similar to: RODC and LDAP via Simple Authentication fails

Op 28-10-2023 om 09:37 schreef Rowland Penny via samba: > On Fri, 27 Oct 2023 23:48:22 +0200 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> Hi Team, >> >> Is it possible to make a LDAP-query that returns whether an account >> is expired or not? >> >> I am aware that it is possible to do the maths against the >>

Hi I am trying to authenticate my mail server with samba ad. The only problem is that I don?t get it working. root at dna:/data/CA/EasyRSA-v3.0.6# ldapsearch -x -h gaia.rompen.lokaal -D 'vmail' -W -b 'cn=users,dc=rompen,dc=lokaal' Enter LDAP Password: ldap_bind: Strong(er) authentication required (8) additional info: BindSimple: Transport encryption required. I can not read

On Fri, 27 Oct 2023 23:48:22 +0200 Kees van Vloten via samba <samba at lists.samba.org> wrote: > Hi Team, > > Is it possible to make a LDAP-query that returns whether an account > is expired or not? > > I am aware that it is possible to do the maths against the > "accountExpires" attribute, but that requires some scripting around > the query. > >

On Sat, 28 Oct 2023 11:54:34 +0200 Kees van Vloten via samba <samba at lists.samba.org> wrote: > > Op 28-10-2023 om 09:37 schreef Rowland Penny via samba: > > On Fri, 27 Oct 2023 23:48:22 +0200 > > Kees van Vloten via samba <samba at lists.samba.org> wrote: > > > >> Hi Team, > >> > >> Is it possible to make a LDAP-query that returns

Hello Samba Friends, I have a single DC (we'll call it, "DC1") that simply will not take my password when I run this command:? #samba-tool ldapcmp ldap://dc2 ldap://dc3 -Uadministrator? Or this command:? #samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator? I basically get this:? > Password for [SAMDOM\administrator]:? > Password for [SAMDOM\administrator]:?

On Mon, 22 Jan 2018 20:36:04 +0100 Johannes Engel via samba <samba at lists.samba.org> wrote: > Dear all, > > setting up a DMZ environment I was thinking to use an RODC there for > user authentication. One of the application in the DMZ needs to access > the directory via LDAP. > > When I tried to connect to the RODC using LDAP with simple bind, I > always received

On 13/06/2019 16:05, Adam Weremczuk via samba wrote: > I got authentication (bind credentials) working for account2 on the > old DC (Samba 4.0.9): > > CN=account1,CN=Users,DC=matrixscience,DC=co,DC=uk ---> OK > CN=account2,CN=Users,DC=matrixscience,DC=co,DC=uk ---> FAIL > MATRIXSCIENCE.CO.UK\account1 ---> OK > MATRIXSCIENCE.CO.UK\account2 ---> OK > > but

21.06.2017 11:45, L.P.H. van Belle via samba пишет: > I suggest before you upgrade do a very good read here. > > https://wiki.samba.org/index.php/Updating_Samba#Notable_Enhancements_and_Changes > > https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) > And a summerize version for with all parameter changes as of upgrade from 4.2 up to 4.6 >

Thank you, Louis, for your reply. By simply asking me to provide outputs of the aforementioned files, I found the cause of my first problem (auth failing). It was my /etc/hosts file on dc1. All of them should look like this, and indeed DC2 and DC3's *did* look like this: # cat /etc/hosts > 127.0.0.1 ? ? ? localhost.samdom.mycompany.net ?localhost > 192.168.3.201

I tried joining the same AD before and succeeded, however after upgrading to Debian Buster and installing AD Certificate Services on the Windows DC my join does not work anymore: samba-tool domain join samdom.example.com DC -U?SAMDOM\adadmin? ?site=?KA-H9? fails during the ldap part with: Join failed - cleaning up Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr:

