similar to: problems after migrating NT domain to AD (samba 4.7.x)

Just follow this and it "just works" https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory And this is asking for problems. workgroup = WSISIZ.EDU.PL Read : https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx And from this link :

On 15/09/2019 19:08, Bart?omiej Solarz-Nies?uchowski wrote: > W dniu 2019-09-15 o?18:32, Rowland penny via samba pisze: >> On 15/09/2019 16:44, Bart?omiej Solarz-Nies?uchowski wrote: >>> I have some questions: >>> >>> I not currently understood - bind9 connected to AD server must be >>> used by the LAN workstations - or only via AD server? >>>

W dniu 28.09.2019 o?21:29, Rowland penny via samba pisze: > On 28/09/2019 19:40, Bart?omiej Solarz-Nies?uchowski via samba wrote: >> Dear List, >> >> My domain +/- works, so I try to fix rest services based on domain >> NT/AD.... >> >> I use WiFi authorization with PEAP/MSCHAPv2 + freeradius (before >> migration it works). >> >> And after

On 19/09/2019 19:33, Bart?omiej Solarz-Nies?uchowski via samba wrote: > Dear List, > > After migration I have found some problems: > > 1. > > directives in /etc/samba/smb.conf > > force user > > force group You shouldn't be using those anymore, you should use Windows ACLs > > I have found similar problems like here: >

On 15/09/2019 20:19, Bart?omiej Solarz-Nies?uchowski wrote: >> What OS is this and what Samba packages did you install ? >> > [root at oceanic etc]# which ldbsearch > /usr/bin/ldbsearch > [root at oceanic etc]# rpm -qf /usr/bin/ldbsearch > ldb-tools-1.5.5-1.fc30.x86_64 > Is your DC Running Fedora ? If so, then I am sorry, but I must advise you that running a Samba AD DC

This is a common error. https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Bart??omiej Solarz-Nies??uchowski via samba > Verzonden: maandag 16 september 2019 14:09 > Aan: samba at lists.samba.org > CC: ubi >> Maciej Wysocki

On 15/09/2019 16:44, Bart?omiej Solarz-Nies?uchowski wrote: > >> Done with some problems: > > 1. bugs reported here: > > https://bugzilla.altlinux.org/show_bug.cgi?id=36496 > > and here > > https://bugzilla.samba.org/show_bug.cgi?id=13060 > > involved me - but and make workarounds and migration was done. > > > Basically AD samba works. > > >

On 16/09/2019 17:26, Bart?omiej Solarz-Nies?uchowski wrote: > W dniu 2019-09-16 o?16:30, Rowland penny via samba pisze: >> On 16/09/2019 15:04, L.P.H. van Belle via samba wrote: >>> Well it was worth checking.. We just dont know what you already >>> checked.. > > now I setup the Ubuntu Server 18.04.3 LTS + > > http://apt.van-belle.nl/ + >

On 16/09/2019 15:04, L.P.H. van Belle via samba wrote: > Well it was worth checking.. We just dont know what you already checked.. > > Then all i can say now is, or a different OS, or try Vincent's his packages. > I see that is should support AD-DC, but I really dont know. I only do debian/ubuntu. > At least it looks like it. > > (from :

Hello, I am trying to configure pine.conf for all users and running into an issue. In this setup, Mailbox format is Maildir and Maildir location is /Mail/Username/{new,cur,..etc} First thing required in alpine was patch for maildir and this has already been done. After that I have tried setting up folder-collection Mail #md ../../Mail/username and also tried using #mc (not sure which one is

> I guess we have to look at the conf files then, first these two: Thank you for the config file snippets. I can confirm mine were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth. Unfortunately it's still erroring out: (7) mschap: Creating

On 12/09/2019 20:37, Bart?omiej Solarz-Nies?uchowski via samba-technical wrote: > Dear List, Sorry but this is the wrong list, it should have been the samba mailing list, not samba-technical, I have cc'ed the samba list, please reply there. > > I need to migrate my Samba NT4 domain (5000+ users, 600+ workstation, > 50+ printers) urgently. > > > Backend for samba is on

Good Morning! I have problems with setup imap quota with mailboxes on nfs I use dovecot 2.0.11, below dovecot.conf + extract from log: # 2.0.9: /etc/dovecot.conf.rpmsave # OS: Linux 2.6.35.11-83.fc14.x86_64 x86_64 Fedora release 14 (Laughlin) mail_plugins = acl quota zlib trash auth_cache_size = 8 k dotlock_use_excl = yes mail_location = maildir:~/Maildir:INBOX=/var/spool/mail/%u mail_nfs_index

W dniu 2019-09-15 o?20:38, Rowland penny via samba pisze: > On 15/09/2019 19:08, Bart?omiej Solarz-Nies?uchowski wrote: >> W dniu 2019-09-15 o?18:32, Rowland penny via samba pisze: >>> On 15/09/2019 16:44, Bart?omiej Solarz-Nies?uchowski wrote: >>>> I have some questions: >>>> >>>> I not currently understood - bind9 connected to AD server must

Hello! I need to use smbpasswd in scripts. I want to changing smbpassword in script. There is an option -s in smbpasswd so I tried: echo new_password | smbpasswd -s username but without success.... If someone knows how change password - please e-mail..... Best Regards -- Bartlomiej Solarz-Niesluchowski, Administrator WSISiZ e-mail: B.Solarz-Niesluchowski@wsisiz.edu.pl 01-447 Warszawa, ul.

Hai, It does not happen often but yes, i also need some help as i cant know everything also and im new with freeradius. Im working on a configuration for samba member + freeradius with ntlm_auth. Why ntlm_auth, because the next one is kerberos and ldap auth to configure.. I want to have some fallback options here and you have to start somewhere. This is running on my new proxy/gateway

W dniu 19.09.2019 o?20:49, Rowland penny via samba pisze: > On 19/09/2019 19:33, Bart?omiej Solarz-Nies?uchowski via samba wrote: >> Dear List, >> >> After migration I have found some problems: >> >> 1. >> >> directives in /etc/samba/smb.conf >> >> force user >> >> force group > You shouldn't be using those anymore, you

Hello, I can definately confirm that it's working. My basic setup is: 1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7 2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight from centos repo. // I  tested also on freeradius 3.0.14 and samba 4.7.x smb.conf on the DC is pretty basic, most important is obviously in [globall]:         ntlm auth =

Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not

ok, tested it, and it works. so to summarize: on samba ad 4.7.x  in smb.conf "ntlm auth" is set to "mschapv2-and-ntlmv2-only" fr + samba domain member (4.6 and 4.7) in mods-available/mschap you have to add to ntlm_auth --allow-mschapv2 to the whole string OR just use winbind method, which sets correct flag without explicitly adding it. with those settings ntlmv1 is blocked