similar to: 'check password script' ignored in AD mode?

You guys mix to things. > AFAIK is the 'privileges' that are host-specific. Is correct. >the policies are on the domain (in the LDAP data, > the root DN, look at them!). Yes, but only the GPO policies and these are not applied to the samba server. And because of that, samba-tools password settings needs to be set on every DC. Greetz, Louis > -----Oorspronkelijk

Mandi! Rowland Penny via samba In chel di` si favelave... > samba-tool domain passwordsettings set --complexity=off Ahem, i've typed '--comploxity'... sorry... OK, option is available in samba-tool in 4.2, but does not seems to work: root at lupus:~# samba-tool domain passwordsettings set --complexity=off Password complexity deactivated! All changes applied successfully!

I'm starting to deploy my new domain in my organization, setting up the new domain and DCs. I'm following the recommendation to create the DCs as ''DC only'', eg with only samba and a root access for ssh. Having to choose between VMs and Containers (LXC), there's differences between them that can involve samba features/performances? Filesystem limitation? Seems to

Mandi! Andrew Bartlett via samba In chel di` si favelave... > I hope this clarifies things, Super-clear! Thanks! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t

Reding the thread in list about gluster, i've found that in your samba packages 4.5.12+dfsg-2+deb9u2~bpo8+1 there's no vfs_glusterfs module, only the manpage. root at vdmsv1:~# grep glusterfs /var/lib/dpkg/info/samba*.list /var/lib/dpkg/info/samba-vfs-modules.list:/usr/share/man/man8/vfs_glusterfs.8.gz root at vdmsv1:~# grep /vfs/ /var/lib/dpkg/info/samba*.list

Reading here i've understod that for LDAP query it is better to use SAMAccountName as 'login', but today i've found: https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname so, 'SAMAccountName' is a compatibility field with NT mode, limited to 20 chars. Someone here use 21 chars logins? ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66

I need to close a site. No, no people fired, i've defined sites and DC because i hope that get (re)opened, but... There's some care i need to have to remove a DC (clearly, without FSMO roles)? I've looked on wiki to 'remove a DC' but i was not able to find something... Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > Did you run the command to disable the password check or complexabilty on all you DC's? Oh, never minded about that. Sure. Instead of commenting 'check password script' i can do: samba-tool domain passwordsettings set --complexity=off sure! Thanks! But, why you say «on all you DC's»? The password policies

Mandi! Rowland Penny via samba In chel di` si favelave... > > But my question really is: why this policy apply, if i've not enabled > > in GPO? > Probably because GPOs have no effect on a Samba AD DC, they will only > effect Windows clients. Rowland, i'm speaking about windows clients, not samba servers! I've enabled 'complexity checks' in samba servers,

I need to do a simple query, against some LDAP data in 'laster draft schema' format i've added to te samba/AD schema. All LDAP query return the same result on all (6) of the DC: root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember Enter LDAP Password:

As was used to (in Samba NT/LDAP), i've enabled quota on /homes, and homes are exported (as homedrive) for users. Editing quotas (with edquota) works as expected, and in windows explorer users get quota correctly reported, but a simple: repquota -a return nothing: root at vdmsv1:~# repquota -a *** Report for user quotas on device /dev/sdb1 Block grace time: 28days; Inode grace time:

Mandi! Marc Muehlfeld via samba In chel di` si favelave... [in the meantime, moved to 4.5...] > > Ahem, i've typed '--comploxity'... sorry... OK, option is available in > > samba-tool in 4.2, but does not seems to work: > This just turns off the need of complex passwords, but there are more > settings, such as minimum length, number of previous passwords not >

I'm using 'winexe': https://sourceforge.net/projects/winexe/ but this repository, compiled against samba 4.5, and works like a charm: https://sourceforge.net/u/mstowe/winexe/ci/master/tree/ I've tried to recompile them against samba 4.8 (louis repo), and compile flawlessy, but if i try to run them: winexe[10549]: segfault at 138 ip 00007fb165a2f3a4 sp 00007ffdf432a880 error

I've noted that some weeks ago, but i was upgrading all my PVE cluster so i've considered it benevolent. Yesterday i've updated my main switch, disconnecting for a brief lag of time all my ''infrastructutes''. My SMTP server (exim) start to complain about 'unroutable addresses': 2019-01-16 18:32:40 1gjp3Q-0006aw-TG <= root at sv.lnf.it H=(3jane.sv.lnf.it)

Mandi! Rowland Penny via samba In chel di` si favelave... > Not sure what you are proposing is going to work, AD expects every user > to be a member of Domain Users, even though there is nothing in AD to > show membership. Ah. > Do you require this user to visible on all domain machines ? [...] > It might help if you could explain how you are going to use your new > user

In Samba/NT i was used to share mapping done in netlogon script, so users move around between sites, get home and profile from remote location but still have share mapped from local servers. In Samba/AD, using GPO, share mapping is in ''user policy'', and so user roam between sites and get different policies? I'm googling around but i'm a bit confused... i can still use

Make a note: it is better to disable 'check password script' in the DC(s) before trying to join a new DC. ;( root at vdcpp1:~# samba-tool domain join ad.my.dom DC -U"MYDOM\administrator" --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'ad.my.dom' Found DC vdcsv1.ad.my.dom Password for [MYDOM\administrator]: workgroup is MYDOM realm is ad.my.dom Adding

I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H

OK, now i've to start to move the big part of my users from my old NT-like domains to my new AD domain. I've setup roaming profile in the new domain following the wiki (https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles, 'using windows ACL') and for new profiles works like a charm. But i've tried to move/copy old profile to the new domain, and seems work, with

I've hitted the error in subject trying a backup of my sysvol. Mar 21 11:13:31 vdcsv1 winbindd[3494]: [2018/03/21 11:13:31.234373, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent) Mar 21 11:13:31 vdcsv1 winbindd[3494]: Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains! Looking on internet/list archive leadme to recent post (november 2017) and this