similar to: Group memberships on Linux AD Member (syncing randomly)

Displaying 20 results from an estimated 2000 matches similar to: "Group memberships on Linux AD Member (syncing randomly)"

2023 Apr 12
2
Fwd: ntlm_auth and freeradius
Hi Alexander, I'm terribly sorry. We didnt have the "ntlm auth" parameter configured on the DCs at all. I added it and it just works. Thanks for your help. Now I just need to figure out how I can make WLAN-specific LDAP-Group authentication. e. g. production WLAN needs LDAP group "wlan_production" and management WLAN needs the "wlan_management" group. I
2023 Apr 12
1
Fwd: ntlm_auth and freeradius
Hi Matthias, we?re using Debian Bullseye with the backports repo. So version is a mixture of - Samba version 4.17.3-Debian - Samba version 4.17.7-Debian We?ve installed it directly on the DC?s as well. In my opinion using "ntlm auth = yes? should be fine. Did you try using a simple RADIUS secret? In my experience long secrets or ones containing special characters don?t work very well. I
2023 Apr 06
1
Fwd: ntlm_auth and freeradius
I can share my notes, we authenticate UniFi clients via Freeradius against Samba AD. We also check group membership which you might or might not need: ## 4 FreeRADIUS ### 4.1 Basics ```bash apt install freeradius freeradius-ldap freeradius-utils # create new DH-params openssl dhparam -out /etc/freeradius/3.0/certs/dh 2048 ``` ### 4.2 Configure Authentication - modify mschap to use winbind,
2023 Apr 12
1
Fwd: ntlm_auth and freeradius
Hello Alexander, thanks Alexander for these configuration snippets. Which version of Samba are you using? Is this on debian bullseye? Is the FreeRADIUS server installed on a DC or on a Domain Member? (I just tested the latter). is "ntlm auth = yes" OK for the DCs and the domain member or does it have to be "mschapv2-and-ntlmv2-only" for all servers (DCs + Member)? It
2023 Aug 04
1
Spotlight indexing with fscrawler for multiple shares
Hi Team, Did anybody solve the issue of FScrawler crawling over multiple shares, preferably from a single job or from a single service? Setting up a service for FScrawler per share does not scale very nice... - Kees.
2024 Jul 26
1
Bind9 9.18.28 crashes after loading AD DNS Zone
On Fri, 26 Jul 2024 08:38:58 +0200 Matthias K?hne | Ellerhold Aktiengesellschaft via samba <samba at lists.samba.org> wrote: > Hello lovely samba-people, > > this morning all of our DCs (debian bookworm) upgraded their bind9 > packages to 9.18.28 (from 9.18.24). Afterwards the named service > would not come up successfully and crash after loading the DLZ: > > Jul 26
2023 Jul 13
1
ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
13.07.2023 19:17, Adi Kriegisch wrote: > Hi! > >> I was looking at the code this morning trying to figure out how to >> reject packet with lvl2 properly, - unfortunately I don't know samba >> well enough to be able to find the place "quickly" and I got distracted >> by other things. It was my first thought when someone posted the debug >> info
2023 Nov 04
1
Spotlight issues
So I have two issues. 1) Using Samba 4.19.2 with spotlight and elasticsearch 8.10.3 doesn?t work. Errors: [2023/10/22 09:04:17, 0] ../../source3/rpc_server/mdssvc/mdssvc_es.c:755(mds_es_search_http_read_done) mds_es_search_http_read_done: json_loadb failed 2) Using Samba 4.19.2 with spotlight and elasticsearch 7.17.10 works. There is a bug where when the samba server is running and files
2024 May 28
1
Security Implications of "ldap server require strong auth"?
