Displaying 20 results from an estimated 8000 matches similar to: "Setting up Samba as a Domain Member when AD DC is set to enforced LDAP Signing"
2024 May 17
1
Setting up Samba as a Domain Member when AD DC is set to enforced LDAP Signing
On Fri, 17 May 2024 10:27:12 +0200
Andrea Cucciarre via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I have configured a Samba server (Version 4.15.13-Ubuntu) as an Active
> Directory domain member, and it joined successfully to the domain and
> it's working fine, I have used the following Samba wiki:
>
>
2019 Mar 12
2
sometimes users fails to login
Sorry my bad, thanks for spotting it.
Should that explains also the failure to grab the mutex?
Andrea
Il 3/12/2019 12:14 PM, Rowland Penny via samba ha scritto:
> On Tue, 12 Mar 2019 12:01:08 +0100
> Andrea Cucciarre' <acucciarre at cloudian.com> wrote:
>
>> The OS is OmniOS, the DC is Windows Server (not sure about the
>> release), and below the smb.conf.
2019 Mar 18
2
sometimes users fails to login
Hello,
Still fighting on this issue, now sometimes I get the following (may be)
relevant errors:
[2019/03/18 14:46:03.329505, 10, pid=582, effective(0, 0), real(0, 0),
class=idmap] ../source3/winbindd/idmap.c:509(idmap_find_domain)
idmap_find_domain called for domain 'BITINTRA'
[2019/03/18 14:46:03.329577, 10, pid=582, effective(0, 0), real(0, 0),
class=winbind]
2019 Mar 12
2
sometimes users fails to login
The OS is OmniOS, the DC is Windows Server (not sure about the release),
and below the smb.conf.
I have also noted that they have more trusted domains, but since they
configured ad idmap only for one domain, then all the other domains use
tdb idmap
[global]
client ldap sasl wrapping = plain
dedicated keytab file = /etc/krb5.keytab
disable spoolss = yes
host msdfs = no
idmap config * : backend
2020 Nov 09
3
How to configure samba domain member to use LDAPS instead of LDAP
My customer complain that in the AD DC they see the following insecure
communication coming from the Samba server (DC member):
"The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection."
So Samba does an insecure LDAP bind and
2019 Jan 23
1
can't write Samba share as anonymous
I'm not sure I have understood, I'm mounting the share as "urca" user,
which is not a known user.
Although I'm setting smb.conf so that for guest user it uses the
privileges of the known user "andrea"
Could you please advice on what I should set for "guest account" in
smb.conf?
Thanks
Andrea
Il 1/23/2019 5:15 PM, Rowland Penny via samba ha scritto:
2020 Nov 09
4
How to configure samba domain member to use LDAPS instead of LDAP
The DC is a Windows AD DC.
Could you please clarify why i should change setting in the Windows DC
instead of the Samba server, which is the one that does the insecure
ldap bind?
Regards
Andrea Cucciarre'
On 11/9/2020 3:13 PM, Rowland penny via samba wrote:
> On 09/11/2020 13:28, Andrea Cucciarre' wrote:
>> My customer complain that in the AD DC they see the following
2020 Nov 09
2
How to configure samba domain member to use LDAPS instead of LDAP
Am 09.11.20 um 15:42 schrieb cn--- via samba:
> What version of Samba is this and do you have "server schannel = no" set
> in its smb.conf?
It might also be some thing like this option "client ldap sasl
wrapping". So it would really help to see the entire smb.conf
Regards
Christian
>
>
> Regards
>
> Christian
>
> Am 09.11.20 um 15:31 schrieb
2020 Apr 20
3
Samba domain member DC preferred list
On 20/04/2020 17:49, Andrea Cucciarre' via samba wrote:
> Does the "password server" setting in the smb.conf achieve it?
No, you shouldn't use this, you should allow Samba to choose the best DC
to use.
>
> On 4/20/2020 6:40 PM, Andrea Cucciarre' wrote:
>> Hello,
>>
>> Is there a way to provide a list of DC that Samba should try to join?
>> I
2020 Apr 20
2
Samba domain member DC preferred list
Hello,
Is there a way to provide a list of DC that Samba should try to join?
I know that in command "net ads join" I can use "-S" to select with DC
to use, but it seems it doesn't accept list, only one single server.
