Displaying 20 results from an estimated 10000 matches similar to: "DC in trash..."
2019 Oct 16
4
vfs_recycle permission bug?!
Samba 4.8 (Louis debian repo), DM.
Today i've had to recovery a deleted file in that share, that use
'vfs_recycle' modules:
[Work]
comment = Spazio di Lavoro Utente
map acl inherit = Yes
path = /srv/work
read only = No
store dos attributes = Yes
vfs objects = acl_xattr recycle full_audit
volume = Work
full_audit:failure = none
full_audit:success = mkdir rmdir read pread
2019 Oct 01
5
Upgrade DC 4.5 -> 4.8, timings?
I've read all docs on upgrades, from wiki to Louis notes, and i think
i'm ready to upgrade.
First step, move from stretch to jessie, and from 4.5 to 4.8, upgrade
in place.
But having a domain with 6 DCs, i'm a bit scared to upgrade all DC in
one turn, and i'm think about something like:
a) upgrade DC with FSMO roles, then wait 1-2 day to spot troubles
b) then upgrade all DC in
2019 Aug 28
4
[OT?] W10, SYSTEM, guest access.
[ I've just asked abut that, here, but now seems a simpler things, so i
retry... ]
This seems NON a samba touble, but a different behaviour in M$
client OS. But, really, i've not clue how to find an answer...
Suppose to have a Win7 and a Win10 machine, both NOT joined to a
domain. Suppose to have a share, with guest access enabled, where only
readonly access are needed.
Suppose also
2019 Sep 13
4
NT domain, Win10 1903 and profiles...
Not only NT domains, but also Samba 3.6! Wow! I'm a retro-sysadmin! ;-)
I know i'm asking a rather hard thinks but... we are upgrading, but
also solving some troubles.
We have ''decently'' integrated some W10 1803 in a NT domain, but now
with some other 1903 there's no way to make roaming profiles work.
Looking at samba logs, seems that the client don't try at
2019 Jun 26
2
<printername>.tdb error management...
Sometimes (rarely, very rarely) i spot a <printername>.tdb error that
seems to prevent the communication between samba and CUPS.
In log i see:
[2019/06/26 15:15:49.633876, 0] ../source3/lib/util_tdb.c:316(tdb_log)
tdb(/var/cache/samba/printing/sml5010-2.tdb): tdb_rec_read bad magic 0x25 at offset=26096
the only solution i've found, pretty drastic, is:
systemctl stop
2019 Oct 17
3
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> Yes, somebody moved the cache to a different directory and it now gets wiped
> every time Samba is restarted, we have a bug report for it:?
> https://bugzilla.samba.org/show_bug.cgi?id=14074
Ok, thanks.
I suppose that cache get controlled by:
idmap cache time = 604800
winbind cache time = 300
so, for a portable system,
2019 Oct 17
3
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> > Considering a 'full offline' DM client (supposing a portable), there's
> > a 'winbind permanent nss cache' or a general nss cache (like
> > nss-updatedb):
> > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd
> > have to be used? Thanks.
> No, you cannot use
2019 Nov 07
3
Samba, Debian and upgrade path...
Yesterday, after a long run, i've finally upgraded my DCs to
stretch/samba4.9, using Louis repos. Hurrah! ;-)
Looking forward, eg:
http://apt.van-belle.nl/debian/dists/
seems to me that i can advance to 4.10 in stretch, but to go further i
need buster (probably because of python deps, right?).
Louis, i think we need a matrix of debian-samba compatibility... ;-)
--
dott. Marco Gaiarin
2019 Oct 17
4
Offline logon and NSS...
I'm revising some docs, and i've returned on the 'offline logon' tema.
Looking at:
https://wiki.samba.org/index.php/PAM_Offline_Authentication
and smb.conf manpage, it is clear that 'offline logon' is
a pam/authentication only, does not involve NSS.
Considering a 'full offline' DM client (supposing a portable), there's
a 'winbind permanent nss
2019 Oct 01
3
Removed a DC but...
