Displaying 20 results from an estimated 4000 matches similar to: "Samba and logwtatch"
2018 Dec 10
2
Fwd: Re: Fwd: Extended acls with AD - problem with default/herited permissions
Hello Dale,
Set inherit acls = yes locally to my share groups, and remove map acl
inherit = yes from global parameters of smb.conf does not solve my issue.
I still have acl "Domain Users" added to new folders/files.
As i write in my previous email, the only way i found to disable acl
"Domain Users" to be added was with :
inherit owner = yes
With some disavantages for users
2018 Dec 10
2
Fwd: Extended acls with AD - problem with default/herited permissions
Edouard,
These are the 4 available parameters containing the word "inherit".
inherit acls (S)
inherit owner (S)
inherit permissions (S)
map acl inherit (S)
Would "inherit acls" work for you?
Dale
On 12/10/18 10:56 AM, Edouard Guigné via samba wrote:
> Hello,
>
> I add to my previous mail, the only way i found to disable acl
2019 Jun 18
3
Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
On 18/06/2019 19:49, Edouard Guign? via samba wrote:
> ?gidNumber for 'Domain Users' is 513
>
> not in range? '10000-14999' of uidNumber
>
> Is it a problem ?
Oh yes, ALL user uidNumber's and Domain Users gidNumber MUST be inside
the DOMAIN range you set in smb.conf, if they aren't, all your users
WILL be ignored by Samba.
Find the next available
2019 Jun 19
2
Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Hello,
I performed a test in order to get access to my samba share with
winbindd (and not sssd).
For that,
1. I change the gid of domain users from 513 to 15513 (to match with the
domain range 10000 - 14999)
And verify my test user is part of 15513
2. Stop sssd and change nsswitch.conf like this :
/passwd:???? files winbind//
//shadow:???? files//
//group:????? files //winbind//
/
3.
2018 Dec 10
2
Extended acls with AD - problem with default/herited permissions
Hello,
I set a share on a samba 4.7.1 as domain member with an Active Directory
controler, this share is used by all domain users.
All users from the AD domain have a primary group "Domain Users", and
secondary groups to filter access on the folders of the share.
I noticed that when a user create a sub-folder/file inside a "Top
folder", the default permissions from the
2019 Jul 22
5
client min protocol = SMB2
I did not set max protocol to SMB2 in smb.cnf, I don't want to force
SMB2 selection if SMB3 can be used by a client.
The machine is a Windows 7, so is SMB2 compliant.
Le 22/07/2019 ? 11:44, Gaiseric Vandal via samba a ?crit?:
> I would guess that changing the min protocol does not affect existing
> connections unless you were to restart samba.
>
> Is the max protocol set to at
2019 Jun 18
2
Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Is it possible to make start DOMAIN range from 500 instead of 10000 ?
I realized that all my gid are in range 500 to 600 and not in range
10000 - 14999
I thought? DOMAIN range 10000 - 14999 was reserved for DOMAIN users
-------- Message transf?r? --------
Sujet?: Re: [Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
Date?: Tue, 18 Jun 2019 16:25:39 -0300
De?: Edouard Guign? via
2019 Jul 22
3
client min protocol = SMB2
Hello,
Thank you !
I add server min protocol = SMB2_02 to smb.cnf
All clients are now using SMB2_10 as minimum protocol version
May you indicate me the difference between "client min protocol" and
"server min protocol" ?
"server min protocol" is to use on a domain member
"client min protocol" is to use in which case ?
Should I also set client min
2018 Dec 10
0
Fwd: Re: Fwd: Extended acls with AD - problem with default/herited permissions
Edouard,
No, that won't work for you. "inherit acls" is intended for posix ACL's.
Since you are using Windows ACL's, try setting the
permissions/inheritance you want from a Windows system.
Dale
On 12/10/18 12:40 PM, Edouard Guigné wrote:
>
> Hello Dale,
>
> Set inherit acls = yes locally to my share groups, and remove map acl
> inherit = yes from global
2019 Jul 22
2
client min protocol = SMB2
Hello,
I set client min protocol = SMB2 in my smb.cnf
But I see some clients still connecting in NT1 (smbstatus) :
smbstatus -p Mon Jul 22 11:39:36 2019
Samba version 4.8.3
PID???? Username???? Group Machine??????????????????????????????????
