similar to: [OT?] W10, SYSTEM, guest access.

Not only NT domains, but also Samba 3.6! Wow! I'm a retro-sysadmin! ;-) I know i'm asking a rather hard thinks but... we are upgrading, but also solving some troubles. We have ''decently'' integrated some W10 1803 in a NT domain, but now with some other 1903 there's no way to make roaming profiles work. Looking at samba logs, seems that the client don't try at

Hi Marco, the fact that win 10 fails where access from win 7 succeeds makes me wonder whether it is because of tightened security of windows 10, in particular I suspect disabled smb 1. Thus you should probably not try to make windows 10 succeed the same way but look at your security issue. Lowering the security might actually open an attack vector in your provisioning process. Best Regards,

As subject say, we are trying to ''integrate'' some W10 machine on a NT domain, with samba as PDB/BDC, OpenLDAP backend. profile share is defined as: [profiles] comment = Network Profiles Share path = /srv/samba/profiles read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes browseable = No csc policy = disable root preexec =

Mandi! L.P.H. van Belle via samba In chel di` si favelave... > I dont get what your goal is, sorry.. :-/ And Rowland: > Why do you think you need 'netbios aliases' ? Simply: i was (ab)used to have, in my NT domain, some aliases for my servers, so i can change servers (and move services) but keeping things consistent. Eg, all my printers are connected to

[ Rowland, i know, i need to upgrade. ;-) ] Some month ago, with a relative big bunch of fix&tweaks, i was able to put a Win10 1903 client in join to a 'NT mode' Samba domain. Now i'm trying to do the same with a 1909 version; all seems to work as before, BUT netlogon script (defined in smb.conf with: logon script = startup.bat ) simply seems does not run. No log event in

Samba 4.8 (Louis debian repo), DM. Today i've had to recovery a deleted file in that share, that use 'vfs_recycle' modules: [Work] comment = Spazio di Lavoro Utente map acl inherit = Yes path = /srv/work read only = No store dos attributes = Yes vfs objects = acl_xattr recycle full_audit volume = Work full_audit:failure = none full_audit:success = mkdir rmdir read pread

I've read all docs on upgrades, from wiki to Louis notes, and i think i'm ready to upgrade. First step, move from stretch to jessie, and from 4.5 to 4.8, upgrade in place. But having a domain with 6 DCs, i'm a bit scared to upgrade all DC in one turn, and i'm think about something like: a) upgrade DC with FSMO roles, then wait 1-2 day to spot troubles b) then upgrade all DC in

Debian stretch, louis packages 4.9.16+dfsg-0.1~stretch~1 . After some time (roughly: two weeks) my DC with FSMO roles (seems that other DC are unaffected) goes suddenly on trash: memory jump from 50% (3GB) to 100%, container start to swap and slow down (load 10-15) al the phisical server. A simple restart solve all the troubles. Some hint on how to debug that? Thanks. -- dott. Marco Gaiarin

On 23/09/2019 13:42, Trenta sis via samba wrote: > Thanks, ntlm auth is temporary until we have solved some issues > getent is needed by filesystem acl > If you think you need the 'winbind enum' lines so that 'getent' works, then think again ;-) If you do not have the 'winbind enum 'lines 'getent passwd username' will still work. 'getent passwd'

hi in samba/cifs/windows is there a thing similar to "su"? i'll explain: as root with "su" i can switch to another user without knowing his password i want to do the same thing, as domain admin, when i mount a share: mount the share impersonating another user without knowing his password i need it to test permissions on this share thanks in advance

Sometimes (rarely, very rarely) i spot a <printername>.tdb error that seems to prevent the communication between samba and CUPS. In log i see: [2019/06/26 15:15:49.633876, 0] ../source3/lib/util_tdb.c:316(tdb_log) tdb(/var/cache/samba/printing/sml5010-2.tdb): tdb_rec_read bad magic 0x25 at offset=26096 the only solution i've found, pretty drastic, is: systemctl stop

Mandi! Rowland penny via samba In chel di` si favelave... > Yes, somebody moved the cache to a different directory and it now gets wiped > every time Samba is restarted, we have a bug report for it:? > https://bugzilla.samba.org/show_bug.cgi?id=14074 Ok, thanks. I suppose that cache get controlled by: idmap cache time = 604800 winbind cache time = 300 so, for a portable system,

On Mon, 11 Feb 2019 15:28:57 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > It sounds to me that 'exim' is using LDAP for its lookups and is NOT > > using any cache (winbind or otherwise). So when the LDAP source goes > > away, so do your users. > > No, rowland;

Happy new year to the list! I'm using Debian wheezy, standard Samba packages, version 2:3.6.6-6+deb7u4. I've hit bug #8744 https://bugzilla.samba.org/show_bug.cgi?id=8744 (referenced in debian BTS as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658707) that prevent me to use machine account auth; i'm using it with freeradius, to automatically connect some wireless clients.

Mandi! Rowland penny via samba In chel di` si favelave... > > Considering a 'full offline' DM client (supposing a portable), there's > > a 'winbind permanent nss cache' or a general nss cache (like > > nss-updatedb): > > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd > > have to be used? Thanks. > No, you cannot use

Hello, I'm running Samba 4.9.5 as domain member, when I bring down the current Window DC (10.50.50.187) the winbind seems to hang instead of switching to the other available DC (10.50.50.25) The "net ads" command show that Samba switched to the other available DC: net ads join -U 'administrator' -S 'PAVONE.HYPERFILE.LOCAL' 'HYPERFILE.LOCAL'^C root at

Yesterday, after a long run, i've finally upgraded my DCs to stretch/samba4.9, using Louis repos. Hurrah! ;-) Looking forward, eg: http://apt.van-belle.nl/debian/dists/ seems to me that i can advance to 4.10 in stretch, but to go further i need buster (probably because of python deps, right?). Louis, i think we need a matrix of debian-samba compatibility... ;-) -- dott. Marco Gaiarin

I'm revising some docs, and i've returned on the 'offline logon' tema. Looking at: https://wiki.samba.org/index.php/PAM_Offline_Authentication and smb.conf manpage, it is clear that 'offline logon' is a pam/authentication only, does not involve NSS. Considering a 'full offline' DM client (supposing a portable), there's a 'winbind permanent nss

Some month ago a local branch office closed; the local branch had a DC, that i've simply removed the dc with: samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio (see https://lists.samba.org/archive/samba/2019-February/221195.html) But this leave some old DNS records, eg: root at vdcsv1:~# host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed

On 23/09/2019 15:18, Marco Gaiarin via samba wrote: > Mandi! Rowland penny via samba > In chel di` si favelave... > >> I repeat (louder this time): NO ONE NEEDS THE 'WINBIND ENUM' LINES IN >> SMB.CONF > While it is true that i can live happily without 'winbind enum', it is > not completely true that 'no one needs' that. > > For example,