Displaying 20 results from an estimated 3000 matches similar to: "Moving roaming profiles between domains, risky?"
2018 May 14
0
Moving roaming profiles between domains, risky?
Hai,
Sorry for the late reply, but yes, this is a risky move.
Did you make sure this the DOMAIN SID's are exact the same between old and new servers?
This:
rsync -av --progress --xattrs --rsh=ssh
Does not copy the (windows) acl's.
Look at https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround
Howto to this with rsync and unison, the
2017 Nov 30
4
Troubles on Roaming Profiles...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> Is this on a DC ?
No, is a DM.
> If it isn't, Try setting it up exactly like it is shown on the
> wikipage, note that you only need the 'vfs objects' line if it isn't
> set in [global]
Wikipage say only:
Create a new share. For details, see Setting up a Share Using Windows ACLs.
and
2017 Nov 30
2
Troubles on Roaming Profiles...
I've created a folder for roaming profiles:
[profiles]
comment = Network Profiles Share
path = /srv/samba/profiles
browseable = No
store dos attributes = Yes
csc policy = disable
map acl inherit = Yes
read only = No
vfs objects = acl_xattr
Share permission and folder permission seems right, exactly as in:
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
I've
2017 Dec 06
4
DM and ''offline'' PAM (and NSS?)...
I'm using samba 4.5 on a debian jessie (Louis packages).
Rarely it happen that a power outgage tear down all the stuff, here.
I've noticed that if the DM start before the DC, clearly all account
data are inaccessible.
To prevent or minimize that, the ''offline mode'' of winbind can be
safely used also on DM servers? Or is tailoread against roaming client
(portables,
2019 Sep 23
4
testparm comaprison
On 23/09/2019 13:42, Trenta sis via samba wrote:
> Thanks, ntlm auth is temporary until we have solved some issues
> getent is needed by filesystem acl
>
If you think you need the 'winbind enum' lines so that 'getent' works,
then think again ;-)
If you do not have the 'winbind enum 'lines 'getent passwd username'
will still work.
'getent passwd'
2019 Oct 16
4
vfs_recycle permission bug?!
Samba 4.8 (Louis debian repo), DM.
Today i've had to recovery a deleted file in that share, that use
'vfs_recycle' modules:
[Work]
comment = Spazio di Lavoro Utente
map acl inherit = Yes
path = /srv/work
read only = No
store dos attributes = Yes
vfs objects = acl_xattr recycle full_audit
volume = Work
full_audit:failure = none
full_audit:success = mkdir rmdir read pread
2017 Nov 29
2
LDAP query and result: better field for username?
Currently for my user:
root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$"
cn: gaio
name: gaio
sAMAccountName: gaio
uid: gaio
msSFU30Name: gaio
what field is betetr to use for querying for user 'gaio'?
'uid' no (because RFC2307 data can be missing), so?
'sAMAccountName'? or
2017 Dec 18
2
DM and ''offline'' PAM (and NSS?)...
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> What you show below is correct.
> In linux, DOM\user != user
I know. And i was using 'wbinfo', that, AFAIK query directly winbind
and no POSIX stuff...
> https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
> [realms]
> SAMDOM.EXAMPLE.COM = {
> auth_to_local = RULE:[1:SAMDOM\$1]
>
2018 Mar 26
3
[OT?] winbind e quota...
As was used to (in Samba NT/LDAP), i've enabled quota on /homes, and
homes are exported (as homedrive) for users.
Editing quotas (with edquota) works as expected, and in windows explorer
users get quota correctly reported, but a simple:
repquota -a
return nothing:
root at vdmsv1:~# repquota -a
*** Report for user quotas on device /dev/sdb1
Block grace time: 28days; Inode grace time:
2017 Nov 10
1
[Curiosity] Default domain, DC and DM...
In my DC, without setting explicitly a 'winbind default domain', i can
check logins domainless:
root at vdcsv1:~# id gaio
uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication
2023 Aug 29
1
GlusterFS, move files, Samba ACL...
