similar to: odd UID behaviour in Linux hosts connected to Samba AD

On Thu, 16 Jan 2025 12:21:42 +0100 (CET) "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > > Hi everyone, > > I've been running into a small issue in the past few days after > figuring out (or so I thought) how to properly map UIDs from AD to > Linux clients so that they are identical across environments and work > on both Linux and

On 21/08/2020 21:40, vincent at cojot.name wrote: > On Fri, 21 Aug 2020, Rowland penny via samba wrote: > >> This works for me: >> >> rowland at devstation:~$ sudo ldapsearch -H >> ldaps://dc01.samdom.example.com -D 'SAMDOM\Administrator' -w >> 'xxxxxxxxxx' -b 'dc=samdom,dc=example,dc=com' >>

On 21/08/2020 20:08, Rowland penny via samba wrote: > On 21/08/2020 19:28, Vincent S. Cojot via samba wrote: >> >> Hi everyone, >> >> I have a working Samba AD/DC (4.12.6 on RHEL7.8) setup I'm trying to >> use with OpenShift (a container platform to which RedHat contributes >> - aka OCP). I'm also not too skilled on LDAP even though I've been

On Fri, 2020-08-21 at 17:51 -0400, Vincent S. Cojot via samba wrote: > Hi Rowland, > > First of all, thank you for taking the time to help me. > I tried your suggestion and all results came up empty. > > Then I did a few lapdsearch(es) and found this: > > 1) This query returns two users: > ldapsearch -H ldaps://dc00.ad.lasthome.solace.krynn:636 -x -W -D >

Hi Denis, Thanks for taking the time to answer. Yes, I may have been wrong with --forced-sync and --full-sync since the start but in fact I wanted to make sure to force replication between the servers. Here is what I have noticed: - replication works from dc00 -> dc00 but not from dc01 -> dc00: [root at dc00 ~]# samba-tool drs replicate DC01 DC00 dc=ad,dc=lasthome,dc=solace,dc=krynn

Hi all, I'm running in circles trying to debug replication failures on samba 4.7.6: dc00 : is a VM on KVM host (attached to a bridge on local LAN) dc01 : is a similarly configured VM on another KVM host. I've forcibly demoted and re-promoted dc01 but I still cannot get automatic replication to work: root at dc00 ~]# samba-tool drs showrepl Krynn\DC00 DSA Options: 0x00000001 DSA

On 21/08/2020 22:08, Rowland penny via samba wrote: > On 21/08/2020 21:40, vincent at cojot.name wrote: >> On Fri, 21 Aug 2020, Rowland penny via samba wrote: >> >>> This works for me: >>> >>> rowland at devstation:~$ sudo ldapsearch -H >>> ldaps://dc01.samdom.example.com -D 'SAMDOM\Administrator' -w >>> 'xxxxxxxxxx' -b

Hi everyone, I have a working Samba AD/DC (4.12.6 on RHEL7.8) setup I'm trying to use with OpenShift (a container platform to which RedHat contributes - aka OCP). I'm also not too skilled on LDAP even though I've been running the above for over two years now.. There are typically two steps involved in connecting AD to OCP: 1) declare an OAuth configuration in OCP (requires a bind

Hi Andrew, Hi Rowland, I just spent close to one hour debugging this with one OpenShift specialist from RedHat. What we figured was: 1) both of my configs work (auth and group-sync) and are in fact correct. 2) OCP group sync does not sync the groups that have no explicit 'member' Attribute or groups that are 'default' groups (E.g: 'Domain Users') where membership is

Hi again Rowland and Luis, First, thank you very much for jumping to my rescue and explaining what I got wrong about my Samba usage. This brought another question: Could I perhaps use the Samba 'rid' backend so that Windows users get unique UIDs on Linux boxes - different from the Linux UIDs - and then make use of usermap to map them to the proper local Linux user? Would that work?

Hi Rowland, Thank you very much for the quick answer. >> Right after booting a fileserver, I can 'id' a local user just fine >> and it's properly showing the local Linux groups: > > Please define 'local user', if it is a user that is in /etc/passwd AND > in AD, you are doing it wrong. Yes, I have those local users both in /etc/passwd and AD (in case AD

On Thu, 16 Jan 2025 14:16:45 +0100 (CET) vincent at cojot.name wrote: > > Hi Rowland, > > Thank you very much for the quick answer. > > >> Right after booting a fileserver, I can 'id' a local user just fine > >> and it's properly showing the local Linux groups: > > > > Please define 'local user', if it is a user that is in

Hi All, On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02 and 03 are gone), I've noticed the following errors which I am unable to fix.. Any hints? * Basic dbcheck is clean. [root at dc00 ~]# samba-tool dbcheck Checking 327 objects Checked 327 objects (0 errors) * Cross-NCS shows two errors related to a de-comissionned DC (dc02) and cannot auto-fix this.. How do I fix

On Tue, 22 Jan 2019, Rowland Penny via samba wrote: > On Tue, 22 Jan 2019 14:20:21 -0500 (EST) > "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > >> >> Hi All, >> >> On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02 >> and 03 are gone), I've noticed the following errors which I am unable >> to

On Tue, 22 Jan 2019 14:20:21 -0500 (EST) "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > > Hi All, > > On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02 > and 03 are gone), I've noticed the following errors which I am unable > to fix.. Any hints? > > * Basic dbcheck is clean. > > [root at dc00 ~]# samba-tool

Hi All, I know RHEL has bad press here but I'd like to share a different opinion (works for me) and maybe share some of my settings. BTW, Those views are my own, not those of my employer. I run a small AD at home. The setup is as follows: - two AD DCs (RHEL7.6 KVM virtual machines + Samba 4.8.7 rpms based on SPECs from TranquilIT/Fedora). - several Win10 laptops joined to the domain. -

On 08/06/2019 21:32, Rowland penny via samba wrote: > On 08/06/2019 16:24, Uwe Laverenz via samba wrote: >> Hi all, >> >> when you join a linux server to an active directory with "realm" it >> uses "sssd" as default. This works well as long as you just want to >> be a simple domain member. >> >> As soon as you want a real member

On Tue, 22 Jan 2019 15:19:10 -0500 (EST) "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > On Tue, 22 Jan 2019, Rowland Penny via samba wrote: > > > On Tue, 22 Jan 2019 14:20:21 -0500 (EST) > > "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > > > >> > >> Hi All, > >> > >>

On 10/06/2019 16:04, vincent at cojot.name wrote: > > There is probably some amount of redtape on this but AFAIK it works > fine for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs > through use of realm '(and thus sssd): > > Here's a RHEL7.6 client: > # realm list > ad.lasthome.solace.krynn > ? type: kerberos > ? realm-name:

Am 16. Januar 2025 17:50:08 MEZ schrieb Rowland Penny via samba <samba at lists.samba.org>: >There is no way to give users logging into a DC different shells or >home directory paths, not even if you use the rfc2307 attributes. A DC >only reads uidNumber & gidNumber attributes from AD. > That ist not true for me. On our DCs home and shell are red from AD. Regards