Displaying 20 results from an estimated 10000 matches similar to: "ldap server require strong auth = no"
2018 Jun 13
0
ldap server require strong auth = no
On Wed, 2018-06-13 at 10:06 -0700, Gregory Sloop via samba wrote:
> I, perhaps amazingly, have FreeNAS working properly now.
>
> One of the issues was that I needed to set ldap server require strong auth = no
> on the Samba DC.
>
> So, what are the implications of doing that?
> Does authentication happen over LDAP, or just user/group enumeration?
Yes, LDAP is often used by
2020 Sep 16
1
Logging successful log-ins
ABvs> Yeah, it's a wiki. Go for your life!
I can do that - I just was not sure I was right and didn't want to put something in the wiki that wasn't factually accurate.
So, just to be extra explicit.
Samba can log both sucessful and failed authentications, but only successful authorizations, not unsuccessful authorizations.
Right?
ABvs> Adding info on the per-log class stuff
2020 Sep 16
2
Logging successful log-ins
There's a note at the top of that document:
"Samba only supports logging of succeeded authorization events."
Does that mean that it won't log authentication events at all? Because that's implied.
I think it would be better, assuming it will log auth events, to say;
"Samba only supports logging of *successful* authorization events, not unsuccessful. Samba also supports
2019 Jan 23
2
GPO / Sysvol problems
RPvs> On Wed, 23 Jan 2019 10:06:52 -0800
RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote:
>> RPvs> Have you read this:
>> RPvs> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>> RPvs> and possibly, this:
>> RPvs> https://wiki.samba.org/index.php/Configuring_Windows_Profile_Folder_Redirections
>> RPvs>
2019 Jan 03
3
TLS ca/cert/key creation
RPvs> On Tue, 1 Jan 2019 10:35:17 -0800
RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote:
>> I'm working to put up a production FeeeNAS box tied to Samba/AD for
>> authentication for users connecting to the FreeNAS share(s). In
>> joining FreeNAS to the AD domain, one immediately runs into
>> "problems" with TLS/encryption.
RPvs>
2019 Jun 25
5
SMB share access for machines which are not joined to the domain?
On 6/25/19 11:21 AM, Gregory Sloop via samba wrote:
> You can always connect to the SMB share using a domain user/password credential set, even if you're not a member of the domain.
> Something like - Connect as: User: "somedomain\pat" with Pat's password.
>
When we try this from a machine that is not connected to the domain,
authentication fails:
2018 May 21
3
RSAT Hang
So, I setup Samba on Ubuntu 18.04, using the packaged Samba version. [Thanks Rowland/Louis et al.]
I'm doing some testing/tinkering using FreeNAS as a share, using the AD as the authentication back-end.
As part of that process, you need to add a computer account and change some security settings.
I setup RSAT and can see the AD tree, and add users etc.
When I try to switch to advanced view
2019 Jan 01
3
TLS ca/cert/key creation
I'm working to put up a production FeeeNAS box tied to Samba/AD for authentication for users connecting to the FreeNAS share(s).
In joining FreeNAS to the AD domain, one immediately runs into "problems" with TLS/encryption.
Samba, in the defaults requires TLS. I could disable TLS security in Samba, but that's probably not a great idea.
So, I'll need a key/cert for the
2019 Jan 23
2
GPO / Sysvol problems
So, some updates.
I started that email a couple of hours ago - but suddenly, without changing a thing, the test client/station is suddenly now getting the correct GPO details.
Yet, I've not synced the sysvol or done anything to change or update the GPO on either DC.
See inline...
RPvs> On Wed, 23 Jan 2019 08:40:55 -0800
RPvs> Gregory Sloop via samba <samba at lists.samba.org>
2019 Jan 23
2
GPO / Sysvol problems
RPvs> Have you read this:
RPvs> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
RPvs> and possibly, this:
RPvs> https://wiki.samba.org/index.php/Configuring_Windows_Profile_Folder_Redirections
RPvs> Rowland
Yes, and I believe I've done everything properly.
That's where I started.
So I think we're back to; What items control file/directory creation
2019 Jan 23
2
GPO / Sysvol problems
RPvs> On Wed, 23 Jan 2019 09:17:33 -0800
RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote:
>> So, some updates.