Am 28.05.2024 07:51, schrieb Christian Naumer via samba: > Am 28.05.24 um 07:34 schrieb Bestattungen Vitt - Thomas Reitelbach via > samba: >> >> Christian Naumer said, I can get Nextcloud to work without this >> insecure parameter - I'll have to figure out how I could acceppt a >> self-signed certificate on the side of apache2/php-ldap module. > > I
2023 Apr 04
2
Fwd: ntlm_auth and freeradius
Dear All, Well, this is very embarrassing.... It seems that running 'smbcontrol all reload-config' isn't sufficient for reloading the ntlm config parameters. I tried restarting the whole samba service on the DC my FR box was authenticating against (systemctl restart sernet-samba-ad) and my test laptop is now connected to the network on the correct VLAN. I apologise for wasting
2024 Jul 19
1
Weird folders / files after upgrading to Samba 4.20
Hello, my smb.conf is in the first post. Im not setting unix extensions explictly, so the default is used (which is yes)? But they are only active for smb1 right? I did not activate the smb3 unix extensions. This also happens for shares that are not mounted by cifs ... e. g. we have a share that is used as a hotfolder for a RIP. The workflow is, that people mount them in MacOS and put files
2024 Jul 18
1
Weird folders / files after upgrading to Samba 4.20
17.07.2024 10:54, Matthias K?hne | Ellerhold Aktiengesellschaft via samba wrote: > Hello lovely samba-people, Hi! :) > after upgrading to 4.20 some file shares randomly get weird directories > and files in them: > > drwxrwx---+ 3 AD-ELLERHOLD\user AD-ELLERHOLD\group 4.0K May 29 01:14 ''$'\352' > drwxrwx---+ 3 AD-ELLERHOLD\user AD-ELLERHOLD\group 4.0K May
2024 Jul 18
1
Weird folders / files after upgrading to Samba 4.20
18.07.2024 13:03, Matthias K?hne | Ellerhold Aktiengesellschaft via samba wrote: > Hallo, > > yes this is an "ls -lAh" on the samba fileserver side in the > corresponding directory. > > Downgrading to 4.19 does not remove the weird directories and files. But > it prevents new weird ones being created... > > Looking at the timestamps these seem to be created
2023 Apr 06
2
Fwd: ntlm_auth and freeradius
Hello Tim, Hello samba-people, is there an uptodate guide for authenticating via freeradius somewhere? I have some Ubiquiti APs plus a Cloud Key and I want to authenticate WLAN clients via WPA2-Enterprise instead of a (shared) PSK. It seems like https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory is missing some steps (basic setup of freeradius). Can you
2024 Jul 25
2
new DC via clone..
Hello Rowland, I have to recognize that asking to compile the distro version is a valid argument. Hello Michael, can you please explain, how I can compile Samba as I am using your distro (deb [signed-by=/etc/apt/mjt.key] http://www.corpit.ru/mjt/packages/samba jammy/samba-4.19/)? Thanks, Joachim > -----Urspr?ngliche Nachricht----- > Von: samba <samba-bounces at lists.samba.org> Im
2023 Jun 29
2
Synology shares not accessible...
On 29/06/2023 07:38, Ingo Asche via samba wrote: > Hi, > > there is some progress, even I would'nt call it that. At least they > admitted it's caused through some changes from their side. > > @Rowland: Remember that "old Samba method" part? > > This is their answer. I don't know what to make of it. Maybe someone > with more knowledge about the
2024 Jul 05
3
samba-ad-dc from debian backports fails to start with /usr/sbin/samba missing
04.07.2024 21:27, Paul Leiber via samba wrote: > Dear Samba list, > > I have a Samba instance running as an ad-dc on debian bullseye. Some time ago, I changed the standard installation to backports with > > apt -t bullseye-backports install samba > > After a recent update, samba-ad-dc service didn't start anymore. The journal gave the following hint: > > Jul 04
2023 Jun 30
1
Group memberships on Linux AD Member (syncing randomly)
Hi Matthias, On 6/30/23 15:40, Matthias Leopold via samba wrote: > Can someone explain what is happening or where I need to tune? this is by design. :) The only reliable way (lacking S4U2SELF support) to get group membership for an AD user, is using the group list the DC passes along to us as part of the authentication process. We're trying extra hard to store this data *persistently*
2024 Jul 26
1
Bind9 9.18.28 crashes after loading AD DNS Zone
Hello lovely samba-people, this morning all of our DCs (debian bookworm) upgraded their bind9 packages to 9.18.28 (from 9.18.24). Afterwards the named service would not come up successfully and crash after loading the DLZ: Jul 26 07:32:12 rad-1.ad.ellerhold.lan named[1903]: sizing zone task pool based on 64 zones Jul 26 07:32:12 rad-1.ad.ellerhold.lan named[1903]: Loading 'AD DNS
2024 Jun 27
3
Online AD Backup fails with "no auth" in 4.20?
Hallo lovely samba-people, did something change in regards to the online AD Backup in 4.20? We're using this CLI command to create a backup of our domain: ??? /usr/bin/samba-tool domain backup online --targetdir="/my/path" --server="rad-2.ad.ellerhold.lan" --use-krb5-ccache="/opt/samba-ad-backup/ad-backup.krb5cc" -N This ran successfully on a member server