similar to: TLS questions

Hi All, This Samba release changelog (https://wiki.samba.org/index.php/Updating_Samba#Incorrect_TLS_File_Permissions) specifically mentions a security issue and that that the multiple *.pem files needed for LDAP via TLS all need "special permissions" - and mentions to delete old files without the required permissions to force file renewal. Yet in the official Samba documentation

Hi everyone, I have a basic SAMBA setup with a main AD DC ad1 and a backup AD DC ad2, running on Samba 4.5.16-Debian on Raspbian. I would now like to enable LDAPS so my users can authenticate in other non Samba services using Active Directory. From reading the documentation here: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC I understand that for the most

Hi folks, Does anybody have experience using ADCS in conjunction with Samba? I would like to create certificates using ADCS as a CA to create certificates to be deployed to servers running web applications. It would be very convenient to have joined Windows computers automatically trust certificates issued my own CA instead of having to import certificates manually on every browser on every

On 01/09/2019 21:46, Rowland penny via samba wrote: > On 01/09/2019 21:37, Robert Wooden wrote: >> No, thanks anyway, Rowland. >> >> There are some FreeNAS posted command line tests that need to work >> (pushing me back to kerberos) that are part of their troubleshooting. >> Once I get that right, if I need to, I'll be back here with questions. > >

I have FreeNAS 9.2.1.7 [FreeBSD 9.2-RELEASE-p10 and samba 4.1.11] configured as an AD member server in a 2008R2 domain. Browsing directories in samba is slow (30+ second lag between opening a folder in Windows Explorer and the files inside the folder appearing). The default smb4.conf contains the following parameters which are not defaults in the smb4.conf manpage: ea support = yes

On 2/17/2016 5:00 AM, Rowland penny wrote: > On 17/02/16 00:03, Ian wrote: >> I've recently attempted to migrate some windows server files over to >> samba 4 hosted on a FreeNAS server. >> >> Using robocopy with the /copyall switch, I expected everything, >> including ACL's and ownership information to transfer over. For the >> most part they have.

Hello, I just wanted to check in on this list and see what folks know about the new severe performance problems with OS X 10.11.5. There's a comment on Reddit claiming that 10.11.5 is requiring SMB signing, but I haven't found documentation on that. I myself saw performance on my 10 GbE go from 800 MB/s on 10.11.4 to 60 MB/s on 10.11.5. My NAS is running Samba 4.3.6 on FreeNAS, which is

RPvs> On Tue, 1 Jan 2019 10:35:17 -0800 RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: >> I'm working to put up a production FeeeNAS box tied to Samba/AD for >> authentication for users connecting to the FreeNAS share(s). In >> joining FreeNAS to the AD domain, one immediately runs into >> "problems" with TLS/encryption. RPvs>

On 5/26/19 10:14 AM, Rowland penny via samba wrote: >> Just curious, since I appear to be running a PDC, is there a way to have >> a standalone samba server, and just get the user/password information >> from LDAP without doing all the domain stuff? That's actually what I'd >> like to do. I don't need a domain controller. > > I sort of thought you

Hello everyone, Just made a brand new installation of the Samba 4.10 for FreeBSD (got it from FreeNAS project) and it worked very well but I am facing some issues while working with it + Squid 4.6 Here is the thing. I could Join the machine to my Domain with absolutely no problems. I also created the Kerberos keytab, etc. For some reason, the Squid Helpers are showing an error message, like

I'm trying to learn more about samba by experimenting with samba on FreeNAS. This involves a certain amount of reading how default smb4.conf parameters are set in FreeNAS and then reading the manpages for those parameters. Async I/O is implemented in samba in freenas via the aio_pthread VFS module. The manpage for vfs_aio_pthread states: "the smb.conf parameters aio read size and aio

My ldaptest.php works now. Can't tell the "missing link" so far ... but it seems it's connect via ldaps now (and reading users etc)

I'm working to put up a production FeeeNAS box tied to Samba/AD for authentication for users connecting to the FreeNAS share(s). In joining FreeNAS to the AD domain, one immediately runs into "problems" with TLS/encryption. Samba, in the defaults requires TLS. I could disable TLS security in Samba, but that's probably not a great idea. So, I'll need a key/cert for the

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

I've recently attempted to migrate some windows server files over to samba 4 hosted on a FreeNAS server. Using robocopy with the /copyall switch, I expected everything, including ACL's and ownership information to transfer over. For the most part they have. The one problem I've ran into however, is that I'm getting errors any time I or robocopy attempt to change the ownership to

Most of this is generated by FreeNAS's gui, so I'll have to figure out how to override it. I know where the file is, but I don't know if changes I make to it will actually stick, but that's for a different forum :) Just curious, since I appear to be running a PDC, is there a way to have a standalone samba server, and just get the user/password information from LDAP without doing

Hello Rowland, We’ve been using SSSD with Acitve Directory for a few years now… It’s been solid for us. Our Linux clients use the AD-Kerberos via SSSD for secure NFS4 mounts with POSIX attributes defined in AD (uidNumber, gidNumber, unixHomeDirectory, loginShell). Before putting into production, I tested using Winbind and could not get it to do what I wanted. If I remember correctly, I had

I have Googled my brains out without success, and I'm hoping that someone here can give me some tips. I'm trying to build a new file server, and I've concluded that ZFS is the technology that I want to use. After doing some research I settled on FreeBSD 10 as the platform to provide it. I have an existing AD domain (two Samba 4.1.4 DCs running on Debian) and the file server will be

Okay, it's done. Here is the file Le mar. 6 ao?t 2019 ? 10:55, Rowland penny via samba <samba at lists.samba.org> a ?crit : > On 06/08/2019 09:36, Guillaume Couvreur wrote: > > it doesn't work, here is the log file > > Nothing there, can you try raising the log level ? > > start by adding: > > log level = 4 > > to smb.conf and restart Samba and

Hello, I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab environment, set up like this: https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up-a-samba-4-domain-controller-on-debian-9/ I would now like to configure this server to enable login via domain credentials. I'm aware that the Samba wiki recommends the following: -