Displaying 20 results from an estimated 9000 matches similar to: "Nested groups when using RFC2307"
2020 Mar 30
6
Azure AD Connect
Hi,
We are preparing to migrate our mail server to Azure and would like to
integrate it vi AD Connect with our AD - Samba 4.7 upgrading to 4.11
(Thanks Louis!).
Anyone willing to share the experience? I see on some not-so-old posts
there is a problem syncing password hashes, but since samba is an ever
evolving solution I would like to know how are you dealing with this?
Thanks and best
2020 May 04
4
Azure AD Connect
We joined one MS Windows 2012 R2 server to our Samba DC fleet and pointed the Azure AD sync tool to that new Windows AD server and Azure password sync is working well now.
I don?t have any experience with distribution groups.
Good Luck!
> On May 4, 2020, at 10:21 AM, Marcio Merlone via samba <samba at lists.samba.org> wrote:
>
> So, testing samba 4.12 on a Debian buster I found
2020 May 07
2
Azure AD Connect
G'Day Marcio and gabben,
Douglas (CC'ed) is going to try and look into why this doesn't 'just
work' with Samba. No promises, but at least a trained eye will look
over the process. If you could help him get set up and understand what
works and doesn't that will leave him more time for actual debugging.
The Azure AD sync feature is a big of an oddity in Samba, because it
2020 Mar 19
3
One more upgrade question
Hi,
I have a running samba 4.7.6+dfsg~ubuntu-0ubuntu2.15 on a ubuntu 18.04
server and would like to upgrade to van Belle latest repo. My plan is
plain simple:
1. Deploy a new ubuntu 18.04 server
2. Add van Belle repo
3. Install and *then* join the domain as a DC
4. Demote and remove the old one
Is this OK?
Thanks, best regards.
--
*Marcio Merlone*
2020 Jun 19
2
WERR_DS_DRA_SCHEMA_MISMATCH against a W2008R2 DC
Hi,
I have two Samba 4.12.3 DCs (eucalipto and aroeira) on a Debian Buster
and a Windows 2008R2 DC (antares). Replication got broken:
root at eucalipto:~# samba-tool drs replicate antares eucalipto
DC=ad,DC=a1,DC=ind,DC=br
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
? File
2019 Nov 29
2
security = ads parameter not working in samba 4.9.5
On 29/11/2019 18:17, S?rgio Basto via samba wrote:
> On Fri, 2019-11-29 at 17:19 +0000, Rowland penny via samba wrote:
>> Lets start by removing this: krb5-server-1.15.1-37.el7_7.2.x86_64
> ATM I can't, it will remove all samba packages :)
Then your packages are depending on the krb5-server package, which is
MIT, which is experimental. This shouldn't be a problem on a Unix
2018 Nov 27
2
Odd behavior on group membership
Hi,
I have a samba 4.7 AD DC running on a Ubuntu 18.04 server with distro
packages. I update a user with a new group and this new membership is
not reflected on that user. On example below, I can successfully add the
user "test.account" to group "test", but not my user "marcio.merlone":
root at araucaria:~# id test.account
uid=30214(A1\test.account)
2017 May 29
3
SSL problem - no banner
Hi,
I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has
a valid Letsencrypt certificate but the problem also happens with a
self-digned one.
Only openssl s_client -connect localhost:993 works fine and fast, while
all MUA's and telnet does not. Telnet timeouts waiting for banner after
a minute or so:
root at netuno:~# openssl s_client -connect localhost:993
2013 Feb 06
8
Sieve also filter outgoing messages
Greetings,
A probably simple question and answer: can a sieve script be executed on
outgoing messages? I already use deliver on postfix, perhaps the sieve
script could be executed when saving to the Sent folder?
Regards,
--
Marcio Merlone
2018 Aug 08
2
RFC2307 on AD DC
Hi all,
I am deploying a new AD DC for our network using Ubuntu 18.04 and
BIND_DLZ. Al lis fine but the RFC2307 attributes on DC. What's the
recommended/correct way to use RFC2307 attributes on DC? At the wiki (1)
it says:
> For example, setting up an ID mapping back end, such as|ad|(RFC2307)
> or|rid|, in the|smb.conf|file is not supported an can cause
> the|samba|service to
2016 Sep 19
2
Windows 10 anniversary update (1607) causing profile sync errors
On 2016-09-19 14:08, Marcio Vogel Merlone dos Santos via samba wrote:
> Em 09/09/2016 12:48, Luc Lalonde via samba escreveu:
>
>> We have some machines that have updated to the Windows 10 anniversary update (1607) that are having roaming profile sync problems.
