similar to: Samba 4.5 and glusterfs...

Ahem no one reply me. A little fast-rewind: i need to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is

I'm using samba 4.5 on a debian jessie (Louis packages). Rarely it happen that a power outgage tear down all the stuff, here. I've noticed that if the DM start before the DC, clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables,

Yesterday we have done our first trunk of migration from our Samba4-NT4 domains to our new Samba 4 (2:4.5.12+dfsg-2+deb9u2~bpo8+1) AD domain. Main shares are kept on old server, so we have migrated computers and users (homes and roaming profiles). We have done in the past some tests, without many troubles, so we are confident. Alla computer are Win7 Pro, alla configured in the same way via

On 23/09/2019 13:42, Trenta sis via samba wrote: > Thanks, ntlm auth is temporary until we have solved some issues > getent is needed by filesystem acl > If you think you need the 'winbind enum' lines so that 'getent' works, then think again ;-) If you do not have the 'winbind enum 'lines 'getent passwd username' will still work. 'getent passwd'

Samba 4.8 (Louis debian repo), DM. Today i've had to recovery a deleted file in that share, that use 'vfs_recycle' modules: [Work] comment = Spazio di Lavoro Utente map acl inherit = Yes path = /srv/work read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit volume = Work full_audit:failure = none full_audit:success = mkdir rmdir read pread

In syslog of my DC (2:4.5.12+dfsg-2+deb9u2~bpo8+1) i found sometime rows like: Mar 21 09:53:40 vdcsv1 smbd[22686]: [2018/03/21 09:53:40.826081, 0] ../source3/param/loadparm.c:3244(process_usershare_file) Mar 21 09:53:40 vdcsv1 smbd[22686]: process_usershare_file: stat of /var/lib/samba/usershares/sysvo failed. Permesso negato Mar 21 09:53:40 vdcsv1 smbd[22686]: [2018/03/21 09:53:40.831949,

As was used to (in Samba NT/LDAP), i've enabled quota on /homes, and homes are exported (as homedrive) for users. Editing quotas (with edquota) works as expected, and in windows explorer users get quota correctly reported, but a simple: repquota -a return nothing: root at vdmsv1:~# repquota -a *** Report for user quotas on device /dev/sdb1 Block grace time: 28days; Inode grace time:

OK, now i've to start to move the big part of my users from my old NT-like domains to my new AD domain. I've setup roaming profile in the new domain following the wiki (https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles, 'using windows ACL') and for new profiles works like a charm. But i've tried to move/copy old profile to the new domain, and seems work, with

On Thu, 2017-12-07 at 10:48 +0100, Marco Gaiarin via samba wrote: > Mandi! Andrew Bartlett via samba > In chel di` si favelave... > > > > This lead me to another question: in this way, aliases are ''domain > > > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and > > > another DM aliased 'file' in another LAN, as

Mandi! Rowland Penny via samba In chel di` si favelave... > Is this on a DC ? No, is a DM. > If it isn't, Try setting it up exactly like it is shown on the > wikipage, note that you only need the 'vfs objects' line if it isn't > set in [global] Wikipage say only: Create a new share. For details, see Setting up a Share Using Windows ACLs. and

Mandi! Klaus Ade Johnstad via samba In chel di` si favelave... > I can't offer any hints, but, this has been on my list of things to do > for some time, could you share with us exactly what you have done so > far, so other can follow and setup the same, maybe we either encounter > the same problems as you, or not. Oh, 'pretty nothing'. All work pretty automagically

With Samba in NT mode, i was able to enable wireless access using machine account, and worked decently. Now i want to try again in AD mode, but i've not found info, and i've just hit a trouble: Oct 1 14:31:55 vdmsv1 radiusd[13555]: rlm_ldap (ldap): Opening additional connection (25), 1 of 31 pending slots used Oct 1 14:31:55 vdmsv1 radiusd[13555]: (187) Login incorrect:

Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 data can be missing), so? 'sAMAccountName'? or

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > What you show below is correct. > In linux, DOM\user != user I know. And i was using 'wbinfo', that, AFAIK query directly winbind and no POSIX stuff... > https://wiki.samba.org/index.php/OpenSSH_Single_sign-on > [realms] > SAMDOM.EXAMPLE.COM = { > auth_to_local = RULE:[1:SAMDOM\$1] >

Sometimes (rarely, very rarely) i spot a <printername>.tdb error that seems to prevent the communication between samba and CUPS. In log i see: [2019/06/26 15:15:49.633876, 0] ../source3/lib/util_tdb.c:316(tdb_log) tdb(/var/cache/samba/printing/sml5010-2.tdb): tdb_rec_read bad magic 0x25 at offset=26096 the only solution i've found, pretty drastic, is: systemctl stop

I've created a folder for roaming profiles: [profiles] comment = Network Profiles Share path = /srv/samba/profiles browseable = No store dos attributes = Yes csc policy = disable map acl inherit = Yes read only = No vfs objects = acl_xattr Share permission and folder permission seems right, exactly as in: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles I've

On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set

On Tue, 2017-12-05 at 16:14 +0100, mj via samba wrote: > We haved used it on a domain member server, yes. > > Only one thing: when you have a compteraccount memberserver$ in your AD, > you cannot use "memberserver" as an alias on another machine) And you should register any such alias as a servicePrincpalName. Andrew Bartlett -- Andrew Bartlett

I'm doing some test moving from a NT domain to ad AD domain, using debian jessie samba (4.2) and obviously the 'classicupgrade' procedure. In my setup i use(d) extensively some script to reset password to users. I was (ab)used to have 'smbpasswd' behave differently if executed by root, eg change the password without taking in consideration password policy and check password

I need to do some testing, but before to hit by head on a known wall, i ask here. My AD domain get used (via PAM/Winbind) to give access to some other dervice, most notably here dovecot. When password expire (or users change it) the MUA try the old password some times, then ask for a new password; users cleraly get scared, press randomly 'OK' or 'Cancel', but if they press 2-3