On Tue, 29 Aug 2023 15:44:35 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> >> In samba the share is:
> > I wish people wouldn't do this, if you are going to post a share,
> > please post the global section as well.
>
> Sorry.
>
> # Global parameters
>
2017 Dec 18
3
DM and ''offline'' PAM (and NSS?)...
On Mon, 18 Dec 2017 15:51:47 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> > I've seen:
> > https://wiki.samba.org/index.php/PAM_Offline_Authentication
>
> I've tried to enable offline logon, and seems to work as expected.
>
> I've only found a little strange thing, i think related to the fact
> that in my DM i've set
2020 May 04
2
Windows link in linux share...
To reduce the space occupied by Thunderbird IMAP Cache, i've found
this:
https://bugzilla.mozilla.org/show_bug.cgi?id=517425#c49
and seems works as expencted. I've a bit extended to link also global-messages-db.sqlite
(eg, global search index).
But after that, i don't find in roaming profile (server side) the link created
with mklink.
Link are not supported by samba? Thanks.
--
2018 Mar 27
2
[OT?] winbind e quota...
Mandi! Micha Ballmann via samba
In chel di` si favelave...
> What shows 'getent passwd'?
Only local users, of course.
Seems this is the culprit. I've tried 'quota' and works as expected:
root at vdmsv1:~# quota -su gaio
Disk quotas for user gaio (uid 10000):
Filesystem space quota limit grace files quota limit grace
/dev/sdb1 204K
2017 Dec 14
5
[Curiosity] 'netbios aliases' works in AD mode?
Ahem no one reply me.
A little fast-rewind: i need to have some 'aliases' to my servers (DM);
seems i need to add in smb.conf:
netbios aliases = FILESV
but also add a 'SPN'; trying to look around for an examples, lead me to
''nothing'', or to examples that seems to me unrelated.
Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host
is
2019 Nov 15
3
Account locked and delayed user data propagation...
I need to do some testing, but before to hit by head on a known wall, i
ask here.
My AD domain get used (via PAM/Winbind) to give access to some other
dervice, most notably here dovecot.
When password expire (or users change it) the MUA try the old password
some times, then ask for a new password; users cleraly get scared,
press randomly 'OK' or 'Cancel', but if they press 2-3
2017 Nov 30
2
Troubles on Roaming Profiles...
i've seen that is similar to your latest test.
What about a gpresult -h result.html. The GPo is appplied to the user?
Greetings!!
2017-11-30 13:29 GMT+01:00 Daniel Carrasco <d.carrasco at i2tic.com>:
> I don't know if is relevant and maybe is the same as GPO that you've
> created, but Ive a profiles folder with this configuration:
>
> [profiles]
> path
2020 Oct 02
1
Freeradius logon with machine account...
Mandi! Klaus Ade Johnstad via samba
In chel di` si favelave...
> I can't offer any hints, but, this has been on my list of things to do
> for some time, could you share with us exactly what you have done so
> far, so other can follow and setup the same, maybe we either encounter
> the same problems as you, or not.
Oh, 'pretty nothing'. All work pretty automagically
2020 Oct 01
2
Freeradius logon with machine account...
With Samba in NT mode, i was able to enable wireless access using
machine account, and worked decently.
Now i want to try again in AD mode, but i've not found info, and i've
just hit a trouble:
Oct 1 14:31:55 vdmsv1 radiusd[13555]: rlm_ldap (ldap): Opening additional connection (25), 1 of 31 pending slots used
Oct 1 14:31:55 vdmsv1 radiusd[13555]: (187) Login incorrect:
2017 Dec 07
2
[Curiosity] 'netbios aliases' works in AD mode?
On Thu, 2017-12-07 at 10:48 +0100, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
> In chel di` si favelave...
>
> > > This lead me to another question: in this way, aliases are ''domain
> > > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
> > > another DM aliased 'file' in another LAN, as