>>
>> Before I search the event logs or provide details, has anyone experience profile sync wierdness?
>>
2018 Dec 13
5
AD Domain member - getent passwd truncated to only 18 users
Em 12/12/2018 17:39, Rowland Penny via samba escreveu:
> The above lines are only applicable for Samba >= 4.6.0
> Add: winbind nss info = rfc2307
> remove the last two lines, see here for more info:
>
> https://wiki.samba.org/index.php/Idmap_config_ad
Oh, God! Vacation is coming... Thank you for such obvious correction.
BUT
I edited smb.conf the right way, removed
2016 May 05
1
Cannot join server to Samba4 NT4 domain
Em 05-05-2016 00:14, Jones Syue escreveu:
>
> How about add 'server signing = auto',
> for example:
>
> [global]
> server signing = auto
Hi,
Made no difference if set on the member I want to add to domain, but
when set to the server I got this on member:
mic-158 samba # net rpc join -S PDC -U domadminuser
No realm has been specified! Do you really want to join an
2009 Apr 24
2
Quota: ldap dict
Hi,
I have set a dovecot-1:1.0.10-1ubuntu5.1 server on top of a Ubuntu 8.04
LTS box and everything goes fine. All my users are on a LDAP database
integrated via nss_ldap, so from the dovecot point of view they are all
local system users. Now I want to set maildir quota for everybody, and
was wondering if I could store quota limits per user on LDAP.
As I read on
2018 Aug 16
2
NT3.x -> AD: accounts and profiles
Hi,
Since we cannot join a W10 machine to NT3.x domain anymore, it is time
to move on. We have a decade-old domain 'A1CWB' and will profit from the
situation fixing the old S-1-5-21-1234567890-1234567890-1234567890 SID
and implementing a new domain name:
Old domain:
A1CWB, SID S-1-5-21-1234567890-1234567890-1234567890
New domain:
AD.A1.IND.BR, decent SID from net getdomainsid, two
2016 May 04
3
Cannot join server to Samba4 NT4 domain
Em 28-04-2016 12:14, Rowland penny escreveu:
> On 28/04/16 15:16, MI wrote:
>> I have a Samba 4 NT4 PDC (Version 4.1.17-Debian) with openLDAP.
>>
>> I would like to add another server, and have it authenticate users
>> against openLDAP. I thought I had to add the new server to the domain
>> with "net rpc join", but that seems to think I want to join an
2018 Aug 23
2
Maintaining Unix Attributes in AD - best practice?
Em 24/05/2018 07:42, Marco Gaiarin via samba escreveu:
> Mandi! Henry Jensen via samba
>> Are there any solutions for this in the works or what is the best way?
> For a web interface, give 'LAM' (LDAP Account manager) a try...
Hi,
I am in the exact same situation as the OP right now. I just took a look
at LAM, but it seems that maintaining unix attributes is a PRO only
2018 Nov 28
2
Odd behavior on group membership
Hi Rowland,
Those tests were made on DC (araucaria), not a domain member.
root at araucaria:~# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC
Press
2010 Jun 18
1
Help with a generated sieve rule
Hi all,
Can some kind soul please help me find why this rule did not work,
what's wrong? I am using dovecot 1:1.2.10-0xk1.
## Generated by RoundCube Webmail SieveRules Plugin ##
require ["vacation","variables"];
set "subject" "";
if header :matches "subject" "*" {
set "subject" "${1}";
}
#
2018 Nov 28
2
Odd behavior on group membership
Hi Rowland, thank you for your prompt reply,
I sent you the testparam output hence lots of defaults (i presumed would
be better), here is crude smb.conf:
root at araucaria:~# cat /etc/samba/smb.conf
[global]
netbios name = ARAUCARIA
realm = AD.TLD
server role = active directory domain controller
workgroup = A1
server services = -dns
ldap server require strong auth