similar to: samba as a domain member: a way to ignore groups?

05.04.2024 17:50, Rowland Penny via samba: > On Fri, 5 Apr 2024 17:24:33 +0300 > Michael Tokarev <mjt at tls.msk.ru> wrote: > >> 05.04.2024 17:16, Rowland Penny via samba wrote: >>> On Fri, 5 Apr 2024 16:43:42 +0300 >>> Michael Tokarev via samba <samba at lists.samba.org> wrote: >>> >>>> Hi! >>>> >>>> We had

On Fri, 5 Apr 2024 17:24:33 +0300 Michael Tokarev <mjt at tls.msk.ru> wrote: > 05.04.2024 17:16, Rowland Penny via samba wrote: > > On Fri, 5 Apr 2024 16:43:42 +0300 > > Michael Tokarev via samba <samba at lists.samba.org> wrote: > > > >> Hi! > >> > >> We had stand-alone anonymous samba server serving a read-only share > >> as

05.04.2024 17:16, Rowland Penny via samba wrote: > On Fri, 5 Apr 2024 16:43:42 +0300 > Michael Tokarev via samba <samba at lists.samba.org> wrote: > >> Hi! >> >> We had stand-alone anonymous samba server serving a read-only share >> as guest account. It worked well but had a few strange issues (like >> lots of noise in logs about bad smb2 signature).

On Fri, 5 Apr 2024 16:43:42 +0300 Michael Tokarev via samba <samba at lists.samba.org> wrote: > Hi! > > We had stand-alone anonymous samba server serving a read-only share > as guest account. It worked well but had a few strange issues (like > lots of noise in logs about bad smb2 signature). > > Its been suggested to switch to a domain member server. I didn't

On Fri, 5 Apr 2024 16:43:42 +0300 Michael Tokarev via samba <samba at lists.samba.org> wrote: > Hi! > > We had stand-alone anonymous samba server serving a read-only share > as guest account. It worked well but had a few strange issues (like > lots of noise in logs about bad smb2 signature). > > Its been suggested to switch to a domain member server. I didn't

01.04.2024 13:56, Jones Syue ???: >> I can't say for sure but I *think* each time the client is windows server 2012. > > Looks good :) If run this script[1] to test multiple dialects, found only > SMB3_00 and SMB3_02 has this "(sign_algo_id=1)", and per doc[2] it could > be happend with ws2012 and ws2012r2. This *is* 2012 r2. The protocol version it negotiates is

Hi! I joined a newly installed samba (4.20.1) server to a domain, - just testing things. Now I want to remove this test server from a domain, but I can't: root at svdcm2:/# samba-tool domain leave -U tls\\mjt-adm WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start. Password for [TLS\mjt-adm]:

Hi! What's the way to see list of open files on samba server (information which smbstatus gives) without giving user full root privs for the server? Thanks, /mjt

19.07.2023 17:55, Jule Anger via samba weote: > Release Announcements > --------------------- > > This are security releases in order to address the following defects: > > o CVE-2022-2127:? When winbind is used for NTLM authentication, a maliciously > ????????????????? crafted request can trigger an out-of-bounds read in winbind > ????????????????? and possibly crash

20.06.2024 15:16, Rowland Penny via samba wrote: > On Thu, 20 Jun 2024 15:07:11 +0300 > Michael Tokarev via samba <samba at lists.samba.org> wrote: > >> 20.06.2024 15:03, Michael Tokarev via samba wrote: >> Still, it'd be nice if samba-tool domain leave displayed some more >> appropriate error message, and no insecure-password-on-command-line >> warning

08.07.2024 17:18, Sonic wrote: > On Mon, Jul 8, 2024 at 6:46?AM Michael Tokarev <mjt at tls.msk.ru> wrote: > ... >> I think the main ingredient here is to have apt-listchanges package >> installed (which, while part of standard install, is optional). > ... > > I've always installed using the netinstall.iso which does not install > that package. Will add it

11.03.2024 17:40, spindles seven via samba: > Hi > > After seeing that Bookworm Backports has now got Samba version 4.19.5, I decided to update my samba machines. However, I find that those running on AMD64 architecture, the update doesn't appear. Machines running on arm architectures (armel & arm64) are updated correctly. I haven't changed anything in the

31.01.2023 08:55, Matt Savin via samba ?????: > In group policies use DNS aliases, then you'll need to change only DNS > entries for these aliases to point to a new host(s). I'd say don't use simple dns aliases (cnames) in a DC, but use SPNs instead (see samba-tool spn). This will manage CNAMEs too, and also manages the KRB tickets and proper autentication of the server to the

20.06.2024 15:03, Michael Tokarev via samba ?????: > Hi! > > I joined a newly installed samba (4.20.1) server to a domain, - just testing > things.? Now I want to remove this test server from a domain, but I can't: > > > root at svdcm2:/# samba-tool domain leave -U tls\\mjt-adm > WARNING: Using passwords on command line is insecure. Installing the setproctitle python

On Tue, Jan 24, 2023 at 08:29:17PM +0300, Michael Tokarev via samba wrote: >24.01.2023 20:22, Ralph Boehme via samba wrote: >>What Samba version is this? This: >> >>>LEASE() >> >>... looks broken: the handle oplock/lease state claims to be a >>lease, which means the client didn't request an oplock but a lease >>which should not have happened in

On Fri, 7 Jun 2024 08:50:11 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > > on the problematic DC "systemctl status" doesn't even show > "samba-ad-dc". > > Although: > > # systemctl status samba-ad-dc.service > ? samba-ad-dc.service - LSB: Samba daemons for the AD DC > Loaded: loaded

16.10.2023 15:50, Ingo Asche via samba wrote: > Hi Michael, > > short question: will the Bullseye-Backports getting 4.17.12, too? > > I saw, Bookworm is already updated... Since oldstable-bpo archive in debian is always subject to manual backports-policy processing (all uploads are processed manually), I don't push stuff to oldstable-bpo often. On the other hand, this

Hi! I'm seeing quite some messages in log.smbd like this: [2024/03/01 15:59:00.612141, 0, pid=1778617] libcli/smb/smb2_signing.c:639(smb2_signing_check_pdu) Bad SMB2 (sign_algo_id=1) signature for message [2024/03/01 15:59:00.612146, 0, pid=1778616] lib/util/util.c:578(dump_data) [0000] 7E 8D E3 FE A9 44 E8 E3 A6 76 22 6A B2 A4 27 CF ~....D.. .v"j..'. [2024/03/01

On Thu, 20 Jun 2024 15:07:11 +0300 Michael Tokarev via samba <samba at lists.samba.org> wrote: > 20.06.2024 15:03, Michael Tokarev via samba ?????: > > Hi! > > > > I joined a newly installed samba (4.20.1) server to a domain, - > > just testing things.? Now I want to remove this test server from a > > domain, but I can't: > > > > > >

31.01.2023 20:59, Peter Milesson via samba ?????: > The share permissions are for Everyone (Full Control/Change/Read). > But naturally, the security settings do not include permissions for machines, only for users/user groups. Everything is set up according to the Samba > Wiki. The uid 11025 is a computer account, and the gid is "Domain computers". No, I mean something else.