similar to: username map with “security = ads”

Hi Rowland, thanks for the quick response! -<| Quoting Rowland Penny via samba <rpenny at samba.org>, on Thursday, 2019-05-02 11:41:15 AM |>- > On Thu, 2 May 2019 11:59:45 +0200 > Philipp Gesang via samba <samba at lists.samba.org> wrote: > > > Hey guys, > > > > on a machine with the role “member server”, joining AD requires > > setting

On Thu, 2 May 2019 11:59:45 +0200 Philipp Gesang via samba <samba at lists.samba.org> wrote: > Hey guys, > > on a machine with the role “member server”, joining AD requires > setting “security = ads”. This would make your computer a Unix domain member of an active directory domain > Access to shares using local users set up through smbpasswd requires > “security =

-<| Quoting Rowland Penny via samba <rpenny at samba.org>, on Thursday, 2019-05-02 01:12:41 PM |>- > On Thu, 2 May 2019 13:34:01 +0200 > Philipp Gesang <philipp.gesang at intra2net.com> wrote: > > > Hi Rowland, > > > > > > > > Now our use case requires for the machine to be joined but also > > > > grant access to shares to

Not tested, just brain farts ;-) Setup a member, Allow guest access. ( in global : guest ok = yes ) This allow local users to access the server ( not shares ) On the shares Deny "domain users" and/or authenticated users. Allow the local group for local users. Not tested but technicaly is could work. Which is almost the same as a standalone with and without user authentication.

On Thu, 2 May 2019 13:34:01 +0200 Philipp Gesang <philipp.gesang at intra2net.com> wrote: > Hi Rowland, > > > > > Now our use case requires for the machine to be joined but also > > > grant access to shares to local users. > > > > Not going to happen, because your local users will be unknown to the > > domain. > > That’s the

On Thu, 2 May 2019 14:27:32 +0200 Philipp Gesang <philipp.gesang at intra2net.com> wrote: > with > > server role = member server > security = user The 'security = user' overrides the 'server role = member server' It is a 'standalone server' What is more, unless you have changed the workgroup, you now have a 'workgroup' and a 'domain'

Hi Louis! -<| Quoting L.P.H. van Belle via samba <belle at bazuin.nl>, on Thursday, 2019-05-02 03:15:46 PM |>- > Not tested, just brain farts ;-) > > Setup a member, Allow guest access. ( in global : guest ok = yes ) > This allow local users to access the server ( not shares ) > > On the shares > Deny "domain users" and/or authenticated users.

Hello, While testing Virt-SIG Xen 4.12 rpms on CentOS7 I noticed the following problem with libvirt/virt-manager when manually installing a new HVM guest from virt-manager GUI.. basicly the VM installation won't start, because libvirt/virt-manager is not able to start the VM, due to "missing" qemu-system-i386 binary: Unable to complete install: 'unsupported configuration:

-<| Quoting Andrew Bartlett <abartlet at samba.org>, on Saturday, 2018-10-13 08:09:31 AM |>- > On Fri, 2018-10-12 at 16:59 +0200, Philipp Gesang via samba wrote: > > Hi Andrew, > > > > revisiting this subject once again because I seem to have reached > > an impass. > > > > -<| Quoting Andrew Bartlett <abartlet at samba.org>, on Monday,

Hi again, -<| Quoting Andrew Bartlett <abartlet at samba.org>, on Friday, 2018-09-21 08:23:26 AM |>- > On Fri, 2018-09-21 at 11:29 +0200, Philipp Gesang via samba wrote: >> The goal is to have a domain member functional after restoring >> from a backup without re-joining. > > Do take care that the password is changed by winbindd regularly.  It > might not

Hi Andrew, revisiting this subject once again because I seem to have reached an impass. -<| Quoting Andrew Bartlett <abartlet at samba.org>, on Monday, 2018-09-24 07:14:48 PM |>- > On Mon, 2018-09-24 at 09:06 +0200, Philipp Gesang wrote: > > > A long time ago I posted a script to dump the machine password to > > > stdout for the benifit of an 802.1x client, but

Hi Rowland, -<| Quoting Rowland Penny via samba <rpenny at samba.org>, on Wednesday, 2019-02-13 05:01:19 PM |>- > On Wed, 13 Feb 2019 17:16:21 +0100 > Philipp Gesang via samba <samba at lists.samba.org> wrote: > > -<| Quoting L.P.H. van Belle via samba <belle at bazuin.nl>, on > > Wednesday, 2019-02-13 04:59:55 PM |>- > > >

Hi Andrew, thanks for addressing all my points. This is rather helpful. -<| Quoting Andrew Bartlett <abartlet at samba.org>, on Friday, 2018-09-21 08:23:26 AM |>- > On Fri, 2018-09-21 at 11:29 +0200, Philipp Gesang via samba wrote: > > how would I go about dumping tdb files in a “neutral” format, > > preferably JSON? > > > > The goal is to have a domain

Hi Andrew, thank you for your reply. -<| Quoting Andrew Bartlett <abartlet at samba.org>, on Thursday, 2018-10-25 06:44:03 AM |>- > On Wed, 2018-10-24 at 15:43 +0200, Philipp Gesang wrote: > > Hi again, > > > > -<| Quoting Andrew Bartlett <abartlet at samba.org>, on Friday, 2018-09- > > 21 08:23:26 AM |>- > > > > > > On Fri,

Hi, how would I go about dumping tdb files in a “neutral” format, preferably JSON? The goal is to have a domain member functional after restoring from a backup without re-joining. Ideally, the backed up version does not depend on the tdb because of concerns about the stability of the format. A backup set must remain usable despite a multi-major version Samba update happening in between. By

-<| Quoting Andrew Bartlett <abartlet at samba.org>, on Tuesday, 2018-10-16 05:17:13 AM |>- > On Mon, 2018-10-15 at 16:05 +0200, Philipp Gesang via samba wrote: > > -<| Quoting Andrew Bartlett <abartlet at samba.org>, on Saturday, 2018-10-13 08:09:31 AM |>- > > > On Fri, 2018-10-12 at 16:59 +0200, Philipp Gesang via samba wrote: > > > > Hi

Hi Louis, thanks for your reply. -<| Quoting L.P.H. van Belle via samba <belle at bazuin.nl>, on Wednesday, 2019-02-13 04:59:55 PM |>- > > DOM.AIN\foobar's password: > ^^^^^^^^ > > No dot is allowed in the NTDOM > Fix that first, then try again. That’s the output when logon succeeds though nor does the value seem to matter anywhere else. This is just Samba

I would like to use Samba (3.5.10 as supplied with RHEL6 if possible) to make some directories accessible as a filesystem to (some of) our developers. However, those directories are read and written by a web server, and all files and directories in there should belong to www-data:www-data. The obvious solution is a username map - just map everyone to www-data - but then "valid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (OK, my first message got mangled because of the attachments, so I'm reposting) I've got a samba 3 box that's part of an AD domain. It works correctly for most users; but there was a problem where certain users couldn't connect. We'd get a log message that looks like this: Username SAMPLE.COM\pcuser is invalid on this system

I'm having some kind of trouble mapping all users in an ADS group to a Unix id. I'm running Samba 3.0.7 on Solaris 9 as a member of a Windows 2000 ADS Domain. Here's my smb.conf: ******************************************************************************************************** [global] workgroup = ADSDOM realm = ADSDOM.MY.COM server string = Samba