handed a non-wildcard path.
Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Steve French smfre...@gmail.com
Tested-by: Ralph Boehme s...@samba.org
Autobuild-User(master): Steve French sfre...@samba.org
Autobuild-Date(master): Thu Oct 23 20:44:31 CEST 2014 on sn
unprivileged domain user
I think the file server is correct. Windows doesn't have a user like
root.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Fri, 2013-10-11 at 14:06 -0400, Lee Allen wrote:
Steve thank you for pointing that out.
I made those changes and it does not effect the results.
'getent group UID' works
'getent group groupname' does not work, for the same group
On Fri, Oct 11, 2013 at 12:25 PM, steve st...@steve
idmap config ALLENLAN : backend = ad
idmap config ALLENLAN : range = 1-100
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Wed, 2013-10-09 at 10:18 +0200, Alessio Tomelleri wrote:
Thx Steve for your quick replay.
...and sorry for my late, but I was away in last two days, anyway here
I'am...
For first, nscd is not running anywhere...
Secondly, I have to admit that perhaps (almost sure), I have
for
the moment.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Tue, 2013-10-01 at 17:06 +1100, m...@electronico.nc wrote:
Le 01/10/2013 16:44, steve a écrit :
Hi
It looks as though the ad backend is broken in 1.11.1. At least I can't
get it going with a similar sssd.conf:
https://lists.fedorahosted.org/pipermail/sssd-devel/2013-September/016892
On Tue, 2013-10-01 at 15:48 +1100, m...@electronico.nc wrote:
Hi again,
Thanks again, Denis, Steve and Rowland for your previous answers about
RFC2307 and winbind.
Maybe I'm an dreamer but here is that I wanted to achieve :
Ubuntu server 12.04.3, samba4 as PDC, several NICS : 1 LAN and 2
On Sat, 2013-09-28 at 11:06 +1100, m...@electronico.nc wrote:
Le 27/09/2013 20:36, steve a écrit :
On Fri, 2013-09-27 at 19:09 +1100, m...@electronico.nc wrote:
Hi all,
(Trying to connect squid, postfix, dovecot, pptp, etc ... to AD)
Samba 4.0.9, as PDC, on Ubuntu 12.04.3 server
of the domain level show command is
incorrect as we can and do use all the rfc2307 attributes. I can see
that the 2008 R2 schema which ships with Samba4 also includes the
attributes.
[1] I wonder if the 2012 AD schema has rfc2307?
Cheers,
Steve
--
To unsubscribe from this list go to the following URL
be better not to use a regular user to mount the share but
instead create an unprivileged domain user, e.g. cifsuser whos sole
purpose is to mount the share. You can then mount it using the multiuser
option if other users are required to use it.
HTH
Steve
--
To unsubscribe from this list go
On Sat, 2013-09-28 at 17:11 +0200, Marc Muehlfeld wrote:
If you use the MMC,
Hi. The op cannot use MMC.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Management Console ?
Even with RFC2307 domain provision, you will have to add the uidNumber
gidNumber manually, as Steve says, you can do this with samba-tool, but
YOU have to supply these numbers, they are not incremented
automatically.
If you use the MMC, the numbers are incremented
?
Here's our version of how to do it with sssd:
http://linuxcostablanca.blogspot.com.es/2013/04/sssd-in-samba-40.html
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
that getent will pull the
information from AD.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
that comes with Samba4.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
the numbers in AD and using winbind, nss-ldapd or sssd
to retrieve them _from AD_. If you go for the latter, you remove the
need to know ranges completely.
To bypass the idmap, set
idmap_ldb use:rfc2307 = Yes
in smb.conf and forget about the ranges.
HTH
Steve
--
To unsubscribe from this list go
= SomeDomainUser
with place.txt containing:
!apache = SomeDomainUser
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
/etc/hosts has:
127.0.0.1 centos-client.mydomain.com centos-client localhost
and that you can (at least) ping the 2008 box
Then try to join the domain:
net ads join -UAdministrator
That may get you a little closer.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read
a uidNumber and a gidNumber to be able to
authenticate to a Linux system such as Samba4. You can use winbind,
nss-ldapd or sssd to do that. I'd recommend storing the numbers in AD
and pulling them direct rather than a separate mapping.
HTH
Steve
--
To unsubscribe from this list go to the following URL
Hi
How do I ldbedit this dn?
CN=*,OU=auto.users,ou=automount,DC=bar,DC=foo
It's the * that I can't get.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Sun, 2013-09-22 at 13:36 +0100, Rowland Penny wrote:
On 22/09/13 13:04, steve wrote:
Hi
How do I ldbedit this dn?