>> I started that email a couple of hours ago - but suddenly, without
>> changing a thing, the test client/station is suddenly now getting the
>> correct GPO details.
>> Yet, I've not synced the sysvol or done anything to
2020 Jul 23
1
using samba-tool from a domain member other than the DC
Top posting.
Is this in freenas jail, perhaps?
If so, I'd take a long hard look at the underlying environment.
Semi off-topic.
FreeNAS on FreeBSD has a whole set of really weird issues, IMO.
For example; I was trying to get rsync or rdiff-backup to run [not in a jail, but just in the base context] and performance was really terrible and it would bomb for larger file syncs to a remote Linux
2018 May 22
2
RSAT Hang
RPvs> On Mon, 21 May 2018 17:15:21 -0700
RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote:
>> See Inline
>> LPHvBvs> Hi Gregory,
>> LPHvBvs> On the questions.
>> >> Is there a good reason to avoid Samba internal DNS?
>> LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in
>> LPHvBvs> my lan for
2019 Jan 24
3
GPO / Sysvol problems
Hai,
The best info is missing.
What are the windows event ID errors?
What is the right set on the profiles folder?
If you layout is : /home/samba/profiles and you shared the folder profiles,
then show me getfacl /home/samba/profiles.
I see your running, Samba 4.7, are you able to upgrade to 4.9.4?
This:
~# cat default-rights-sysvol.acl
# file: /var/lib/samba/sysvol
# owner: root
#
2024 May 28
1
Security Implications of "ldap server require strong auth"?
Am 28.05.24 um 07:34 schrieb Bestattungen Vitt - Thomas Reitelbach via
samba:
>
> Christian Naumer said, I can get Nextcloud to work without this insecure
> parameter - I'll have to figure out how I could acceppt a self-signed
> certificate on the side of apache2/php-ldap module.
I checked our installation and found this in the Nextcloud Doku
2019 Jun 25
1
SMB share access for machines which are not joined to the domain?
On 6/25/19 12:57 PM, Gregory Sloop via samba wrote:
> Hmmm...
>
> Use the netbios name, instead of a FQDN, perhaps?
> i.e.: \\cns-bio-krak1\emtifs
> [I'm assuming the NB name. If I'm wrong, correct it.]
>
> I know I've done this with Windows DC shares, and I'm 99% certain I've done it with FreeNAS acting as a domain member. [Samba domain member.]
>
I
2024 May 27
1
Security Implications of "ldap server require strong auth"?
On Mon, 27 May 2024 15:57:52 +0200
Bestattungen Vitt - Thomas Reitelbach via samba <samba at lists.samba.org>
wrote:
> Hello Samba Team,
>
> I hope someone with more expertise than me can englighten me to the
> following "problem":
>
> I'm on my way to implement Nextcloud LDAP Authentication against my
> existing Samba Active Directory via the LDAP
2024 May 27
2
Security Implications of "ldap server require strong auth"?
Hello Samba Team,
I hope someone with more expertise than me can englighten me to the
following "problem":
I'm on my way to implement Nextcloud LDAP Authentication against my
existing Samba Active Directory via the LDAP Auth Plugin in Nextcloud. I
have had trouble with the configuration of the Auth-Plugin in Nextcloud
because it could not bind to the ldap directory.
After some
2024 May 28
1
Security Implications of "ldap server require strong auth"?
Am 27.05.2024 17:46, schrieb Rowland Penny via samba:
> On Mon, 27 May 2024 17:27:30 +0200
> Bestattungen Vitt - Thomas Reitelbach via samba <samba at lists.samba.org>
> wrote:
>
>> Am 27.05.2024 16:25, schrieb Rowland Penny via samba:
>> > On Mon, 27 May 2024 15:57:52 +0200
>> > Bestattungen Vitt - Thomas Reitelbach via samba
>> > <samba at
2024 May 28
1
Security Implications of "ldap server require strong auth"?
Am 28.05.2024 07:51, schrieb Christian Naumer via samba:
> Am 28.05.24 um 07:34 schrieb Bestattungen Vitt - Thomas Reitelbach via
> samba:
>>
>> Christian Naumer said, I can get Nextcloud to work without this
>> insecure parameter - I'll have to figure out how I could acceppt a
>> self-signed certificate on the side of apache2/php-ldap module.
>
> I