Displaying 20 results from an estimated 10000 matches similar to: "samba AD directory and PHP"
2020 Feb 27
2
samba AD directory and PHP
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Stefan G. Weichinger via samba
> Verzonden: donderdag 27 februari 2020 11:35
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba AD directory and PHP
>
> Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba:
> > But your missing the important part.
>
2020 Feb 27
5
samba AD directory and PHP
My ldaptest.php works now.
Can't tell the "missing link" so far ... but it seems it's connect via
ldaps now (and reading users etc)
2020 Feb 27
2
samba AD directory and PHP
Am 27.02.20 um 11:32 schrieb L.P.H. van Belle via samba:
> But your missing the important part.
>
> How ?
>
> Kerberos ? NTLM ? LDAP ?
>
> ;-)
Ah ok
Actually I want to use secure LDAP from a PHP docker container.
So far no Kerberos involved as far as I see.
(I have to dockerize a php app which is badly written ... and I want to
clean up a bit, and let it bind
2019 Feb 21
3
Debian 9.8 and vanbelle-repos
Am 21.02.19 um 15:49 schrieb L.P.H. van Belle via samba:
> Or...
>
> Set the creator group option.
>
> [Daten]
> comment = Daten
> create mask = 3660
> directory mask = 3770
did so, they test now. thanks
2019 Feb 22
4
Debian 9.8 and vanbelle-repos
Stefan,
If everythig works now. Then keep it as is.
Most probly it was the firewall that caused the problem.
@Rowland, good point. Im everytime amazed with all the commands you know.. :-)
And SID: S-1-5-21domain-513 = domain users.
These are "Samba Sids" S-1-22-[1-2]
1 useres
2 groups
And thats corect with wbinfo -g 10513 shows all groups.
Greetz,
Louis
>
2017 Jun 08
4
ntlm_auth and SMBv2/v3
hai,
Please keep it mailing to the list, this way is shows up of others also.
A workaround for disabling SMBv1, you can make your server less secure but thats not what i would do.
Setting these to enable NTLM v1 again.
lanman auth = yes
ntlm auth = yes
raw NTLMv2 auth = yes
I think also this is more a question for the free raduis list, but i would to for a ldap(s) setup.
just dont mixup
2020 Feb 27
0
samba AD directory and PHP
> > Did you add your own CA to /etc/ssl/certs/ca-certificates.crt
> > Per example look here :
> > https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/
>
> Is that
>
> dcX:/var/lib/samba/private/tls/ca.pem
If YOU created the CA.pem and all server use that one, then yes.
Then you should deploy that to all servers and pc.s
XCA is a handy tool to
2019 Feb 22
1
Debian 9.8 and vanbelle-repos
Am 21.02.19 um 19:19 schrieb Stefan G. Weichinger via samba:
> Am 21.02.19 um 16:51 schrieb Stefan G. Weichinger via samba:
>> Am 21.02.19 um 15:49 schrieb L.P.H. van Belle via samba:
>>> Or...
>>>
>>> Set the creator group option.
>>>
>>> [Daten]
>>> comment = Daten
>>> create mask = 3660
>>> directory mask =
2019 Aug 07
3
best practice for domain admins
I expect the next "you should know" here.
How do you handle administrative accounts in your samba/windows domains?
I have to provide some accounts for the so-called admin users at the
customer ... in some cases they learned the main admin pwd (yes, bad)
and used it for installing this and that.
Add their own users to group "domain admins"?
I'd like to take away the main
2018 Sep 03
2
running a (secondary) samba DC as docker container
Am 03.09.18 um 15:12 schrieb Robert Marcano via samba:
> On 09/03/2018 04:10 AM, Stefan G. Weichinger via samba wrote:
>>
>> As I am learning docker lately I came to the idea of using a docker
>> container as a "fallback" DC at sites where there is no budget (or
>> understanding) for a 2nd physical DC.
>>
>> That 2nd DC *might* run as docker
2019 Feb 22
4
Debian 9.8 and vanbelle-repos
Good morning Stefan,
Hmm, yes, i notice some things also with the debian 9.8 upgrade, that killed my kopano server.
