similar to: Set write permission for an user into a specific LDAP field...

No one reply, so i try to clarify better. > I need to have an AD user that need to *write* in an users LDAP field. > The user case is a MFP (a set of MFP, indeed) that have RFID auth, and > so need to 'register' the RFID cards ID. The system works with direct LDAP access via some credential; if i temporary put the credential of an administrator, the MFPs write correctly in LDAP

On Wed, 2020-08-26 at 11:29 +0200, Marco Gaiarin via samba wrote: > No one reply, so i try to clarify better. > > > I need to have an AD user that need to *write* in an users LDAP > > field. > > The user case is a MFP (a set of MFP, indeed) that have RFID auth, > > and > > so need to 'register' the RFID cards ID. > > The system works with direct

Mandi! Rowland Penny via samba In chel di` si favelave... > I think that is what Andrew is trying to tell you, the printer needs to > support SASL over TLS/SSL or it will never work. I don't think there is > anything you can do, but I am surprised that the print doesn't already > support it, after all, it isn't something new ;-) Mi confusion grow. ;-) As stated in my

[It is more an AD question then a Samba question, but...] I need to do some LDAP query in an AD domain, plain LDAP query, mostly to query non-auth data (eg, emails). There's a DNS name that map to 'round robin the AD DC of the current site'? I need an 'A' record, not an SRV record, eg i need to put in my apps/MFP/... an LDAP server DNS name that round robin between the

Mandi! Rowland Penny via samba In chel di` si favelave... > S-1-5-21-160080369-3601385002-3131615632-1314 Bingo! Exactly the 'Restricted' group that own the users i use for generico LDAP access! I really think that we have found the trouble! Now... how can i fix it? ;-) And... why that vaule get not propagated?! Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66

Mandi! Andrew Bartlett via samba In chel di` si favelave... > > There's some way to ''tight'' that configuration , eg permit 'ldap server require strong auth = > > no' only by some hosts? > > Or some other smb.conf options that i've missed? > Nothing at this stage. Ok. > The issue is that they need to do fully signed or sealed Kerberos

Mandi! Bernhard Dick via samba In chel di` si favelave... > Do you have any ideas how to solve this? Printer drivers are sometimes a total mess. Some drivers there's no way to load (for example, some samsung MFP). Some other load, but you have to do 2-5 try before they work. Some other load, but you have to install them on a windows box, and then smbclient/rpcclient them in samba

Mandi! Andrew Bartlett via samba In chel di` si favelave... Ok, i coma back to an old thread, because vendor finally reply. Little fast-rewind: i own some Konica-Minolta BizHub multifunction printers/copiers, and i need to ''bind'' it to my new AD domain. But authentication does not work, seems bacause that printer try to use SASL over plain LDAP (no SSL nor TLS). After

Mandi! Andrew Bartlett via samba In chel di` si favelave... > > This mean that the printer try to auth in LDAP 'plain' (no SSL, no > > TLS), and so samba refuse that? > No, it means that Samba is refusing to accept a NTLM or Kerberos > authenticated connection without SIGN or SEAL negotiated, as an > attacker could take over an unprotected network connection and do

Hi, I'm trying to upload printer drivers on a fresh samba installation (version 4.9.4). I configured the settings accordingly to the wiki and also followed the instructions for adding printer drivers. I am able to read and write to the print$ share and to access the samba server via the printer management console. However when I try to upload an driver (and I tried different type 3

On Tue, 16 Jan 2018 16:21:31 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Arnaud FLORENT via samba > In chel di` si favelave... > > > the UserAccountControl flag "PASSWD_CANT_CHANGE" can not be set via > > ldap > > No, it is not true. You have 'simply'' to OR 0x00010000 > userAccountControl attribute, eg:

Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 data can be missing), so? 'sAMAccountName'? or

Mandi! Andrew Bartlett via samba In chel di` si favelave... > I hope this clarifies things, Super-clear! Thanks! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t

Reding the thread in list about gluster, i've found that in your samba packages 4.5.12+dfsg-2+deb9u2~bpo8+1 there's no vfs_glusterfs module, only the manpage. root at vdmsv1:~# grep glusterfs /var/lib/dpkg/info/samba*.list /var/lib/dpkg/info/samba-vfs-modules.list:/usr/share/man/man8/vfs_glusterfs.8.gz root at vdmsv1:~# grep /vfs/ /var/lib/dpkg/info/samba*.list

Debian stretch, louis packages 4.9.16+dfsg-0.1~stretch~1 . After some time (roughly: two weeks) my DC with FSMO roles (seems that other DC are unaffected) goes suddenly on trash: memory jump from 50% (3GB) to 100%, container start to swap and slow down (load 10-15) al the phisical server. A simple restart solve all the troubles. Some hint on how to debug that? Thanks. -- dott. Marco Gaiarin

Reading here i've understod that for LDAP query it is better to use SAMAccountName as 'login', but today i've found: https://docs.microsoft.com/it-it/windows/desktop/ADSchema/a-samaccountname so, 'SAMAccountName' is a compatibility field with NT mode, limited to 20 chars. Someone here use 21 chars logins? ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66

I need to close a site. No, no people fired, i've defined sites and DC because i hope that get (re)opened, but... There's some care i need to have to remove a DC (clearly, without FSMO roles)? I've looked on wiki to 'remove a DC' but i was not able to find something... Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra

Alle, I have an HP L7780 MFP, which is supported under hplip 1.7.2 but not the current install of 1.6.7. Does anyone know of a way just to add that particular driver to 1.6.7, or will it require removing the standard 1.6.7 and doing a custom install of 1.7.2. If the latter, what would you consider the dangers/other implications of going "rogue"? Best Regards, Camron -- Camron W.

Mandi! Rowland Penny via samba In chel di` si favelave... > > But my question really is: why this policy apply, if i've not enabled > > in GPO? > Probably because GPOs have no effect on a Samba AD DC, they will only > effect Windows clients. Rowland, i'm speaking about windows clients, not samba servers! I've enabled 'complexity checks' in samba servers,

I need to do a simple query, against some LDAP data in 'laster draft schema' format i've added to te samba/AD schema. All LDAP query return the same result on all (6) of the DC: root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember Enter LDAP Password: