Displaying 20 results from an estimated 20000 matches similar to: "How to verify connectivity between AD and unix client properly?"
2019 May 27
2
How to verify connectivity between AD and unix client properly?
>
> What is 'C.I.D' ?
"CID (Closed In Directory) is a set of scripts for inserting and managing a
Linux system in an "Active Directory" domain."
https://sourceforge.net/projects/c-i-d/
Define 'remove' , do you mean leave the domain ?
I right click on the computer and press delete. :D
This could be coming from the winbind cache or your Unix client
2023 Apr 14
1
eduPerson schema on samba4
hi,
I created a lab to test adding the eduPerson schema.
I took the schema from the link below and followed the wiki to add the
schema.
hxxps://
github.com/REFEDS/eduperson/blob/master/schema/activedirectory/eduPerson.adschema.ldf
I split the ldif into 3 parts.
attrs.ldif
classes.ldif
auxiliaryClass.ldif
At first there was no error when adding the ldifs with the commands given
in the wiki. To
2018 Jun 01
3
Trust relationship between different domains
Hai Elias,
聽
Sorry for the late reply.
I do preffer the list, and i understand why you mailt my directly, but best is to keep this on the list.
The more eye that see this, the more chance you have on a reply.
I must say, i personaly dont use any trust relations ships. that was long ago when i used that, so im bit rusty here.
聽
Now, i see you are using my 4.8.2 packages. so you on debian. *( or
2018 May 23
1
[777] Trust relationship between different domains and locations
hello folks,
Elias Pereira via samba <samba at lists.samba.org> wrote:
> Thanks for the link Rowland!
>
> I read some of the old topics on the list, regarding trust
> relationship between two different domains and said that samba could
> not support. I think it was 2011 topics.
>
> Today, with so many updates, is it already supported?
>
Rowland wrote:
However,
2017 May 30
2
member domain idmap config ad/rid
Rowland,
AD: 4.5.8
Fileserver: 4.6.3
root at fileserver:~# samba -Version
Version 4.6.3-Debian
root at fileserver:~# net rpc rights list privileges SeDiskOperatorPrivilege
-U "ADDC\administrator"
Enter ADDC\administrator's password:
SeDiskOperatorPrivilege:
ADDC\Domain Admins
BUILTIN\Administrators
chown root:Domain\ Admins /mnt/dados >>>> ok
chmod 0770
2018 Jan 11
2
Deploy software in fileserver folder
Hi Elias,
> I thought it worked, but after I uninstalled the software that I deployed
> via user scope, it did not reinstall. I selected the "Redeploy application"
> option, but it also did not work.
The user scope GPO are run with the privileges and access tokens of the
logged on user, so the user have local admin rights for install and need
access rights to the share you
2020 Sep 19
2
WERR_BAD_NET_RESP on replication
hello,
There is a group in my AD that has a user that does not exist. I can see it
via RSAT.
By running the command:
samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes
The following error occurs:
Checking 10016 objects
WARNING: no target object found for GUID component for one-way forward link
member in object CN=ALUNOS,OU=GRUPOS,OU=CAMPUS,DC=mycompany,DC=net -
2018 Mar 19
1
Forwarder all reverse zones that AD DNS not authoritative
>
> And I would just put 'forwarders { 172.16.1.10; };' in 'options'
>
I already have this entry, but for reverse lookup it does not work.
Eg:
dig suporte.domain.intra +short
172.16.1.15
dig -x 172.16.1.15 +short shows nothing
On Mon, Mar 19, 2018 at 1:59 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Mon, 19 Mar 2018 13:51:00 -0300
>
2023 Apr 13
1
eduPerson schema on samba4
hi,
Does anyone on the list use the eduPerson schema in Samba4 as a DC?
--
Elias Pereira
2017 Dec 01
2
idamp ad/rid
Thanks Rowland for the quick answer!! :)
If you are going to use more
> than one Unix domain member as a fileserver, then you will probably be
> better off using the winbind ad backend, this way you can ensure your
> users and groups have the same ID everywhere.
