similar to: Sharing Samba share with Domain User Access

I've successfully joined two Linux Domain Members to two different Domains. Now, I'm joining a second Linux host as a Domain Member to a Samba4 (4.18.9) Domain. I'm having some possible issues this time. Issue #1 Reverse Zone On the SambaWiki: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member, under 2.5 Forward Lookup, no problem: # host mail mail.hprs.local has

On Sat, 27 Apr 2024 20:38:34 -0400 Mark Foley via samba <samba at lists.samba.org> wrote: > I've successfully joined two Linux Domain Members to two different > Domains. Now, I'm joining a second Linux host as a Domain Member to a > Samba4 (4.18.9) Domain. I'm having some possible issues this time. > > Issue #1 Reverse Zone > > On the SambaWiki: >

On Sun Apr 28 03:42:51 2024 Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Sat, 27 Apr 2024 20:38:34 -0400 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > I've successfully joined two Linux Domain Members to two different > > Domains. Now, I'm joining a second Linux host as a Domain Member to a > > Samba4 (4.18.9)

On 09.02.2024 17:02, Mark Foley via samba wrote: > On Fri Feb 9 04:23:29 2024 Luis Peromarta via samba<samba at lists.samba.org> wrote: >> Are your clients talking to the DCs re. Time at all ? >> >> This is an example in one of my DCs: Run tcpdump on your DC: >> >> root at dwing:~# tcpdump??port 123 -v >> [snip] >> >> Might be work

On Fri Feb 9 04:23:29 2024 Luis Peromarta via samba <samba at lists.samba.org> wrote: > > Are your clients talking to the DCs re. Time at all ? > > This is an example in one of my DCs: Run tcpdump on your DC: > > root at dwing:~# tcpdump??port 123 -v > [snip] > > Might be work examining that traffic for clues. > > Regards, LP Luis, excellent suggestion!

On 21/07/16 06:08, Mark Foley wrote: > OK! I deleted the /etc/passwd entry for user mark and I modified my /etc/nsswitch.conf to: > > passwd: compat winbind > group: compat winbind > > I couldn't get sendmail working with this at first -- I didn't know what to [re]start to get > the new nsswitch config to take, so I rebooted. Probably I just had to restart sendmail,

Jan 16 13:09:44 mail dovecot: imap(mark): Error: opendir(/home/HPRS/mark/Maildir) failed: Permission denied (euid=3000026(HPRS\mark) egid=100(users) missing +r perm: /home/HPRS/mark/Maildir, conflicting dir uid=10001(HPRS\mark)) Just wanted to point out that you have at different UID for the folder than your EUID (gotten from userdb/passdb). Aki On 16.01.2017 23:09, Mark Foley wrote: > More

Are your clients talking to the DCs re. Time at all ? This is an example in one of my DCs: Run tcpdump on your DC: root at dwing:~# tcpdump??port 123 -v tcpdump: listening on enp1s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 10:20:41.655081 IP (tos 0x0, ttl 128, id 32113, offset 0, flags [none], proto UDP (17), length 96) ?? ?192.168.3.52.ntp > dwing.mad.mater.int.ntp: NTPv3,

Hi Mark, I've had the same trouble with the DOMAIN\user on my DCs, and as Rowland has already pointed out, the "winbind use default domain = yes" configure option is not honored on a DC. My guess is that is because a Samba DC can only be a DC for one domain, so that is why it isn't honored. If I do "getent passwd username" on my DCs, they all return

Mike, If the DC returns "DOMAIN\username", but domain members (correctly?) return just "username", is this a bug in the DC? Is there some reason the DC essentially ignores the "winbind use default domain = yes" and returns DOMAIN\username? It would seem to me that sendmail would not be the only program stumbling on this. --Mark -----Original Message----- >

More info ... My dovecot error log shows: Sep 05 16:45:19 auth: Debug: client in: AUTH 1 NTLM service=imap Sep 05 16:45:19 auth: Debug: client passdb out: OK 1 user=mark at hprs original_user=mark at HPRS Sep 05 16:45:19 auth: Debug: master in: REQUEST 998899713 10219 1 f56352c207cb8f6dea4d264b2c0f8dc1 session_pid=10220 request_auth_token Sep 05

Comments interspersed with yours ... --Mark -----Original Message----- > Date: Sun, 06 Sep 2015 20:00:11 -0500 > From: Rick Romero <rick at havokmon.com> > To: dovecot at dovecot.org > Subject: Re: How to "Windows Authenticate" > > Hmm. I would expect to see 'mark at hprs.com'. Whatever your full domain > name is. Full user at domain would be

I've gotten errors like this when it was actually a selinux denial. If you're running selinux, check those logs too. Bill On 1/16/2017 4:09 PM, Mark Foley wrote: > More info ... > > This is the only user having this permission problem. All other Thunderbird/dovecot users are > getting mail file. They all have the same permissions set on their Maildir folder. > > --Mark

> On Jun 28, 2016, at 10:32 PM, Mark Foley <mfoley at ohprs.org> wrote: > > Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, and restarted. Now I > don't get that "Unknown authentication mechanism 'gssapi'" message in maillog, and mail is > delivered successfully to the other domain users having PLAIN authentication. That's a

On Thu Jan 4 19:46:02 2024 Mark Foley via samba <samba at lists.samba.org> wrote: > > I've added a Windows 10 domain member to my Domain. I'm now following the > procedure in https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member. > > [deleted] The above references the first in a long thread I started having

If I had time I would be all over this - but IMHO the main problem is that Dovecot != Exchange.? Even in small environments - unless I'm out of date, there's no calendar, tasks or contact lists within Dovecot. Your next best best is to use something like Horde that would allow you to auth via ActiveSync (on Outlook 2013 clients) and manage everything else that the users will want, with

On Thu, 22 Aug 2019 08:04:10 +0100 Rowland penny <rpenny at samba.org> wrote: > > On 21/08/2019 22:47, Mark Foley via samba wrote: > > I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map > > shared directories just fine without having to enter Credentials. If I try doing that with the > > domain Administrator it

Hi Mark, Just to let you know that we are running dovecot with AD. (and I guess: *many* people are running that combination) It worked without issues, we are using in dovecot-ldap.conf.ext: > auth_bind = yes this user/passwd filter: > = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514))) > dn = cn=search_dovecit,cn=users,dc=company,dc=com > dnpass =

Thanks again for your quick reply ... You wrote: > > $ wbinfo -i mark > > HPRS\mark:*:3000026:100:Mark Foley:/home/HPRS/mark:/bin/false > > Ah but those numbers *do not* come from AD, they come from 'idmap.ldb' Hmmm, so my Samba4 assigned them when I ADUC-added the user? Maybe this is not an answerable question, but why is it picking those GID/UIDs? Why is it not

I have a NAS (Linux/Slackware 14.2) that is a domain member. "Normal" AD Windows users can map shared directories just fine without having to enter Credentials. If I try doing that with the domain Administrator it prompts me for the credentials, then fails. On the NAS I can get an "OK" status with ntlm_auth using the administrator credentials. I cannot 'su -' to the