Displaying 20 results from an estimated 20000 matches similar to: "Suggested change to Samba documentation - possible missing RFC2307 attribute prior to chown command?"
Suggested change to Samba documentation - possible missing RFC2307 attribute prior to chown command?
2019 Apr 03
0
Suggested change to Samba documentation - possible missing RFC2307 attribute prior to chown command?
On Wed, 3 Apr 2019 12:33:55 +0100
Stephen via samba <samba at lists.samba.org> wrote:
> Hi everyone, i've just been following the instructions about setting
> up a Samba domain member as a file shares. I am using Samba version
> 4.5.16-Debian (yes its old, but i'm stuck with it for now ;) ) and I
> have been following the official Samba documentation found here:
>
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
2019 Apr 10
2
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
Dear samba-list, please disregard my previous post.
Since posting I have found a way to avoid the need to create a dedicated
AD service account purely to allow Redmine to authenticate via LDAPS and
AD. This neatly circumvents my original issue and is much more secure to
boot.
For future Redmine users googling, refer to this document here:
2019 Apr 29
2
Difficulties retrieving randomly assigned password for newly created Samba user acounts
Hi everyone, I am using Samba 4.5.16-Debian on Raspbian and thanks to
the help offered by everyone here I now finally have a mostly-working
Active Directory network.
I am now at the stage of creating inidividual user accounts for my
domain and unfortunately I have a very basic but fundamental problem! I
currently enter the following input at the command-line to create a new
user on my DC:
pi
2019 May 03
2
Incorrect Example in Samba User Management Documentation
Hi Samba documentation admins, one of the the examples given on this
page https://wiki.samba.org/index.php/User_and_Group_management is
incorrect and probably should be updated.
The snippet of code in question:
$ samba-tool user add fbaggins
--random-password --use-username-as-cn
--surname="Baggins" --given-name="Frodo"
--initials=S --mail-address=fbaggins at
2019 Apr 16
2
samba-backup.sh problems - is the /var/lib/samba/etc folder essential in a Samba installation?
Hi everyone, I am running Samba 4.5.16-Debian on Raspbian OS and I am
currently attempting to deploy the provided samba-backup.sh script
within my existing SAMBA installation to implement disaster recovery on
my AD DC servers.
Following the documentation provided here
https://wiki.samba.org/index.php/Using_the_samba_backup_script I have so
far managed a partial success on my backup:
pi at
2019 Apr 05
6
Enabling LDAPS in Samba in a dual-DC setup
Hi everyone, I have a basic SAMBA setup with a main AD DC ad1 and a
backup AD DC ad2, running on Samba 4.5.16-Debian on Raspbian.
I would now like to enable LDAPS so my users can authenticate in other
non Samba services using Active Directory. From reading the
documentation here:
https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC
I understand that for the most
2019 Mar 26
5
Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
Hi everyone, I have two AD DCs that I am experimenting with, hostnames
ad1 and ad2 respectively. I am using Raspberry Pi hardware, and
accordingly I am using Samba 4.5.16-Debian on Raspbian Linux.
I have already had some success so far setting up a second AD DC, ad2,
and joining this to my existing Active Directory domain SAMDOM. I have
already verified that I can create new user accounts on
2019 Apr 09
2
Possible incorrect file permissions in documentation for setting up Samba with LDAP(S)?
Hi All,
This Samba release changelog
(https://wiki.samba.org/index.php/Updating_Samba#Incorrect_TLS_File_Permissions)
specifically mentions a security issue and that that the multiple *.pem
files needed for LDAP via TLS all need "special permissions" - and
mentions to delete old files without the required permissions to force
file renewal.
Yet in the official Samba documentation
2020 Feb 20
1
Recommended backup procedure for standalone samba file server configuration?
Hi everyone, I am running Ubuntu 18.04 Bionic with Samba version
4.7.6-Ubuntu.
*Background / Problem Context*
I have recently setup a server where I wish to use a standalone Samba
file server in conjunction with SVN and git and then have all these
services share the same username and password credentials. I wish to
achieve this without using any centralised LDAP or Active Directory or
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
2019 Apr 10
2
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
Hi all, I have a couple of Samba 4 DCs on my network and I created a new
service account LDAPReader on my DCs that my non-Samba third-party
services such as Redmine successfully use to access AD via the LDAPS
protocol.
I have a couple of questions that relate to having service account of
this nature implemented in Samba and I wondered if the group could
possibly provide some advice?