Maybe in the near future I'll set up a new fileserver. That way, I believe
that ad as a backend is the best choice.
I
2020 Sep 20
2
WERR_BAD_NET_RESP on replication
On 20/09/2020 00:30, Elias Pereira via samba wrote:
> hi,
>
> I listed the 0ADEL entries with the command below and didn't find the
> object.
> # ldbsearch --cross-ncs --show-deleted -H /var/lib/samba/private/sam.ldb |
> grep "\0ADEL"
>
> I tried to delete using the command below, but it says it doesn't exist.
> # ldbdel -H
2018 Jun 28
2
Active directory sites & subnets
Thanks for the answer ligpanda101!!
For DC's that are not present on a subnet, assign the subnet to the closet
> site to a DC
Visibly via RSAT, how would that look?
On Wed, Jun 27, 2018 at 1:06 PM lingpanda101 <lingpanda101 at gmail.com> wrote:
> On 6/27/2018 11:44 AM, Elias Pereira via samba wrote:
> > Hello,
> >
> > Reading about, specifically in the wiki
2019 Dec 18
2
zentyal management
>
> Why ? I thought you set moodle to use ldaps against AD, so what do you
need zentyal for?
They installed zentyal and set up a DC to work online with moodle. Imagine
if our internet link goes down and students can't authenticate with moodle.
I say this because I work in a school in a city in the interior of my
state, and the connection is still a little precarious.
But the main
2018 Jan 11
2
Deploy software in fileserver folder
Hey Luke, thanks for the help!!! It's working now!!!
God bless you and your family!! :D
Remember that GPOs need to run as the context of either the computer or the
> user. Computers typically do not have access to many folders on a file
> server, even as "Everyone". That is why the NETLOGON folder works.
>
> If you're deploying as a USER configuration, then it
2018 Jan 10
2
Deploy software in fileserver folder
Which GPO? Computer or User Configuration?
Remember that GPOs need to run as the context of either the computer or the
user. Computers typically do not have access to many folders on a file
server, even as "Everyone". That is why the NETLOGON folder works.
If you're deploying as a USER configuration, then it should run as the
context of the user, meaning the Everyone permission
2018 Jan 09
3
Deploy software in fileserver folder
Hello list,
I tried to set up a folder on our fileserver domain member, so I can deploy
software for users' machines, but is not working.
If I put the software inside "netlogon" it installs correctly.
\\172.16.1.7\storage\programs
Auth Users - read & execute, list folder contents, read and write
Do I need other permissions?
--
Elias Pereira
2018 Mar 14
3
sysvolreset - open: error=40 (Too many levels of symbolic links)
hi folks,
After run *samba-tool ntacl sysvolreset *the below error occurs. I not
remember of make any modification directly on the server. I only manager
via rsat.
root at dc3:/etc/samba# samba-tool ntacl sysvolreset
*open: error=40 (Too many levels of symbolic links)*
ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed} The
requested operation was unsuccessful.')
2018 Jan 19
2
reverse zones configuration
Hello,
- In my domain I have 2 DCs.
dc1 ...
dc2 ...
- Both configured as bind_dlz
I set up the reverse zone on dc1.
The doubt:
Do I need to configure on dc2 or is it automatically replicated?
Another question:
>From what I've been reading, the two binds do not work as master and slave
but as multi-master, correct? If so, how do I get dc2 updated with every
dc1 change, if need
2015 Oct 09
4
Migrate directories and files
hello guys,
In my tests lab did the migration ldap base of the old samba3 to Samba4
ADCD.
It's possible to migrate directories and files from users of the old samba3
to Samba4 ADDC?
--
Elias Pereira
2017 Dec 01
2
idamp ad/rid
Hello friends,
My doubts are as follows. In an environment where we have, for example,
1000 users, I believe that rid would be the best choice in a fileserver
environment, because we don't need to manually configure via RSAT a unix
attribute for each user.
Is that more or less the thought, or am I wrong?
--
Elias Pereira