similar to: RFC2307 on AD DC

Em 08/08/2018 11:15, Rowland Penny via samba escreveu: > On Wed, 8 Aug 2018 10:18:51 -0300 > Marcio Vogel Merlone dos Santos via samba <samba at lists.samba.org> wrote: > >> I am deploying a new AD DC for our network using Ubuntu 18.04 and >> BIND_DLZ. Al lis fine but the RFC2307 attributes on DC. What's the >> recommended/correct way to use RFC2307 attributes

Em 12/12/2018 17:39, Rowland Penny via samba escreveu: > The above lines are only applicable for Samba >= 4.6.0 > Add: winbind nss info = rfc2307 > remove the last two lines, see here for more info: > > https://wiki.samba.org/index.php/Idmap_config_ad Oh, God! Vacation is coming... Thank you for such obvious correction. BUT I edited smb.conf the right way, removed

Hi, Due to some legacy php app I have to integrate an Ubuntu 14.04 server on my AD structure. AD DC is a Ubuntu 18.04 with canonical packages running Samba 4.7 (4.7.6+dfsg~ubuntu-0ubuntu2.5) and member server runs Samba 4.3 (4.3.11+dfsg-0ubuntu0.14.04.19). After installing the 14.04 member server, installed samba packages and dependencies according to wiki and no errors. I get all users on

Hi, Setting up a new AD DC on Ubuntu 18.04, samba 4.7 from ubuntu's repos and BIND_DLZ. Did a samba-tool domain classicupgrade from an old NT3.x domain, imported users and groups ok. I am able to join windows workstations, can login with a domain user, etc. Problem is my user A1\mmerlone, member of 'domain admins' group, cannot open ADUC with the error RPC server is unavailable.

Hi, I have a samba 4.7 AD DC running on a Ubuntu 18.04 server with distro packages. I update a user with a new group and this new membership is not reflected on that user. On example below, I can successfully add the user "test.account" to group "test", but not my user "marcio.merlone": root at araucaria:~# id test.account uid=30214(A1\test.account)

Hi Rowland, thank you for your prompt reply, I sent you the testparam output hence lots of defaults (i presumed would be better), here is crude smb.conf: root at araucaria:~# cat /etc/samba/smb.conf [global]     netbios name = ARAUCARIA     realm = AD.TLD     server role = active directory domain controller     workgroup = A1     server services = -dns     ldap server require strong auth

Hi Rowland, Those tests were made on DC (araucaria), not a domain member. root at araucaria:~# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[netlogon]" Processing section "[sysvol]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press

On Wed, 8 Aug 2018 10:18:51 -0300 Marcio Vogel Merlone dos Santos via samba <samba at lists.samba.org> wrote: > Hi all, > > I am deploying a new AD DC for our network using Ubuntu 18.04 and > BIND_DLZ. Al lis fine but the RFC2307 attributes on DC. What's the > recommended/correct way to use RFC2307 attributes on DC? At the wiki > (1) it says: > > > For

Hi, Trying to add an OU via ldbadd but I get the following error: root at araucaria:~# ldbadd --url=/var/lib/samba/private/sam.ldb /root/ou.ldif ERR: No such attribute : "objectclass top  is not a valid objectClass in schema" on DN OU=A1,DC=ad,DC=a1,DC=ind,DC=br at block before line 4 Add failed after processing 0 records root at araucaria:~# root at araucaria:~# cat /root/ou.ldif

On Thu, 20 Jun 2024 12:25:29 +0200 Olaf Fr?czyk via samba <samba at lists.samba.org> wrote: > Hello, > > Why is it said that it affects only if you have fileserver on DC? > > I use uid, uidNumber, unixHomeDirectory for users and gid for groups. > This attributes are defined in samba DC. > > Then I have another samba server that works as fileserver, and I have

Hi, Just noticed, I am unable to use nested groups when relying on RFC2307 for filesystem permissions, am I wright? What have I missed? (Samba 4.12 on Buster, 2008R2 domain level) Any migration path to stop using RFC2307 and go to pure idmap without loosing all permissions on a 6T filesystem? Is that a solution? Regards, -- *Marcio Merlone*

Hi, In winbind, are there any plans to add the idmap_ad options "unix_primary_group" and "unix_nss_info" to the idmap_rfc2307 backend? I am using an ldap proxy to preserve the UNIX uids and gids between two domains, and it would be nice to also share the shell setting and the UNIX primary group as well.

Hello, Why is it said that it affects only if you have fileserver on DC? I use uid, uidNumber, unixHomeDirectory for users and gid for groups. This attributes are defined in samba DC. Then I have another samba server that works as fileserver, and I have this in config: ?? idmap config * : backend = tdb ??? idmap config * : range = 20000-20999 ??? idmap config NAVIDOM:backend = ad ???

On Thu, Dec 19, 2019 at 10:19:28PM +0000, Rowland penny via samba wrote: > On 19/12/2019 21:46, Sebastian Lisic wrote: > >Thanks for the quick reply, Rowland! > > > >The problem I have is that the clients of each domain do not have access to the other domain's DC. Only the DCs of each domain can talk to one another. With Microsoft no longer allowing POSIX attributes to be

I use uids from this range for many, many years, since samba 3. :) And I want/need to use this range - to change it now would be a mess. And I need to be able to set them manually, not in an automatic way. By server I mean a domain member server. So on samba DC I have: "idmap_ldb:use rfc2307 = yes" And on a samba domain member server (that serves files to clients) I have idmap

This looks OK, and is a member server config. We refer to DCs in this article http://samba.bigbird.es/doku.php?id=samba:no-need-for-use-rfc2307 You do not need "use idmap_ldb:use rfc2307 = yes" on a DC, unless under very special circumstances. This line in a DC does not affect your member servers, it only affects DCs. LP On Jun 20, 2024 at 11:26 +0100, Olaf Fr?czyk via samba

On Thu, 20 Jun 2024 12:59:58 +0200 Olaf Fr?czyk via samba <samba at lists.samba.org> wrote: > I use uids from this range for many, many years, since samba 3. :) Which unfortunately was a bad idea, using Samba IDs that start at '1000' means that you cannot have ANY local users. What happens if you have AD problems and your users & groups cannot be resolved from AD, how do you

I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H

I tried already, feedback welcome and this is all free to use anywhere else. http://samba.bigbird.es/doku.php?id=samba:no-need-for-use-rfc2307 LP On Jun 20, 2024 at 10:19 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote: > > We should then document 'idmap_ldb:use rfc2307' > to say it allows the use of uidNumber & gidNumber attributes on a Samba >

Le 06/05/2019 à 11:23, Rowland Penny via samba a écrit : > On Mon, 6 May 2019 10:58:56 +0200 > Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: > >> Le 06/05/2019 à 10:46, Rowland Penny via samba a écrit : >>> On Mon, 6 May 2019 09:08:10 +0200 >>> Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: >>> >>>> Hi,