similar to: samba as a domain member: a way to ignore groups?

05.04.2024 17:50, Rowland Penny via samba: > On Fri, 5 Apr 2024 17:24:33 +0300 > Michael Tokarev <mjt at tls.msk.ru> wrote: > >> 05.04.2024 17:16, Rowland Penny via samba wrote: >>> On Fri, 5 Apr 2024 16:43:42 +0300 >>> Michael Tokarev via samba <samba at lists.samba.org> wrote: >>> >>>> Hi! >>>> >>>> We had

On Fri, 5 Apr 2024 17:24:33 +0300 Michael Tokarev <mjt at tls.msk.ru> wrote: > 05.04.2024 17:16, Rowland Penny via samba wrote: > > On Fri, 5 Apr 2024 16:43:42 +0300 > > Michael Tokarev via samba <samba at lists.samba.org> wrote: > > > >> Hi! > >> > >> We had stand-alone anonymous samba server serving a read-only share > >> as

05.04.2024 17:16, Rowland Penny via samba wrote: > On Fri, 5 Apr 2024 16:43:42 +0300 > Michael Tokarev via samba <samba at lists.samba.org> wrote: > >> Hi! >> >> We had stand-alone anonymous samba server serving a read-only share >> as guest account. It worked well but had a few strange issues (like >> lots of noise in logs about bad smb2 signature).

On Fri, 5 Apr 2024 16:43:42 +0300 Michael Tokarev via samba <samba at lists.samba.org> wrote: > Hi! > > We had stand-alone anonymous samba server serving a read-only share > as guest account. It worked well but had a few strange issues (like > lots of noise in logs about bad smb2 signature). > > Its been suggested to switch to a domain member server. I didn't

On Fri, 5 Apr 2024 16:43:42 +0300 Michael Tokarev via samba <samba at lists.samba.org> wrote: > Hi! > > We had stand-alone anonymous samba server serving a read-only share > as guest account. It worked well but had a few strange issues (like > lots of noise in logs about bad smb2 signature). > > Its been suggested to switch to a domain member server. I didn't

01.04.2024 13:56, Jones Syue ???: >> I can't say for sure but I *think* each time the client is windows server 2012. > > Looks good :) If run this script[1] to test multiple dialects, found only > SMB3_00 and SMB3_02 has this "(sign_algo_id=1)", and per doc[2] it could > be happend with ws2012 and ws2012r2. This *is* 2012 r2. The protocol version it negotiates is

19.07.2023 17:55, Jule Anger via samba weote: > Release Announcements > --------------------- > > This are security releases in order to address the following defects: > > o CVE-2022-2127:? When winbind is used for NTLM authentication, a maliciously > ????????????????? crafted request can trigger an out-of-bounds read in winbind > ????????????????? and possibly crash

Hi! What's the way to see list of open files on samba server (information which smbstatus gives) without giving user full root privs for the server? Thanks, /mjt

11.03.2024 17:40, spindles seven via samba: > Hi > > After seeing that Bookworm Backports has now got Samba version 4.19.5, I decided to update my samba machines. However, I find that those running on AMD64 architecture, the update doesn't appear. Machines running on arm architectures (armel & arm64) are updated correctly. I haven't changed anything in the

31.01.2023 08:55, Matt Savin via samba ?????: > In group policies use DNS aliases, then you'll need to change only DNS > entries for these aliases to point to a new host(s). I'd say don't use simple dns aliases (cnames) in a DC, but use SPNs instead (see samba-tool spn). This will manage CNAMEs too, and also manages the KRB tickets and proper autentication of the server to the

16.10.2023 15:50, Ingo Asche via samba wrote: > Hi Michael, > > short question: will the Bullseye-Backports getting 4.17.12, too? > > I saw, Bookworm is already updated... Since oldstable-bpo archive in debian is always subject to manual backports-policy processing (all uploads are processed manually), I don't push stuff to oldstable-bpo often. On the other hand, this

On Tue, Jan 24, 2023 at 08:29:17PM +0300, Michael Tokarev via samba wrote: >24.01.2023 20:22, Ralph Boehme via samba wrote: >>What Samba version is this? This: >> >>>LEASE() >> >>... looks broken: the handle oplock/lease state claims to be a >>lease, which means the client didn't request an oplock but a lease >>which should not have happened in

Hi! I'm seeing quite some messages in log.smbd like this: [2024/03/01 15:59:00.612141, 0, pid=1778617] libcli/smb/smb2_signing.c:639(smb2_signing_check_pdu) Bad SMB2 (sign_algo_id=1) signature for message [2024/03/01 15:59:00.612146, 0, pid=1778616] lib/util/util.c:578(dump_data) [0000] 7E 8D E3 FE A9 44 E8 E3 A6 76 22 6A B2 A4 27 CF ~....D.. .v"j..'. [2024/03/01

31.01.2023 20:59, Peter Milesson via samba ?????: > The share permissions are for Everyone (Full Control/Change/Read). > But naturally, the security settings do not include permissions for machines, only for users/user groups. Everything is set up according to the Samba > Wiki. The uid 11025 is a computer account, and the gid is "Domain computers". No, I mean something else.

Hi! I've uploaded samba packages for debian & ubuntu in my repository, to include the fix for recent login/trust issue with 07/2023 windows updates. 4.16 packages will also be available later today (build is in progress now). http://www.corpit.ru/mjt/packages/samba/ JFYI. Thanks, /mjt

https://bugs.freedesktop.org/show_bug.cgi?id=29766 Summary: suspend-to-ram problem on GF7600 notebook Product: xorg Version: unspecified Platform: x86 (IA32) OS/Version: Linux (All) Status: NEW Severity: normal Priority: medium Component: Driver/nouveau AssignedTo: nouveau at lists.freedesktop.org

31.01.2023 23:36, Andrew Bartlett via samba ?????: .. > I understand it can often be the virus scanner (which is running in an > elevated security context, so gets machine credentials). There are various other cases when this can happen, not only due to A/V software. As I noted in the beginning, I don't know *all* cases. Sometimes it happens here on reboot, sometimes it does not.

This question has already been asked in the past, but there was no answer. The above message is logged quite often in /var/log/samba/log.samba-dcerpcd. This is a stand-alone anonymous read-only server. Is it something to worry about? It smells like samba isn't working properly. If yes, how can I fix it? If no, how can I stop samba from logging un-interesting messages? What dcerpcd is

Hi! What's the way to have a domain-based certificate authority so that various TLS services can be enabled within a domain, including LDAPS and other similar services? The whole CA thing is already complex enough, microsoft has tools to do all this on their domain management collection (Active Directory Certificate Services). What's the way to do all this in/with samba- based AD?

18.10.2023 10:17, Michael Tokarev via samba: > Since oldstable-bpo archive in debian is always subject to manual > backports-policy processing (all uploads are processed manually), > I don't push stuff to oldstable-bpo often.? On the other hand, this > security update definitely should go to oldstable-bpo. https://ftp-master.debian.org/backports-new.html - samba is in bullseye