Some month ago a local branch office closed; the local branch had a DC,
that i've simply removed the dc with:
samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
(see https://lists.samba.org/archive/samba/2019-February/221195.html)
But this leave some old DNS records, eg:
root at vdcsv1:~# host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed
2020 Sep 11
4
Winbind offline cache and strangeness...
I've setup a portable system (ubuntu 16.04) joined to my AD domain,
that in their primary network works as expected.
But in this 'COVID time', the portable start to roam around, and users
say me that, suddenly after some days of use, get incredibly
sloooowww... after that users reboot, and cannot get back in, login
refused.
I've setup a VPN, but clearly if users cannot login
2019 Oct 02
3
Upgrade DC 4.5 -> 4.8, timings?
Hai Marco.
Just upgrade it. ;-)
It's not needed to move FSMO roles, in the last 4 years of upgradeing..
I did that exactly... 0 times.
Steps shown work fine. ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: woensdag 2 oktober 2019 11:29
> Aan: samba at
2020 Jan 07
4
'check password script' timeout, diferences between AD and NT mode?
Here we use a (custom-made, internal) password propagation system,
hooked around 'check password script'.
Recently we suffer a network outgage (another one ;-), and the system
that take care of password propagation goes offline.
+ NT domains continue to work, clearly password not propagate
+ AD domain stop to work (eg, users password change on windows stop to
work), because the
2020 Sep 06
2
pam_mount in 'newer samba'...
Sorry for a rather 'unifornative' subject, but i've little o no clue on
this.
I'm using at work 'pam_mount' with a rather standard configuration
to mount via CIFS/SMB user's home directory, from a samba AD member
server.
This configuration is a bit 'old' (mint sonya, AKA Ubuntu 16.04 as a
client, so samba 4.3; debian and samba 4.8 as a server), but work
2019 Dec 06
2
Backing up tdb files
Mandi! Rowland penny via samba
In chel di` si favelave...
> Then you only need to backup your smb.conf and your LDAP, the tdb files will
> be recreated from ldap.
AFAIK minus:
a) 'smbpasswd -w', samba need to know how to access OpenLDAP. ;-)
b) rights ('net rpc rights').
c) printers (per se, but in particular printer drivers), if you use it
d) policy ('pdbedit
2020 Sep 15
1
Winbind offline cache and strangeness...
Mandi! Data Control Systems - Mike Elkevizth via samba
In chel di` si favelave...
> 4.7.6) which also doesn't work. If you are only using it to authenticate
> to an AD controller, you should switch to using sssd. I have multiple
Some hints on docs to follow? Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
2020 Feb 05
4
Samba, ACLs and 'primary group'...
My previous email on this topic get no answer, i try to explain me
better.
The problem.
Simply i was (ab)used, in my previous samba NT-mode domains, to have
file created with the group-owner as the UNIX primary group; now, in
AD, files get created group-owned by Windows primary group, eg 'Domain
Users'.
This simply 'breaks' most of my ACLs setup.
I've read:
2019 Jan 17
4
Winbind, cached logons and 'user persistency'...
Hai Marco,
Maybe the winbind cache time is set to low for this.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: donderdag 17 januari 2019 15:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Winbind, cached logons and 'user
> persistency'...
>
2019 Nov 15
3
Account locked and delayed user data propagation...
I need to do some testing, but before to hit by head on a known wall, i
ask here.
My AD domain get used (via PAM/Winbind) to give access to some other
dervice, most notably here dovecot.
When password expire (or users change it) the MUA try the old password
some times, then ask for a new password; users cleraly get scared,
press randomly 'OK' or 'Cancel', but if they press 2-3
2019 Sep 19
3
Script to sync xID/idmap.ldb, some questions...
I'm scripting the ''replica'' of DC xID db (idmap.ldb) between DCs,
following:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings
but i've two question.
1) because i've just in place the sysvol replica, i've thinked of
copying the 'idmap.ldb.bak' file on sysvol share (in debian,