Displaying 20 results from an estimated 10000 matches similar to: "LDAP Server's dns A records..."
2020 Jul 30
2
Set write permission for an user into a specific LDAP field...
I need to have an AD user that need to *write* in an users LDAP field.
The user case is a MFP (a set of MFP, indeed) that have RFID auth, and
so need to 'register' the RFID cards.
Seems to me that i have to use dsacl/samba-tool acl ds, but i don't
found a way to set the property for every user.
EG, assign write permission to user 'mfp' to field 'pager' for every
2019 Dec 10
2
DC in trash...
Debian stretch, louis packages 4.9.16+dfsg-0.1~stretch~1 .
After some time (roughly: two weeks) my DC with FSMO roles (seems that
other DC are unaffected) goes suddenly on trash: memory jump from 50%
(3GB) to 100%, container start to swap and slow down (load 10-15) al
the phisical server.
A simple restart solve all the troubles.
Some hint on how to debug that? Thanks.
--
dott. Marco Gaiarin
2019 Oct 16
4
vfs_recycle permission bug?!
Samba 4.8 (Louis debian repo), DM.
Today i've had to recovery a deleted file in that share, that use
'vfs_recycle' modules:
[Work]
comment = Spazio di Lavoro Utente
map acl inherit = Yes
path = /srv/work
read only = No
store dos attributes = Yes
vfs objects = acl_xattr recycle full_audit
volume = Work
full_audit:failure = none
full_audit:success = mkdir rmdir read pread
2019 Oct 01
5
Upgrade DC 4.5 -> 4.8, timings?
I've read all docs on upgrades, from wiki to Louis notes, and i think
i'm ready to upgrade.
First step, move from stretch to jessie, and from 4.5 to 4.8, upgrade
in place.
But having a domain with 6 DCs, i'm a bit scared to upgrade all DC in
one turn, and i'm think about something like:
a) upgrade DC with FSMO roles, then wait 1-2 day to spot troubles
b) then upgrade all DC in
2019 Sep 13
4
NT domain, Win10 1903 and profiles...
Not only NT domains, but also Samba 3.6! Wow! I'm a retro-sysadmin! ;-)
I know i'm asking a rather hard thinks but... we are upgrading, but
also solving some troubles.
We have ''decently'' integrated some W10 1803 in a NT domain, but now
with some other 1903 there's no way to make roaming profiles work.
Looking at samba logs, seems that the client don't try at
2018 May 11
4
Samba, AD and devices compatibility...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> I think that is what Andrew is trying to tell you, the printer needs to
> support SASL over TLS/SSL or it will never work. I don't think there is
> anything you can do, but I am surprised that the print doesn't already
> support it, after all, it isn't something new ;-)
Mi confusion grow. ;-)
As stated in my
2019 Aug 28
4
[OT?] W10, SYSTEM, guest access.
[ I've just asked abut that, here, but now seems a simpler things, so i
retry... ]
This seems NON a samba touble, but a different behaviour in M$
client OS. But, really, i've not clue how to find an answer...
Suppose to have a Win7 and a Win10 machine, both NOT joined to a
domain. Suppose to have a share, with guest access enabled, where only
readonly access are needed.
Suppose also
2019 Jun 26
2
<printername>.tdb error management...
Sometimes (rarely, very rarely) i spot a <printername>.tdb error that
seems to prevent the communication between samba and CUPS.
In log i see:
[2019/06/26 15:15:49.633876, 0] ../source3/lib/util_tdb.c:316(tdb_log)
tdb(/var/cache/samba/printing/sml5010-2.tdb): tdb_rec_read bad magic 0x25 at offset=26096
the only solution i've found, pretty drastic, is:
systemctl stop
2019 Oct 17
3
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> Yes, somebody moved the cache to a different directory and it now gets wiped
> every time Samba is restarted, we have a bug report for it:?
> https://bugzilla.samba.org/show_bug.cgi?id=14074
Ok, thanks.
I suppose that cache get controlled by:
idmap cache time = 604800
winbind cache time = 300
so, for a portable system,
2019 Oct 17
3
Offline logon and NSS...