Hi Andrew, I am deeply impressed by your speed! :D The RODC is actually Samba 4.7.4, the other DCs are still on 4.6.12. Any suggestion how I can debug this w/o setting everything on level 10? ;) Best regards Johannes Am 22.01.2018 um 20:45 schrieb Andrew Bartlett: > On Mon, 2018-01-22 at 20:36 +0100, Johannes Engel via samba wrote: >> Dear all, >> >> setting up a DMZ

Hai, And Omg... Your right, its my fault. :-/ I didnt say to you, you needed make the changes, to change what Rowland showed. Im really sorry.. ;-) when im in austria i'll buy you a beer. Or if you want teach you snowboarding.. I have an other guy in austria that cant ski/board. Im going to teach him also. .. So funny a dutch guy teaching to austria guys.. :-) And how is it running

Hai, ? From what i see below. ? kinit that should work, or error in krb5.conf or resolv.conf. What is the first resolver in resolv.conf and is samba configured with internal DNS or Bind9_DLZ? ? This is in /etc/ldap/ldap.conf TLS_CACERT????? /etc/ssl/certs/ca-certificates.crt TLS_REQCERT allow ? cp /var/lib/samba/private/krb5.conf /etc/krb5.conf not really needed, but it does not hurt. ?

On Mon, 2018-01-22 at 20:36 +0100, Johannes Engel via samba wrote: > Dear all, > > setting up a DMZ environment I was thinking to use an RODC there for > user authentication. One of the application in the DMZ needs to access > the directory via LDAP. > > When I tried to connect to the RODC using LDAP with simple bind, I > always received the following error > >

Am Sa., 6. Apr. 2019 um 18:01 Uhr schrieb Rowland Penny via samba < samba at lists.samba.org>: > On Sat, 6 Apr 2019 17:21:26 +0200 > Martin Krämer <mk.maddin at gmail.com> wrote: > > > Hello Rowland, > > > > thanks for your help. > > Below my comments > > > > See here: > > > > > > http://apt.van-belle.nl/ > > >

I have tried configure Postfix with Dovecot SASL to authenticate remote users in LDAP (Active Directory). Below my dovecot.conf: protocols = none ssl = none auth default { ??? mechanisms = plain login ?? ?passdb ldap { ??????? args = /usr/local/etc/dovecot-ldap.conf ? } ?? ?userdb ldap { ??????? args = /usr/local/etc/dovecot-ldap-userdb.conf ? } }

Thanks for your attention > You are always receiving these: > > Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 > Join failed - cleaning up Yes, but the DNS record is created and it persists after the failure. Another thing I've noticed using RSAT "Active Directory Users and Computers" is that the new DC computer account SRVAD-NEW$@SAMDOM.LOCAL is

Hello, > On 07/10/15 00:33, TAKAHASHI Motonobu/高橋 基信 wrote: > > Hello, > > > > I tested to transfer all 7 FSMOs from Windows Server 2003 Enterprise > > to Samba 4.3.0 DC. (I think some users still use Win2K3 and want to > > migrate.) But unfortunately is failed. > > > > To reproduce, > > > > (1) Promoto Win2K3R2 Enterprise host to first DC.

Hi again I'm trying to authenticate a user against an LDAP Server (well, our AD, but it can LDAP). This is my configuration: hosts = my.server.local auth_bind = yes ldap_version = 3 base = CN=Person,CN=Schema,CN=Configuration,DC=company,DC=local scope = subtree user_attrs = \ =home=/home/imapproxy/%u, \ =mail=maildir:/home/imapproxy/%u pass_attrs = uid=%u, userPassword=%w

Hello, I tested to transfer all 7 FSMOs from Windows Server 2003 Enterprise to Samba 4.3.0 DC. (I think some users still use Win2K3 and want to migrate.) But unfortunately is failed. To reproduce, (1) Promoto Win2K3R2 Enterprise host to first DC. (2) Join self-built Samba 4.3.0 to the domain. (3) Run 'samba-tool fsmo transfer --role=all' root at jessie64-1:~# samba-tool fsmo