similar to: use of ‘idmap_ldb:use rfc2307 = yes’ in DCs

On Tue, 11 Jun 2024 15:51:46 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > All, > > In the past few days I have been experimenting with the mappings in > Samba servers. Today is the DC day. > > Procedure: > > In my setup, I provisioned with rfc2307 schema. In fairness everyone > should, as it?s free, and you can later use it or not. No,

On Tue, 11 Jun 2024 17:02:58 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > In what scenario should I use idmap_ldb:use rfc2307 = yes ? For what > purpose ? Good question. The only real use could be if you are adding rfc2307 attributes to AD AND using the DC as a fileserver (not recommended) AND also running Unix domain members using the 'ad' idmap

On 12/06/24 04:12, Rowland Penny via samba wrote: > On Tue, 11 Jun 2024 17:02:58 +0100 > Luis Peromarta via samba <samba at lists.samba.org> wrote: > >> In what scenario should I use idmap_ldb:use rfc2307 = yes ? For what >> purpose ? > > Good question. The only real use could be if you are adding rfc2307 > attributes to AD AND using the DC as a fileserver

On Thu, 20 Jun 2024 10:06:02 +1200 Douglas Bagnall via samba <samba at lists.samba.org> wrote: > On 12/06/24 04:12, Rowland Penny via samba wrote: > > On Tue, 11 Jun 2024 17:02:58 +0100 > > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > >> In what scenario should I use idmap_ldb:use rfc2307 = yes ? For > >> what purpose ? >

On Tue, 11 Jun 2024 17:25:59 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > Me neither. AND only if you need to sync files from a DC to a member > server or viceversa, so uids and gids match. Otherwise I?d say no use. > > Why idmap_ldb:use rfc2307 = yes? by default then??when provisioning > with rfc2307 ? I have no idea, before my time. It was added in

On Tue, 11 Jun 2024 18:08:10 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > Let me know if I got this right. > > Are you saying "--use-rfc2307 ? when provisioning is no longer needed > ? And the rfc2307 attributes will still be there ? Yes, the rfc2307 attributes are part of the standard AD schema. > > Again, we are telling people how they need

On Thu, 20 Jun 2024 08:40:07 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Thu, 20 Jun 2024 10:06:02 +1200 > Douglas Bagnall via samba <samba at lists.samba.org> wrote: > > > On 12/06/24 04:12, Rowland Penny via samba wrote: > > > On Tue, 11 Jun 2024 17:02:58 +0100 > > > Luis Peromarta via samba <samba at lists.samba.org>

Am 11.06.24 um 19:37 schrieb Luis Peromarta via samba: > Correct, and I have done so and explained extensively at the beginning to this thread. > > Question is: > > Should we stop telling people to provision with idmap_ldb:use rfc2307 = yes ? As one who uses that option I would say no. However, I see that it is very confusing for someone new to Samba. It is the same for the ID

The question is, if without the option "use idmap_ldb:use rfc2307 = yes"? I will be able to set the uid, uidNumber, unixHomeDirectory and gid on the DC, as I can do it now? NAVI Sp. z o.o. Promienista 5/1 60-288 Pozna? mobile: +48609769035 phone: +48616622881 fax: +48616622882 http://www.navi.pl On 2024-06-20 12:32, Luis Peromarta via samba wrote: > This looks OK, and is a member

On Sat, 8 Jun 2024 17:41:57 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > All, > > Doing some testing with 4.20.1 on a member server. I have no > explanation for this. > > ?Member? member is just a test machine, I joined to domain *with* net > ads join, no issues. A few minutes later ... > > root at member:/etc/samba# net ads leave domain

All, Doing some testing with 4.20.1 on a member server. I have no explanation for this. ?Member? member is just a test machine, I joined to domain *with* net ads join, no issues. A few minutes later ... root at member:/etc/samba# net ads leave domain -U luis Password for [MAD\luis]: Deleted account for 'MEMBER' in realm 'MAD.MATER.INT' root at member:/etc/samba# net ads join

Hello, Why is it said that it affects only if you have fileserver on DC? I use uid, uidNumber, unixHomeDirectory for users and gid for groups. This attributes are defined in samba DC. Then I have another samba server that works as fileserver, and I have this in config: ?? idmap config * : backend = tdb ??? idmap config * : range = 20000-20999 ??? idmap config NAVIDOM:backend = ad ???

Mmm? strange ? Or is this what you were expecting ? root at member:/# net rpc rights list privileges SeDiskOperatorPrivilege -Uadministrator Password for [MAD\administrator]: Could not connect to server 127.0.0.1 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE root at member:/# net rpc rights list privileges SeDiskOperatorPrivilege -Uadministrator Password

I have restored the container from an early snapshot. This has all bits installed, but no config and not joined. I needed -U with a username. By the way my network is a /22 root at member:~# samba-tool dns zonelist awing.mad.mater.int --reverse -U?MAD\luis" WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after

On Wed, 12 Jun 2024 09:00:47 +0200 Christian Naumer via samba <samba at lists.samba.org> wrote: > Am 11.06.24 um 19:37 schrieb Luis Peromarta via samba: > > Correct, and I have done so and explained extensively at the > > beginning to this thread. > > > > Question is: > > > > Should we stop telling people to provision with idmap_ldb:use > >

On Sun, 9 Jun 2024 18:52:39 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > Update: > > I have revoked the privilege to BUILIN\Administratos. As before, no > root mapping. > > root at member:/# net rpc rights revoke "BUILTIN\Administrators" > SeDiskOperatorPrivilege -U "MAD\luis" Password for [MAD\luis]: > Successfully revoked

Update: I have revoked the privilege to BUILIN\Administratos. As before, no root mapping. root at member:/# net rpc rights revoke "BUILTIN\Administrators" SeDiskOperatorPrivilege -U "MAD\luis" Password for [MAD\luis]: Successfully revoked rights. root at member:/# net rpc rights list privileges SeDiskOperatorPrivilege -Uluis Password for [MAD\luis]: SeDiskOperatorPrivilege:

On Sun, 9 Jun 2024 16:53:30 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote: > Mmm? strange ? Or is this what you were expecting ? No > > root at member:/# net rpc rights list privileges SeDiskOperatorPrivilege > -Uadministrator Password for [MAD\administrator]: > Could not connect to server 127.0.0.1 > The username or password was not correct. >

I tried already, feedback welcome and this is all free to use anywhere else. http://samba.bigbird.es/doku.php?id=samba:no-need-for-use-rfc2307 LP On Jun 20, 2024 at 10:19 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote: > > We should then document 'idmap_ldb:use rfc2307' > to say it allows the use of uidNumber & gidNumber attributes on a Samba >

On Mon, 10 Jun 2024 08:33:13 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Sun, 9 Jun 2024 18:52:39 +0100 > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > Update: > > > > I have revoked the privilege to BUILIN\Administratos. As before, no > > root mapping. > > > > root at member:/# net rpc rights