Protocol Version Encryption?????????? Signing
2019 Jul 24
2
audit logging
Hello,
I have set up audit logging and I find many entries of this type :
./auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [MYDOMAIN]\[MYWORKSTATION$] at [mar., 23 juil. 2019 07:49:43.486619 -03] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MYWORKSTATION] remote host [ipv4:10.x.x.x:49472] mapped to [MYDOMAIN]\[MYWORKSTATION$]. local host
2019 Jun 15
2
Kerberos and NTLMv2 authentication
Hello Rowland,
Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize,
should be :
realm = MYDOMAIN.LOCAL
workgroup = MYDOMAIN
About libpam-krb5 installed, I have on my system :
yum list krb5-workstation pam_krb5
krb5-workstation.x86_64 1.15.1-37.el7_6
@updates
pam_krb5.x86_64 2.4.8-6.el7 @base
Is pam_krb5
2019 Jun 19
2
Fwd: Re: Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication
The 2 commands works :
# getent passwd MYDOMAIN\\usertest
MYDOMAIN\\usertest:*:10430:14513:user TEST:/home/usertest:/bin/bash
# getent group MYDOMAIN\\"Utilisateurs du domaine"
MYDOMAIN\utilisateurs du domaine:x:14513:
I have to put "Utilisateurs du domaine" instead of Domain\ Users because
the Windows AD is a french AD.
Le 19/06/2019 ? 12:32, Rowland penny via samba a
2018 Dec 10
0
Fwd: Extended acls with AD - problem with default/herited permissions
Hello Dale,
I set map acl inherit = yes in global parameters of smb.conf
and set inherit owner = yes locally to my share "groups" of smb.conf
I have followed the wiki
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
It is indicated :
"To configure shares using extended access control lists (ACL), you must
enable the support in the |smb.conf| file. To enable
2019 Feb 11
3
Issue network share mapping - Windows 10
Hello,
I am facing issues to keep samba share to be mapping in Windows 10
After computer start, and first login, the share is mounted correctly.
Then user logout, wait for 5 min, and log in windows again, the share
cannot be mounted.
An "error 64" occurs, with then "the specified network path is not
available"...
My samba server is in version 3.5.6 (SMB1)
My Windows 10
2018 Jun 20
1
User cannot log on from this workstation. Error 2240
Hello Rowland,
Yes, this is just for this user.
I was also thinking it was an issue with Windows 10.
But I noticed this error also on others workstations in Windows 7 pro
with this user account.
I will try to delete and recreate the account.
Ed
Le 20/06/2018 à 12:43, Rowland Penny via samba a écrit :
> On Wed, 20 Jun 2018 12:13:28 -0300
> Edouard Guigné via samba <samba at
2019 Jun 20
2
Samba winbind on redhat 7
My idea is to replace default "cifs_idmap_sss.so" plugin by "idmapwb.so"
winbind plugin, in order to SSSD becomes a client of winbind.
To avoid to change nsswitch.conf :
passwd:???? files sss
shadow:???? files sss
group:????? files sss
into
passwd:???? files winbind
shadow:???? files winbind
group:????? files winbind
because I need an other access in sftp, this is using
2018 Feb 16
4
vfs_shadow_copy2 with snapprefix & delimiter options in samba 4.6.2
Hello Dear Samba Users,
I have sucessfully set a samba share on a centos 7 box (samba 4.6.2) and
succeeded into make work snapshots (vfs_shadow_copy2 with xfs and lvm).
The snapshots appears well in windows previous versions.
However, I expected to go further with snapshots and use the options
"shadow:snapprefix" and "shadow:delimiter"in order to filter daily,
weekly
2019 Jul 17
2
Name of the share in windows explorer
Hello,
My samba share is on a Linux Centos 7, samba version 4.8.3. Please find
here is my smb.cnf :
[global]
??? security = ads
??? realm = MYDOMAIN.MYDOMAIN.LOCAL
??? workgroup = MYDOMAIN
??? kerberos method = secrets and keytab
??? server signing = mandatory
??? client signing = mandatory
??? hosts allow = 127. 10.x.x. 10.x.x.
??? hosts deny = 10.x.x. 10.x.x.
??? log file =
2019 Jun 20
2
Samba winbind on redhat 7
This way is so easier...
Thank you Rowland
Le 20/06/2019 ? 14:01, Rowland penny via samba a ?crit?:
> On 20/06/2019 17:54, Edouard Guign? via samba wrote:
>> My idea is to replace default "cifs_idmap_sss.so" plugin by
>> "idmapwb.so" winbind plugin, in order to SSSD becomes a client of
>> winbind.
>> To avoid to change nsswitch.conf :
>>