Displaying 20 results from an estimated 3000 matches similar to: "Again NFSv4 and Kerberos at the 'samba way'..."
2018 Oct 23
2
Again NFSv4 and Kerberos at the 'samba way'...
Sorry, i come back to this topic in a different thread, because i'm
still totally puzzled with the previuous one. Louis, sorry me. ;(
I've tried to start with this, that seems very simple:
https://wiki.debian.org/NFS/Kerberos
And so i've done:
a) installed 'nfs-kernel-server' on server, 'nfs-common' on client.
Ok, this is easy.
b) AFAI've understood i need
2018 Oct 31
12
Again NFSv4 and Kerberos at the 'samba way'...
Hai Marco,
>
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > Sofar, until tomorrow,
>
> Done some tests, metoo.
>
> 1) seems that nfs-common is disabled 'by design'. Looking at debian
> changelog:
>
> nfs-utils (1:1.2.8-9.1) unstable; urgency=medium
>
> Partial sync from ubuntu, included changes:
>
>
2018 Oct 25
0
Again NFSv4 and Kerberos at the 'samba way'...
Hai marco,
I left you original mail a bit intact and commented inbetween lines.
>
> > The nfs-server needs to be able to delegate the servers
> with kerberos. (obligated for nfsv4 with kerberos mounts )
> > Start - ADUC, enable advanced features - goto CN=Computers
> > get the member server's properties, tab Delegation, enable
> "Trust this computer
2018 Oct 26
3
Again NFSv4 and Kerberos at the 'samba way'...
Hai Marco,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: vrijdag 26 oktober 2018 11:23
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
>
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
>
2018 Oct 31
0
Again NFSv4 and Kerberos at the 'samba way'...
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: woensdag 31 oktober 2018 9:51
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
>
> On Wed, 31 Oct 2018 08:31:17 +0100
> "L.P.H. van Belle via samba" <samba at
2018 Nov 28
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> If an ldap lookup works on every DC, except for one and the data is
> definitely there on the one DC it doesn't work on, then it must be
> something on that DC. is there a firewall or apparmor/selinux in the
> way ?
No. Anyway, note that query return correctly 'result: 0 Success',
simply return no data.
Another
2018 Jun 08
4
Samba, AD, 'short' name resolving...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> This is probably where you are going wrong. AD lives and dies on DNS,
> your DC MUST be authoritative for the AD domain.
...but *is* authoritative! Simply DHCP server assign the ''old'' DNS,
where all resolution fr the AD (sub)domain are forwarded to AD DNS...
> Your AD clients should be using the DC as
2017 Dec 06
2
[Curiosity] 'netbios aliases' works in AD mode?
On Wed, 2017-12-06 at 11:19 +0100, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
> In chel di` si favelave...
>
> > > We haved used it on a domain member server, yes.
> > > Only one thing: when you have a compteraccount memberserver$ in your AD,
> > > you cannot use "memberserver" as an alias on another machine)
> >
>
2017 Dec 07
2
[Curiosity] 'netbios aliases' works in AD mode?
On Thu, 2017-12-07 at 10:48 +0100, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
> In chel di` si favelave...
>
> > > This lead me to another question: in this way, aliases are ''domain
> > > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
> > > another DM aliased 'file' in another LAN, as
2018 Jun 06
2
Samba, AD, 'short' name resolving...
Sorry, i'm getting a bit confused about my new Samba/AD domain, related
to the 'short' name resolving.
I was clearly (ab)used to Samba/NT, where WINS make, on LAN, ''flat''
resolving very simple.
I'm moving now from my old NT domains to my new AD domain, and to
prevent massive change i've decided to keep name resolution and DHCP
address assigment out of the
2018 Nov 28
2
Different LDAP query in different DC...
> Why?!
Sorry but... someone can point me in the right direction? Really i
don't know how to look for that problem...
I summarize:
a) an LDAP lookup for some data works in ALL DC past one
b) in that non-working DC, a direct query against the sam.ldb reveal
that data are here (so, seems to me an ACL problem)
c) checking sync status between DCs reveal no sync troubles.
Where i can
2018 Oct 29
0
Again NFSv4 and Kerberos at the 'samba way'...
Hai,
A quick reply,
Since there is a major traffic jam here, still at the office, but its resolving now..
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: maandag 29 oktober 2018 17:33
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba
2018 Nov 28
0
Different LDAP query in different DC...
On Wed, 28 Nov 2018 18:11:59 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > If an ldap lookup works on every DC, except for one and the data is
> > definitely there on the one DC it doesn't work on, then it must be
> > something on that DC. is there a firewall or
2018 Jun 15
4
Samba, AD, 'short' name resolving...
Im wondering why your log below shows this order, i just noticed.
Why is the computer tring to set the A records 2 x.
Lines 1-13, show a successfull commit of the A/AAAA records.
( TSIG key ok )
If you count the below lines, after line 13, my logs shows.
samba_dlz: starting transaction on zone 1.168.192.in-addr.arpa
Yours is trying again to update
samba_dlz: starting transaction on zone
2019 Feb 15
6
Demoted/removed a DC, and the NS records?
Following:
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
i've demoted and removed a DC. Seems all went as expected:
root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
Password for [LNFFVG\gaio]:
Deactivating inbound replication
Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize
2018 Nov 29
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > No. Anyway, note that query return correctly 'result: 0 Success',
> > simply return no data.
> That just means the search retuned without error
Eh. Query succeded and return no data. Yes.
> If you run the command:
> ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D
>
2018 Nov 26
3
Different LDAP query in different DC...
I need to do a simple query, against some LDAP data in 'laster draft
schema' format i've added to te samba/AD schema.
All LDAP query return the same result on all (6) of the DC:
root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember
Enter LDAP Password:
2017 Dec 07
0
[Curiosity] 'netbios aliases' works in AD mode?
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> > This lead me to another question: in this way, aliases are ''domain
> > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
> > another DM aliased 'file' in another LAN, as was used before with NT
> > like domains (two different domains).
> Correct, you
2018 Nov 22
2
NTP strangeness...
In our network we found some client with clock differences.
Some machine have effectively some troubles, eg have NO 'Windows Time'
service defined, probably some glitches happened when moving from our
old NT-like domain.
Anyway, catching for that, we have found some other strangeness.
Windows time service run:
C:\Users\gaio>sc query w32time
NOME_SERVIZIO: w32time
TIPO
2018 Nov 29
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> Whilst there are attributes that do not get replicated between DC's,
> the majority are, so each DC should allow the same access.
> Do you have access to the DC ?
> Can you run the search locally ?
Sure! As just stated, local access (via ldbsearch against the local
SAM) works as expected:
root at vdcpp1:~# ldbsearch