similar to: auto_private_groups analogue?

Manually.? Direct edit of passwd and group.Sent from my Sprint Phone.------ Original message------From: Rowland penny via sambaDate: Fri, Feb 28, 2020 2:04 AMTo: samba at lists.samba.org;Cc: Subject:Re: [Samba] auto_private_groups analogue?On 28/02/2020 00:00, Christopher Cox via samba wrote: > Maybe a workaround?? We use winbind and default domain.? Therefore > there are two records from

On 28/02/2020 13:24, chriscox--- via samba wrote: > Manually.? Direct edit of passwd and group.Sent from my Sprint Phone.------ Original message------From: Rowland penny via sambaDate: Fri, Feb 28, 2020 2:04 AMTo: samba at lists.samba.org;Cc: Subject:Re: [Samba] auto_private_groups analogue?On 28/02/2020 00:00, Christopher Cox via samba wrote: >> Maybe a workaround?? We use winbind and

What I'm offering is a solution. Again, what I proposed is a functional workaround. It's actually pretty natural and obvious when you get right down to it. On 2/28/20 8:00 AM, Rowland penny via samba wrote: > On 28/02/2020 13:24, chriscox--- via samba wrote: >> Manually.? Direct edit of passwd and group.Sent from my Sprint Phone.------ >> Original message------From:

On 2/28/20 11:29 AM, Rowland penny via samba wrote: > On 28/02/2020 17:18, Christopher Cox via samba wrote: >> What I'm offering is a solution. >> >> Again, what I proposed is a functional workaround.? It's actually pretty >> natural and obvious when you get right down to it. >> > No it isn't. If you try to add a local user to a domain joined Unix

On Friday, 3 April 2020 10:46:54 PDT Ralph Boehme wrote: > Am 4/1/20 um 11:09 PM schrieb Alexey A Nikitin via samba: > > Is there a way, preferrably without ugly hacks, to prevent this from happening on accident, by mistake? By this I mean ideally so that Winbind remains responsive even if someone mistakenly ran `wbinfo -u` or `wbinfo -g`, but limiting the result sets of these commands or

On Thursday, 13 June 2019 09:18:25 PDT Goetz, Patrick G via samba wrote: > On 6/13/19 10:48 AM, Alexey A Nikitin via samba wrote: > > According to the MS docs SID=('S-'+version+identifier authority value+domain or computer identifier+RID). The SIDs that don't contain RID are the special cases of Machine SID, Domain SID, Service SID, and some predefined universal well-known

On Thursday, 13 June 2019 00:41:09 PDT Rowland penny via samba wrote: > On 13/06/2019 07:55, Alexey A Nikitin wrote: > > On Wednesday, 12 June 2019 13:07:56 PDT Rowland penny via samba wrote: > >>>> I think you mean 'RID' instead of 'SID' > >>> Yes, you're right. The Windows people seem to use the terms synonymously. > >> I cannot

Hi, Recently I by mistake ran `wbinfo -u <username>` when I was actually intending to run `wbinfo -n <username>`. It ignored the <username> part and proceeded to fetch the usernames. On a small domain this shouldn't be too much of an issue, but I did it on a domain with thousands upon thousands of users. The result was that Winbind became for all intents and purposes

On Friday, 18 October 2019 10:52:40 PDT Rowland penny via samba wrote: > On 18/10/2019 18:26, Alexey A Nikitin via samba wrote: > > Hi everyone, > > > > I have few questions about Winbind on AD DS domain member I'm having difficulty finding answers to in the docs on my own: > > * does Winbind remember the last DC it was connected to on shutdown, will it attempt to

On Fri, Apr 10, 2020 at 02:37:45PM -0700, Jeremy Allison via samba wrote: > On Fri, Apr 03, 2020 at 03:26:42PM -0700, Alexey A Nikitin via samba wrote: > > On Friday, 3 April 2020 10:46:54 PDT Ralph Boehme wrote: > > > Am 4/1/20 um 11:09 PM schrieb Alexey A Nikitin via samba: > > > > Is there a way, preferrably without ugly hacks, to prevent this from happening on

