similar to: Samba Share - security considerations

On Fri, 4 May 2018 12:12:55 -0300 Edouard Guigné via samba <samba at lists.samba.org> wrote: > Dear Samba Users, > > I configured a samba share on a linux centos 7 server as server > member of an Active Directory Domain. > > I used posix extended unix attributes in AD for permissions on the > Samba share. > Winbind and SSSD are also installed for the mapping of

I see, yes the unix attributes are set on the AD DC (RFC2307) for each users and each groups. And that's a question, because I am using a Windows Server 2012 R2 as AD DC. Does the unix attibutes will be still available in the Windows Server 2019 version ? I don't talk about the ADUC and how to set unix attributes tab, I ask about the attributes on the AD schema because I know that NIS

Log level to 10 was for debug reasons, I can now surely set to 1 now. Concerning idmap config IPGAD, I don't see why is the reason to start at 1... I will set to 10000 as according to the documentation, thank you. What do you mean by " You are also using the winbind 'ad' backend, so have you added anything to AD ? " ? Le 10/04/2019 à 12:38, Rowland Penny via samba a

Hello everyone, I plan to change an old samba share (SMB1) configured on an Samba PDC "old NT4 Style" server. For that plan, I choose to migrate domain from the old NT4 domain to on Microsoft Active Directory (Windows 2012 R2) set with posix attributes rfc2307, and then change the old Samba share with a new linux box (centos 7) with winbind, sssd configured against Microsoft AD. At

Hello Dale, Set inherit acls = yes locally to my share groups, and remove map acl inherit = yes from global parameters of smb.conf does not solve my issue. I still have acl "Domain Users" added to new folders/files. As i write in my previous email, the only way i found to disable acl "Domain Users" to be added was with : inherit owner = yes With some disavantages for users

Edouard, These are the 4 available parameters containing the word "inherit". inherit acls (S) inherit owner (S) inherit permissions (S) map acl inherit (S) Would "inherit acls" work for you? Dale On 12/10/18 10:56 AM, Edouard Guigné via samba wrote: > Hello, > > I add to my previous mail, the only way i found to disable acl

Hello Samba Users, In my infrastructure, samba is set with a Windows Server 2012R2. I set kerberos service in the linux samba box and winbind to communicate with the Active Directory Windows 2012 R2 domain controler. Unix Attributes are retrieved from the AD database (rfc2307) via Winbind. I know that the current approche is to use Samba AD instead microsoft server. But I would like to know

Hello Rowland, Yes, this is just for this user. I was also thinking it was an issue with Windows 10. But I noticed this error also on others workstations in Windows 7 pro with this user account. I will try to delete and recreate the account. Ed Le 20/06/2018 à 12:43, Rowland Penny via samba a écrit : > On Wed, 20 Jun 2018 12:13:28 -0300 > Edouard Guigné via samba <samba at

Hello Samba Team, I faced an issue to allow a user to connect a samba share at windows Logon and if I tried with "net use S: \\sambashare /user:DOMAIN\user passwd. I get the following error : "User cannot log on from this workstation. Error 2240" It happens only with this user, because with others accounts I can connect to the share without error. Windows client is Windows 10

Hello, I set a share on a samba 4.7.1 as domain member with an Active Directory controler, this share is used by all domain users. All users from the AD domain have a primary group "Domain Users", and secondary groups to filter access on the folders of the share. I noticed that when a user create a sub-folder/file inside a "Top folder", the default permissions from the

Hello Dear Samba Users, I have sucessfully set a samba share on a centos 7 box (samba 4.6.2) and succeeded into make work snapshots (vfs_shadow_copy2 with xfs and lvm). The snapshots appears well in windows previous versions. However, I expected to go further with snapshots and use the options "shadow:snapprefix" and "shadow:delimiter"in order to filter daily, weekly

Hello, I am reading RHEL 7 docs concerning samba integration, and I found https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/windows_integration_guide/index#winbind "4.2.4. Switching Between SSSD and Winbind for SMB Share Access This procedure describes how you can switch between SSSD and Winbind plug-ins that are used for accessing SMB shares from SSSD

My idea is to replace default "cifs_idmap_sss.so" plugin by "idmapwb.so" winbind plugin, in order to SSSD becomes a client of winbind. To avoid to change nsswitch.conf : passwd:???? files sss shadow:???? files sss group:????? files sss into passwd:???? files winbind shadow:???? files winbind group:????? files winbind because I need an other access in sftp, this is using

Hello, I am facing issues to keep samba share to be mapping in Windows 10 After computer start, and first login, the share is mounted correctly. Then user logout, wait for 5 min, and log in windows again, the share cannot be mounted. An "error 64" occurs, with then "the specified network path is not available"... My samba server is in version 3.5.6 (SMB1) My Windows 10

This way is so easier... Thank you Rowland Le 20/06/2019 ? 14:01, Rowland penny via samba a ?crit?: > On 20/06/2019 17:54, Edouard Guign? via samba wrote: >> My idea is to replace default "cifs_idmap_sss.so" plugin by >> "idmapwb.so" winbind plugin, in order to SSSD becomes a client of >> winbind. >> To avoid to change nsswitch.conf : >>

On 17/06/2019 17:45, Edouard Guign? via samba wrote: > Hello, > > I do not know how should be nsswitch.conf configured. > What should I change in it according to "/you either do not have the > passwd, group and shadow lines or you have chosen not to show them/" ? > Something like this? added to nsswitch.conf ? > passwd : files > group : files > shadow : files

Hello Rowland, Yes, this is an Unix Domain member. Below, my smb.conf : [global]     security = ads     realm = IPGAD.MYDOMAIN.FR     workgroup = IPGAD     kerberos method = secrets and keytab     server signing = mandatory     client signing = mandatory     client use spnego = yes     hosts allow = 127. 10.9.X. 10.9.X. 10.9.X. 10.9.4. 10.9.X.     hosts deny = 10.9.X. 10.9.X.    

Hello, I performed a test in order to get access to my samba share with winbindd (and not sssd). For that, 1. I change the gid of domain users from 513 to 15513 (to match with the domain range 10000 - 14999) And verify my test user is part of 15513 2. Stop sssd and change nsswitch.conf like this : /passwd:???? files winbind// //shadow:???? files// //group:????? files //winbind// / 3.

On 21/06/2019 15:39, Edouard Guign? via samba wrote: > Hello, > > I am facing 2 issues now. > The first one is the more critical for me... > > 1. When I switch from sssd to winbind with : > # authconfig --enablekrb5 --enablewinbind --enablewinbindauth > --enablemkhomedir --update > > My sftp access did not work. Does it change the way to pass the login ? > I used

Yes, I mean running samba as a Unix Domain Member. The domain should be manage by a Windows server 2019 AD. EdG Le 19/03/2019 à 12:31, Rowland Penny via samba a écrit : > On Tue, 19 Mar 2019 12:14:41 -0300 > Edouard Guigné via samba <samba at lists.samba.org> wrote: > >> Hello Samba Users, >> >> In my infrastructure, samba is set with a Windows Server 2012R2.