Mandi! Rowland penny via samba
In chel di` si favelave...
> > Considering a 'full offline' DM client (supposing a portable), there's
> > a 'winbind permanent nss cache' or a general nss cache (like
> > nss-updatedb):
> > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd
> > have to be used? Thanks.
> No, you cannot use
2019 Nov 07
3
Samba, Debian and upgrade path...
Yesterday, after a long run, i've finally upgraded my DCs to
stretch/samba4.9, using Louis repos. Hurrah! ;-)
Looking forward, eg:
http://apt.van-belle.nl/debian/dists/
seems to me that i can advance to 4.10 in stretch, but to go further i
need buster (probably because of python deps, right?).
Louis, i think we need a matrix of debian-samba compatibility... ;-)
--
dott. Marco Gaiarin
2019 Oct 17
4
Offline logon and NSS...
I'm revising some docs, and i've returned on the 'offline logon' tema.
Looking at:
https://wiki.samba.org/index.php/PAM_Offline_Authentication
and smb.conf manpage, it is clear that 'offline logon' is
a pam/authentication only, does not involve NSS.
Considering a 'full offline' DM client (supposing a portable), there's
a 'winbind permanent nss
2019 Oct 01
3
Removed a DC but...
Some month ago a local branch office closed; the local branch had a DC,
that i've simply removed the dc with:
samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
(see https://lists.samba.org/archive/samba/2019-February/221195.html)
But this leave some old DNS records, eg:
root at vdcsv1:~# host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed
2015 Jan 05
2
Info/Feedback on Samba bug #8744...
Happy new year to the list!
I'm using Debian wheezy, standard Samba packages, version
2:3.6.6-6+deb7u4.
I've hit bug #8744
https://bugzilla.samba.org/show_bug.cgi?id=8744
(referenced in debian BTS as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658707) that prevent
me to use machine account auth; i'm using it with freeradius, to
automatically connect some wireless clients.
2019 Oct 02
3
Upgrade DC 4.5 -> 4.8, timings?
Hai Marco.
Just upgrade it. ;-)
It's not needed to move FSMO roles, in the last 4 years of upgradeing..
I did that exactly... 0 times.
Steps shown work fine. ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: woensdag 2 oktober 2019 11:29
> Aan: samba at
2019 Dec 06
2
Backing up tdb files
Mandi! Rowland penny via samba
In chel di` si favelave...
> Then you only need to backup your smb.conf and your LDAP, the tdb files will
> be recreated from ldap.
AFAIK minus:
a) 'smbpasswd -w', samba need to know how to access OpenLDAP. ;-)
b) rights ('net rpc rights').
c) printers (per se, but in particular printer drivers), if you use it
d) policy ('pdbedit
2020 Sep 15
1
Winbind offline cache and strangeness...
Mandi! Data Control Systems - Mike Elkevizth via samba
In chel di` si favelave...
> 4.7.6) which also doesn't work. If you are only using it to authenticate
> to an AD controller, you should switch to using sssd. I have multiple
Some hints on docs to follow? Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
2020 Jan 07
4
'check password script' timeout, diferences between AD and NT mode?
Here we use a (custom-made, internal) password propagation system,
hooked around 'check password script'.
Recently we suffer a network outgage (another one ;-), and the system
that take care of password propagation goes offline.
+ NT domains continue to work, clearly password not propagate
+ AD domain stop to work (eg, users password change on windows stop to
work), because the
2019 Feb 15
6
Demoted/removed a DC, and the NS records?
Following:
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
i've demoted and removed a DC. Seems all went as expected:
root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
Password for [LNFFVG\gaio]:
Deactivating inbound replication
Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize
2020 Sep 11
4
Winbind offline cache and strangeness...
I've setup a portable system (ubuntu 16.04) joined to my AD domain,
that in their primary network works as expected.
But in this 'COVID time', the portable start to roam around, and users
say me that, suddenly after some days of use, get incredibly
sloooowww... after that users reboot, and cannot get back in, login
refused.
I've setup a VPN, but clearly if users cannot login