On Friday, 18 October 2019 12:24:46 PDT Ralph Boehme wrote: > You won't loose connectivity anyway. winbindd will just have to go > through DC lookup again in certain scenarios. This is exactly what I'd like to avoid. As I wrote in another message in this thread, it appears that switching DC shortly after domain join causes machine authentication failures until the new machine

On Tuesday, 5 November 2019 01:37:15 PST Rowland penny via samba wrote: > On 04/11/2019 18:52, Alexey A Nikitin wrote: > > On Sunday, 3 November 2019 01:41:18 PST Rowland penny via samba wrote: > >> As I said, you cannot use 'winbind use default domain = yes' with > >> 'autorid', it makes all users and groups members of the same domain, > >> this

On Wednesday, 27 May 2020 16:21:31 PDT Jeremy Allison wrote: > On Wed, May 27, 2020 at 12:54:49PM -0700, Alexey A Nikitin via samba wrote: > > 3. Are the rules for how a DC gets put into NEG_CONN_CACHE documented anywhere besides the code itself, or wading through the code is my only option of getting to know the criteria? > > Only in the code I think, added in: > >

On Wednesday, 5 February 2020 13:11:27 PST Rowland penny via samba wrote: > No, sorry, but your client needs to have the same time as the DC (+/- 5 > mins), so if you haven't installed an NTP client, I suggest you do. Speaking of which, any suggestions on what's the best way to found out which NTP servers the client should be tuned to in AD DS? From what I understand, they are not

On Fri, Apr 03, 2020 at 07:46:54PM +0200, Ralph Boehme via samba wrote: > Am 4/1/20 um 11:09 PM schrieb Alexey A Nikitin via samba: > > Is there a way, preferrably without ugly hacks, to prevent this from happening on accident, by mistake? By this I mean ideally so that Winbind remains responsive even if someone mistakenly ran `wbinfo -u` or `wbinfo -g`, but limiting the result sets of

On Wed, Apr 01, 2020 at 03:33:00PM -0700, Jeremy Allison via samba wrote: > On Wed, Apr 01, 2020 at 02:09:57PM -0700, Alexey A Nikitin via samba wrote: > > Hi, > > > > Recently I by mistake ran `wbinfo -u <username>` when I was actually intending to run `wbinfo -n <username>`. It ignored the <username> part and proceeded to fetch the usernames. On a small

On Mon, 25 Feb 2019 16:14:53 -0800 Alexey A Nikitin <nikitin at amazon.com> wrote: > Hi Rowland, > > On Friday, 22 February 2019 08:03:11 PST Rowland Penny via samba > wrote: > > You also shouldn't use winbind on the shadow line > > Perhaps a stupid question, but my google-fu doesn't seem to be good > enough to find an answer myself: what is the exact

I've tried searching manuals and wiki, but I can't seem to find any specifics about NEG_CONN_CACHE entries other than 'idmap negative cache time' option in smb.conf, which refers to SID/UID/GID queries and not unavailable DCs. Specifically the issue I've ran into recently is that with 'winbind max domain connections' set to 10 I saw Winbind had single active connection

Hi everyone, I have few questions about Winbind on AD DS domain member I'm having difficulty finding answers to in the docs on my own: * does Winbind remember the last DC it was connected to on shutdown, will it attempt to connect to the same DC on restart or will it go through DC location process again? * If yes, will that information be wiped out when one runs 'net cache flush'? *

On Wednesday, 12 June 2019 13:07:56 PDT Rowland penny via samba wrote: > >> I think you mean 'RID' instead of 'SID' > > > Yes, you're right. The Windows people seem to use the terms synonymously. > I cannot help that, the SID identifies the domain and the RID is > appended to the end of the SID and identifies the object (user, > group,computer