similar to: variable substitution

Marco Gaiarin via samba ha scritto il 28/08/20 alle 09:53: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > >> And i dont change registry keys to "make things work".. > > A light blink in my head. Louis, you have keeped WINS server (in old or > new domain)? Your client use it? > > When i had, as you, two domain (NT and AD), the NT

Hi all, I would like to use samba shared printers from win32 clients but I can't. I can'install drivers or access shared printers from win32 clients: on the logs I can find the error > [2020/10/29 15:41:20.197881, 0] ../source3/smbd/trans2.c:3447(smbd_do_qfsinfo) > smbd_do_qfsinfo: not an allowed info level (0x102) on IPC$. win 64 bit clients can install and use printers

Rowland penny via samba ha scritto il 25/08/20 alle 12:21: > [...] > Try adding 'nltm auth = yes' to the smb.conf, it defaulted to 'no' at 4.5.0 thanks Rowland I have tried to change ntlm auth to yes but AD users continue to have problems connecting to the shares... Piviul

No, the point is.. User verfications Computer verification And Authentication. These are 3 different things. The differences, in terms. NTLM KERBEROS DNS-lookups and how this all works together. But i only type with lots of errors, this is better to read ;-) https://docs.microsoft.com/en-us/windows-server/security/windows-authentication/credentials-processes-in-windows-authentication I

Il 30/10/20 17:40, Marco Gaiarin via samba ha scritto: > Mandi! Piviul via samba > In chel di` si favelave... > >> If I double click on the shared printers from a 64bit client I get the >> error: "A policy is in effect on your computer which prevents you from >> connecting to this printer queue". > You have to set a GPO, 'Restrizioni di selezione e

Marco Gaiarin via samba ha scritto il 30/10/20 alle 10:02: > Mandi! Piviul via samba > In chel di` si favelave... > >> Someone can help me to troubleshoot the problem? > > If i remember well, if the driver architecture is 64 bit as: > > spoolss: architecture = Windows x64 I don't think you remember correctly ;). From man smb.conf I read > spoolss:

Il 15/02/19 13:01, Marco Gaiarin via samba ha scritto: > [...] > The same configuration happen on Debian stretch (at least). I've > effectively test offline logon in the past, but with a sub-5 minutes delay > from latest connected logon. ...but in my experience cached credentials doesn't works even in 5 minutes after a successfully logon: the mistery of winbind cached

Marco Gaiarin via samba ha scritto il 07/07/20 alle 09:54: > [...] > Seems to me that join succeded. An: > > net ads testjoin Hi Marco, thank you very much; in effect the join seems to be successful: > # net ads teSTJOIN > Join is OK I have started winbind and in effect all seems to works... > Probably is benign, and AFAI've understood caused by NON having the DC >

Rowland penny via samba ha scritto il 25/08/20 alle 18:20: > [...] > Even though your users may have the same username in AD as in the > NT4-style domain, they are different users, so a few thoughts. You have > 'map to guest = bad user', so I take it you must have 'guest ok = yes' > set in the shares (you haven't shown us the shares), in effect there is no

Hi all, I have a problem in libpam-winbind: offline logon doesn't seems to work. The first version of samba in which I have found the problem is 4.1 and the last is 4.7 but I fear that newer version are affected too. Hopefully there is a workaround: you have to remove krb5_ccache_type=FILE from /etc/pam.d/common-auth I have opened a bug report[¹] where you can find more details. Any one

Hi all, I have a samba AD domain to test to; I don't administer it, I have only an administrator account. I can join without problem win PCs to the domain but I can't linux PCs. If I try to join it I get the error: > # net ads join -U administrator > Enter administrator's password: > Using short domain name -- CSATEST > Joined 'FREERADIUS-CT01' to dns domain

Mandi! Rowland Penny via samba In chel di` si favelave... > Not sure what you are proposing is going to work, AD expects every user > to be a member of Domain Users, even though there is nothing in AD to > show membership. Ah. > Do you require this user to visible on all domain machines ? [...] > It might help if you could explain how you are going to use your new > user

Mandi! Rowland Penny via samba In chel di` si favelave... > > But my question really is: why this policy apply, if i've not enabled > > in GPO? > Probably because GPOs have no effect on a Samba AD DC, they will only > effect Windows clients. Rowland, i'm speaking about windows clients, not samba servers! I've enabled 'complexity checks' in samba servers,

On 23/09/2019 13:42, Trenta sis via samba wrote: > Thanks, ntlm auth is temporary until we have solved some issues > getent is needed by filesystem acl > If you think you need the 'winbind enum' lines so that 'getent' works, then think again ;-) If you do not have the 'winbind enum 'lines 'getent passwd username' will still work. 'getent passwd'

On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set

Mandi! Rowland penny via samba In chel di` si favelave... > You probably cannot, you seem to have added the misc.schema incorrectly (it > probably cannot be added correctly) > Please stop trying to get NIS to work with AD, you do not need it, nobody > use NIS with AD, actually very few people still use NIS. Apart that this is not 'NIS', but a draft (and expired) schema used

Mandi! Rowland penny via samba In chel di` si favelave... > Yes, somebody moved the cache to a different directory and it now gets wiped > every time Samba is restarted, we have a bug report for it:? > https://bugzilla.samba.org/show_bug.cgi?id=14074 Ok, thanks. I suppose that cache get controlled by: idmap cache time = 604800 winbind cache time = 300 so, for a portable system,

Mandi! Rowland penny via samba In chel di` si favelave... > > Considering a 'full offline' DM client (supposing a portable), there's > > a 'winbind permanent nss cache' or a general nss cache (like > > nss-updatedb): > > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd > > have to be used? Thanks. > No, you cannot use

Mandi! Rowland penny via samba In chel di` si favelave... > You have 'allow trusted domains = No' in 'global' and from 'man smb.conf': I've had not noted that. I can confirm that my working setup had NOT 'allow trusted domains = No'. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''

Mandi! Andrew Bartlett via samba In chel di` si favelave... > I hope this clarifies things, Super-clear! Thanks! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t