Displaying 20 results from an estimated 8000 matches similar to: "PAM only and Kerberos..."
2018 May 30
2
PAM only and Kerberos...
Mandi! Robert Marcano via samba
In chel di` si favelave...
> Yes, check the documentation of krb5.conf.
Ahem, 'apt-get install krb5-doc' misses. ;-)
> In summary you will need to
> disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set
> you admin and kdc hostnames there, something like:
How can i determine kdc and master_kdc values? All DC server are
2018 May 28
0
PAM only and Kerberos...
On 05/28/2018 09:23 AM, Marco Gaiarin via samba wrote:
>
> In my old Samba/NT/OpenLDAP domains i was used to setup, on some
> specific hosts/VM, a simple authentication scheme, so i simply create
> locally (eg 'adduser') some users, and then i setupped only PAM part
> of ldap.
>
> Seems to me now, on Samba/AD, to use Kerberos. And seems also TOO easy!
>
>
2018 Jul 20
4
Samba 4.5 and glusterfs...
Reding the thread in list about gluster, i've found that in your samba
packages 4.5.12+dfsg-2+deb9u2~bpo8+1 there's no vfs_glusterfs module, only
the manpage.
root at vdmsv1:~# grep glusterfs /var/lib/dpkg/info/samba*.list
/var/lib/dpkg/info/samba-vfs-modules.list:/usr/share/man/man8/vfs_glusterfs.8.gz
root at vdmsv1:~# grep /vfs/ /var/lib/dpkg/info/samba*.list
2018 May 14
2
Samba, AD and devices compatibility...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> I hope this clarifies things,
Super-clear! Thanks!
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t
2019 Jan 09
3
[Oddity] SAMAccountName and 20+ chars logins...
Reading here i've understod that for LDAP query it is better to use
SAMAccountName as 'login', but today i've found:
https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname
so, 'SAMAccountName' is a compatibility field with NT mode, limited to
20 chars.
Someone here use 21 chars logins? ;-)
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
2019 Dec 10
2
DC in trash...
Debian stretch, louis packages 4.9.16+dfsg-0.1~stretch~1 .
After some time (roughly: two weeks) my DC with FSMO roles (seems that
other DC are unaffected) goes suddenly on trash: memory jump from 50%
(3GB) to 100%, container start to swap and slow down (load 10-15) al
the phisical server.
A simple restart solve all the troubles.
Some hint on how to debug that? Thanks.
--
dott. Marco Gaiarin
2019 Jan 25
3
Removing sites and DC...
I need to close a site. No, no people fired, i've defined sites and DC
because i hope that get (re)opened, but...
There's some care i need to have to remove a DC (clearly, without FSMO
roles)?
I've looked on wiki to 'remove a DC' but i was not able to find
something...
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra
2017 Sep 19
1
[OT?] VM or Container for an AD DC?
2017-09-19 17:25 GMT+02:00 Marco Gaiarin via samba <samba at lists.samba.org>:
>
> > ...googling around seems to me that are ''old limitation'', now gone.
>
> No.
>
>
For me Samba AD DC is running without any problem in an Ubuntu privileged
LXC container.
Best regards,
Marcel
2018 Nov 26
3
Different LDAP query in different DC...
I need to do a simple query, against some LDAP data in 'laster draft
schema' format i've added to te samba/AD schema.
All LDAP query return the same result on all (6) of the DC:
root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember
Enter LDAP Password:
2018 Jun 21
3
Password complexity checks and local users...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > But my question really is: why this policy apply, if i've not enabled
> > in GPO?
> Probably because GPOs have no effect on a Samba AD DC, they will only
> effect Windows clients.
Rowland, i'm speaking about windows clients, not samba servers!
I've enabled 'complexity checks' in samba servers,
2019 Sep 13
4
NT domain, Win10 1903 and profiles...
Not only NT domains, but also Samba 3.6! Wow! I'm a retro-sysadmin! ;-)
I know i'm asking a rather hard thinks but... we are upgrading, but
also solving some troubles.
We have ''decently'' integrated some W10 1803 in a NT domain, but now
with some other 1903 there's no way to make roaming profiles work.
