similar to: LDAP Extended attributes and dsheuristics

On Tue, 2023-05-30 at 11:23 -0400, Ben Curtis via samba wrote: > Hi all, > > I can only find posts about extended attributes from ~10 years ago, > so > I figured I'd ask this here. I get the following error when trying to > change passwords on my Samba 4.7 AD via LDAP: > > ``` > ldap_exop_passwd(): Passwd modify extended operation failed: Extended >

On Mon, 28 Oct 2024 12:17:02 +0100 William David Edwards via samba <samba at lists.samba.org> wrote: > I think I might've found a solution while debugging. > > To understand what I'm doing wrong with `unicodePwd`, I'm trying to > get the LDAP request that LAM does, and compare it to mine. > > As I temporarily switched to an unencrypted connection to be able

On Mon, 28 Oct 2024 13:37:27 +0100 William David Edwards <wedwards at cyberfusion.nl> wrote: > Rowland Penny via samba schreef op 2024-10-28 12:50: > > On Mon, 28 Oct 2024 12:17:02 +0100 > > William David Edwards via samba <samba at lists.samba.org> wrote: > > > >> I think I might've found a solution while debugging. > >> > >> To

Rowland Penny via samba schreef op 2024-10-28 12:50: > On Mon, 28 Oct 2024 12:17:02 +0100 > William David Edwards via samba <samba at lists.samba.org> wrote: > >> I think I might've found a solution while debugging. >> >> To understand what I'm doing wrong with `unicodePwd`, I'm trying to >> get the LDAP request that LAM does, and compare it to

Hi Kees, Kees van Vloten schreef op 2024-10-27 22:17: > Op 27-10-2024 om 21:11 schreef William David Edwards: >> Kees van Vloten schreef op 2024-10-27 20:45: >>> Op 27-10-2024 om 19:58 schreef William David Edwards: >>>> Kees van Vloten via samba schreef op 2024-10-27 15:37: >>>>> Op 27-10-2024 om 15:31 schreef Rowland Penny via samba:

Op 27-10-2024 om 21:11 schreef William David Edwards: > Kees van Vloten schreef op 2024-10-27 20:45: >> Op 27-10-2024 om 19:58 schreef William David Edwards: >>> Kees van Vloten via samba schreef op 2024-10-27 15:37: >>>> Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >>>>> On Sun, 27 Oct 2024 15:08:14 +0100 >>>>> William Edwards

Kees van Vloten via samba schreef op 2024-10-27 15:37: > Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >> On Sun, 27 Oct 2024 15:08:14 +0100 >> William Edwards <wedwards at cyberfusion.nl> wrote: >> >>>> Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba >>>> <samba at lists.samba.org> het volgende geschreven: >>>>

Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: > On Sun, 27 Oct 2024 15:08:14 +0100 > William Edwards <wedwards at cyberfusion.nl> wrote: > >>> Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba >>> <samba at lists.samba.org> het volgende geschreven: >>> >>> ?On Sun, 27 Oct 2024 13:58:56 +0100 >>> William David Edwards

Rowland Penny via samba schreef op 2024-10-28 13:55: > On Mon, 28 Oct 2024 13:37:27 +0100 > William David Edwards <wedwards at cyberfusion.nl> wrote: > >> Rowland Penny via samba schreef op 2024-10-28 12:50: >> > On Mon, 28 Oct 2024 12:17:02 +0100 >> > William David Edwards via samba <samba at lists.samba.org> wrote: >> > >> >> I

Op 27-10-2024 om 19:58 schreef William David Edwards: > Kees van Vloten via samba schreef op 2024-10-27 15:37: >> Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >>> On Sun, 27 Oct 2024 15:08:14 +0100 >>> William Edwards <wedwards at cyberfusion.nl> wrote: >>> >>>>> Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba

Kees van Vloten schreef op 2024-10-27 20:45: > Op 27-10-2024 om 19:58 schreef William David Edwards: >> Kees van Vloten via samba schreef op 2024-10-27 15:37: >>> Op 27-10-2024 om 15:31 schreef Rowland Penny via samba: >>>> On Sun, 27 Oct 2024 15:08:14 +0100 >>>> William Edwards <wedwards at cyberfusion.nl> wrote: >>>>

Hi, I tried ldap anonymous search in samba. Downloaded kali linux, run enum4linux -a my.dc.domain and get all group, users, sids, rids... without any password o_O Go to https://wiki.samba.org/index.php/FAQ#Does_the_Samba_Internal_LDAP_Server_Supports_Anonymous_Searches? and run samba-tool forest? directory_service dsheuristics 0000000 set dsheuristics: 0000000 then tin again enum4linux

Hi, Is there any setting in smb.conf that prevents the AD enumeration like user, group or computer enumeration? We tried to follow different methods recommended by Microsoft for the AD. But they don't seem to work. Still using apps like powershell, we can still enumerate the users, groups etc. Best regards, Anantha Raghava

On Sun, 27 Oct 2024 15:08:14 +0100 William Edwards <wedwards at cyberfusion.nl> wrote: > > > Op 27 okt 2024 om 14:50 heeft Rowland Penny via samba > > <samba at lists.samba.org> het volgende geschreven: > > > > ?On Sun, 27 Oct 2024 13:58:56 +0100 > > William David Edwards via samba <samba at lists.samba.org> wrote: > > > >> Hi,

Hi, When I change dsHeuristics=0000002001001 like M$ said: https://technet.microsoft.com/en-us/library/cc816788%28v=ws.10%29.aspx Not works.

Hi, This is rather odd. When I search my directory I get schema objects back in every query despite not searching the schema base dn (i.e. objects from CN=Schema,CN=Configuration,DC=x are showing up where they shouldn't be). This goes for the GC and non-GC ports. I have modified my schema and set isMemberOfPartialAttributeSet to true in order to make posix attributes available in the GC, as

Am 22.01.2015 um 17:19 schrieb John Yocum: >> When I change dsHeuristics=0000002001001 like M$ said: >> >> https://technet.microsoft.com/en-us/library/cc816788%28v=ws.10%29.aspx >> >> Not works. >> > > I've got anonymous binds enabled, using the instructions at > http://www.petri.com/anonymous_ldap_operations_in_windows_2003_ad.htm But everyone

On 03-07-2024 19:36, Rowland Penny via samba wrote: > On Wed, 3 Jul 2024 21:52:39 +0500 > Anton Shevtsov via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> I tried ldap anonymous search in samba. >> >> Downloaded kali linux, run >> >> enum4linux -a my.dc.domain >> >> and get all group, users, sids, rids... without any

On Fri, 2023-10-27 at 10:44 +0200, Kees van Vloten wrote: > Hi Andrew, > > > Op 27-10-2023 om 02:22 schreef Andrew > Bartlett: > > > > > > > I'm sorry to say that from here you really need to work > > closely with a Samba developer (eg via a commercial support > > provider) or do a deep

Hi Andrew, Op 27-10-2023 om 02:22 schreef Andrew Bartlett: > I'm sorry to say that from here you really need to work closely with a > Samba developer (eg via a commercial support provider) or do a deep > dive into debugging yourself. > > Ideally if you have time, do a git bisect between the last known > working version and the first failing one. ?That may find the >