Was a long night yesterday. :-( but fixed.
Ive done all my servers here and no samba problems.
I do know of more problems with docker.
There is a small difference, i dont know exact were, but i detected that on the kopano forum.
Kopano builds it packages within docker, the
2018 Sep 03
2
running a (secondary) samba DC as docker container
As I am learning docker lately I came to the idea of using a docker
container as a "fallback" DC at sites where there is no budget (or
understanding) for a 2nd physical DC.
That 2nd DC *might* run as docker container alongside the DM/fileserver,
right? OK, it should get a separate IP, I assume etc
Aside from the details: does anyone here actually do that?
2020 Feb 27
4
New PTR records not visible
Ok, new test.
Besides that i dont like the python errors shown, this still looks good.
So i dont know.. See below, i can not make it error.
for x in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ; do samba-tool dns add dc1.internal.dom.tld $x.249.10.in-addr.arpa 158 PTR host-test.extrazone.dom.tld ; done
Record added successfully
Record added successfully
Record added successfully
Record added
2019 Feb 22
4
Debian 9.8 and vanbelle-repos
Hai,
That bond0 interface, you might want to change that the interface name to bond1
Depending on the bonding settings, you might have hit a reserved name.
I lots my docu on that but i know i configured a bond1 because bond0 didn work right.
And then check these.
wbinfo -pPt ( or wbinfo -p && wbinfo -P && wbinfo -t )
wbinfo --sids-to-unix-ids S-1-22-2-10513
wbinfo -D
2018 Mar 27
5
ODP: Re: freeradius + NTLM + samba AD 4.5.x
Hello,
I can definately confirm that it's working.
My basic setup is:
1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7
2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight
from centos repo. // I tested also on freeradius 3.0.14 and samba 4.7.x
smb.conf on the DC is pretty basic, most important is obviously in
[globall]:
ntlm auth =
2018 Mar 27
2
ODP: Re: freeradius + NTLM + samba AD 4.5.x
ok, tested it, and it works.
so to summarize:
on samba ad 4.7.x in smb.conf "ntlm auth" is set to "mschapv2-and-ntlmv2-only"
fr + samba domain member (4.6 and 4.7) in mods-available/mschap you have to add to ntlm_auth --allow-mschapv2 to the whole string OR just use winbind method, which sets correct flag without explicitly adding it.
with those settings ntlmv1 is blocked
2017 Oct 17
3
ntlm_auth and SMBv2/v3
Hello Andrew,
Do you plan to release the patch for "ntlm auth =
mschapv2-only" option soon ?
We need this on order to use freeradius in
a "more safe" scenario than with "ntlm auth = yes"
Best
Regard,
Lulzim KELMENI
Direction des Systèmes d'Information
Mairie de
Saint-Ouen
Le 08/06/2017 21:36, Andrew Bartlett via samba a écrit :
>
On Thu, 2017-06-08 at
2020 Jul 08
3
ntlm_auth how to get challenge and nt-response
Hi all, I'm trying to use ntlm_auth as authenticator of the freeradius
mschap module. If I use ntlm_auth from command line with username and
password, authentication works. If I use the same credentials with
mschap on the logs I can see the challenge and nt-response and I can't
understand if authentication fails because challenge and response are
wrong or because ntlm_auth can't
2018 Nov 27
4
testing upgrades in containers?
While I wait for upgrading 2 customers from 4.8.6 to 4.9.x (hesitating
not to break things) and checking the list for Louis publishing the
4.8.7 stretch packages ... ;-) - thanks, Louis!! - I once again wonder
how to optimize these updates and minimize the risk of breaking things.
One thought is to add a test DC to my ADS/samba-domains, running in a
docker container, testing the upgrade there and
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Also I just facepalmed, as I double checked smb.conf right after sending
mail, and in samba 4.7 there are new options available for "ntlm auth",
as stated in docs:
|mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises
that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool).
So that is is I suppose that special "flag" that is used by