similar to: (no subject)

Hey guys, sorry for the (no subject) message. I copy/pasted from a previous email and missed the subject. I really appreciate the quick feedback! I'm hoping to produce a series of blog posts that are guaranteed to work (on Debian 9 at least) and produce the ultimate Samba-powered Active Directory environment. On Fri, Mar 1, 2019 at 9:04 AM L.P.H. van Belle via samba <samba at

Hai Jonathon, in addition to Rowlands coment.. .. He is always quicker in the resonse when im typing them.. > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Jonathon Reinhart via samba > Verzonden: vrijdag 1 maart 2019 14:22 > Aan: samba at lists.samba.org > Onderwerp: [Samba] (no subject) > > Hello, > >

On Fri, 1 Mar 2019 08:21:54 -0500 Jonathon Reinhart via samba <samba at lists.samba.org> wrote: > Hello, > > I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab > environment, set up like this: > https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up-a-samba-4-domain-controller-on-debian-9/ There are a few 'not quite right' things there

In one word: DONT! Tried it once and realmd moved the DC to the Computer OU in AD. There it no longer is a DC and nothing worked for us... As it is already joind you don't need realmd at all. Just configure sssd.conf and start sssd. However, I would not recommend that. We have since switched to winbind as this is already running and with the sernet packages can not be installed alongside

Interesting, I'm getting the same error using the LDB tools: ONTHEFIVE\jreinhart-admin at samba-dc3:~$ samba-tool user list -H ldap://localhost ERROR(ldb): uncaught exception - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: Operation unavailable without authentication> <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run return

On Sun, Apr 7, 2019 at 2:17 PM Rowland Penny via samba < samba at lists.samba.org> wrote: > > On Sun, 7 Apr 2019 13:45:11 -0400 > Jonathon Reinhart <jonathon.reinhart at gmail.com> wrote: > > > Interesting, I'm getting the same error using the LDB tools: > > > > ONTHEFIVE\jreinhart-admin at samba-dc3:~$ samba-tool user list -H > >

Thanks for the example, Rowland. Does ldb work against remote servers as well? I thought it was only for local, file-based access. In general, I just wanted to use my Samba AD as an environment to learn more about writing software against using LDAP. There are a few applications I'm planning to develop, and I'd like to use actual LDAP so they could be applicable to Samba or Microsoft AD

Thanks for the input, Rowland! Replies inline: On Fri, Mar 1, 2019 at 8:57 AM Rowland Penny via samba <samba at lists.samba.org> wrote: [snip] > The 'Nooooo, don't do that is: > Don't change the UPN Why not? It's a recommended best practice to choose a subdomain of your primary domain (e.g. "ad.example.com"), and then add alternate UPN suffix which allows

Hello, I'm trying to use the "notify" API of libsmbclient, testing against a Samba AD DC. The function is returning with errno=22 (mapped from NT_STATUS_REVISION_MISMATCH), and I'm getting the following error message: smb1cli_req_writev_submit: called for dialect[SMB3_11] server[dc1.example.com] It looks like libsmbclient is, for some reason, using SMB1 but needs to be

On Sat, 2 Mar 2019 17:57:41 -0500 Jonathon Reinhart via samba <samba at lists.samba.org> wrote: > On Fri, Mar 1, 2019 at 9:04 AM L.P.H. van Belle via samba > <samba at lists.samba.org> wrote: > [snip] > > few minor points. > > > > REALM="ad.onthefive.com" > > Realm always in CAPS, this prevens problems with other programs. > > Most

On Sun, Mar 3, 2019 at 5:14 AM Rowland Penny via samba <samba at lists.samba.org> wrote: [snip] > > Correct me if I'm wrong, but winbind (on a Samba DC) can **only** use > > "template homedir" and "template shell", and will not respect the RFC > > 2307 attributes in LDAP. Is that correct? > > Yes and no ;-) > > If you use the

I have a script which carefully manages uidNumber and gidNumber attributes for users and groups. We just recently put it into production. I plan to release it as open source software soon -- and get Rowland's blessing :-) On Fri, Jun 21, 2019 at 3:42 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 21/06/2019 07:49, Pisch Tam?s via samba wrote: > > Hi, >

Hello, A user of my "adman" utility recently opened this issue [1]: "Add support for setting uidNumber for machine account" I was aware that computer accounts were also users in AD, but I hadn't considered assigning a uidNumber to them. It makes sense that winbind (in idmap="ad" mode) would not "see" the accounts with a uidNumber. Naturally, groups of

Sorry to hop on an existing conversation but this seemed like a good point to jump in with this question. Say I have a service account, with a random password that is set to never expire. What component is expected to periodically renew (or request anew) the Kerberos TGT using that password? I see lots of information about SSSD handling this, but less so with Samba. Also, I understand that in

> > I was aware that computer accounts were also users in AD, but I hadn't > considered assigning a uidNumber to them. It makes sense that winbind > (in idmap="ad" mode) would not "see" the accounts with a uidNumber. > Naturally, groups of which the computer accounts are members would > need gidNumber assigned as well. This is interesting. I also have a

Hi Howland, That is precisely what I cannot do. I do this by windows using Rsat, and when I select the NIS domain to be able to assign the gid or uid it does not appear, so I can't use samba just as a file server. Do you know if there is a way to reset or show NIS Domain? Is there any way to assign uidNumber & gidNumber attributes via console? Best regards, Gabriel Franca -----

On 16/07/2019 14:16, Jonathon Reinhart wrote: > On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 16/07/2019 14:02, Jonathon Reinhart wrote: >>> Rowland, >>> >>> You could go another step further and run that with "notify" to >>> monitor for changes, instead of having to run it in a cron

On 16/07/2019 16:40, Jonathon Reinhart wrote: > On Tue, Jul 16, 2019 at 9:32 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 16/07/2019 14:16, Jonathon Reinhart wrote: >>> On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba >>> <samba at lists.samba.org> wrote: >>>> On 16/07/2019 14:02, Jonathon Reinhart wrote:

On Mon, 17 Apr 2017 14:57:45 -0300 Luiz Guilherme Nunes Fernandes <narutospinal at gmail.com> wrote: > Well, i dont have sssd installed. OK, now we know that ;-) > > With winbind i install this packages: > yum install realmd oddjob oddjob-mkhomedir adcli samba-common > samba-common-tools krb5-workstation openldap-clients > policycoreutils-python samba-winbind-clients I

Hai, >thus, the password of SAMDOM\Administrator is the >mapped (root) pw. No, not correct. root has its password. Administrator has it own password, even when mapped these are different. these users just share the same uid 0 ! test with kinit Administrator at YOUR.REALM.TLD and have a look here.