I'm aware of, at least generally, how one would have done a
BDC/Redundant server under OpenLDAP Samba3.
However, rolling your own multi-domain-controller was fairly daunting
[for me] under Samba3 / OpenLDAP.
I've been very interested in Samba4 for the more integrated nature of
having
install to to avoid issues later.
And as long as we're on the subject - any advice to make my long term
experience better, having compiled my own vs. a package install?
TIA
-Greg
--
Gregory Sloop, Principal: Sloop Network Computer Consulting
503.251.0452 x82 Voice | 503.251.0452 Fax
www.sloop.net
.
Suggestions?
-Greg
--
Gregory Sloop, Principal: Sloop Network Computer Consulting
503.251.0452 x121 Voice | 503.251.0452 Fax
www.sloop.net
mailto:gr...@sloop.net
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
GK it's not only your file system supporting ACL's - also some
GK devel packages must be around during the build.
GK See https://wiki.samba.org/index.php/Samba_4/OS_Requirements
Thanks, but I do have all the ACL packages etc, described in the reqs.
[I followed, exactly, the Deb/Ubuntu
GK it's not only your file system supporting ACL's - also some
GK devel packages must be around during the build.
GK See https://wiki.samba.org/index.php/Samba_4/OS_Requirements
GS Thanks, but I do have all the ACL packages etc, described in the reqs.
GS [I followed, exactly, the Deb/Ubuntu
[I sent this back on Friday AM, but it claimed it was being held, yet
I've not seen it show up, so I'm reposting both to update the thread,
as well as for others who might be having the same issue. My apologies
if it eventually shows up twice.]
---
As was posted initially, I got a whole set of
LO Al 31/01/13 16:09, En/na John P Arends ha escrit:
If I were you I'd connect to both shares using a Windows machine and run
robocopy to copy all the permissions.
LO I thought about that but I'd prefer a Linux solution (if possible).
If you want the least hassle and all the permissions etc,
AVH thanks,
AVH there is any documentation for using samba4 with an external bind9?
https://wiki.samba.org/index.php/Samba4/HOWTO#Bind_9.8.0_or_newer
[There's a problem with the Wiki - it's only accepting HTTPS
connections today - just a heads-up for whomever in the Samba crew
might be
The Wiki page has been SSL-only for a few days to a week or so.
[perhaps this is by design, I don't know - but it is different than it
was a week or more ago.]
But the link to it from the main samba.org page is wrong and the suggested
link doesn't get you to the wiki either. [It goes to
Setup a DC using 4.0.3 - all appears to go fine...
Setup a second DC and everything works fine to here...but I'm not sure
if replication is actually working or not.
Here's what I get from ./samba-tool drs showrepl
I've also done. [./samba-tool drs kcc -Uadministrator
dc2.samba.somedom.local] in
So, I'm wondering if anyone has a howto on promoting a non-master DC
to FSMO/Operation master and making it the Primary DC? [I don't see it
in the Wiki and searching doesn't produce anything for me.]
In my particular case, I have a couple of test DC's I've setup. Rather
than tear them down, I
I know this has come up a bit in the past, but consider this
situation:
Two Samba4 DC's - and I want to mirror the data shares to the
backup DC in case we lose the primary DC and it's file shares.
[A cheap, dirty, poor-mans semi-CTDB. How did you ever guess that Red
Green was helping me?!]
The
-SNIP-
TS Perfect! Now from the Windows workstation.
C:\Users\Admin1ipconfig /flushdns
TS Windows IP Configuration
TS Successfully flushed the DNS Resolver Cache.
C:\Users\Admin1ping foo.internal.testdom.com
TS Ping request could not find host foo.internal.testdom.com. Please check the
TS name
So, I'm trying to paw through the long set of smb.conf options - and
it's rather daunting.
I'm wondering what smb.conf options are most
important/appropriate/common for mostly Windows XP/7/(possibly v8) clients.
TIA
-Greg
--
Gregory Sloop, Principal: Sloop Network Computer Consulting
DS On 02/17/2013 6:02 PM, Andrew Bartlett wrote:
As most of you would have noticed, we have now had 3 CVE-nominated
security issues for SWAT in the past couple of years.
-SNIP-
Therefore, it was suggested on a private list that we just drop SWAT. I
want to start a public discussion on
-SNIP-
However, for anyone looking for a web version of the smb.conf for
4.0.3 - see this wiki page.
http://wiki.samba.org/index.php/Documentation_Links/samba4-smb.conf
SA Just curious what is the source of the smb.conf manual above.