CN=*,OU=auto.users,ou=automount,DC=bar,DC=foo
It's the * that I can't get.
Cheers,
Steve
Hi Steve, how about 'ldbedit -e nano --url=ldap://server.bar.foo
On Sun, 2013-09-15 at 13:57 -0700, David Christensen wrote:
but copying and moving
didn't.
How about a big hammer? cron:
find /mnt/z/data -type f -exec chmod 777 {} \;
as often as you think users may mv or cp.
Try exec+ if they move a lot of files.
HTH
Steve
--
To unsubscribe from
\xlinuxd
When that doesn't work, try this too:
I think you'll need to set the permissions.
wbinfo -i xlinuxd
then
chown uidNumber:gidNumber /home/Users/xlinuxd
chmod 755 /home/Users/xlinuxd
In windows, it'll then appear as H:\
HTH
Steve
--
To unsubscribe from this list go to the following URL and read
On Mon, 2013-09-16 at 09:58 -0700, David Christensen wrote:
On 09/16/13 02:10, steve wrote:
How about a big hammer? cron:
find /mnt/z/data -type f -exec chmod 777 {} \;
as often as you think users may mv or cp.
Try exec+ if they move a lot of files.
Thanks for the reply. :-)
I
/private/named.conf
into /etc/bind/named.conf, Bind9 fails to start.
Ho
On Ubuntu, I think bind runs as user bind. Can bind read/get into to
beable to read the dns partition at /sam.ldb.d, /dns and dns.keytab
under /usr/local/samba/private?
HTH
Steve
--
To unsubscribe from this list go
On Sat, 2013-09-14 at 23:42 -0700, David Christensen wrote:
samba:
I am attempting to set up a group share directory on Debian Wheezy
where any user can create or place files and directories, and every
other user has full access to those files and directories. The
directory will be
-tool user add --help for the syntax details.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
/var/locks/sysvol/hh3.site/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
What's missing?
Thanks,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options
On Fri, 2013-09-13 at 09:54 +0100, Rowland Penny wrote:
On 13/09/13 09:34, steve wrote:
Hi
I re-read your post with all the info and found these:
DEFAULT_MASTER_MAP_NAME=CN=auto.master,CN=HOME,CN=defaultMigrationContainer30,DC=hh3,DC=site
SEARCH_BASE=CN=home,CN=defaultMigrationContainer30
on the
fileserver and migrate to the share.
You'll have also tested rfc2307 as per the guide, but what does:
getent passwd mikkel
give?
Something to try. . .
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options
On Mon, 2013-09-09 at 15:00 +0200, steve wrote:
Hi
I think I've managed to get the automount classes into the the schema:
ldbsearch
--url=/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=HH3,DC=SITE.ldb
| grep dn: CN=automount
dn: CN=automountKey,CN=Schema,CN
?
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
recreate the keytab? Look for the timestamp:
klist -kte /path/to/dns.keytab
The only difference I can see with our keytab is that we have:
DNS/fqdn@REALM
and
short-hostname@REALM
Maybe this isn't a keytab issue?
HTH
Steve
--
To unsubscribe from this list go to the following URL and read
= Yes
getfacl /home/privado
getfacl: Removing leading '/' from absolute path names
# file: home/privado
# owner: root
# group: Domain\040Users
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::---
Cheers,
Steve
--
To unsubscribe from this list go
On Thu, 2013-09-05 at 11:51 +0200, Volker Lendecke wrote:
On Thu, Sep 05, 2013 at 10:30:56AM +0200, steve wrote:
4.0.9 as a file server
Hi
We have a rw folder where we can share files. If a user opens a file, I
would like it to be locked so the other users can't open and edit
On Thu, 2013-09-05 at 13:34 +0200, Volker Lendecke wrote:
On Thu, Sep 05, 2013 at 01:23:14PM +0200, steve wrote:
On Thu, 2013-09-05 at 11:51 +0200, Volker Lendecke wrote:
On Thu, Sep 05, 2013 at 10:30:56AM +0200, steve wrote:
4.0.9 as a file server
Hi
We have a rw folder where we
On Thu, 2013-09-05 at 14:14 +0200, Volker Lendecke wrote:
On Thu, Sep 05, 2013 at 02:08:27PM +0200, steve wrote:
This is a feature of the SMB protocol that a client can
explicitly request. It's called share modes. There is no
option where you can enable this for all open files
On Thu, 2013-09-05 at 14:40 +0200, Helmut Hullen wrote:
Hallo, steve,
Du meintest am 05.09.13:
School classes often have projects with files that many students
will need to edit.
[...]
Also, nobody forces applications to keep files open while
they are edited. For example even
client.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Thu, 2013-09-05 at 10:25 -0700, Jeremy Allison wrote:
On Thu, Sep 05, 2013 at 06:25:15PM +0200, steve wrote:
Hi
Yeah, the lesson plan is a good idea!
LibreOffice locks files as you'd expect:) Nothing else works though. I'm
amazed that no one else has encountered this before
enough. There are scripts here:
http://linuxcostablanca.blogspot.com.es/p/s4bind.html
I'd recommend building from source.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Sun, 2013-08-25 at 12:37 +0200, Michael Wood wrote:
On 24 August 2013 22:39, steve st...@steve-ss.com wrote:
On Sat, 2013-08-24 at 20:57 +0200, Michael Wood wrote:
Hi
On 24 August 2013 19:05, steve st...@steve-ss.com wrote:
Hi
.
Hi
The problem is that each Linux client adds 0.7% to smbd. That's a
constant load. I realise it's not a Samba issue. I'll have to either
switch to another DE or revert the Linux boxes to xp.
Steve
--
To unsubscribe from this list go to the following URL and read
. Then common-account:
account requiredpam_succeed_if.so user ingroup mygroup
man pam_succeed_if
BTW, I'd strongly advise changing to the ad backend.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Sun, 2013-09-01 at 09:56 +0200, steve wrote:
On Thu, 2013-08-22 at 11:49 +, Jason Caylor wrote:
Okay, so I have an Active Directory server running on Windows Server 2012
Standard
I have configured Samba/Kerberos/Winbind on Ubuntu 13.04 to bind to the DC
properly.
I am able
On Sat, 2013-08-31 at 00:14 +0200, Luca Olivetti wrote:
Al 30/08/13 23:44, En/na steve ha escrit:
Interesting point; you've now sampled winbind, nslcd and sssd to the
same end. Have you made a decision as to which you'll be going with?
Well, the real deployment will take some time
democratically produced howtos. Thanks to
Marc for listening to us and inviting us in on hos howtos, Luca his
patience in hearing us out 'till EOT and to Rowland for keeping me sane.
OpenSource at it's best.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read
On Sat, 2013-08-31 at 17:25 +0200, Luca Olivetti wrote:
Al 31/08/13 15:23, En/na steve ha escrit:
I feel we've made progress. Next time a winbind problem gets posted,
we'll be able to refer to 3 democratically produced howtos. Thanks to
Marc for listening to us and inviting us in on hos
On Sat, 2013-08-31 at 17:53 +0200, steve wrote:
On Sat, 2013-08-31 at 17:25 +0200, Luca Olivetti wrote:
Al 31/08/13 15:23, En/na steve ha escrit:
I feel we've made progress. Next time a winbind problem gets posted,
we'll be able to refer to 3 democratically produced howtos. Thanks
On Sat, 2013-08-31 at 20:17 +0200, Luca Olivetti wrote:
Al 31/08/13 18:00, En/na steve ha escrit:
Hi
It doesn't work here either. The only way we can get it to authenicate
or join the domain is to add:
I.P.ADD.RRESS f.q.d.n short-hostname
of the DC to /etc/hosts
Steve
Oh
benefit from sssd I'd recommend the latest version which has
a proper AD backend. e.g. sssd version 1.11.1 gives you id and getent
without requiring the posixAccount objectClass.
1.11.1 is available here:
https://fedorahosted.org/released/sssd/sssd-1.11.0.tar.gz
Salu2 y suerte,
Steve
On Fri, 2013-08-30 at 11:25 +0200, Stéphane PURNELLE wrote:
Hi,
I test samba 4 for AD authentification and file-server usage.
My file-server use posix ACL (XFS filesystem) for manage acces between
user.
So I must use some trick (steve posix-tify script) for adding
posixAccount
Does anyone have a fill in the boxes type form to the new samba-tool
user add? Under Linux?
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Fri, 2013-08-30 at 18:58 +0100, Rowland Penny wrote:
On 30/08/13 18:21, Luca Olivetti wrote:
Al 30/08/13 18:54, En/na steve ha escrit:
Bueno, a ver:
We can say for certain that /etc/krb5.keytab contains the key for
nslcd-connect
make sure you have:
ldap_sasl_mech = gssapi
when it's still fresh in your
mind.
Actually both the configuration proposed by steve and yours were OK.
