Displaying 20 results from an estimated 3000 matches similar to: "Adding Share Windows ACL"
2018 Feb 06
1
GPOs not Working!
now, im on a phone and no browser, so limit help.
first thing i see.
CN=Bj”rn <User>,CN=Users,DC=rootrudi,DC=de
Bj”rn ?
is your system set to utf8?
i dont know, but this does not look right.
i see, wifi? yes, try utp.
langsame Verbindung:500 kbps
and do try the ignore systemacl.
that solves the user/group “nt authority\system” problems the easy way.
greetz
Louis
Op 6 feb. 2018
2018 Jan 26
0
Adding Share Windows ACL
I dont agree..
> Yes, Domain Admins needs to be a Unix group.
I agree on this one.
> No, because if Domain Admins is a Unix group, it cannot own GPOs in
> sysvol and Domain Admins needs to own GPOs as a user. On a Samba DC,
> Domain Admins is mapped to 'ID_TYPE_BOTH' and can own GPOs as a user.
Not totaly.. Imo.
Just set ignore systemacls on sysvol and you dont have any
2017 Sep 05
3
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Thank you very much for clarifying the ID mapping "magic";)
> You do not need 'posixgroup', it is an auxiliary objectclass of
group, you can add any of the rfc2307 attributes without it.
Well, is there any option to remove it? Because "posixgroup" is on
every group that was migrated from Samba 3.
And I cannot edit this attribute in ADUC (delete button is grayed).
2018 Feb 06
5
GPOs not Working!
On 2/6/2018 1:42 PM, Robert Marcano via samba wrote:
> On 02/06/2018 01:44 PM, Micha Ballmann via samba wrote:
>> Hello,
>>
>> i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT
>> Kerberos (clean, not upgraded). I just wan to create/activating a
>> simple GPOs.
>>
>> # Interactive logon: Do not require CTRL + ALT + DEL -> activate
2017 Mar 07
4
Problem sysvolreset
On Tue, 7 Mar 2017 10:26:03 -0800
Kris Lou via samba <samba at lists.samba.org> wrote:
> Hang on, can you explain this a little further? I thought that Domain
> Admins was issued gidNumber 512 by default. In addition, sysvolreset
> is not recommended to fix potential SysVol replication problems with
> GPO perms?
>
No Domain Admins doesn't get gidNumber 512 by default,
2018 Jan 22
3
SAMBA 4.7.4 with MIT Keberos
Hello,
i installed a SAMBA 4.7.4 AD Server on Ubuntu 18.04 (BETA). SAMBA4 was
compiled from source. For MIT Keberos i also installed libkrb5-dev and
krb5-kdc and compiled with the "--with-system-mitkrb5" option.
The installation runs pretty good (some dependencies problem, solved
manually). But now im not able to test kerberos:
# kinit administrator
--> kinit: Cannot find KDC
2017 Sep 05
1
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Well, we are getting somewere...;)
>It is probably 'greyed' out because no Windows tools use it or will
add it. You will probably need to use Unix tools (ldb or ldap) to
remove>them, but you can if you so wish ignore them. What you should
never do is to rely on them being there, because they may or may not be
there.Ok, I'll let it be there> You need to remove the gidNumber
2018 Nov 21
3
Testparm CUPS warning
Hello,
today i upgrade my printserver from samba 4.8.6 to 4.9.2 (ubuntu 18.04).
First, all is working correctly. But whe im typing "testparm" now the
following warnings are shown:
##############
Loaded services file OK.
Warning: Service printers defines a print command, but parameter is
ignored when using CUPS libraries.
Warning: Service print$ defines a print command, but
2018 Aug 07
2
id <username> - doesnt list all groups
Thank for your answer:
But i dont know understand why is following not working:
I want to restrict the ssh access for a special domain member:
In my "sshd_config" i added:
AllowGroups restrictaccess root
With user2 im able to login via ssh!
log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE
With user1 im not!
log: User user1 from 192.168.0.100 not allowed
2018 Feb 07
1
GPOs not Working!
hai Micha,
The why is explained here.
https://wiki.samba.org/index.php/The_SYSTEM_Account
Which in the end has todo with SID_BOTH, one sid for a user and group, linux does not understand that correctly.
with : acl_xattr:ignore system acls = [yes|no]
When set to yes, a best effort mapping from/to the POSIX ACL layer will not be done by this module. The default is no, which means that Samba
2018 Feb 06
4
GPOs not Working!
Hello,
i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT
Kerberos (clean, not upgraded). I just wan to create/activating a simple
GPOs.
