similar to: RFC2307 on AD DC

Em 08/08/2018 11:15, Rowland Penny via samba escreveu: > On Wed, 8 Aug 2018 10:18:51 -0300 > Marcio Vogel Merlone dos Santos via samba <samba at lists.samba.org> wrote: > >> I am deploying a new AD DC for our network using Ubuntu 18.04 and >> BIND_DLZ. Al lis fine but the RFC2307 attributes on DC. What's the >> recommended/correct way to use RFC2307 attributes

Em 12/12/2018 17:39, Rowland Penny via samba escreveu: > The above lines are only applicable for Samba >= 4.6.0 > Add: winbind nss info = rfc2307 > remove the last two lines, see here for more info: > > https://wiki.samba.org/index.php/Idmap_config_ad Oh, God! Vacation is coming... Thank you for such obvious correction. BUT I edited smb.conf the right way, removed

Hi, Due to some legacy php app I have to integrate an Ubuntu 14.04 server on my AD structure. AD DC is a Ubuntu 18.04 with canonical packages running Samba 4.7 (4.7.6+dfsg~ubuntu-0ubuntu2.5) and member server runs Samba 4.3 (4.3.11+dfsg-0ubuntu0.14.04.19). After installing the 14.04 member server, installed samba packages and dependencies according to wiki and no errors. I get all users on

Hi, Setting up a new AD DC on Ubuntu 18.04, samba 4.7 from ubuntu's repos and BIND_DLZ. Did a samba-tool domain classicupgrade from an old NT3.x domain, imported users and groups ok. I am able to join windows workstations, can login with a domain user, etc. Problem is my user A1\mmerlone, member of 'domain admins' group, cannot open ADUC with the error RPC server is unavailable.

Hi, I have a samba 4.7 AD DC running on a Ubuntu 18.04 server with distro packages. I update a user with a new group and this new membership is not reflected on that user. On example below, I can successfully add the user "test.account" to group "test", but not my user "marcio.merlone": root at araucaria:~# id test.account uid=30214(A1\test.account)

Hi Rowland, thank you for your prompt reply, I sent you the testparam output hence lots of defaults (i presumed would be better), here is crude smb.conf: root at araucaria:~# cat /etc/samba/smb.conf [global]     netbios name = ARAUCARIA     realm = AD.TLD     server role = active directory domain controller     workgroup = A1     server services = -dns     ldap server require strong auth

Hi Rowland, Those tests were made on DC (araucaria), not a domain member. root at araucaria:~# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press

On Wed, 8 Aug 2018 10:18:51 -0300 Marcio Vogel Merlone dos Santos via samba <samba at lists.samba.org> wrote: > Hi all, > > I am deploying a new AD DC for our network using Ubuntu 18.04 and > BIND_DLZ. Al lis fine but the RFC2307 attributes on DC. What's the > recommended/correct way to use RFC2307 attributes on DC? At the wiki > (1) it says: > > > For

Hi, Trying to add an OU via ldbadd but I get the following error: root at araucaria:~# ldbadd --url=/var/lib/samba/private/sam.ldb /root/ou.ldif ERR: No such attribute : "objectclass top  is not a valid objectClass in schema" on DN OU=A1,DC=ad,DC=a1,DC=ind,DC=br at block before line 4 Add failed after processing 0 records root at araucaria:~# root at araucaria:~# cat /root/ou.ldif

Hi, Just noticed, I am unable to use nested groups when relying on RFC2307 for filesystem permissions, am I wright? What have I missed? (Samba 4.12 on Buster, 2008R2 domain level) Any migration path to stop using RFC2307 and go to pure idmap without loosing all permissions on a 6T filesystem? Is that a solution? Regards, -- *Marcio Merlone*

Hi, In winbind, are there any plans to add the idmap_ad options "unix_primary_group" and "unix_nss_info" to the idmap_rfc2307 backend? I am using an ldap proxy to preserve the UNIX uids and gids between two domains, and it would be nice to also share the shell setting and the UNIX primary group as well.

On Thu, Dec 19, 2019 at 10:19:28PM +0000, Rowland penny via samba wrote: > On 19/12/2019 21:46, Sebastian Lisic wrote: > >Thanks for the quick reply, Rowland! > > > >The problem I have is that the clients of each domain do not have access to the other domain's DC. Only the DCs of each domain can talk to one another. With Microsoft no longer allowing POSIX attributes to be

I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H

Le 06/05/2019 à 11:23, Rowland Penny via samba a écrit : > On Mon, 6 May 2019 10:58:56 +0200 > Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: > >> Le 06/05/2019 à 10:46, Rowland Penny via samba a écrit : >>> On Mon, 6 May 2019 09:08:10 +0200 >>> Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: >>> >>>> Hi,

Hi all, I'm using Samba (AD) under Debian Buster. Testparm tells me the idmap of TDB and AD would overlap. However the configured range don't. Thanks in advance, Michael # testparm rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Load smb config files from /etc/samba/smb.conf

Hi, I have a problem in my Samba 4 file server. I tried to change a directory's permission, but domain groups are not recognized: chown root:"Domain Admins" /home/Empresa chown: invalid group: ?root:Domain Admins? When I run "getent passwd" command, only local user are listed. wbinfo commands (wbinfo -g, wbinfo -u, wbinfo -a <user>) are working properly. The

On Mon, 6 May 2019 09:08:10 +0200 Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: > Hi, > > sorry for the mistake, I meaned > > getent passwd vincent shows nothing and I got in the log file: > > winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent. > > 'wbinfo -u | grep 'vincent' returns vincent, it's the good username.

Thanks Rowland! My current configs are: DC: # Global parameters [global] dns forwarder = 8.8.8.8 netbios name = TESTBOX realm = SAMDOM.TESTING.COM server role = active directory domain controller workgroup = SAMDOM idmap_ldb:use rfc2307 = yes log file = /var/log/samba/%m.log log level = 3 tls enabled = yes vfs

Hi, >> To "Domain User" group no, I haven't. >I would give 'Domain Users' a gidNumber. Now I assign a gidNumber. I'm following this article: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs But in "Setting Share Permissions and ACLs", the acces is denied, as the log messages: [2020/02/04 15:13:38.266457, 3]

Greetings, Rowland Penny via samba! > OK, I give in, why have 4 emails from Andrey Repin, that were > apparently sent in May & June of this year, just appeared in my mail > client ? Don't worry, your sanity is not affected. My mail provider had changed submission policy without a sufficient notification, causing my transit mail server to block mail queue since last August.