similar to: 'Scripted' machine account renewal?!

On 25-02-2024 11:56, Marco Gaiarin via samba wrote: > I need to access the LDAP AD server from a debian box, but i don't need > shares nor winbind. > > For a sake of simplicity i'm thinking to use machine account (-P). There is "net changetrustpw" to do this. When you domain-join the machine the machine password is managed by winbind, so you don't need to this.

Mandi! Kees van Vloten via samba In chel di` si favelave... >> For a sake of simplicity i'm thinking to use machine account (-P). > There is "net changetrustpw" to do this. Ok, i've missed that. Thanks. > If you just have a service that does LDAP-queries, I would create an > ordinary user-account for it (and start it's name e.g. with "svc_").

Mandi! Kees van Vloten via samba In chel di` si favelave... > There is "net changetrustpw" to do this. I've correctly just joined the firewall to the domain, i can check join status: root at vfwacpn1:~# net ads testjoin Join is OK but if i try to renew credentials i catch: root at vfwacpn1:~# net ads changetrustpw -I 10.172.1.8 Changing password for principal:

On Sun, 3 Mar 2024 16:12:04 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Kees van Vloten via samba > In chel di` si favelave... > > > There is "net changetrustpw" to do this. > > I've correctly just joined the firewall to the domain, i can check > join status: > > root at vfwacpn1:~# net ads testjoin > Join is

On 04-03-2024 21:54, Rowland Penny via samba wrote: > On Mon, 4 Mar 2024 14:14:18 +0100 > Marco Gaiarin via samba <samba at lists.samba.org> wrote: > >> Mandi! Kees van Vloten via samba >> In chel di` si favelave... >> >>> Interesting, I tried running it with -d 10, it shows a lot of >>> output. >> The same. My output is a bit more

Mandi! Kees van Vloten via samba In chel di` si favelave... > Solution is easy: upgrading winbind from Debian backports solves the issue ! I've upgraded to latest buster version 4.18.10+dfsg-1~buster, but still does not work for me... Now display: root at vfwacpn1:~# net ads changetrustpw get_kdc_ip_string: get_kdc_list fail NT_STATUS_NO_LOGON_SERVERS Changing password for

On 26-02-2024 22:54, Marco Gaiarin via samba wrote: > Mandi! Kees van Vloten via samba > In chel di` si favelave... > >>> For a sake of simplicity i'm thinking to use machine account (-P). >> There is "net changetrustpw" to do this. > Ok, i've missed that. Thanks. > > >> If you just have a service that does LDAP-queries, I would create an

Op 24-03-2024 om 17:42 schreef Marco Gaiarin via samba: > Mandi! Kees van Vloten via samba > In chel di` si favelave... > >> Solution is easy: upgrading winbind from Debian backports solves the issue ! > I've upgraded to latest buster version 4.18.10+dfsg-1~buster, but still does > not work for me... > > Now display: > > root at vfwacpn1:~# net ads

At 01:45 AM 03/23/2000 +1100, Paul Rijke wrote: >Hi all you Samba cracks (I hope) out there, > >I've a question... I use the following smb.conf but when I change the Win95 >client to have user profiles, several folders and the user.dat file is >created in the users home directory instead of the profile share... > >My questions are: > >1. Does anyone know how to

Question: Setup or code problems? (rather than making you wade through the mire that is my config file and error dumps). If you answer me, please copy me also in email. Thanks. John Olson jolson@sanden.com Computer setup: Athlon 650, Linux-SuSE 7.1, Win98, Win2k, KDE2.1.2 w/Qt-experimental 2.3.0, XFree86 4.1.0, TNT2 card w/32MB, 128MB Ram, plenty of hard drive space. Situation: Have

Samba 3.0.21b The Samba docs indicate [0] we should be running changetrustpw [1] at some point (cron.daily) to update a machines trust account. However, I've seen multiple instances with 2 seperate AD environments where this breaks our ability to enumerate/authenticate with the domain. In both instances, we see something similar to the following in the winbind logs: (ntlm_auth):

Hi there. I've been using Dovecot for quite some time now but I just started using Let's Encrypt certs. Since LE certs are renewed automatically without user intervention I'm wondering if I will need to restart dovecot after that renewal... Has anybody had any experience with that? Thanks so much for your help! Ignacio -------------- next part -------------- An HTML attachment was

Hi all, I have setup icecast to work with letsencrypt ssl certificate, this works fine. But now I am struggling a bit on how to renew the certificate every 3 months. As per letsencrypt recommendation I run a cronjob to check for renewal every day, problem is when there is a new certificate Icecast needs to be restarted to pick it up, as the certificate only seems to be loaded at startup of

That’s what I have been looking for, thanks ! From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen Sent: donderdag 6 september 2018 22:21 To: Icecast streaming server user discussions Subject: Re: [Icecast] icecast ssl and letsencrypt renewal You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart

From my experience, restart is required. On Debian Strech, I edited cron job to: certbot -q renew --renew-hook 'service dovecot restart' --renew-hook 'service postfix reload' Milo Dne 2018-10-11 v 10:55 Ignacio Garcia napsal(a): > Hi there. I've been using Dovecot for quite some time now but I just > started using Let's Encrypt certs. Since LE certs are renewed

Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain: certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd: cat

Hello, How did you get icecast and letsencrypt certificates working? Thanks. Dave. On 9/6/18, _zer0_ gravity <zer0___ at hotmail.com> wrote: > That’s what I have been looking for, thanks ! > > From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen > Sent: donderdag 6 september 2018 22:21 > To: Icecast streaming server user discussions > Subject: Re:

You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart icecast On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity <zer0___ at hotmail.com> wrote: > Hi all, > > > > I have setup icecast to work with letsencrypt ssl certificate, this works > fine. > > But now I am struggling a bit on how to renew the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hey, I'm running a Samba4 DC domain and I'd like to change the machine trust password of the current DC. This doesn't seem possible using net ads changetrustpw or net rpc changetrustpw on the DC itself, and I can't seem to find any command in samba-tool to achieve this. Is there any way to change the trust password of the DC? - --

Hello List, I have successfully integrated samba to an Active Directory Domain, and it is authenticating against the ADS, but only while the Kerberos ticket is valid. After that period it seems to take only the user/group list from its (winbind) cache. By now i can get a kerberos ticket with "kinit Administrator" or any other username that has administrative rights on ADS and all is