1)
2019 Apr 01
2
Can only access new SAMBA fileshare from Windows as privileged user SAMDOM/Administrator, not as an ordinary user.
Hi Rowland, thanks for your suggestions. I have read and re-read the
Samba docs to try and understand where I went wrong here.
I added the uidNumber and gidNumber exactly as per your comments and
that seems to improve the situation markedly. I can now at least see
that the share exists from SAMDOM\stephenellwood which wasn't possible
before. File access is now possible from
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
2019 Apr 10
2
Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.
To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.
Rowland
True! I agree with you Rowland that is a weakness. Unfortunately that is
a universal weakness shared by all password-based authentication
methods. I guess you would have to go with SSH-style encryption keys and
certificates to circumvent that problem
2019 Mar 22
1
Problems with Samba 4.5.16 - configuring a second failover AD DC and joining this to an existing domain SAMDOM
Rowland - good news - the instructions in that document you suggested
appear to have made all the difference!
Now I find that if I do:
pi at ad2:~ $ sudo systemctl restart samba-ad-dc
pi at ad2:~ $ sudo samba-tool drs showrepl
Default-First-Site-Name\AD2
DSA Options: 0x00000001
DSA object GUID: e676dfc3-670d-46bb-b1f7-756bae990a30
DSA invocationId: b7fb9a73-a5c5-4672-9d0f-83e0323f9f3b
====
2019 Apr 05
2
wbinfo isn't working on domain member
Hi everyone, just tried executing wbinfo -u and wbinfo -g on a
particular Samba domain member that is acting as a file server in my setup.
Much to my surprise i did not see the list of users or groups that I
would normally expect to see outputted from these commands. Instead both
commands just exited and returned no output. I have already tried
restarting winbind, smbd, and nmbd on the domain
2019 Apr 16
3
The wisdom - or otherwise - of replacing outright rather than merely appending to the example smb.conf file shipped with SAMBA during new server commissioning?
I have a general question regarding smb.conf and I was hoping that some
of the rather more knowledgeable and experienced people here could
please comment please?
I am currently setting my various SAMBA systems up via some
shell-scripts. Within these scripts, I remove the stock smb.conf shipped
with Samba and replace this with an empty smb.conf file to which I add
my own configuration options
2019 Mar 29
2
Can only access new SAMBA fileshare from Windows as privileged user SAMDOM/Administrator, not as an ordinary user.
Hi there, I wonder if anyone can help me?
I recently created an active directory setup with a primary domain
controller ad1 and secondary domain controller ad2 for a domain SAMDOM.
In-line with what I understand to be Samba best practices I then setup a
separate file-server fs1 on which I created a file share,
/fsrv/shares/OgdenFiles/. This has all been done using Samba version
2019 Apr 08
3
Questions about time synchronisation in a multi-DC Samba environment
Hi All,
I am currently running a setup with a main DC ad1, that has ntpd
installed and is currently configured to retrieve the time from the UK
NTP time pool. I also have a second backup AD DC, ad2, on which I have
not installed ntpd but I have installed ntpdate. My current
understanding is that the setup I have just described is in-line with
the recommended best practices outlined in the
2019 May 03
0
Incorrect Example in Samba User Management Documentation
On Fri, 3 May 2019 10:45:43 +0100
Stephen via samba <samba at lists.samba.org> wrote:
> Hi Samba documentation admins, one of the the examples given on this
> page https://wiki.samba.org/index.php/User_and_Group_management is
> incorrect and probably should be updated.
>
> The snippet of code in question:
>
> $ samba-tool user add fbaggins
>
2019 Apr 29
0
Difficulties retrieving randomly assigned password for newly created Samba user acounts
What the password is, is in the output on you screen, if not, then script it.
kinit Administrator
# function random password.
RANDOMPASSWD(){ < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo; }
# Pull a random into USERPASS
USERPASS="$(RANDOMPASSWD)"
# And create your user.
sudo samba-tool user create "$USERNAME" --given-name="$GIVENNAME"
2020 Aug 30
4
[Bug 3206] New: sftp client(32bit) chown command does not support uid >LONG_MAX
https://bugzilla.mindrot.org/show_bug.cgi?id=3206
Bug ID: 3206
Summary: sftp client(32bit) chown command does not support uid
>LONG_MAX
Product: Portable OpenSSH
Version: 6.9p1
Hardware: 68k
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: sftp