similar to: Online AD Backup fails with "no auth" in 4.20?

Hallo lovely samba-people, did something change in regards to the online AD Backup in 4.20? We're using this CLI command to create a backup of our domain: ??? /usr/bin/samba-tool domain backup online --targetdir="/my/path" --server="rad-2.ad.ellerhold.lan" --use-krb5-ccache="/opt/samba-ad-backup/ad-backup.krb5cc" -N This ran successfully on a member server

Hello, my smb.conf is in the first post. Im not setting unix extensions explictly, so the default is used (which is yes)? But they are only active for smb1 right? I did not activate the smb3 unix extensions. This also happens for shares that are not mounted by cifs ... e. g. we have a share that is used as a hotfolder for a RIP. The workflow is, that people mount them in MacOS and put files

Hallo, yes this is an "ls -lAh" on the samba fileserver side in the corresponding directory. Downgrading to 4.19 does not remove the weird directories and files. But it prevents new weird ones being created... Looking at the timestamps these seem to be created when (heavy?) filesystem operations are being done. There is a cronjob that imports images at 1oo and it runs for around

Hi Alexander, I'm terribly sorry. We didnt have the "ntlm auth" parameter configured on the DCs at all. I added it and it just works. Thanks for your help. Now I just need to figure out how I can make WLAN-specific LDAP-Group authentication. e. g. production WLAN needs LDAP group "wlan_production" and management WLAN needs the "wlan_management" group. I

Hi Matthias, we?re using Debian Bullseye with the backports repo. So version is a mixture of - Samba version 4.17.3-Debian - Samba version 4.17.7-Debian We?ve installed it directly on the DC?s as well. In my opinion using "ntlm auth = yes? should be fine. Did you try using a simple RADIUS secret? In my experience long secrets or ones containing special characters don?t work very well. I

Hello Alexander, thanks Alexander for these configuration snippets. Which version of Samba are you using? Is this on debian bullseye? Is the FreeRADIUS server installed on a DC or on a Domain Member? (I just tested the latter). is "ntlm auth = yes" OK for the DCs and the domain member or does it have to be "mschapv2-and-ntlmv2-only" for all servers (DCs + Member)? It

Hello lovely samba-people, this morning all of our DCs (debian bookworm) upgraded their bind9 packages to 9.18.28 (from 9.18.24). Afterwards the named service would not come up successfully and crash after loading the DLZ: Jul 26 07:32:12 rad-1.ad.ellerhold.lan named[1903]: sizing zone task pool based on 64 zones Jul 26 07:32:12 rad-1.ad.ellerhold.lan named[1903]: Loading 'AD DNS

Hello Rowland, thank you very much! Ive read the mails but I didnt realize that this may be the same problem. I can confirm that your workaround fixes the issue. Regards, Matthias. Am 26.07.24 um 08:48 schrieb Rowland Penny via samba: > On Fri, 26 Jul 2024 08:38:58 +0200 > Matthias K?hne | Ellerhold Aktiengesellschaft via samba > <samba at lists.samba.org> wrote: > >>

Hello lovely samba-people, after upgrading to 4.20 some file shares randomly get weird directories and files in them: drwxrwx---+ 3 AD-ELLERHOLD\user AD-ELLERHOLD\group 4.0K May 29 01:14 ''$'\352' drwxrwx---+ 3 AD-ELLERHOLD\user AD-ELLERHOLD\group 4.0K May 29 01:14 ''$'\324' drwxrwx---+ 3 AD-ELLERHOLD\user AD-ELLERHOLD\group 4.0K May 18 01:12

Hello mjt, I can only speak for myself: For bigger upgrades (e. g. samba 4.19 -> 4.20) Im manually updating a few servers and check if everything works. For smaller updates (e. g. 4.20.1 -> 4.20.2) Im using saltstack to automate updating the servers. It suppresses these messages and this is fine in 99% of all cases because a minor update is not supposed to change much (e. g. split a

Hello Tim, Hello samba-people, is there an uptodate guide for authenticating via freeradius somewhere? I have some Ubiquiti APs plus a Cloud Key and I want to authenticate WLAN clients via WPA2-Enterprise instead of a (shared) PSK. It seems like https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory is missing some steps (basic setup of freeradius). Can you

I can share my notes, we authenticate UniFi clients via Freeradius against Samba AD. We also check group membership which you might or might not need: ## 4 FreeRADIUS ### 4.1 Basics ```bash apt install freeradius freeradius-ldap freeradius-utils # create new DH-params openssl dhparam -out /etc/freeradius/3.0/certs/dh 2048 ``` ### 4.2 Configure Authentication - modify mschap to use winbind,

Hello Thomas, we've done the exact same thing: we have a few nextcloud instances bound to Samba (now 4.20, but 4.19 worked too). You HAVE to use "ldaps://<FQDN>" in the "Host" field and "636" in the "Port" field. For the certificates issues: either you create a CA, create the samba certificates and add this CA to the trusted certificate

Hello, yes sadly update 8.9 of elasticsearch broke the samba integration. Seems like 8.10 is still broken. Stay on 8.8 until this is fixed. Ive emailed Ralph B?hme of Sernet already, but hes got no time for it atm. Im not sure about the second part of your bug report though: > There is a bug where when the samba server is running and files are being indexed while samba is running finder

Hey Kees, fs2es-indexer is designed to be a lightweight alternative to FSCrawler. So no ... it doesnt do any content indexing or saves much of the metadata. As far as I understand it the OCR and other stuff makes FScrawler that big. And we dont need any of that - we just want to search for file names. BUT Im open for merge requests ;-) I currently getting away with a lot less complexity

17.07.2024 10:54, Matthias K?hne | Ellerhold Aktiengesellschaft via samba wrote: > Hello lovely samba-people, Hi! :) > after upgrading to 4.20 some file shares randomly get weird directories > and files in them: > > drwxrwx---+ 3 AD-ELLERHOLD\user AD-ELLERHOLD\group 4.0K May 29 01:14 ''$'\352' > drwxrwx---+ 3 AD-ELLERHOLD\user AD-ELLERHOLD\group 4.0K May

Hello lovely samba-people, Ive got a Mac OS specific problem... Lets say you have two Macs both opening the same folder on the same share. Using one Mac: move a file into this folder - works. Its shown on both Macs in their finder window. Now try to move the file into another folder. You'll get error -36 "Finder could not complete this operation because some data in ?test.pdf?

18.07.2024 13:03, Matthias K?hne | Ellerhold Aktiengesellschaft via samba wrote: > Hallo, > > yes this is an "ls -lAh" on the samba fileserver side in the > corresponding directory. > > Downgrading to 4.19 does not remove the weird directories and files. But > it prevents new weird ones being created... > > Looking at the timestamps these seem to be created

Hallo, just my 2 cents: So Samba 4.12 works, but 4.13+ doesnt? Maybe you can use the same strategy here as used for Win XP or older OS: Setup an isolated (virtualized?) DC with samba 4.12 just for the synology to connect to? You could use firewalld/ufw rules to only allow traffic to the samba ports from one single source IP-adress (the synology) to limit the exposure... Just until synology

Hello samba-people, Ive upgraded our Debian Bullseye servers to Samba 4.18 (thanks to mjt's repositories) and zabbix-server refuses to start with a seg fault. Downgrading back to 4.17 (from bullseye-backports) fixes the issue. This happens with Zabbix Server 6.2.7, 6.2.8, 6.2.9, 6.4.0 and 6.4.1. Ive created a bug report for zabbix here: https://support.zabbix.com/browse/ZBX-22658. You