similar to: PAM only and Kerberos...

Mandi! Robert Marcano via samba In chel di` si favelave... > Yes, check the documentation of krb5.conf. Ahem, 'apt-get install krb5-doc' misses. ;-) > In summary you will need to > disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set > you admin and kdc hostnames there, something like: How can i determine kdc and master_kdc values? All DC server are

On 05/28/2018 09:23 AM, Marco Gaiarin via samba wrote: > > In my old Samba/NT/OpenLDAP domains i was used to setup, on some > specific hosts/VM, a simple authentication scheme, so i simply create > locally (eg 'adduser') some users, and then i setupped only PAM part > of ldap. > > Seems to me now, on Samba/AD, to use Kerberos. And seems also TOO easy! > >

Reding the thread in list about gluster, i've found that in your samba packages 4.5.12+dfsg-2+deb9u2~bpo8+1 there's no vfs_glusterfs module, only the manpage. root at vdmsv1:~# grep glusterfs /var/lib/dpkg/info/samba*.list /var/lib/dpkg/info/samba-vfs-modules.list:/usr/share/man/man8/vfs_glusterfs.8.gz root at vdmsv1:~# grep /vfs/ /var/lib/dpkg/info/samba*.list

Mandi! Andrew Bartlett via samba In chel di` si favelave... > I hope this clarifies things, Super-clear! Thanks! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t

Reading here i've understod that for LDAP query it is better to use SAMAccountName as 'login', but today i've found: https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname so, 'SAMAccountName' is a compatibility field with NT mode, limited to 20 chars. Someone here use 21 chars logins? ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66

Debian stretch, louis packages 4.9.16+dfsg-0.1~stretch~1 . After some time (roughly: two weeks) my DC with FSMO roles (seems that other DC are unaffected) goes suddenly on trash: memory jump from 50% (3GB) to 100%, container start to swap and slow down (load 10-15) al the phisical server. A simple restart solve all the troubles. Some hint on how to debug that? Thanks. -- dott. Marco Gaiarin

I need to close a site. No, no people fired, i've defined sites and DC because i hope that get (re)opened, but... There's some care i need to have to remove a DC (clearly, without FSMO roles)? I've looked on wiki to 'remove a DC' but i was not able to find something... Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra

2017-09-19 17:25 GMT+02:00 Marco Gaiarin via samba <samba at lists.samba.org>: > > > ...googling around seems to me that are ''old limitation'', now gone. > > No. > > For me Samba AD DC is running without any problem in an Ubuntu privileged LXC container. Best regards, Marcel

I need to do a simple query, against some LDAP data in 'laster draft schema' format i've added to te samba/AD schema. All LDAP query return the same result on all (6) of the DC: root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember Enter LDAP Password:

Mandi! Rowland Penny via samba In chel di` si favelave... > > But my question really is: why this policy apply, if i've not enabled > > in GPO? > Probably because GPOs have no effect on a Samba AD DC, they will only > effect Windows clients. Rowland, i'm speaking about windows clients, not samba servers! I've enabled 'complexity checks' in samba servers,

Not only NT domains, but also Samba 3.6! Wow! I'm a retro-sysadmin! ;-) I know i'm asking a rather hard thinks but... we are upgrading, but also solving some troubles. We have ''decently'' integrated some W10 1803 in a NT domain, but now with some other 1903 there's no way to make roaming profiles work. Looking at samba logs, seems that the client don't try at

Samba 4.8 (Louis debian repo), DM. Today i've had to recovery a deleted file in that share, that use 'vfs_recycle' modules: [Work] comment = Spazio di Lavoro Utente map acl inherit = Yes path = /srv/work read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit volume = Work full_audit:failure = none full_audit:success = mkdir rmdir read pread

As was used to (in Samba NT/LDAP), i've enabled quota on /homes, and homes are exported (as homedrive) for users. Editing quotas (with edquota) works as expected, and in windows explorer users get quota correctly reported, but a simple: repquota -a return nothing: root at vdmsv1:~# repquota -a *** Report for user quotas on device /dev/sdb1 Block grace time: 28days; Inode grace time:

I've read all docs on upgrades, from wiki to Louis notes, and i think i'm ready to upgrade. First step, move from stretch to jessie, and from 4.5 to 4.8, upgrade in place. But having a domain with 6 DCs, i'm a bit scared to upgrade all DC in one turn, and i'm think about something like: a) upgrade DC with FSMO roles, then wait 1-2 day to spot troubles b) then upgrade all DC in

I'm using 'winexe': https://sourceforge.net/projects/winexe/ but this repository, compiled against samba 4.5, and works like a charm: https://sourceforge.net/u/mstowe/winexe/ci/master/tree/ I've tried to recompile them against samba 4.8 (louis repo), and compile flawlessy, but if i try to run them: winexe[10549]: segfault at 138 ip 00007fb165a2f3a4 sp 00007ffdf432a880 error

[ I've just asked abut that, here, but now seems a simpler things, so i retry... ] This seems NON a samba touble, but a different behaviour in M$ client OS. But, really, i've not clue how to find an answer... Suppose to have a Win7 and a Win10 machine, both NOT joined to a domain. Suppose to have a share, with guest access enabled, where only readonly access are needed. Suppose also

I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H

Sometimes (rarely, very rarely) i spot a <printername>.tdb error that seems to prevent the communication between samba and CUPS. In log i see: [2019/06/26 15:15:49.633876, 0] ../source3/lib/util_tdb.c:316(tdb_log) tdb(/var/cache/samba/printing/sml5010-2.tdb): tdb_rec_read bad magic 0x25 at offset=26096 the only solution i've found, pretty drastic, is: systemctl stop

Mandi! Rowland Penny via samba In chel di` si favelave... > Not sure what you are proposing is going to work, AD expects every user > to be a member of Domain Users, even though there is nothing in AD to > show membership. Ah. > Do you require this user to visible on all domain machines ? [...] > It might help if you could explain how you are going to use your new > user

Mandi! Rowland penny via samba In chel di` si favelave... > Yes, somebody moved the cache to a different directory and it now gets wiped > every time Samba is restarted, we have a bug report for it:? > https://bugzilla.samba.org/show_bug.cgi?id=14074 Ok, thanks. I suppose that cache get controlled by: idmap cache time = 604800 winbind cache time = 300 so, for a portable system,