similar to: RODC in DMZ

On Fri, 13 Dec 2024 10:14:27 +0100 Ilias Chasapakis forumZFD via samba <samba at lists.samba.org> wrote: > Dear all, > > We (me and colleagues) were considering setting an RODC in our DMZ > for some authentication related questions. > > We were curious about any suggested best practices for those cases. > > We also notice that there are quite a lot of ports to

Der Rowland, We share that concerns actually and of course if there is a way to avoid it, it is always better. Another fellow suggested us an LDAP-Proxy instead (personally have never setup one). What we actually need in our case scenario, is only that service and not the rest of bells and whistles of an RODC. I just was wondering if someone had experience with what happens if one does

Op 13-12-2024 om 14:25 schreef Ilias Chasapakis forumZFD: > Dear Kees, > > Many thanks for sending such a detailed answer. Really helpful and I > guess a good fit for our situation. I was worried that it?d been > complicated as I have never played around with OpenLDAP. There is one limitation I forgot to mention: in my config there is a module "mr_passthru", it is

Hi, we at forumZFD are currently experiencing problems similar to those mentioned here on the mailing list especially on the latest messages. Our gluster just doesn't heal all entries and "manual" healing is long and tedious. Entries accumulate in time and we have to do regular cleanups that take long and are risky.? Despite changing available options with different combinations

Dear all, We are just in a phase of considering valid alternatives to our current setup that sees glusterfs integrated to ctdb interface plus samba ADs. Do you have any suggestion for a distributed FS other than glusterfs and other than ceph that could fulfill the following: - relatively simple use and maintenance and reliable stability; - a feature like geo-replication to allow for

Dear all, we have a replica 3 configuration an issue after that the file system filled up. The gluster daemon is not starting anymore on the affected node and the inconsistency that we noticed is that the /var/lib/glusterd/peers does contain only one "good" node and the other one is missing. Now what we would like to try is to probe from the affected peer the missing one. We also

So 4.18.10 has this fix of the bug as observed in that respect, but I think you are seeing a broader example of that issue. NFS4 in this context is not actual NFS, but a type of unix filesystem permission system closely modelled on NT ACLs, deployed in many filesystems Samba uses, as the translation is much more direct. But even without that, it may be we are seeing the same issues, say for

Dear all, Passing from samba 4.17 to 4.18 we noticed a change in behaviour in folder/files listing. In 4.17 when someone had read and open rights for a folder but no write/modify access then the folder would be visible but clicking on any "non-accessible" resource resulted in a message notifying that no access was granted. Since 4.18 the folder is simply completely invisible. I

Hi, We'll continue to use Gluster whilst we can and remain hopeful that a community will slowly form around the project. These things can take time I guess/hope. I appreciate the simplicity of Gluster and it works well for our use case - we have a small distribute/replicate storage cluster backing our KVM and iSCSI data. I've looked at Ceph a number of times but the complexity of it

Hello, We are setting up 2 AD machines: New machine with subnet 192.168.1.21: Version 4.10.11-SerNet-Debian-10.buster Bind version 9.11.5 Existing machine 1 with subnet 192.168.2.21 Version 4.10.11-SerNet-Debian-10.stretch Bind version 9.10.3 Existing machine 2 with subnet 192.168.3.21? Version 4.10.11-SerNet-Debian-10.stretch Bind version 9.10.3 All with BIND_DLZ backend, same

Hi Rowland, Thank you for replying. Please find the output here below. Just a possible tip: _kerberos._tcp.example.com??? service = 0 100 88 addc-new.example.com. output is present on the new machine but if we issue a host -t SRV _kerberos._tcp.example.com on addc2 it does not appear in the list. Kind regards. Collected config? --- 2019-12-18-20:30 ----------- Hostname: addc-new DNS Domain:

Dear all, Out of fairness to who has always tried to help here and to eventually help others that had our issues, we are happy to announce that our case can be considered closed at the moment. We had complained about healings not being performed and high load on our gluster vms (kvm/qemu). And tried various workarounds that kept us "afloat". Our setup includes ctdb machines on top

My goal is to use the Offline file attribute of Windows when sharing with Samba: https://docs.microsoft.com/en-us/dotnet/api/system.io.fileattributes?redirectedfrom=MSDN&view=netframework-4.7.2 It works when I share ZFS filesystem using the native ZFS CIFS sharing, but it fails when I share the same ZFS with Samba, that is the Offline files are not showed in Windows Client Il 3/4/2019

When I run "gpresult /R" on one of my domain users the ". . . following security groups" listed at the bottom of the output includes "Denied RODC Password Replication Group". Did a little web search digging and found that RODC stands for Read Only Domain Controller. My domain consists of two DC's and one member server with three W10 workstations. I have never

Hello, we have setup a SAMBA4 RODC in our setup where we have two exisitng RW Samba4 DC's. The RODC is joined correctly and can preload user accounts etc. It also can resolve its own name and the name of other DC's, also the SRV records needed. We created an own site with specific subnet for this RODC "area". But we did not manage to get a join of a Windows server working

Hi, I installed a RODC on my mailserver to have a local authentication for mailusers on the machine which doesn't rely on a always-on-connetion to the office. The problem is now that the user-preload doesn't work so that the RODC is not able to authenticate the users itself: samba-tool rodc preload <user> --server <DC1> -U Administrator Password for [AD\Administrator]:

Hi, I'm trying to add a Samba RODC in our environment (Samba 4.6.7) RODC is in the domain and viewable in the MMC, but all users are in " denied rodc password replication group". However these users are not in that group, and also not in a group member of that group (it seems) root at dc ~]# wbinfo -g test|grep -i denied DOMAIN\denied rodc password replication group I

On Thu, 28 Mar 2019 16:31:51 +0100 Adam Minski via samba <samba at lists.samba.org> wrote: > Hi, > > I've tried replacing some 2012R2 RODC by samba-4.9.4 RODCs. One > question about password replication: > > Samba wiki (https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC) > states that samba RODC acts as a proxy server to a writable DC if > users are not

When I start the replication from the other DC it works as you can see: ------- root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net Replicate from addc-01 to rodc-01 was successful. ------- Am 07.08.2018 um 15:26 schrieb Stefan Kania via samba: > Hello, > > I just start testing the setup of an RODC with 4.8.3 (I use the packages > from Louis). The join works

On Sun, 5 May 2019 10:13:07 -0300 Emerson Kfuri <emersonkfuri at gmail.com> wrote: > On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < > samba at lists.samba.org> wrote: > > > On Sun, 5 May 2019 09:20:37 -0300 > > Emerson Kfuri via samba <samba at lists.samba.org> wrote: > > > > > Hello, > > > > > > Recently I