now, normaly i'll dig into it, but exim... I dropped exim about 15 years ago..
First thing i do on debian...
apt-get install --purge postfix
That installs postfix and removes exim and purges exims config.. ;-)
The setup for the Ad in the link below is the same but if you want access without auth,
Have you tried to query the GC ports. ( 3268 or 3269
2017 Sep 26
1
Domain member server: user access
Mandi! Rowland Penny via samba
In chel di` si favelave...
> This means that the Windows group is mapped to the Unix group 'users'
> on a DC, up until you give Domain Users a gidNumber, then the ID will
> change to the one you placed in the gidNumber attribute in Domain Users.
I can confirm that.
Using ADUC i've noted that 'Domain Users' have no GID assigned, so
2019 Dec 06
2
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba
In chel di` si favelave...
> You cannot create an ldap filter using the above, you would have to filter
> the result of the ldap search.
I can confirm:
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account-Control-Computed
# record 1
dn:
2017 Oct 27
2
Some hint reading password expiration data...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> It is an operational attribute. simply add
> msDS-UserPasswordExpiryTimeComputed
> to the list of attributes requested when searching for the user.
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge
# record 1
dn:
2017 Dec 06
4
DM and ''offline'' PAM (and NSS?)...
I'm using samba 4.5 on a debian jessie (Louis packages).
Rarely it happen that a power outgage tear down all the stuff, here.
I've noticed that if the DM start before the DC, clearly all account
data are inaccessible.
To prevent or minimize that, the ''offline mode'' of winbind can be
safely used also on DM servers? Or is tailoread against roaming client
(portables,
2018 Nov 28
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> If an ldap lookup works on every DC, except for one and the data is
> definitely there on the one DC it doesn't work on, then it must be
> something on that DC. is there a firewall or apparmor/selinux in the
> way ?
No. Anyway, note that query return correctly 'result: 0 Success',
simply return no data.
Another
2019 Jan 28
2
Winbind, cached logons and 'user persistency'...
On Mon, 28 Jan 2019 12:52:45 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS''
> > > one (seems to me)?
> > The problem is (for myself anyway), I do not understand the
>
2023 May 22
2
PAM Offline Authentication in Ubuntu 22.04...
On 22/05/2023 10:14, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
>> I would undo that, it appears to be wrong.
>
> OK, i've undo also i.
>
>
>> I have tested this on a Ubuntu 22.04 computer and it works, so I have
>> updated the wiki page:
>>