Displaying 20 results from an estimated 6000 matches similar to: "Guest access to a foreign NT domain fail..."
2018 Apr 24
3
[OT?] Group Policy, drive maps and Cliend Site Caching...
Sorry for that email, but i'm really confused about the subject.
Starting point: in current configuration (Samba, NT mode) some portable
system have CSC enabled, and when go to another site... is another
site, eg does not fined the domain, so simply CSC 'work'' as expected.
Now that i'm moving computer to the new domain, that is the same domain
across all sites, i'm not
2018 Jan 10
1
NTLM, MSCHAPv2, squid & freeradius...
Currently (samba 4 NT-like domains) i use extensively NTLM auth in
freeradius and more mildly in squid, respectively with:
Freeradius (mschap module):
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=SANVITO --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
squid3:
auth_param ntlm program /usr/bin/ntlm_auth
2018 Jan 15
3
Avoiding uid conflicts between rfc2307 user/groups and computers
Mandi! Rowland Penny via samba
In chel di` si favelave...
> I am not disputing what you say, I am just asking for concrete proof
> that a computer account MUST have a uidNumber account.
Rowland, it is not (only) a matter of authentication, it is a matter of
'act' with machine account.
I've digged a bit but found nothing than (i use WPKG as deployment
system, it is only an
2018 Sep 04
4
Upgraded a member server to 4.8, rfc2307 data?
I'm starting to upgrade my domain members to debian stretch/samba 4.8,
using louis packages.
Domain controllers still on jessie/samba45.
Upgrade went smooth, but after upgrade seems that the DM was not able
anymore to retrieve rfc2307 data, eg:
root at vdmsv2:~# getent passwd gaio
gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false
root at vdmsv2:~# ldbsearch -H
2018 Sep 27
2
[OT?] passing group name with spaces to ntlm_auth...
I've not clear if is a squid or a samba/ntlm_auth trouble... indeed...
In Squid i've added:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users'
auth_param ntlm children 5
but in 'cache.log' i got:
Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID!
Winbindd
2018 Sep 24
3
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > clearly, i've on [globals] 'map to guest = Bad User'.
> That is how it is supposed to work, if a known user tries to use a
> wrong password, the user is rejected. If the user is unknown, it is
> mapped to the guest user (usually 'nobody') and allowed access to
> shares where 'guest ok =
2017 Nov 07
2
Best practice for creating an RO LDAP User in AD...
Mandi! Denis Cardon via samba
In chel di` si favelave...
> You can put your service accounts in an OU and add a GPO that deny
> logon/services/tasks locally.
Shortly come back.
I've created a 'Restricted' OU, a 'Restricted' group (i'm short in
fantasy, today ;) and i've created an 'mta' user, both user and group
in 'Restricted' OU, of course.
2018 Feb 08
2
Again guest access and machine account...
I'm still fighting a bit with guest access to shares via machine
account.
Little fast rewind: i'm using samba 4.5.8+dfsg-2+deb9u1~bpo8+1 (louis
packages), and i use an SCM system called WPKG to deploy ad manage
windows machine; that system do their works as SYSTEM account on local
windows workstation.
If the machine account (say, MALCOBB$) have a valid UID/GID, machine
account are used
2018 Sep 27
1
[OT?] passing group name with spaces to ntlm_auth...
On Thu, 2018-09-27 at 12:27 +0200, L.P.H. van Belle via samba wrote:
> Hai marco,
>
> More info on squid config might help here and no smb.conf..
> Ahead of things...
>
> And you better use something like this, change to negotiate auth. (
> and use SSO ).
>
> auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
> --kerberos
2017 Dec 14
5
[Curiosity] 'netbios aliases' works in AD mode?
Ahem no one reply me.
A little fast-rewind: i need to have some 'aliases' to my servers (DM);
seems i need to add in smb.conf:
netbios aliases = FILESV
but also add a 'SPN'; trying to look around for an examples, lead me to
''nothing'', or to examples that seems to me unrelated.
Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host
is
2017 Dec 18
2
DM and ''offline'' PAM (and NSS?)...
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> What you show below is correct.
> In linux, DOM\user != user
I know. And i was using 'wbinfo', that, AFAIK query directly winbind
and no POSIX stuff...
> https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
> [realms]
> SAMDOM.EXAMPLE.COM = {
> auth_to_local = RULE:[1:SAMDOM\$1]
>
2018 Apr 25
2
[OT?] Group Policy, drive maps and Cliend Site Caching...
Hai,
>
> Hi Louis, I think you missed this: current configuration
> (Samba, NT mode)
>
> But I think you are on the right lines, using the same drive letters
> for both sites is asking for trouble.
No, thats ok and should work, since i do that also but in AD dom,
and you may not use persistant drives and you disconnect them at logoff.
>
> However the bigger
2018 Apr 27
1
Homes, folder redirection and hide files...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > Samba 4.5 in AD mode, domain in ''beta'' stage. ;-)
> Yes, but what 'AD mode' ??
> Is it a DC or Unix domain member ?
Uh, oh. Sorry. Domain Member.
> it is 'RECYCLE.BIN' not 'RECICLE.BIN'
Ahem, ops, sorry.
> Have you read 'man vfs_recycle' ?
I use (in other
2018 Oct 09
2
Samba and Freeradius...
I'm trying to move my freeradius server from debian jessie (freeradius 2.2.5+dfsg-0.2+deb8u1
and samba 4.2.14+dfsg-0+deb8u9) in a NT like domain to a new stretch
server (freeradius 3.0.12+dfsg-5+deb9u1 and samba 4.8.5+mnu-1~deb9,
louis packages). Many things changed.
I've followed (also):
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
and added in
2018 Sep 24
2
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
You know what windows did with the "default" local, Administrator on the PC..
They disabled them...
If you joined a domain, then still, the PC administrator is disabled.
And the users is called PCNAME\Administrator and not Administrator
You have "BUILTIN\Administrator" on the servers. ( or SERVERNAME\Administrator )
I hope this helps you understanding your problem a
2018 Jan 15
2
Avoiding uid conflicts between rfc2307 user/groups and computers
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: maandag 15 januari 2018 13:03
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Avoiding uid conflicts between rfc2307
> user/groups and computers
>
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
>
2018 Nov 28
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> If an ldap lookup works on every DC, except for one and the data is
> definitely there on the one DC it doesn't work on, then it must be
> something on that DC. is there a firewall or apparmor/selinux in the
> way ?
No. Anyway, note that query return correctly 'result: 0 Success',
simply return no data.
Another
2017 Dec 18
3
DM and ''offline'' PAM (and NSS?)...
On Mon, 18 Dec 2017 15:51:47 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> > I've seen:
> > https://wiki.samba.org/index.php/PAM_Offline_Authentication
>
> I've tried to enable offline logon, and seems to work as expected.
>
> I've only found a little strange thing, i think related to the fact
> that in my DM i've set
2017 Oct 04
2
Script to reset group memberships...
I was used, for users that leave my network, to disable the account but
also ''sanitize'' the memberships, eg reset group membership to a
default values (normally, 'domain users').
Clearly, using smbldap-tools in a NT domain was easy.
How can achieve the same result in a samba AD domain? Seems that
avaliable commands/tools (pdbedit, wbinfo, samba-tool) does not have
this
2017 Oct 30
2
Password change question/1: smbpasswd does not propagate passwords?!
Doing some test i've done, as root, in one DC:
root at vdcpp1:~# smbpasswd gaio
New SMB password:
Retype new SMB password:
root at vdcpp1:~# pdbedit -v gaio
Unix username: gaio
NT username:
Account Flags: [U ]
User SID: S-1-5-21-160080369-3601385002-3131615632-1105
Primary Group SID: S-1-5-21-160080369-3601385002-3131615632-513
Full