similar to: Suggested change to Samba documentation - possible missing RFC2307 attribute prior to chown command?

On Wed, 3 Apr 2019 12:33:55 +0100 Stephen via samba <samba at lists.samba.org> wrote: > Hi everyone, i've just been following the instructions about setting > up a Samba domain member as a file shares. I am using Samba version > 4.5.16-Debian (yes its old, but i'm stuck with it for now ;) ) and I > have been following the official Samba documentation found here: >

Dear samba-list, please disregard my previous post. Since posting I have found a way to avoid the need to create a dedicated AD service account purely to allow Redmine to authenticate via LDAPS and AD. This neatly circumvents my original issue and is much more secure to boot. For future Redmine users googling, refer to this document here:

Hi everyone, I am using Samba 4.5.16-Debian on Raspbian and thanks to the help offered by everyone here I now finally have a mostly-working Active Directory network. I am now at the stage of creating inidividual user accounts for my domain and unfortunately I have a very basic but fundamental problem! I currently enter the following input at the command-line to create a new user on my DC: pi

Hi Samba documentation admins, one of the the examples given on this page https://wiki.samba.org/index.php/User_and_Group_management is incorrect and probably should be updated. The snippet of code in question: $ samba-tool user add fbaggins    --random-password --use-username-as-cn    --surname="Baggins" --given-name="Frodo"    --initials=S --mail-address=fbaggins at

Hi everyone, I am running Samba 4.5.16-Debian on Raspbian OS and I am currently attempting to deploy the provided samba-backup.sh script within my existing SAMBA installation to implement disaster recovery on my AD DC servers. Following the documentation provided here https://wiki.samba.org/index.php/Using_the_samba_backup_script I have so far managed a partial success on my backup: pi at

Hi everyone, I have a basic SAMBA setup with a main AD DC ad1 and a backup AD DC ad2, running on Samba 4.5.16-Debian on Raspbian. I would now like to enable LDAPS so my users can authenticate in other non Samba services using Active Directory. From reading the documentation here: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC I understand that for the most

Hi everyone, I have two AD DCs that I am experimenting with, hostnames ad1 and ad2 respectively. I am using Raspberry Pi hardware, and accordingly I am using Samba 4.5.16-Debian on Raspbian Linux. I have already had some success so far setting up a second AD DC, ad2, and joining this to my existing Active Directory domain SAMDOM. I have already verified that I can create new user accounts on

Hi All, This Samba release changelog (https://wiki.samba.org/index.php/Updating_Samba#Incorrect_TLS_File_Permissions) specifically mentions a security issue and that that the multiple *.pem files needed for LDAP via TLS all need "special permissions" - and mentions to delete old files without the required permissions to force file renewal. Yet in the official Samba documentation

Hi everyone, I am running Ubuntu 18.04 Bionic with Samba version 4.7.6-Ubuntu. *Background / Problem Context* I have recently setup a server where I wish to use a standalone Samba file server in conjunction with SVN and git and then have all these services share the same username and password credentials. I wish to achieve this without using any centralised LDAP or Active Directory or

Hi all, I have a couple of Samba 4 DCs on my network and I created a new service account LDAPReader on my DCs that my non-Samba third-party services such as Redmine successfully use to access AD via the LDAPS protocol. I have a couple of questions that relate to having service account of this nature implemented in Samba and I wondered if the group could possibly provide some advice? 1)

Hi Rowland, thanks for your suggestions. I have read and re-read the Samba docs to try and understand where I went wrong here. I added the uidNumber and gidNumber exactly as per your comments and that seems to improve the situation markedly. I can now at least see that the share exists from SAMDOM\stephenellwood which wasn't possible before. File access is now possible from

To be honest, the 'Dynamic Bind' method doesn't seem that secure to me, anybody could 'pretend' to be someone else. Rowland True! I agree with you Rowland that is a weakness. Unfortunately that is a universal weakness shared by all password-based authentication methods. I guess you would have to go with SSH-style encryption keys and certificates to circumvent that problem

Rowland - good news - the instructions in that document you suggested appear to have made all the difference! Now I find that if I do: pi at ad2:~ $ sudo systemctl restart samba-ad-dc pi at ad2:~ $ sudo samba-tool drs showrepl Default-First-Site-Name\AD2 DSA Options: 0x00000001 DSA object GUID: e676dfc3-670d-46bb-b1f7-756bae990a30 DSA invocationId: b7fb9a73-a5c5-4672-9d0f-83e0323f9f3b ====

Hi everyone, just tried executing wbinfo -u and wbinfo -g on a particular Samba domain member that is acting as a file server in my setup. Much to my surprise i did not see the list of users or groups that I would normally expect to see outputted from these commands. Instead both commands just exited and returned no output. I have already tried restarting winbind, smbd, and nmbd on the domain

I have a general question regarding smb.conf and I was hoping that some of the rather more knowledgeable and experienced people here could please comment please? I am currently setting my various SAMBA systems up via some shell-scripts. Within these scripts, I remove the stock smb.conf shipped with Samba and replace this with an empty smb.conf file to which I add my own configuration options

Hi there, I wonder if anyone can help me? I recently created an active directory setup with a primary domain controller ad1 and secondary domain controller ad2 for a domain SAMDOM. In-line with what I understand to be Samba best practices I then setup a separate file-server fs1 on which I created a file share, /fsrv/shares/OgdenFiles/. This has all been done using Samba version

Hi All, I am currently running a setup with a main DC ad1, that has ntpd installed and is currently configured to retrieve the time from the UK NTP time pool. I also have a second backup AD DC, ad2, on which I have not installed ntpd but I have installed ntpdate. My current understanding is that the setup I have just described is in-line with the recommended best practices outlined in the

On Fri, 3 May 2019 10:45:43 +0100 Stephen via samba <samba at lists.samba.org> wrote: > Hi Samba documentation admins, one of the the examples given on this > page https://wiki.samba.org/index.php/User_and_Group_management is > incorrect and probably should be updated. > > The snippet of code in question: > > $ samba-tool user add fbaggins >

What the password is, is in the output on you screen, if not, then script it. kinit Administrator # function random password. RANDOMPASSWD(){ < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo; } # Pull a random into USERPASS USERPASS="$(RANDOMPASSWD)" # And create your user. sudo samba-tool user create "$USERNAME" --given-name="$GIVENNAME"

https://bugzilla.mindrot.org/show_bug.cgi?id=3206 Bug ID: 3206 Summary: sftp client(32bit) chown command does not support uid >LONG_MAX Product: Portable OpenSSH Version: 6.9p1 Hardware: 68k OS: All Status: NEW Severity: normal Priority: P5 Component: sftp