similar to: LDAP query and result: better field for username?

In my DC, without setting explicitly a 'winbind default domain', i can check logins domainless: root at vdcsv1:~# id gaio uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication

In a fresh samba AD domain i'm setting up the 'Profiles' share for roaming profiles, following the wiki: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs leading to: [profiles] comment = Network Profiles Share csc policy = disable map acl inherit = Yes path = /srv/samba/profiles read only =

Mandi! Rowland Penny via samba In chel di` si favelave... > Is this on a DC ? No, is a DM. > If it isn't, Try setting it up exactly like it is shown on the > wikipage, note that you only need the 'vfs objects' line if it isn't > set in [global] Wikipage say only: Create a new share. For details, see Setting up a Share Using Windows ACLs. and

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > What you show below is correct. > In linux, DOM\user != user I know. And i was using 'wbinfo', that, AFAIK query directly winbind and no POSIX stuff... > https://wiki.samba.org/index.php/OpenSSH_Single_sign-on > [realms] > SAMDOM.EXAMPLE.COM = { > auth_to_local = RULE:[1:SAMDOM\$1] >

OK, now i've to start to move the big part of my users from my old NT-like domains to my new AD domain. I've setup roaming profile in the new domain following the wiki (https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles, 'using windows ACL') and for new profiles works like a charm. But i've tried to move/copy old profile to the new domain, and seems work, with

Hi guys, I am experiencing a very strange problem with passwords and username with rsync. I have a "auth users" line in my /etc/rsyncd.conf file (see below) and a corresponding username and password in my /etc/rsyncd.secrets. The strange thing is is that authentication for the module listed in /etc/rsyncd.conf (unixadm) only works IF the username in /etc/rsyncd.secrets is the same as

Hai Rowland, Im pretty sure this is a bug in the DC part. I'll show. On the DC. dc1:~# getent passwd winadmin NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash wbinfo --group-info="Domain Users" NTDOM\domain users:x:100: id winadmin uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)

I've coded some scripts that extract some info from a smb.conf section. In DC works: root at vdcsv1:~# samba-tool -V 4.5.16-Debian root at vdcsv1:~# samba-tool testparm --section sysvol [sysvol] path = /var/lib/samba/sysvol read only = No root at vdcsv1:~# samba-tool testparm --section-name=sysvol [sysvol] path = /var/lib/samba/sysvol read only = No in DM no: root at

Mandi! Micha Ballmann via samba In chel di` si favelave... > What shows 'getent passwd'? Only local users, of course. Seems this is the culprit. I've tried 'quota' and works as expected: root at vdmsv1:~# quota -su gaio Disk quotas for user gaio (uid 10000): Filesystem space quota limit grace files quota limit grace /dev/sdb1 204K

Ahem no one reply me. A little fast-rewind: i need to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > Im pretty sure this is a bug in the DC part. Ahem, sorry, but i'm lost in following this therad. I've hust setup my test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package, lous) on a debian jessie. Very minimal configuration: root at vdcsv1:~# samba-tool testparm Press enter to see a dump of your

On Tue, 26 Sep 2017 12:49:26 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > Im pretty sure this is a bug in the DC part. > > Ahem, sorry, but i'm lost in following this therad. I've hust setup my > test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,

On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set

Samba 4.8 (Louis debian repo), DM. Today i've had to recovery a deleted file in that share, that use 'vfs_recycle' modules: [Work] comment = Spazio di Lavoro Utente map acl inherit = Yes path = /srv/work read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit volume = Work full_audit:failure = none full_audit:success = mkdir rmdir read pread

I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,

I've created a folder for roaming profiles: [profiles] comment = Network Profiles Share path = /srv/samba/profiles browseable = No store dos attributes = Yes csc policy = disable map acl inherit = Yes read only = No vfs objects = acl_xattr Share permission and folder permission seems right, exactly as in: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles I've

I was used (in SambaNT/OpenLDAP) to put on CUPS configuration the statement (/etc/cups/cups-files.conf): SystemGroup printops and add to 'printops' group some users that can manage cups. Now i'm in AD mode. I'm in 'printops' group: root at vdmpp1:~# id gaio uid=10000(gaio) gid=10513(domain users) gruppi=10513(domain

On 23/09/2019 13:42, Trenta sis via samba wrote: > Thanks, ntlm auth is temporary until we have solved some issues > getent is needed by filesystem acl > If you think you need the 'winbind enum' lines so that 'getent' works, then think again ;-) If you do not have the 'winbind enum 'lines 'getent passwd username' will still work. 'getent passwd'

In my current ''production'' NT-like domain (samba 4.2, OpenLDAP backend), password policies seems to ''get written'' to user data. EG, if i set: pdbedit -P "maximum password age" -C 7776000 and i change my password, 'Password must change' have a meningful value, eg 90 days more then the last password change: root at armitage:~# pdbedit -v

As was used to (in Samba NT/LDAP), i've enabled quota on /homes, and homes are exported (as homedrive) for users. Editing quotas (with edquota) works as expected, and in windows explorer users get quota correctly reported, but a simple: repquota -a return nothing: root at vdmsv1:~# repquota -a *** Report for user quotas on device /dev/sdb1 Block grace time: 28days; Inode grace time: