Re: [Samba] Synchronising password of some AD users with an external LDAP?
There is a way to sync passwords. It's not perfect but it works if you can live with passwords stored as reversible encryption in samba4. 1. Allow clear text password by using samba-tools 2. Enable reversible encryption on each user (can be done with ms ad tool) 3. Make a query and use samba python lib to decode the attribute that holds the password. I made a python script just for this that I use to sync passwords to google apps. The downside is that the passwords are in clear text but my network is well secured so I'm fine with that. And the script has to run as a daemon or in cron. But it works. If you are interested I can share my script when I'm back at the office. Skickat från min iPhone 26 feb 2013 kl. 17:30 skrev Gregory Sloop gr...@sloop.net: PLJJ I know that if I were running a Windows AD, I could most likely PLJJ accomplish what I want with--if nothing else--the 389 DS by using PLJJ DS-provided Password Sync Service (see PLJJ https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html PLJJ for more information). This is way over my head, in terms of expertise - but since the AD should function identically to the Windows AD setup, it may well work just fine, even though the back-end isn't a Windows AD box, but a Samba4 AD. PLJJ Read the guide on the page that I linked. The said Password Sync Service PLJJ is a Windows application. It installs a new password filtering DLL and a PLJJ system service to a Windows DC. PLJJ Samba, on the other hand, hardly runs on Windows. And even if it can be PLJJ run (by compiling under Cygwin, perhaps?) it would be rather pointless. Sorry, I missed that - I did do a very cursory scan and didn't see anything Windows specific. Guess that's what happens when you scan a little too quickly/lightly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 as domain member and file server
Hi guys, I'm having trouble setting up my file server running Samba 4 (4.0.3). I had no problem joining the domain (also a Samba 4 (4.0.3) with AD) but I can't get the ACL to work properly. I'm sure my settings are wrong and hoping for some help. When I try to set a user permission I get this error: setfacl -m u:administrator:rwx test3.txt setfacl: test3.txt: Malformed access ACL `user::rw-,group::r--,group:adm:rwx,mask::rwx,other::r--,user:4294967295:rwx': Missing or wrong entry at entry 6 Byt when I try to set a group I don't get any error, but the settings does not stick: root@sto-file01:/var/files# setfacl -m g:domain users:rwx test3.txt root@sto-file01:/var/files# getfacl test3.txt # file: test3.txt # owner: root # group: root user::rw- group::r-- group:adm:rwx mask::rwx other::r-- My smb.conf: # Global parameters [global] workgroup = CORP realm = corp.lo netbios name = STO-FILE01 security = ADS encrypt passwords = Yes map untrusted to domain = Yes idmap backend = ad winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap config corp:range = 1000-20 idmap config corp:schema_mode = rfc2307 idmap config corp:backend = ad create mask = 0777 directory mask = 0777 [files] path = /var/files read only = No Wbinfo: wbinfo -i jjn jjn:*:4294967295:4294967295:Johan Johansson:/home/CORP/jjn:/bin/false getfacl: getfacl test3.txt # file: test3.txt # owner: root # group: root user::rw- group::r-- group:adm:rwx mask::rwx other::r-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 as domain member and file server
