similar to: Syncing password change across NT4 and AD domains

Hello, The below happens with Samba 4.7.* (didn't checked with other Samba 4 versions): Setup: Samba 4.7.* AD, two domain controllers, 'computer A' and 'computer B' are Windows 10 domain members. 1. A user (login 'username') logs in into domain for the first time, on a 'computer A'. Samba DC doesn't find existing profile directory and creates an empty

I'm forced, for legacy reasons, to use 'syncpassword'. Docs are scarce, so i ask here. Seems to me that the ''consumer'' (eg, 'samba-tool user syncpasswords', with or without '--daemon') get activated after every password change, indipendently on what DC get originated (eg, i've changed a password, see previous email, on DC2 and the

Here we use a (custom-made, internal) password propagation system, hooked around 'check password script'. Recently we suffer a network outgage (another one ;-), and the system that take care of password propagation goes offline. + NT domains continue to work, clearly password not propagate + AD domain stop to work (eg, users password change on windows stop to work), because the

[Clearly, this question is intimately connected to the previous...] I need a way to ''preprocess'' or at least intercept password changes, because i need to propagate them to other ''legacy'' systems. I've looked around and found syncpasswords / getpassword samba-tool commands, but really i've not understood how they work. Seems to me that can be useful in

On Tue, 31 Oct 2017 18:19:39 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > Seems a bit strange to me... > > Seems a bug to me, so i've fired up: > > https://bugzilla.samba.org/show_bug.cgi?id=13114 > > > Thanks. > I normally only use 'samba-tool user setpassword --random-password' when I create a user that will

   Hi,     is it possible to set password for user in AD,  if I  know its encrypted form (sambaNTPassword, userPassword) from NT4 domain LDAP? I need to copy users from NT4 domain to samba4 AD.   We'd like to move from samba NT4 domain to samba AD, but not with classicupgrade and we do not want to force users to change their passwords.   Thanks, Michal

On Tue, 2017-10-31 at 19:05 +0100, Marco Gaiarin via samba wrote: > > > So, the question has to be, just what do you need to sync the passwords > > to ? > > Really i don't need that. But 'samba-tool user setpassword --random-password' > passwords get processed by 'syncpasswords', as ''normal'' ones. Either way, if we can't handle

I've read all docs on upgrades, from wiki to Louis notes, and i think i'm ready to upgrade. First step, move from stretch to jessie, and from 4.5 to 4.8, upgrade in place. But having a domain with 6 DCs, i'm a bit scared to upgrade all DC in one turn, and i'm think about something like: a) upgrade DC with FSMO roles, then wait 1-2 day to spot troubles b) then upgrade all DC in

I've setup in my domain the 'samba-tool user syncpasswords' to catch password changes, to propagate correctly to some legacy system. I've done some tests, but today i've found the ''daemon'' is not running. After fiddling a bit, i've found the culprit came from the fact that a user have a base64 version of the password as:

Hello, I've done a lot of reading and searching however; I could use some guidance. I just started working for a school in which there are a few Windows labs as a Linux systems administrator. Our workstation sysadmins have asked me to look into a Samba issue for them, Windows 10 systems have to have SMB1 turned on to authenticate against the existing Samba3 server. This work around hasn't

Hi there Le 12/04/2019 à 09:57, Marco Gaiarin via samba a écrit : > Mandi! Vex Mage via samba > In chel di` si favelave... > >> I've spun up a Samba4 server and set it up as an active directory domain >> controller and I can definitely see that this is a very robust system and >> is working well however; I don't see a management solution to >>

There are ''official'' plan (by Samba Team, but also by Microsoft) to officially ''decommission'' support for NT-like domains? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)

On Mon, 2018-01-15 at 10:55 +0100, Marco Gaiarin via samba wrote: > Mandi! Stefan Metzmacher via samba > In chel di` si favelave... > > > Encrypted secrets > > ----------------- > > This change/break something in 'samba-tool user syncpasswords'? Can you please explain what you are asking here? Are you asking if it intentionally changes the behaviour of

OK, now i've to start to move the big part of my users from my old NT-like domains to my new AD domain. I've setup roaming profile in the new domain following the wiki (https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles, 'using windows ACL') and for new profiles works like a charm. But i've tried to move/copy old profile to the new domain, and seems work, with

Hello, Actually we have pdc with Samba3 for domain and now install Samba4 for migrate the old samba3. My question is, Is possible make a progressive user migration and both environments works together (shared folders, printers, etc). Or the unique option is migrate all users from samba3 to samba4 ?? Thanks.

Hi, is there a way to force password complexity on NT4 style domains? the "samba-tool domain passwordsettings" seems to only work on DC mode, right? Boris

Reding the thread in list about gluster, i've found that in your samba packages 4.5.12+dfsg-2+deb9u2~bpo8+1 there's no vfs_glusterfs module, only the manpage. root at vdmsv1:~# grep glusterfs /var/lib/dpkg/info/samba*.list /var/lib/dpkg/info/samba-vfs-modules.list:/usr/share/man/man8/vfs_glusterfs.8.gz root at vdmsv1:~# grep /vfs/ /var/lib/dpkg/info/samba*.list

Reading here i've understod that for LDAP query it is better to use SAMAccountName as 'login', but today i've found: https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname so, 'SAMAccountName' is a compatibility field with NT mode, limited to 20 chars. Someone here use 21 chars logins? ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66

On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set

Samba 4.8 (Louis debian repo), DM. Today i've had to recovery a deleted file in that share, that use 'vfs_recycle' modules: [Work] comment = Spazio di Lavoro Utente map acl inherit = Yes path = /srv/work read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit volume = Work full_audit:failure = none full_audit:success = mkdir rmdir read pread