similar to: NBT name resolution

Jonathon Reinhart via samba writes: > Netbios has been effectively replaced by DNS for a long time now. It sounds > like you don't have a properly functioning DNS in your environment. I would > start there. I had my own perfectly functioning dns server using 8.8.8.8 as the upstream. Aparently I now have to use the Windows DC as the DNS server to resolve windows host names. I guess

On 16/07/2019 14:16, Jonathon Reinhart wrote: > On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 16/07/2019 14:02, Jonathon Reinhart wrote: >>> Rowland, >>> >>> You could go another step further and run that with "notify" to >>> monitor for changes, instead of having to run it in a cron

On 16/07/2019 16:40, Jonathon Reinhart wrote: > On Tue, Jul 16, 2019 at 9:32 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 16/07/2019 14:16, Jonathon Reinhart wrote: >>> On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba >>> <samba at lists.samba.org> wrote: >>>> On 16/07/2019 14:02, Jonathon Reinhart wrote:

On Sun, Apr 7, 2019 at 2:17 PM Rowland Penny via samba < samba at lists.samba.org> wrote: > > On Sun, 7 Apr 2019 13:45:11 -0400 > Jonathon Reinhart <jonathon.reinhart at gmail.com> wrote: > > > Interesting, I'm getting the same error using the LDB tools: > > > > ONTHEFIVE\jreinhart-admin at samba-dc3:~$ samba-tool user list -H > >

Interesting, I'm getting the same error using the LDB tools: ONTHEFIVE\jreinhart-admin at samba-dc3:~$ samba-tool user list -H ldap://localhost ERROR(ldb): uncaught exception - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: Operation unavailable without authentication> <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run return

Sorry to hop on an existing conversation but this seemed like a good point to jump in with this question. Say I have a service account, with a random password that is set to never expire. What component is expected to periodically renew (or request anew) the Kerberos TGT using that password? I see lots of information about SSSD handling this, but less so with Samba. Also, I understand that in

On 16/07/2019 14:02, Jonathon Reinhart wrote: > Rowland, > > You could go another step further and run that with "notify" to > monitor for changes, instead of having to run it in a cron job. In my > experience, "notify" works using smbclient, but not so with > libsmbclient. Problem is, the script is written to be run on DC's that do not hold the PDC

On Sun, Mar 3, 2019 at 5:14 AM Rowland Penny via samba <samba at lists.samba.org> wrote: [snip] > > Correct me if I'm wrong, but winbind (on a Samba DC) can **only** use > > "template homedir" and "template shell", and will not respect the RFC > > 2307 attributes in LDAP. Is that correct? > > Yes and no ;-) > > If you use the

On Tue, 26 Mar 2019 07:37:54 -0400 Jonathon Reinhart via samba <samba at lists.samba.org> wrote: > I recently went through these steps from the wiki and took the > following notes which I had not yet shared / suggested for the wiki. > (This is from mobile, sorry for the terse message.) > > - You need to clear the idmap cache after copying idmap.ldb ("net > cache

Hello, I'm trying to use the "notify" API of libsmbclient, testing against a Samba AD DC. The function is returning with errno=22 (mapped from NT_STATUS_REVISION_MISMATCH), and I'm getting the following error message: smb1cli_req_writev_submit: called for dialect[SMB3_11] server[dc1.example.com] It looks like libsmbclient is, for some reason, using SMB1 but needs to be

Thanks for the example, Rowland. Does ldb work against remote servers as well? I thought it was only for local, file-based access. In general, I just wanted to use my Samba AD as an environment to learn more about writing software against using LDAP. There are a few applications I'm planning to develop, and I'd like to use actual LDAP so they could be applicable to Samba or Microsoft AD

Hello, A client is asking about disabling, deleting or renaming the domain "Administrator" account on a Samba AD. I've seen this done on Windows AD domains for security purposes. Assuming the risk of being locked-out is mitigated (i.e. an equivalent user is created and is a member of the same groups), is there any reason this can't be done on a Samba AD as well? Is the

Hello, A user of my "adman" utility recently opened this issue [1]: "Add support for setting uidNumber for machine account" I was aware that computer accounts were also users in AD, but I hadn't considered assigning a uidNumber to them. It makes sense that winbind (in idmap="ad" mode) would not "see" the accounts with a uidNumber. Naturally, groups of

On Wed, Dec 18, 2019 at 9:52 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 18/12/2019 14:34, Jonathon Reinhart wrote: > > On Wed, Dec 18, 2019 at 9:13 AM Rowland penny via samba > > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: > > > > Problem is, and as I said, Samba 4.3.x is EOL as far as Samba is >

Listening to notifications can only complement another mechanism (and then reduce latency) as otherwise you are going to loose changes during downtimes. Joachim -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Jonathon Reinhart via samba Gesendet: Tuesday, 16 July 2019 22:22 An: Rowland penny <rpenny at samba.org> Cc: sambalist <samba

On Tue, Oct 8, 2019, 07:45 Rowland penny via samba <samba at lists.samba.org> wrote: > On 08/10/2019 12:27, Elias Pereira via samba wrote: > > hello list, > > > > What kind of hashing/encryption samba4 ADDC uses for user passwords? > base64? > Base64 is neither a hash nor an encryption algorithm; it is an encoding. > > > Thanks! > > > Basically

I have a script which carefully manages uidNumber and gidNumber attributes for users and groups. We just recently put it into production. I plan to release it as open source software soon -- and get Rowland's blessing :-) On Fri, Jun 21, 2019 at 3:42 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 21/06/2019 07:49, Pisch Tam?s via samba wrote: > > Hi, >

Hello, I'm writing in regards to this issue I opened on GitHub: https://github.com/python-ldap/python-ldap/issues/275 I am able to successfully use ldapsearch to query my Samba 4.9.4-Debian DC: ldapsearch -LLL -Y GSSAPI -H ldap://samba-dc.ad.example.com -b "dc=ad,dc=example,dc=com" "(objectClass=user)" "sAMAccountName" However, when I try to use python-ldap I

Hello guys, I would like to hear from the list about DC management via zentyal. Does anyone do? In my opinion, it would not be good. Awaiting feedback. -- Elias Pereira

Hello, I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab environment, set up like this: https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up-a-samba-4-domain-controller-on-debian-9/ I would now like to configure this server to enable login via domain credentials. I'm aware that the Samba wiki recommends the following: -