similar to: [Curiosity] Default domain, DC and DM...

Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 data can be missing), so? 'sAMAccountName'? or

On Tue, 26 Sep 2017 12:49:26 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > Im pretty sure this is a bug in the DC part. > > Ahem, sorry, but i'm lost in following this therad. I've hust setup my > test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,

Hai Rowland, Im pretty sure this is a bug in the DC part. I'll show. On the DC. dc1:~# getent passwd winadmin NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash wbinfo --group-info="Domain Users" NTDOM\domain users:x:100: id winadmin uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > What you show below is correct. > In linux, DOM\user != user I know. And i was using 'wbinfo', that, AFAIK query directly winbind and no POSIX stuff... > https://wiki.samba.org/index.php/OpenSSH_Single_sign-on > [realms] > SAMDOM.EXAMPLE.COM = { > auth_to_local = RULE:[1:SAMDOM\$1] >

I was used (in SambaNT/OpenLDAP) to put on CUPS configuration the statement (/etc/cups/cups-files.conf): SystemGroup printops and add to 'printops' group some users that can manage cups. Now i'm in AD mode. I'm in 'printops' group: root at vdmpp1:~# id gaio uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > Im pretty sure this is a bug in the DC part. Ahem, sorry, but i'm lost in following this therad. I've hust setup my test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package, lous) on a debian jessie. Very minimal configuration: root at vdcsv1:~# samba-tool testparm Press enter to see a dump of your

On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set

I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,

Mandi! Denis Cardon via samba In chel di` si favelave... > You can put your service accounts in an OU and add a GPO that deny > logon/services/tasks locally. Shortly come back. I've created a 'Restricted' OU, a 'Restricted' group (i'm short in fantasy, today ;) and i've created an 'mta' user, both user and group in 'Restricted' OU, of course.

In a fresh samba AD domain i'm setting up the 'Profiles' share for roaming profiles, following the wiki: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs leading to: [profiles] comment = Network Profiles Share csc policy = disable map acl inherit = Yes path = /srv/samba/profiles read only =

Hai Marco, What i did, i added 1 real linux user in the group unix group lpadmin. With this user i configured the webinterface and set kerberos auth. ( i did already setup ssl things like that for the webinterface. ) Get this file. https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-SePrivileges.sh This shows you all groups and privileges that are setup. You should see

I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H

On Tue, 29 Aug 2023 15:44:35 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > >> In samba the share is: > > I wish people wouldn't do this, if you are going to post a share, > > please post the global section as well. > > Sorry. > > # Global parameters >

Mandi! Rowland Penny via samba In chel di` si favelave... Sorry for the late answer. > I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works > for myself. Exactly the same, but on a real hardware. > Had the user 'gaio' logged in previously, it will not work if the user > hasn't logged in at least once before the network has disconnected. Sure!

Mandi! Rowland Penny via samba In chel di` si favelave... >> In samba the share is: > I wish people wouldn't do this, if you are going to post a share, > please post the global section as well. Sorry. # Global parameters [global] log file = /var/log/samba/log.%M map to guest = Bad User netbios aliases = CUPSSV FILESV HOMESV ntlm auth = mschapv2-and-ntlmv2-only panic

> I've seen: > https://wiki.samba.org/index.php/PAM_Offline_Authentication I've tried to enable offline logon, and seems to work as expected. I've only found a little strange thing, i think related to the fact that in my DM i've set 'winbind use default domain = yes'. Folowing the wiki, i've enabled offline logon and then done: ['smbcontrol winbind

What you show below is correct. In linux, DOM\user != user If you want that. See: https://wiki.samba.org/index.php/OpenSSH_Single_sign-on [realms] SAMDOM.EXAMPLE.COM = { auth_to_local = RULE:[1:SAMDOM\$1] } Now, since im not sure this works ok, i dont use it on my debian servers, i use option2. option2 is ignore the "not recommended setting : "winbind use

On 22/05/2023 10:14, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> I would undo that, it appears to be wrong. > > OK, i've undo also i. > > >> I have tested this on a Ubuntu 22.04 computer and it works, so I have >> updated the wiki page: >>

On Mon, 24 Sep 2018 17:33:47 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > I hope this helps you understanding your problem a bit more. > > See also: > > https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts > > No,

On Mon, 18 Dec 2017 16:44:32 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > What you show below is correct. > > In linux, DOM\user != user > > I know. And i was using 'wbinfo', that, AFAIK query directly winbind > and no POSIX stuff... > > > >