similar to: 10 minutes between primary group change and effect on Fedora 27

On Tue, Mar 13, 2018 at 7:30 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > On Tue, Mar 13, 2018 at 5:31 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >> On Tue, Mar 13, 2018 at 4:12 PM, Rowland Penny via samba >> <samba at lists.samba.org> wrote: >>> On Tue, 13 Mar 2018 16:05:53 -0600 >>> Jeff Sadowski <jeff.sadowski at

On Tue, Mar 13, 2018 at 4:12 PM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 13 Mar 2018 16:05:53 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> On Tue, Mar 13, 2018 at 4:03 PM, Rowland Penny via samba >> <samba at lists.samba.org> wrote: >> > On Tue, 13 Mar 2018 15:57:35 -0600 >> > Jeff Sadowski

Hai, Checked and confirmed also on Debian stretch with samba 4.7.6. Even restart winbind does not help. A net cache flush, same did not work. A reboot, as test, did help here. I suggest increase the debug level and report bug? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jeff > Sadowski via samba >

My smb.conf file now looks like so [global] #--authconfig--start-line-- # Generated by authconfig on 2017/10/30 10:47:34 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = MIND password server = MIND.UNM.EDU realm = MIND.UNM.EDU security = ads idmap config * : range = 2000-7999

I found what I needed to do DOMAIN=MIND.UNM.EDU SHORT=MIND authconfig --enablekrb5 --krb5kdc=${DOMAIN} --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} --smbservers=${DOMAIN} --smbworkgroup=${SHORT} --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash --enablemkhomedir --enablewinbindusedefaultdomain

On Tue, Mar 27, 2018 at 9:15 AM, Rowland Penny <rpenny at samba.org> wrote: > On Tue, 27 Mar 2018 08:46:00 -0600 > Jeff Sadowski via samba <samba at lists.samba.org> wrote: > >> My smb.conf looks like so. >> >> [global] >> security = ads >> realm = MIND.UNM.EDU >> workgroup = MIND >> idmap config * : backend = tdb >>

OS:fedora-26 SAMBA:4.6.8 [root at squints ~]# cat /etc/samba/smb.conf [global] security = ads realm = MIND.UNM.EDU workgroup = MIND idmap config * : backend = tdb idmap config * : range = 2000-7999 idmap config MIND:backend = ad idmap config MIND:schema_mode = rfc2307 idmap config MIND:range = 8000-9999999 winbind nss info = rfc2307 winbind use default domain = yes

On Tue, 27 Mar 2018 08:46:00 -0600 Jeff Sadowski via samba <samba at lists.samba.org> wrote: > My smb.conf looks like so. > > [global] > security = ads > realm = MIND.UNM.EDU > workgroup = MIND > idmap config * : backend = tdb > idmap config * : range = 2000-7999 > idmap config MIND:backend = ad > idmap config MIND:schema_mode = rfc2307

My smb.conf file looks like so [global] security = ads realm = MIND.UNM.EDU workgroup = MIND idmap config * : backend = tdb idmap config * : range = 2000-7999 idmap config MIND:backend = ad idmap config MIND:schema_mode = rfc2307 idmap config MIND:range = 8000-9999999 # added because 4.6+ no longer understands winbind nss info = rfc2307 idmap config

ok after fighting to get my groups sorted out for my test user I created an "sudoer" group and added "jefftest" to "sudoer" > id jefftest uid=11507(jefftest) gid=8513(domain users) groups=8513(domain users),31020(sudoer) and added "sudoer" to /etc/sudoers like so %sudoer ALL=(ALL) ALL now when I login as jefftest I can run commands using sudo back to

On Tue, Mar 13, 2018 at 5:31 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > On Tue, Mar 13, 2018 at 4:12 PM, Rowland Penny via samba > <samba at lists.samba.org> wrote: >> On Tue, 13 Mar 2018 16:05:53 -0600 >> Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >> >>> On Tue, Mar 13, 2018 at 4:03 PM, Rowland Penny via samba >>>

On Mon, 30 Oct 2017 10:58:01 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > nope that just brute forced homedir and shell. It'll work for what I > want this machine for but I'd like to get the homedir and shell from > AD > The only real thing running authconfig did to the smb.conf was to add: password server = MIND.UNM.EDU You shouldn't need this,

# cat /proc/sys/kernel/ngroups_max 65536 # sysctl kernel.ngroups_max kernel.ngroups_max = 65536 Is there a way to change/look at AUTH_SYS? Seems I have 28 groups now as my user I tried created a test user with much less groups but it turns out it is on all those other groups. As such I tried winbind nested groups=no but this doesn't seem to change anything. On Tue, Dec 8, 2015 at 5:05

nope that just brute forced homedir and shell. It'll work for what I want this machine for but I'd like to get the homedir and shell from AD On Mon, Oct 30, 2017 at 10:54 AM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > My smb.conf file now looks like so > [global] > #--authconfig--start-line-- > > # Generated by authconfig on 2017/10/30 10:47:34 > # DO NOT

This seems to work for maxPwdAge ldapsearch -LLL -Q -s base -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld maxPwdAge now I just need to query a users pwdLastSetq I tried the commands above but am not getting anything. I tried looking at the ungrepped output but I don't see how to link the pwdLastSet with any user. I get a long list. I think I'm looking for dn: and a matching pwdLastSet?

On Tue, Mar 13, 2018 at 4:03 PM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 13 Mar 2018 15:57:35 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> On Tue, Mar 13, 2018 at 12:54 PM, Rowland Penny via samba >> <samba at lists.samba.org> wrote: >> > On Tue, 13 Mar 2018 12:13:32 -0600 >> > Jeff Sadowski via

On Mon, 30 Oct 2017 12:22:54 -0600 Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > No, fedora is action strange. it isn't getting the loginShell and > unixHomeDirectory attributes even if I take out the templates. also it > sets a bunch of other files up and I'm not sure what all it is doing. > Forget it is Fedora, do not use their tools and set up the individual

On Tue, Mar 13, 2018 at 12:54 PM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 13 Mar 2018 12:13:32 -0600 > Jeff Sadowski via samba <samba at lists.samba.org> wrote: > >> My smb.conf file looks like so >> >> [global] >> security = ads >> realm = MIND.UNM.EDU >> workgroup = MIND >> idmap config * :

Actually is there a way to show it more like a timestamp. It is hard to compute days left with a date format like that. I guess I could use date to do the conversion but I was wondering if there is a cleaner way On Fri, Feb 3, 2017 at 8:51 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 3 Feb 2017 07:44:39 -0700 > Jeff Sadowski via samba <samba at

Hello, is there a way to get the last uidNumber from ldap. I can do a ldapsearch like: ldapsearch -h samdom.example.com -D "administrator at samdom.example.com" -w "changeit" -b "DC=samdom,DC=example,DC=com" -x -LLL "(uidNumber=*)" uidNumber | grep -Po "(?<=uidNumber: )([0-9]{4})" | sort | tail -n1 But there is no guarantee that the last