Regards
Andrea
2018 Jun 20
3
Samba 4.5: trying to setup an omnios system as a DC member
Hello Rowland,
thanks, configuring the uidNumber and gidNumber on the AD fixed the
issue, now getent passwd works.
I just have one remaining issue, it seems the ACL doesn't work.
As an example when I set ACL with full permission for user andrea:
# /usr/bin/ls -ldV /cache/testsamba/
d---------+ 3 root root 5 Jun 19 19:40 /cache/testsamba/
2020 Nov 09
2
How to configure samba domain member to use LDAPS instead of LDAP
Hello,
is there any documented procedure to configure a samba domain member (AD
windows domain) to use LDAPS instead of LDAP
Thanks
Andrea
2019 Dec 12
2
Samba Persistent Handles
Hello Ralph,
thanks for the info.
I have find out that "durable handles" should be available in Samba
4.11, and actually it seems to recognize the share option:
durable handles = yes
Do you know if any other steps are needed to setup that feature, or
could you point me any doc that help to achieve that?
Regards
Andrea Cucciarre'
On 12/12/2019 11:04 AM, Ralph Boehme wrote:
2019 Dec 12
2
Samba Persistent Handles
Yes, I saw that they are different I was just willing to test something
similar.
Actually, I'm searching for a Samba feature that allow transparent
failover, or continuos availablity in a cluster setup (Samba + ctbd +
gluster)
Based on the following link my understanding is that such feature is not
currently available in Samba:
2020 Mar 05
2
Samba as DC member UDP ports used
Hello,
I have a customer that complains that Samba (as DC member) uses UDP
during? AD authentication when clients mount a share.
I have run a test and traced network packet and it seems UDP is used by
the CLDAP (Samba server is 10.50.50.35, AD is 10.50.50.85)
Frame 1: 133 bytes on wire (1064 bits), 133 bytes captured (1064 bits)
on interface vmxnet3s0, id 0
Ethernet II, Src:
2019 Dec 11
2
Samba Persistent Handles
Hello,
I'm trying to configure a Samba server for SMB sharing with Persistent
Handles.
I have viewed the youtube? video
https://youtu.be/fA78hdeYi6k
However, it's not clear to me how to enable it in Samba, and if any
setting is needed in smb.conf (I have already set up Samba, gluster and
ctdb)
I'm running Samba 4.11..
Could you please advice?
--
Regards
Andrea Cucciarre'
2019 Mar 12
3
sometimes users fails to login
Hello,
I have Samba 4.6 as AD domain member and sometime the users fails to
login, the issue disappear after some minutes.
I have enabled log leve 10 and I can see the following errors:
2019/03/12 09:20:32.280799, 5, pid=15466, effective(0, 0), real(0, 0)]
../source3/lib/username.c:181(Get_Pwnam_alloc)
Finding user BITINTRA\U002489
[2019/03/12 09:20:32.281111, 5, pid=15466, effective(0,
2020 Jun 15
2
Samba performance for small files
Hello,
I'm testing the performance of Samba share when a windows client copy a
directory that contains many small files (8-18KB).
From the windows client during the transfer the speed goes up and down
to 0KB/sec, so it's not stable.
I have run the same test on a Windows server share (on the same hardware
as the Samba share) and the transfer speed is stable, about 404KB/sec
which is
2018 Jun 19
2
Samba 4.5: trying to setup an omnios system as a DC member
Hello,
I'm trying to setup an omnios system as a Samba DC member, and I need AD
backend for consistent IDs on all Samba clients.
The AD join is successful, the wbinfo shows the AD users
# /opt/samba/bin/wbinfo -n andrea
S-1-5-21-2680195940-2267646359-3814218302-1109 SID_USER (1)
however, " getent passwd ..." returns nothing for the user (all the AD user)
I have enabled debugging
2019 Mar 04
2
Enable XAT_OFFLINE extended attribute in Samba
On Mon, 4 Mar 2019 10:25:59 -0800
Jeremy Allison via samba <samba at lists.samba.org> wrote:
> On Mon, Mar 04, 2019 at 04:48:56PM +0100, Andrea Cucciarre' via samba
> wrote:
> > Hello,
> >
> > Does Samba support XAT_OFFLINE and XAT_ONLINE extended attribute?
> > I have enabled "ea support = yes" but it seems to have no effect on
> > that.