I think your question was answered in terms of S4 vs S3
DE Originally I had a Win 2003 DC. I added a samba 4.0.0 DC to the
DE domain, allow full replication to take place and then transferred all
DE the roles to the samba 4.0.0 dc. Finally I removed the Windows DC from
DE the domain.
DE Everything has been working well. Today I upgraded from samba
MR I'll cut to the chase -- several weeks ago, I thought I had an
MR upstart configuration file that would start Samba4 when the VM was
MR turned on; but it turns out I was wrong. At the time there was
MR nothing on the wiki about it (the links were broken).
MR The script I thought was working
LL I see from the documentation that it is possible to use BIND9 as
LL a drop-in replacement for the internal SAMBA4 DNS service...
LL However, I would like to know if I can keep the BIND9 DNS server
LL on a seperate server from de one that SAMBA4 is running on (AD DC).
LL If this is possible,
mmgc Well … just found that the options
mmgc server role
mmgc dns recursive queries
mmgc dns forwarders
mmgc are ignored … hmmm … well … does anyone know how to achieve the
mmgc desired behavior without these options ?
Perhaps I don't understand what's going on - but are you sure your DNS
PLJJ I know that if I were running a Windows AD, I could most likely
PLJJ accomplish what I want with--if nothing else--the 389 DS by using
PLJJ DS-provided Password Sync Service (see
PLJJ
PLJJ I know that if I were running a Windows AD, I could most likely
PLJJ accomplish what I want with--if nothing else--the 389 DS by using
PLJJ DS-provided Password Sync Service (see
PLJJ
I do so enjoy working with users who I can ask to 'put some code in' and who
can handle this so well :-).
TM Why thank you, kind Sir :-)
TM I do so enjoy working with people who quite obviously really, REALLY, know
their subject :-)
TM In my case, evidence only of far too many years stuck
CW I have built two samba4 boxes, one as a PDC and the as a DC, all working
CW perfectly. If I create a user through the mmc snapin then turn off the PDC,
CW I can still login to the domain using the DC which is great. The problem is
CW their files and ntfs permissions on BDC.
CW I have assigned
any idea about the users/groups, since
it's not replicating and of the DC data, right?)]
Glad for any light you can shed - and thanks for letting me know it
should work. I'll tinker with it when I'm to that point.
-Greg
JA On Thu, Feb 28, 2013 at 09:13:39PM -0800, Gregory Sloop wrote:
I'm
Windows cannot set the password for because: The password does not
meet the password policy requirements. Check the minimum password length,
password complexity and password history requirements.
TS It's giving that error because you have a minimum length specified or
TS complexity
Pardon me for butting in, and probably you've already considered this,
but what the heck.
Do you even know that the user actually logged in during the time in
question? I suppose the logs will at least let you know *if* anyone
did login, but if the trouble-maker used an already logged in station
Known issue - see the wiki. [I don't think you can change the
password complexity before provisioning, but perhaps you can.]
#this sets the complexity req off.
#(I do this after provisioning, but it may work before...)
samba-tool domain passwordsettings set --complexity=off
---
But you'll have
after the error it is on !!
GR Something is turning the complexity back on during the provision. BUG
--
Gregory Sloop, Principal: Sloop Network Computer Consulting
Voice: 503.251.0452 x82
EMail: gr...@sloop.net
http://www.sloop.net
---
--
To unsubscribe from this list go to the following URL
GR Ok I finally gave up and made something really complex: Administrator1
GR Boy, we feel really secure now.:rolleyes:
GR RANT: I wish people would stop all this complexity nonsense and
GR just let people set their passwords how they want to
GR set them.
I really hope you're venting at
DHK Hello list,
DHK I have a samba 3.5.6 running on a Debian squeeze machine. This box is
running
DHK since more than a year without any problems.
DHK Since a couple of days we have the following problem.
DHK One Win7 user doesn't get his user profile any more
DHK The log file tells:
DHK
If you are doing that,
then I suggest you find a different way to operate - the AD DC is the
security heart of the network, and should be more protected than that.
GR My AD DC is not directly connected to the internet. It is
GR behind an internet gateway router which has 53 open and
GR
policies for complete idiots
TA maybe.
--
Gregory Sloop, Principal: Sloop Network Computer Consulting
Voice: 503.251.0452 x82
EMail: gr...@sloop.net
http://www.sloop.net
---
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman
The linky-thingy did have a way of doing so via a GPO. I've not tried
it, but it certainly looks like it should work.
While I've not done this via GPO - this looks like a reasonable way of
doing so.
http://www.expta.com/2011/02/adding-users-to-local-security-groups.html
Try it.
-Greg
ML On Thu, Mar 21, 2013 at 11:24 AM, Terry Austin te...@crownhardware.com
wrote:
On 21 Mar 2013 at 10:29, L.P.H. van Belle wrote:
DONT DO IT !!
