Displaying 20 results from an estimated 10000 matches similar to: "Logon scripts and AD..."
2018 Mar 08
1
Logon scripts and AD...
On Thu, 08 Mar 2018 23:10:08 +1300
Andrew Bartlett via samba <samba at lists.samba.org> wrote:
> On Thu, 2018-03-08 at 11:04 +0100, Marco Gaiarin via samba wrote:
> > I'm a bit confused.
> >
> > How i can set a netlogon script? Samba wiki seems does not contain
> > hint, smb.conf manpage does not explicitly reference 'logon script'
> > option as
2018 Jun 21
2
Password complexity checks and local users...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> It doesn't have to contain punctuation:
Ahem, i've write 'punctuation' but i meant 'Non-alphanumeric
characters'. Sorry.
> So, as I am sure you can see, 'kaaPxvqEXW' only passes the first two.
> It contains uppercase and lowercase, but neither numbers or punctuation.
Exactly i supposed.
2018 Apr 11
3
Map share based on site?
In Samba/NT i was used to share mapping done in netlogon script, so
users move around between sites, get home and profile from remote
location but still have share mapped from local servers.
In Samba/AD, using GPO, share mapping is in ''user policy'', and so
user roam between sites and get different policies?
I'm googling around but i'm a bit confused... i can still use
2018 Jun 21
3
Password complexity checks and local users...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > But my question really is: why this policy apply, if i've not enabled
> > in GPO?
> Probably because GPOs have no effect on a Samba AD DC, they will only
> effect Windows clients.
Rowland, i'm speaking about windows clients, not samba servers!
I've enabled 'complexity checks' in samba servers,
2018 Mar 05
2
[OT?] 'negative' GPOs for local user?!
I'm trying to define the GPOs on my new AD domain, and i'm a little
confused.
I've never worked with AD, but i've extensively used MLGPO, where i can
explicitly apply GPOs to users/groups.
Two examples, of my confusion.
1) i've setup password policies (8 chars, 5-row password history,
...), and this is a ''computer'' policy, that apply... to computers. ;-)
2017 Nov 14
1
Setting up Second Samba DC samba-tool ntacl sysvolreset fails
Mandi! Rowland Penny via samba
In chel di` si favelave...
> The error you are getting is usually caused by adding GPOs to the first
> DC and then NOT copying them to the second DC before running
> 'sysvolreset'. The GPOs are also stored in AD, 'sysvolreset' reads AD
> to find where the GPOs are supposed to be, but if it cannot find any,
> it errors out.
2017 Sep 19
2
[OT?] VM or Container for an AD DC?
I'm starting to deploy my new domain in my organization, setting up the
new domain and DCs.
I'm following the recommendation to create the DCs as ''DC only'', eg
with only samba and a root access for ssh.
Having to choose between VMs and Containers (LXC), there's differences
between them that can involve samba features/performances? Filesystem
limitation?
Seems to
2018 Mar 21
2
log error about permissions in truncated share path...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> Is there a file that starts 'sysvo' in /var/lib/samba/usershares ?
root at vdcsv1:~# ls -la /var/lib/samba/usershares/
totale 8
drwxrwx--T 2 root sambashare 4096 set 19 2017 .
drwxr-xr-x 8 root root 4096 mar 19 11:58 ..
No.
> > I can disable 'usershares'?
> You shouldn't have to, by
2018 Mar 21
2
Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
I've hitted the error in subject trying a backup of my sysvol.
Mar 21 11:13:31 vdcsv1 winbindd[3494]: [2018/03/21 11:13:31.234373, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Mar 21 11:13:31 vdcsv1 winbindd[3494]: Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!
Looking on internet/list archive leadme to recent post (november 2017)
and this
2017 Sep 26
1
'check password script' ignored in AD mode?
I'm trying to play with 'check password script' in AD mode, and seems
to me that are simply ignored, at least when users logged on windows
clients and (try to) change the password.
I've also noted if i use other tools (eg, samba-tool for example) 'check password script'
get executed.
I've looked around, and seems that 'check password script' came back in
4.5,
2019 Oct 17
2
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> Don't think that will work, unless you never turn the computer off or
> restart Samba.
> The problem isn't how often the cache gets updated, it is 'does the cache
> exist'
Ahem, sorry, no... i was not speaking 'now', but 'when bug 14074 get
fixed'.
So, supposing the bug that delete the
2017 Oct 24
2
'check password script' and Join...
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> Did you run the command to disable the password check or complexabilty on all you DC's?
Oh, never minded about that. Sure.
Instead of commenting 'check password script' i can do:
samba-tool domain passwordsettings set --complexity=off
sure! Thanks!
But, why you say «on all you DC's»? The password policies
2019 Oct 18
2
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> > a) NSS cache are permanent, and does not expire if there's NO DC
> > reachable.
> That is the way it is supposed to work, if you go offline (all DCs go down
> or you wander away with a laptop), the cache is used until you next connect
> to the domain (at least one DC comes back online or you wander back
2019 Oct 17
3
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> Yes, somebody moved the cache to a different directory and it now gets wiped
> every time Samba is restarted, we have a bug report for it:?
> https://bugzilla.samba.org/show_bug.cgi?id=14074
Ok, thanks.
I suppose that cache get controlled by:
idmap cache time = 604800
winbind cache time = 300
so, for a portable system,
2020 Oct 02
1
Freeradius logon with machine account...
Mandi! Klaus Ade Johnstad via samba
In chel di` si favelave...
> I can't offer any hints, but, this has been on my list of things to do
> for some time, could you share with us exactly what you have done so
> far, so other can follow and setup the same, maybe we either encounter
> the same problems as you, or not.
Oh, 'pretty nothing'. All work pretty automagically
2019 Oct 17
3
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> > Considering a 'full offline' DM client (supposing a portable), there's
> > a 'winbind permanent nss cache' or a general nss cache (like
> > nss-updatedb):
> > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd
> > have to be used? Thanks.
> No, you cannot use
2017 Oct 24
3
'check password script' and Join...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> The password settings are related to the DC and by default you cannot
> set or change a password if it isn't complex enough
Ok.
>, you do not need to use an external script.
Ahem, someone out there need it. ;-)
This mean that, if i keep a 'check password script', i could also hit
some trubles on, eg,
2019 Oct 17
1
List of applied policy if 'apply group policies = yes'...
Ahem, again revising docs...
I've not found a place where there's a ist of policy applied if i set:
apply group policies = yes
There's something like that? they are exactly the policy in:
samba-tool domain passwordsettings show
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
2019 Oct 17
4
Offline logon and NSS...
I'm revising some docs, and i've returned on the 'offline logon' tema.
Looking at:
https://wiki.samba.org/index.php/PAM_Offline_Authentication
and smb.conf manpage, it is clear that 'offline logon' is
a pam/authentication only, does not involve NSS.
Considering a 'full offline' DM client (supposing a portable), there's
a 'winbind permanent nss
2017 Nov 30
1
Troubles on Roaming Profiles...
Hello,
The GPO must be linked to the computers OU also, then the computer part
will be applied too.
Greetings!!
2017-11-30 14:54 GMT+01:00 Marco Gaiarin via samba <samba at lists.samba.org>:
> Mandi! Daniel Carrasco via samba
> In chel di` si favelave...
>
> > What about a gpresult -h result.html. The GPo is appplied to the user?
>
> Mmmhhhh... seems me no. Clearly