similar to: Domain member server: user access

On Tue, 26 Sep 2017 12:49:26 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > Im pretty sure this is a bug in the DC part. > > Ahem, sorry, but i'm lost in following this therad. I've hust setup my > test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,

In my DC, without setting explicitly a 'winbind default domain', i can check logins domainless: root at vdcsv1:~# id gaio uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication

Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 data can be missing), so? 'sAMAccountName'? or

In my current ''production'' NT-like domain (samba 4.2, OpenLDAP backend), password policies seems to ''get written'' to user data. EG, if i set: pdbedit -P "maximum password age" -C 7776000 and i change my password, 'Password must change' have a meningful value, eg 90 days more then the last password change: root at armitage:~# pdbedit -v

I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H

Following: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC i've demoted and removed a DC. Seems all went as expected: root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion Password for [LNFFVG\gaio]: Deactivating inbound replication Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize

I need to do a simple query, against some LDAP data in 'laster draft schema' format i've added to te samba/AD schema. All LDAP query return the same result on all (6) of the DC: root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember Enter LDAP Password:

2017-09-19 17:25 GMT+02:00 Marco Gaiarin via samba <samba at lists.samba.org>: > > > ...googling around seems to me that are ''old limitation'', now gone. > > No. > > For me Samba AD DC is running without any problem in an Ubuntu privileged LXC container. Best regards, Marcel

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > Im pretty sure this is a bug in the DC part. Ahem, sorry, but i'm lost in following this therad. I've hust setup my test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package, lous) on a debian jessie. Very minimal configuration: root at vdcsv1:~# samba-tool testparm Press enter to see a dump of your

On Tue, 27 Mar 2018 13:38:56 -0400 Mark Foley wrote: > > On Mon, 26 Mar 2018 08:08:53 +0200 Michael Wandel <m.wandel at t-online.de> wrote: > > > > Am 26.03.2018 um 06:31 schrieb Mark Foley via samba: > > > As a normal user, I want to change my Domain Password. I've tried: > > > > > > $ samba-tool user setpassword myuserId

On Thu, 9 Nov 2017 11:08:26 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > I dont beleave it. > > Eh. «De gustibus non disputandum est». ;-) > > > > The setup for the Ad in the link below is the same but if you want > > access without auth, Have you tried to

In our network we found some client with clock differences. Some machine have effectively some troubles, eg have NO 'Windows Time' service defined, probably some glitches happened when moving from our old NT-like domain. Anyway, catching for that, we have found some other strangeness. Windows time service run: C:\Users\gaio>sc query w32time NOME_SERVIZIO: w32time TIPO

I dont beleave it. That 5 years old now, normaly i'll dig into it, but exim... I dropped exim about 15 years ago.. First thing i do on debian... apt-get install --purge postfix That installs postfix and removes exim and purges exims config.. ;-) The setup for the Ad in the link below is the same but if you want access without auth, Have you tried to query the GC ports. ( 3268 or 3269

Mandi! Rowland Penny via samba In chel di` si favelave... > This means that the Windows group is mapped to the Unix group 'users' > on a DC, up until you give Domain Users a gidNumber, then the ID will > change to the one you placed in the gidNumber attribute in Domain Users. I can confirm that. Using ADUC i've noted that 'Domain Users' have no GID assigned, so

Mandi! Rowland penny via samba In chel di` si favelave... > You cannot create an ldap filter using the above, you would have to filter > the result of the ldap search. I can confirm: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account-Control-Computed # record 1 dn:

Mandi! Andrew Bartlett via samba In chel di` si favelave... > It is an operational attribute. simply add  > msDS-UserPasswordExpiryTimeComputed > to the list of attributes requested when searching for the user. root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge # record 1 dn:

I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,

Mandi! Rowland Penny via samba In chel di` si favelave... > If an ldap lookup works on every DC, except for one and the data is > definitely there on the one DC it doesn't work on, then it must be > something on that DC. is there a firewall or apparmor/selinux in the > way ? No. Anyway, note that query return correctly 'result: 0 Success', simply return no data. Another

On Mon, 28 Jan 2019 12:52:45 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' > > > one (seems to me)? > > The problem is (for myself anyway), I do not understand the >

On 22/05/2023 10:14, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> I would undo that, it appears to be wrong. > > OK, i've undo also i. > > >> I have tested this on a Ubuntu 22.04 computer and it works, so I have >> updated the wiki page: >>