Hi guys, I'm having trouble setting up my file server running Samba 4 (4.0.3). I had no problem joining the domain (also a Samba 4 (4.0.3) with AD) but I can't get the ACL to work properly. I'm sure my settings are wrong and hoping for some help. When I try to set a user permission I get this error: setfacl -m u:administrator:rwx test3.txt setfacl: test3.txt: Malformed access ACL `user::rw-,group::r--,group:adm:rwx,mask::rwx,other::r--,user:4294967295:rwx': Missing or wrong entry at entry 6 Byt when I try to set a group I don't get any error, but the settings does not stick: root@sto-file01:/var/files# setfacl -m g:domain users:rwx test3.txt root@sto-file01:/var/files# getfacl test3.txt # file: test3.txt # owner: root # group: root user::rw- group::r-- group:adm:rwx mask::rwx other::r-- My smb.conf: # Global parameters [global] workgroup = CORP realm = corp.lo netbios name = STO-FILE01 security = ADS encrypt passwords = Yes map untrusted to domain = Yes idmap backend = ad winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap config corp:range = 1000-20 idmap config corp:schema_mode = rfc2307 idmap config corp:backend = ad create mask = 0777 directory mask = 0777 [files] path = /var/files read only = No Wbinfo: wbinfo -i jjn jjn:*:4294967295:4294967295:Johan Johansson:/home/CORP/jjn:/bin/false getfacl: getfacl test3.txt # file: test3.txt # owner: root # group: root user::rw- group::r-- group:adm:rwx mask::rwx other::r-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: Samba4 and Google Apps Password Sync
I managed but I requires som settings for how password are stored. I punished my code to github. Feel free to test and use. https://github.com/baboons/samba4-gaps Skickat från min iPhone 1 mar 2013 kl. 16:14 skrev Börje Johnsson borje.johns...@hrmsoftware.se: Hi Sounds like an interesting problem. I would also hear if someone has managed to do this. -- Forwarded message -- From: Johan Johansson jo...@baboons.se Date: 2013/2/25 Subject: [Samba] Samba4 and Google Apps Password Sync To: samba@lists.samba.org Hi there! I'm trying to sync password changes made in Samba4 to Google Apps. Has anyone manage to to this? Thank you -- Best regards Johan Johansson Director Phone: 0704-745209 Email: johan@ jo...@capishe.sebaboons.se -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Dynamic DNS updates not working
' rr_type : DNS_QTYPE_ (0x1C) rr_class : DNS_QCLASS_ANY (0xFF) ttl : 0x (0) length : 0x (0) rdata: union dns_rdata(case 0x1C) ipv6_record : (null) unexpected : DATA_BLOB length=0 [2013/02/28 16:30:00, 2] ../source4/dns_server/dns_update.c:395(handle_one_update) Looking at record: [2013/02/28 16:30:00, 2] ../source4/dns_server/dns_update.c:396(handle_one_update) [2013/02/28 16:30:00, 1] ../librpc/ndr/ndr.c:245(ndr_print_debug) discard_const(update): struct dns_res_rec name : 'sto-print01.corp.lo' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_ANY (0xFF) ttl : 0x (0) length : 0x (0) rdata: union dns_rdata(case 0x1) ipv4_record : (null) unexpected : DATA_BLOB length=0 [2013/02/28 16:30:00, 2] ../source4/dns_server/dns_update.c:395(handle_one_update) Looking at record: [2013/02/28 16:30:00, 2] ../source4/dns_server/dns_update.c:396(handle_one_update) [2013/02/28 16:30:00, 1] ../librpc/ndr/ndr.c:245(ndr_print_debug) discard_const(update): struct dns_res_rec name : 'sto-print01.corp.lo' rr_type : DNS_QTYPE_A (0x1) rr_class : DNS_QCLASS_IN (0x1) ttl : 0x04b0 (1200) length : 0x0004 (4) rdata: union dns_rdata(case 0x1) ipv4_record : 192.168.1.40 unexpected : DATA_BLOB length=0 x[2013/02/28 16:32:24, 2] ../source4/rpc_server/dnsserver/dnsdb.c:140(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone 1.168.192.in-addr.arpa [2013/02/28 16:32:24, 2] ../source4/rpc_server/dnsserver/dnsdb.c:140(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone . [2013/02/28 16:32:24, 2] ../source4/rpc_server/dnsserver/dnsdb.c:140(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone corp.lo [2013/02/28 16:32:24, 2] ../source4/rpc_server/dnsserver/dnsdb.c:140(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone _msdcs.corp.lo -- Best regards Johan Johansson Director Phone: 0704-745209 Email: johan@ jo...@capishe.sebaboons.se -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 and Google Apps Password Sync
Hi there! I'm trying to sync password changes made in Samba4 to Google Apps. Has anyone manage to to this? Thank you -- Best regards Johan Johansson Director Phone: 0704-745209 Email: johan@ jo...@capishe.sebaboons.se -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba