Displaying 20 results from an estimated 1000 matches similar to: "Upgraded a member server to 4.8, rfc2307 data?"
2018 Sep 05
3
Upgraded a member server to 4.8, rfc2307 data?
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> idmap config LNFFVG: unix_primary_group = yes
It is needed? AFAI've understood it means that users will have UNIX primary
group the windows group and not 'domain users', but reeally i don't need
that...
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
2018 Sep 05
0
Upgraded a member server to 4.8, rfc2307 data?
Hai Marco,
The idmap config part. The this for the member.
## map id's outside to domain to tdb files.
idmap config *: backend = tdb
idmap config *: range = 5000-9999
## map ids from the domain and (*) the range may not overlap !
idmap config LNFFVG: backend = ad
idmap config LNFFVG: schema_mode = rfc2307
idmap config LNFFVG: range = 10000-49999
idmap
2019 Jan 28
2
Winbind, cached logons and 'user persistency'...
On Mon, 28 Jan 2019 12:52:45 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS''
> > > one (seems to me)?
> > The problem is (for myself anyway), I do not understand the
>
2019 Jan 29
2
Winbind, cached logons and 'user persistency'...
On Tue, 29 Jan 2019 18:47:45 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > Now this is what I do not understand, my understanding is that
> > 'PAM' is used to find the correct authentication system and 'NSS'
> > just connects to that authentication system.
>
2017 Dec 18
3
DM and ''offline'' PAM (and NSS?)...
On Mon, 18 Dec 2017 15:51:47 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> > I've seen:
> > https://wiki.samba.org/index.php/PAM_Offline_Authentication
>
> I've tried to enable offline logon, and seems to work as expected.
>
> I've only found a little strange thing, i think related to the fact
> that in my DM i've set
2019 Jan 29
0
Winbind, cached logons and 'user persistency'...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> Now this is what I do not understand, my understanding is that 'PAM' is
> used to find the correct authentication system and 'NSS' just connects
> to that authentication system.
No. NSS, roughly, 'extend the user database':
https://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html
2017 Dec 18
2
DM and ''offline'' PAM (and NSS?)...
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> What you show below is correct.
> In linux, DOM\user != user
I know. And i was using 'wbinfo', that, AFAIK query directly winbind
and no POSIX stuff...
> https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
> [realms]
> SAMDOM.EXAMPLE.COM = {
> auth_to_local = RULE:[1:SAMDOM\$1]
>
2017 Nov 10
1
[Curiosity] Default domain, DC and DM...
In my DC, without setting explicitly a 'winbind default domain', i can
check logins domainless:
root at vdcsv1:~# id gaio
uid=10000(LNFFVG\gaio) gid=10513(LNFFVG\domain users) gruppi=10513(LNFFVG\domain users),11001(LNFFVG\sir),10999(LNFFVG\unixadm),3000008(LNFFVG\domain admins),3000005(LNFFVG\denied rodc password replication group),3000005(LNFFVG\denied rodc password replication
2018 Sep 05
2
Upgraded a member server to 4.8, rfc2307 data?
Hai Marco,
If you dont need it, then you can remove it.
And in addition to Rowland comment, i'll show how i use it.
In reply to.
>It is needed? AFAI've understood it means that users will have UNIX primary group the windows group
>and not 'domain users', but reeally i don't need that...
I'll explain how i use it and why, maybe its useable for you or others.
2017 Sep 26
1
Domain member server: user access
On Tue, 26 Sep 2017 12:49:26 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > Im pretty sure this is a bug in the DC part.
>
> Ahem, sorry, but i'm lost in following this therad. I've hust setup my
> test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,
2011 May 04
1
Str info. Thanks for helping
It looks from str(SA) that Response IPS1 is a data.frame of class "anova", which probably cannot be coerced to vector.
Maybe you can use unlist() instead of as.vector()
Or something like
SA[["Response IPS1"]]["as.factor(WSD)",] ## to select the first row only, even maybe with unlist()
Without a better REPRODUCIBLE example, I cannot tell more (maybe some others
2023 May 26
1
PAM Offline Authentication in Ubuntu 22.04...
Mandi! Rowland Penny via samba
In chel di` si favelave...
Sorry for the late answer.
> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works
> for myself.
Exactly the same, but on a real hardware.
> Had the user 'gaio' logged in previously, it will not work if the user
> hasn't logged in at least once before the network has disconnected.
Sure!
2023 Aug 29
1
GlusterFS, move files, Samba ACL...
Mandi! Rowland Penny via samba
In chel di` si favelave...
>> In samba the share is:
> I wish people wouldn't do this, if you are going to post a share,
> please post the global section as well.
Sorry.
# Global parameters
[global]
log file = /var/log/samba/log.%M
map to guest = Bad User
netbios aliases = CUPSSV FILESV HOMESV
ntlm auth = mschapv2-and-ntlmv2-only
panic
2017 Oct 04
2
Script to reset group memberships...
I was used, for users that leave my network, to disable the account but
also ''sanitize'' the memberships, eg reset group membership to a
default values (normally, 'domain users').
Clearly, using smbldap-tools in a NT domain was easy.
How can achieve the same result in a samba AD domain? Seems that
avaliable commands/tools (pdbedit, wbinfo, samba-tool) does not have
this
2017 Dec 06
4
DM and ''offline'' PAM (and NSS?)...
I'm using samba 4.5 on a debian jessie (Louis packages).
Rarely it happen that a power outgage tear down all the stuff, here.
I've noticed that if the DM start before the DC, clearly all account
data are inaccessible.
To prevent or minimize that, the ''offline mode'' of winbind can be
safely used also on DM servers? Or is tailoread against roaming client
(portables,
2023 May 22
2
PAM Offline Authentication in Ubuntu 22.04...
On 22/05/2023 10:14, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
>> I would undo that, it appears to be wrong.
>
> OK, i've undo also i.
>
>
>> I have tested this on a Ubuntu 22.04 computer and it works, so I have
>> updated the wiki page:
>>
2018 Sep 27
2
[OT?] passing group name with spaces to ntlm_auth...
I've not clear if is a squid or a samba/ntlm_auth trouble... indeed...
In Squid i've added:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users'
auth_param ntlm children 5
but in 'cache.log' i got:
Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID!
Winbindd
2018 Sep 24
3
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > clearly, i've on [globals] 'map to guest = Bad User'.
> That is how it is supposed to work, if a known user tries to use a
> wrong password, the user is rejected. If the user is unknown, it is
> mapped to the guest user (usually 'nobody') and allowed access to
> shares where 'guest ok =
2017 Nov 07
2
Best practice for creating an RO LDAP User in AD...
Mandi! Denis Cardon via samba
In chel di` si favelave...
> You can put your service accounts in an OU and add a GPO that deny
> logon/services/tasks locally.
Shortly come back.
I've created a 'Restricted' OU, a 'Restricted' group (i'm short in
fantasy, today ;) and i've created an 'mta' user, both user and group
in 'Restricted' OU, of course.
2018 Sep 24
4
DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
On Mon, 24 Sep 2018 17:33:47 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > I hope this helps you understanding your problem a bit more.
> > See also:
> > https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts
>
> No,