similar to: Little strangeness on dns-* account...

Displaying 20 results from an estimated 8000 matches similar to: "Little strangeness on dns-* account..."

2018 Dec 18
3
Little strangeness on dns-* account...
On Tue, 2018-12-18 at 18:50 +0000, Rowland Penny via samba wrote: > On Tue, 18 Dec 2018 19:13:16 +0100 > Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > > > > > I've setup a script that scan non-disabled user base, base query: > > > > (&(objectClass=user)(!(objectClass=computer))(!(userAccountCont > >
2018 Dec 18
0
Little strangeness on dns-* account...
On Tue, 18 Dec 2018 19:13:16 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > I've setup a script that scan non-disabled user base, base query: > > (&(objectClass=user)(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2))) > > and for every user i check the 'last password change' data value, > doing some thing
2018 Dec 19
1
Little strangeness on dns-* account...
The dns-COMPUTER-NAME "user" contains the dns/SPN so be very carefull here and dont remove this user. Normaly, you would have exected to have the DNS/spn on the serverObject in the AD. So imo yes, a small bug, but as Andrew told this is intended. Adding : isCriticalSystemObject: TRUE Should not be needed. What i would do here is, use the description field. ( DNS Service Account
2018 Dec 19
0
Little strangeness on dns-* account...
Mandi! Andrew Bartlett via samba In chel di` si favelave... > > > isCriticalSystemObject: TRUE > > Not sure where that came from, both my dns-* users do not have that > > line > We probably should add it however.  ;-) Can i safely add this? > > No, it wouldn't be good idea to disable them, not if you want > > BIND9_DLZ to work. [...] > For the
2019 Nov 18
1
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba In chel di` si favelave... > yes, Provided you use the right attribute to search on ;-) Ah! ;-) Just i'm here, i test three condition in account flags, eg: UAC=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" userAccountControl | grep "^userAccountControl: " | cut -d ' ' -f 2-)
2019 Jul 18
2
messy replication
On 17/07/19 16:22, Rowland penny via samba wrote: > I don't think there is a 'best way'. This used to come up fairly often > in the early days of Samba AD, I think all you can do is to search in > sam.ldb and remove any mention of the old DC, but DO NOT alter the > files under sam.ldb.d, reading this might help: > >
2023 Oct 28
1
query account expired state
On Sat, 28 Oct 2023 13:50:31 +0200 Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> I consider this a big security omission: if? Samba is the source of > >> information but not the the authenticator of the user, that > >> application cannot block expired users ! > > But, Samba when running as an AD DC is the source of information AND >
2019 Jul 18
2
messy replication
On 18/07/19 11:42, Rowland penny via samba wrote: > Well, 'dns-dc2' is the user for Bind9 on dc2, so you shouldn't try to > create it yourself. > > Easiest way will be to remove all mention of the dead DC, then use > 'samba_upgradedns' to upgrade to the internal dns server, then run it > again to upgrade to Bind9 again, this will create the required user
2019 Nov 15
3
Account locked and delayed user data propagation...
I need to do some testing, but before to hit by head on a known wall, i ask here. My AD domain get used (via PAM/Winbind) to give access to some other dervice, most notably here dovecot. When password expire (or users change it) the MUA try the old password some times, then ask for a new password; users cleraly get scared, press randomly 'OK' or 'Cancel', but if they press 2-3
2016 May 10
2
NT_STATUS_INVALID_SID in a SDC
Hi All I have a running SAMBA PDC on Debian Jessie on a PowerPC. I have backported Samba 4.3.18 and is working well. I have installed a SDC (if I may use that name) on a different network, the same version of Samba but on a Debian Jessie on AMD64. I followed every instruction in https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory. So every test
2017 Feb 13
2
Users list and the date the password will expire
"userAccountControl:1.2.840.113556.1.4.803:=2" Sorry, I cannot read the Matrix. ;) Ole On 13.02.2017 17:19, Rowland Penny via samba wrote: > On Mon, 13 Feb 2017 16:46:12 +0100 > Ole Traupe via samba <samba at lists.samba.org> wrote: > > You could always replace: > >> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"
2017 Oct 20
2
Some hint reading password expiration data...
In my current ''production'' NT-like domain (samba 4.2, OpenLDAP backend), password policies seems to ''get written'' to user data. EG, if i set: pdbedit -P "maximum password age" -C 7776000 and i change my password, 'Password must change' have a meningful value, eg 90 days more then the last password change: root at armitage:~# pdbedit -v
2023 Oct 28
1
query account expired state
Op 28-10-2023 om 13:22 schreef Rowland Penny via samba: > On Sat, 28 Oct 2023 11:54:34 +0200 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> Op 28-10-2023 om 09:37 schreef Rowland Penny via samba: >>> On Fri, 27 Oct 2023 23:48:22 +0200 >>> Kees van Vloten via samba <samba at lists.samba.org> wrote: >>> >>>> Hi
2020 Nov 22
2
Dovecot+Samba AD - authentication failure
Hi, I have setup samba4 as AD and hoping to have dovecot authenticate users against it. I am facing challenges though and I am unable to figure it out. I could do with a third eye to help me spot what is wrong. root at adc0:/etc# doveadm auth test -x service=imap odhiambo at newideatest.local Password: passdb: odhiambo at newideatest.local auth failed extra fields: temp Warning: auth-client:
2015 May 10
2
bind fails to start w/missing records
Roland, Thank you very much for your attention to this. You should get a medal for all the help you give everyone on this list. On Sun, 10 May 2015, Rowland Penny wrote: > Why ? And why don't they show up when you ask for the zones with samba-tool ? I have that many subnets. As for why they don't show up: they are defined in BIND's configuration and not samba's; they never
2014 Mar 10
1
LDAP Queries
Guys needing some help with LDAP queries against samba4 this command works against MS AD's LDAP (&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) but with samba4 I get C:\Users\Administrator>dsquery * --filter (&(objectCategory=person)(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) I get the
2023 Oct 28
1
query account expired state
Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: > On Sat, 28 Oct 2023 13:50:31 +0200 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >>>> I consider this a big security omission: if? Samba is the source of >>>> information but not the the authenticator of the user, that >>>> application cannot block expired users !
2023 Jun 11
1
Unable to contact RPC server on a new DC
Hello Andrew Bartlett, Friday, June 9, 2023, 11:25:01 PM, you wrote: > On Thu, 2023-06-08 at 13:41 +0300, Andrey Repin via samba wrote: >> Greetings, All! >> >> I've added a new DC to the working AD, transferred FSMO roles >> (checked, all 7 >> are ok') and (supposedly) correctly demoted the old DC. >> >> SchemaMasterRole owner: CN=NTDS
2023 Aug 24
1
samba-tool user disable doesn't change any object attributes?
On Thu, 24 Aug 2023 21:12:38 +0800 Reese Wang via samba <samba at lists.samba.org> wrote: > I used `samba-tool user disable testuser` to disable a user and > `samba-tool user show testuser` to display the user object and found > nothing was changed. And I can still get the user using filter >
2023 Oct 28
1
query account expired state
On Sat, 28 Oct 2023 16:22:23 +0200 Kees van Vloten via samba <samba at lists.samba.org> wrote: > > Op 28-10-2023 om 14:21 schreef Rowland Penny via samba: > > On Sat, 28 Oct 2023 13:50:31 +0200 > > Kees van Vloten via samba <samba at lists.samba.org> wrote: > > > >>>> I consider this a big security omission: if? Samba is the source >