similar to: TLS ca/cert/key creation

RPvs> On Tue, 1 Jan 2019 10:35:17 -0800 RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: >> I'm working to put up a production FeeeNAS box tied to Samba/AD for >> authentication for users connecting to the FreeNAS share(s). In >> joining FreeNAS to the AD domain, one immediately runs into >> "problems" with TLS/encryption. RPvs>

On Tue, 1 Jan 2019 10:35:17 -0800 Gregory Sloop via samba <samba at lists.samba.org> wrote: > I'm working to put up a production FeeeNAS box tied to Samba/AD for > authentication for users connecting to the FreeNAS share(s). In > joining FreeNAS to the AD domain, one immediately runs into > "problems" with TLS/encryption. I do not know why, by default you will be

On Thu, 3 Jan 2019 07:13:19 -0800 Gregory Sloop <gregs at sloop.net> wrote: > > >> The user and group queries, as best I can tell, from the FreeNAS > >> box are occurring via LDAP. > > RPvs> No they are not, well not unless freenas is doing something > RPvs> strange. > > We can argue about the details, but that's not helpful. > > As

Really Rowland? As quoted: >> I believe I need to examine TLS since when I set "ldap server require >> strong auth = allow_sasl_over_tls" or "ldap server require strong >> auth = yes" user and group queries fail. This is OBVIOUSLY using LDAP and TLS. If this was via NTLM/Kerberos, the above setting wouldn't make the slightest difference. But all that

RPvs> On Wed, 23 Jan 2019 10:06:52 -0800 RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: >> RPvs> Have you read this: >> RPvs> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles >> RPvs> and possibly, this: >> RPvs> https://wiki.samba.org/index.php/Configuring_Windows_Profile_Folder_Redirections >> RPvs>

RPvs> On Wed, 23 Jan 2019 09:17:33 -0800 RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: >> So, some updates. >> I started that email a couple of hours ago - but suddenly, without >> changing a thing, the test client/station is suddenly now getting the >> correct GPO details. >> Yet, I've not synced the sysvol or done anything to

>> >> starts with after an initial provision.] >> RPvs> Administrator doesn't get any privileges normally, but it does >> RPvs> inherit all the 'Administrators' group privileges, but even this >> RPvs> group doesn't get them all AND they only apply to the DC. >> RPvs> You need to create them on each Unix machine. >> RPvs>

RPvs> On Mon, 21 May 2018 17:15:21 -0700 RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: >> See Inline >> LPHvBvs> Hi Gregory, >> LPHvBvs> On the questions. >> >> Is there a good reason to avoid Samba internal DNS? >> LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in >> LPHvBvs> my lan for

And will Samba regenerate it's own server certs from that CA, or do I need to externally generate & renew them with openssl? Does anything else need to be done before or after replacing the certs in Samba? This won't break server/domain trust with domain joined workstations? Thanks On Wed, Oct 25, 2023 at 8:08?AM Kees van Vloten via samba < samba at lists.samba.org> wrote:

RPvs> Have you read this: RPvs> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles RPvs> and possibly, this: RPvs> https://wiki.samba.org/index.php/Configuring_Windows_Profile_Folder_Redirections RPvs> Rowland Yes, and I believe I've done everything properly. That's where I started. So I think we're back to; What items control file/directory creation

Op 25-10-2023 om 17:13 schreef Alex via samba: > And will Samba regenerate it's own server certs from that CA, or do I need > to externally generate & renew them with openssl? > Does anything else need to be done before or after replacing the certs in > Samba? This won't break server/domain trust with domain joined workstations? Anything that server that uses TLS will

RPvs> On Tue, 22 May 2018 09:08:31 -0700 RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: >> I was under the impression that during provision that the >> Administrator account got all the domain [and other] "root" privs by >> default. If that's the case, why doesn't Administrator have the privs >> we'd expect? [Perhaps I

Op 25-10-2023 om 16:45 schreef Alex via samba: > Hi! > > Is there a recommended way to set all the Samba DC's to use the same TLS > Root CA certificate? In smb.conf put a line, like this to let it use a specific ca-cert: tls cafile = /etc/ssl/certs/ca.pem Now it is just a matter of distributing that to all the DCs - Kees. > > Thanks, > > Peter

Hi! Is there a recommended way to set all the Samba DC's to use the same TLS Root CA certificate? Thanks, Peter

I have been trying to get set of libvirtd system up and running. My PKI infrastructure involves a root CA and several intermediate CAs. I am trying to get the machines to trust each other across the different intermediate CAs. This is what I have so far: Libvirtd is starting and listening on tls port 16514 I have configured client/server certs/keys and it seems to be using all of these

So, some updates. I started that email a couple of hours ago - but suddenly, without changing a thing, the test client/station is suddenly now getting the correct GPO details. Yet, I've not synced the sysvol or done anything to change or update the GPO on either DC. See inline... RPvs> On Wed, 23 Jan 2019 08:40:55 -0800 RPvs> Gregory Sloop via samba <samba at lists.samba.org>

Hai, The best info is missing. What are the windows event ID errors? What is the right set on the profiles folder? If you layout is : /home/samba/profiles and you shared the folder profiles, then show me getfacl /home/samba/profiles. I see your running, Samba 4.7, are you able to upgrade to 4.9.4? This: ~# cat default-rights-sysvol.acl # file: /var/lib/samba/sysvol # owner: root #

On 01/09/2019 21:46, Rowland penny via samba wrote: > On 01/09/2019 21:37, Robert Wooden wrote: >> No, thanks anyway, Rowland. >> >> There are some FreeNAS posted command line tests that need to work >> (pushing me back to kerberos) that are part of their troubleshooting. >> Once I get that right, if I need to, I'll be back here with questions. > >

I am currently NOT using SSL on my Samba domain. While reading "Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC" and thinking about implementing. I'm having trouble "getting my head" around what certificates go where. Simply put, I am not clear as to generating certificates on the clients and then copy which files to to the server or vice versa? What happens when

I am building a mail server on Centos 6.3 and working with OpenSSL to create a self-signed certificate for mail use. Along the line of learning the 'best' options to use for OpenSSL and dealing with the default SSL virtual host for Apache, I discovered that the localhost cert created (I believe) during firstboot has the X509v3 extensions set as a CA cert (eg basicConstraint CA:TRUE).