This is Administrators 1ste rule !!
NEVER, but then NEVER giver users Administrator/PowerUser rights.
I have no choice. There's too much stuff
ssme If I could change the subject somewhat, I am also not clear on how to
configure
ssme SAMBA4 and the DNS server if my network has an existing DNS server on
another
ssme machine and I don't really want to move it. The DNS server is a stock
install
ssme of bind from the distro's repository:
be useful.
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
---
Do I have that largely right?
-Greg
--
Gregory Sloop, Principal: Sloop Network Computer Consulting
503.251.0452 x121 Voice | 503.251.0452 Fax
www.sloop.net
mailto:gr
iM I am using Samba 4.0.4 as AD DC on my test environment and
iM realized that all my W2k clients (default installation, no special
iM setups made on the clients) cannot receive the correct time of my
iM samba 4.0.4 AD domain controller. Windows XP and 7 work fine
iM though. The problem occurs at
And IMO, trying to do this, while streaming the CIFS data and login
via the unprotected and vast-vagaries of the open internet - well that
just seems pretty crazy to me.
H Is CIFS data unencrypted or unprotected, or have some other vulnerability I
H should be aware of?
I believe the
iM Well, the NTP server on samba4 server is definitely (!) up and
iM running. I can triple-check that by ps, netstat and of course by
iM getting the time of all my other clients (winxp, win7, linux, unix) so
iM NTP server is definitely running on samba4 host.
Up and running doesn't mean it
C I am new here and am wondering if I have the correct list to subscibe to.
C I am looking for a user forum; technical mutual help/tutorial type
C list; would this be that type of thing?
You're on the right list.
However the varying level of technical complexity is very high. Some
of us are
CR Some people have had success with scripting replication using rsync etc.
I don't want this to sound like I'm arguing, because I'm not.
I'm just not aware of ANYONE who has gotten rsync to work properly
handling all the EA's and such in syncing any Samba4 AD filesystems
between AD members.
P Is it possible to set User specific password policies in Samba4.
P Say I wan to set the Password length of a particular user to be 7 where
P as my domain policy is 10
P How to do this in samba4?
The only way I can think of that would apply some policies to some
users and a different policy to
MF We had problems removing password complexity, and I noticed a lot of
MF confusion on the list about exactly this topic. So I thought I would post
MF our success.
MF We're talking about a Samba4 PDC/AD here. Once we got Samba installed and
MF provisioned, we used samba-tool from the
MM Am 12.08.2013 22:32, schrieb Gregory Sloop:
So, if I understand things correctly, NMBD or network browsing isn't
functional under S4 yet. [At least I don't believe it was in 4.03 -
and I don't think that's changed.]
MM Currently Samba still doesn't support network neighbourhood.
Is nmbd
.
Is there something i forgot? On my old configuration with old (RIP) server
it worked flawessly.
Szymon
--
To unsubscribe from this list go to the following URL and read the
instructions:
https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba
--
Gregory Sloop
GRIK Am 02.09.13 18:20, schrieb Marc Muehlfeld:
Hello Götz,
Am 02.09.2013 14:43, schrieb Götz Reinicke - IT Koordinator:
it's some time that I had to touch our samba installation and may be
somewon can point me to the right direction.
We run a samba-3.6.9 PDC with ldap backend and
You give almost no information about what's wrong or the details.
What version of Samba? 4.0.?
Did your install go flawlessly, and the new Samba box joined the
domain fine?
What Windows clients, Win7, XP, Vista, Win8, Win95?
Are the windows clients members of the domain?
What is holding the
a great pity... thanks for your support!
A Axel
--
Gregory Sloop, Principal: Sloop Network Computer Consulting
Voice: 503.251.0452 x82
EMail: gr...@sloop.net
http://www.sloop.net
---
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org
JY Rowland,
JY I did see those from my searches as well. However, this samba
JY configuration worked prior to migrating it to RHEL and into a more current
JY samba.
JY regards,
JY j
HI Jerome, '0x80070021' is a windows error and the most likely cause
would seem to be trying to copy a
Wild guess:
The errors I see all have to do with an account that doesn't have a
password, the password is expired etc.
Are you *sure* the account you're using to join with is valid, and
works properly in other contexts?
Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003
AB On Tue, 2013-10-08 at 10:23 -0700, Scott Goodwin wrote:
I'm using Samba 4.0.9, Bind 9.9.4 w/ dlz
My domain is example.com
My Samba4 server is myserver.example.com
myserver has two nics: 10.10.10.5 and 192.168.10.2
My externally hosted web site is www.example.com, and is hosted at
52 matches
Mail list logo