Looking at samba logs, seems that the client don't try at
2019 Oct 16
4
vfs_recycle permission bug?!
Samba 4.8 (Louis debian repo), DM.
Today i've had to recovery a deleted file in that share, that use
'vfs_recycle' modules:
[Work]
comment = Spazio di Lavoro Utente
map acl inherit = Yes
path = /srv/work
read only = No
store dos attributes = Yes
vfs objects = acl_xattr recycle full_audit
volume = Work
full_audit:failure = none
full_audit:success = mkdir rmdir read pread
2018 Mar 26
3
[OT?] winbind e quota...
As was used to (in Samba NT/LDAP), i've enabled quota on /homes, and
homes are exported (as homedrive) for users.
Editing quotas (with edquota) works as expected, and in windows explorer
users get quota correctly reported, but a simple:
repquota -a
return nothing:
root at vdmsv1:~# repquota -a
*** Report for user quotas on device /dev/sdb1
Block grace time: 28days; Inode grace time:
2019 Oct 01
5
Upgrade DC 4.5 -> 4.8, timings?
I've read all docs on upgrades, from wiki to Louis notes, and i think
i'm ready to upgrade.
First step, move from stretch to jessie, and from 4.5 to 4.8, upgrade
in place.
But having a domain with 6 DCs, i'm a bit scared to upgrade all DC in
one turn, and i'm think about something like:
a) upgrade DC with FSMO roles, then wait 1-2 day to spot troubles
b) then upgrade all DC in
2018 Sep 14
4
Winexe, samba 4.8, sigsev...
I'm using 'winexe':
https://sourceforge.net/projects/winexe/
but this repository, compiled against samba 4.5, and works like a
charm:
https://sourceforge.net/u/mstowe/winexe/ci/master/tree/
I've tried to recompile them against samba 4.8 (louis repo), and
compile flawlessy, but if i try to run them:
winexe[10549]: segfault at 138 ip 00007fb165a2f3a4 sp 00007ffdf432a880 error
2019 Aug 28
4
[OT?] W10, SYSTEM, guest access.
[ I've just asked abut that, here, but now seems a simpler things, so i
retry... ]
This seems NON a samba touble, but a different behaviour in M$
client OS. But, really, i've not clue how to find an answer...
Suppose to have a Win7 and a Win10 machine, both NOT joined to a
domain. Suppose to have a share, with guest access enabled, where only
readonly access are needed.
Suppose also
2018 Sep 04
4
Upgraded a member server to 4.8, rfc2307 data?
I'm starting to upgrade my domain members to debian stretch/samba 4.8,
using louis packages.
Domain controllers still on jessie/samba45.
Upgrade went smooth, but after upgrade seems that the DM was not able
anymore to retrieve rfc2307 data, eg:
root at vdmsv2:~# getent passwd gaio
gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false
root at vdmsv2:~# ldbsearch -H
2019 Jun 26
2
<printername>.tdb error management...
Sometimes (rarely, very rarely) i spot a <printername>.tdb error that
seems to prevent the communication between samba and CUPS.
In log i see:
[2019/06/26 15:15:49.633876, 0] ../source3/lib/util_tdb.c:316(tdb_log)
tdb(/var/cache/samba/printing/sml5010-2.tdb): tdb_rec_read bad magic 0x25 at offset=26096
the only solution i've found, pretty drastic, is:
systemctl stop
2017 Nov 08
5
Best practice for creating an RO LDAP User in AD...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> Not sure what you are proposing is going to work, AD expects every user
> to be a member of Domain Users, even though there is nothing in AD to
> show membership.
Ah.
> Do you require this user to visible on all domain machines ?
[...]
> It might help if you could explain how you are going to use your new
> user
2019 Oct 17
3
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> Yes, somebody moved the cache to a different directory and it now gets wiped
> every time Samba is restarted, we have a bug report for it:?
> https://bugzilla.samba.org/show_bug.cgi?id=14074
Ok, thanks.
I suppose that cache get controlled by:
idmap cache time = 604800
winbind cache time = 300
so, for a portable system,