# Interactive logon: Do not require CTRL + ALT + DEL -> activate
# Interactive login: Do not displa last user name -> activate
When im activating this Policys (no errors or something like that)
nothing happend.
I reboot two Domain
2018 Aug 07
2
id <username> - doesnt list all groups
Hello,
my enviroment:
All Servers are Ubuntun 16.04-18.04
SAMBA AD DC Server and several SAMABA DOMAIN MEMBER (connected via
WINBIND). In ADDC I've created a group "restrictaccess" and added some
users.
Now when im typing "id <username>" on a Domain Member, for some users
the group "restrictaccess" are listed for some not!
For example:
ON DC:
#
2018 May 20
3
Samba 4.8.2
On Fri, 2018-05-18 at 14:44 +0200, Micha Ballmann via samba wrote:
> Is it possible to Mix Samba 4.8.2 with Samba 4.7.7?
>
> I have three domain controller (up to 10000 users) running on Samba 4.7.7.
>
> I want to kill all samba processes of Dc1 and do all necessary steps for an upgrade to version 4.8.2. Dc2 and Dc2 still running and providing.
>
> After a reboot of the
2017 Aug 24
3
sysvolreset doesn't reset all ACLs
On 2017-08-24 12:27, Rowland Penny via samba wrote:
> On Thu, 24 Aug 2017 12:03:42 +0200
> Sven Schwedas via samba <samba at lists.samba.org> wrote:
>
>>> root at graz-dc-1b:~# samba --version
>>> Version 4.5.8-Debian
>>> root at graz-dc-1b:~# samba-tool ntacl sysvolreset && echo "no error"
>>> no error
>>> root at
2018 Feb 06
2
GPOs not Working!
On 2/6/2018 2:03 PM, Robert Marcano via samba wrote:
> On 02/06/2018 02:52 PM, lingpanda101 via samba wrote:
>> On 2/6/2018 1:42 PM, Robert Marcano via samba wrote:
>>> On 02/06/2018 01:44 PM, Micha Ballmann via samba wrote:
>>>> Hello,
>>>>
>>>> i have a testing environment, 2 DCs Ubuntu 18.04, SAMBA 4.7.4 - MIT
>>>> Kerberos
2015 Feb 21
3
Samba4, idmap.ldb & ID_TYPE_BOTH
On 21/02/15 19:26, Andrew Bartlett wrote:
> On Thu, 2015-02-19 at 17:15 +0000, Rowland Penny wrote:
>> This all leads me to my questions, why, when it comes to idmap.ldb,
>> can
>> a user also be a group and a group can also be a user and why was it
>> setup like this in the first place ? , there must be a reason for it.
> It goes like this:
>
> - Groups can
2015 Feb 23
1
Samba4, idmap.ldb & ID_TYPE_BOTH
On 22/02/15 01:02, Andrew Bartlett wrote:
> On Sat, 2015-02-21 at 21:37 +0000, Rowland Penny wrote:
>> On 21/02/15 19:26, Andrew Bartlett wrote:
>>
>>> On Thu, 2015-02-19 at 17:15 +0000, Rowland Penny wrote:
>>>> This all leads me to my questions, why, when it comes to idmap.ldb,
>>>> can
>>>> a user also be a group and a group can also
2018 Mar 05
2
SAMBA4 Fileserver & Disk Quota
I tried this. When im creating a folder directly on server, the sticky
bit is working. But it does not work when im doing it from windows.
# ls -l
drwxrws---+ 7 root stickygroup 4096 Mär 5 14:44 00_stickygroup/
Best regards
Micha
Am 05.03.2018 um 14:15 schrieb Michael Wandel:
> IMHO you can use the posix sgid bit.
2020 Mar 09
4
[home] trash folder
Hi,
i have a share called [home]. Designed like described here:
https://wiki.samba.org/index.php/User_Home_Folders#Creating_the_Home_Folder_for_a_New_User.
First i have no problems but i want to enable a trash folder for each
user. At this time i have about 8000 home directories. The directorys
are subfolders from [home].
Is it possible to enable a trash folder inside the home directory
2019 Oct 21
4
Samba4 and Freeradius
Hello,
i've configured a new freeradius server for WLAN authentication. My
radius server is a domain member on my samba 4.7.12 ADDC. For my mschap
configuration i followd this guide:
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory.
The auth works! I can configure ntlm_auth in two differents way?
ntlm_auth = "/path/to/ntlm_auth*--allow-mschapv2*