The
only problem was the hostname mismatch (causing the server not found in
kerberos database error) and then a faulty cyrus-sasl library.
I already filed a bug against the cyrus-sasl library
that the devs would frown upon it, but maybe we've reached the time
for a rebuild over bare metal. Rowlands suggestion of a recompile gets a
+1 from me.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Fri, 2013-08-30 at 17:45 +0100, Rowland Penny wrote:
Hi Steve, lets just get something to work for the OP first.
Agreed.
It seems we now at least have a keytab that we can use for certain. Pls
see my interim post.
--
To unsubscribe from this list go to the following URL and read
On Fri, 2013-08-30 at 19:44 +0100, Rowland Penny wrote:
On 30/08/13 19:14, steve wrote:
On Fri, 2013-08-30 at 18:58 +0100, Rowland Penny wrote:
On 30/08/13 18:21, Luca Olivetti wrote:
Al 30/08/13 18:54, En/na steve ha escrit:
Bueno, a ver:
We can say for certain that /etc/krb5.keytab
On Fri, 2013-08-30 at 20:45 +0200, Luca Olivetti wrote:
Casi, casi...
Bueno. Algo es algo, pero todavía nos falta los atributos procedentes de
AD.
Saludos,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options
On Fri, 2013-08-30 at 19:21 +0200, Luca Olivetti wrote:
Al 30/08/13 18:54, En/na steve ha escrit:
Bueno, a ver:
We can say for certain that /etc/krb5.keytab contains the key for
nslcd-connect
make sure you have:
ldap_sasl_mech = gssapi
ldap_sasl_authid = nslcd-conn...@wetron.es
On Fri, 2013-08-30 at 21:53 +0200, Luca Olivetti wrote:
http://www.spinics.net/lists/cyrus-sasl/msg02004.html
I'll try to build a version with the fix
Suerte. Good luck.
ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.26.tar.gz
--
To unsubscribe from this list go to the following
/krb5.keytab
HTH to get us closer.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Fri, 2013-08-30 at 18:42 +0200, Luca Olivetti wrote:
Al 30/08/13 18:15, En/na steve ha escrit:
On Fri, 2013-08-30 at 16:05 +0100, Rowland Penny wrote:
On 30/08/13 15:48, Luca Olivetti wrote:
Al 30/08/13 11:41, En/na Rowland Penny ha escrit:
OK, try this sssd.conf that I have altered
'
smb.conf has: winbind use default domain = Yes
Do we still need MYNET\\?
Do your users have entries for:
uidNumber
and
gidNumber
in AD?
Cheers
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
:)
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
and 7: edit /etc/nsswitch.conf _before_ you start
nslcd.
It's unfortunate we still have to cater for the old versions too. The
extra mappings slow things down considerably for large domains
especially as enumeration is enabled.
HTH
Steve
--
To unsubscribe from this list go to the following URL
On Thu, 2013-08-29 at 13:08 +0200, Marc Muehlfeld wrote:
I think most companies running Samba in production don't use the latest
versions of everything, because they run enterprise distributions like
RHEL, SLES, Debian, etc.
At work we only run self compiled software, when there's a
edit their entries e.g.:
ldbedit --url=/usr/local/samba/private/sam.ldb cn=carlos
Add a minimum of:
uidNumber: 1234567
gidNumber: 12345
Your winbind will then pull this information from AD when needed.
You can get sensible values for uidNumber from idmap e.g.:
wbinfo -i carlos
HTH
Steve
On Thu, 2013-08-29 at 19:46 +0200, steve wrote:
You can get sensible values for uidNumber from idmap e.g.:
wbinfo -i carlos
** Don't forget to change:
idmap config MYNET:range = 500-4
to include your new values. Something like:
300-310
--
To unsubscribe from this list go
On Thu, 2013-08-29 at 14:59 -0300, Carlos Alberto Borges Garcia wrote:
Still not working:
I created a test user:
dn: CN=test,CN=Users,DC=mynet,DC=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test
givenName: test
On Thu, 2013-08-29 at 20:17 +0200, Luca Olivetti wrote:
but then sssd complains that
[[sssd[ldap_child[2300 [ldap_child_get_tgt_sync] (0x0100):
Principal
name is: [HP$@WETRON.ES]
[[sssd[ldap_child[2300 [ldap_child_get_tgt_sync] (0x0100): Using
keytab [/etc/krb5.keytab]
On Thu, 2013-08-29 at 15:29 -0300, Carlos Alberto Borges Garcia wrote:
Still not working :(
Turn off nscd? Give up? Use nslcd or sssd instead?
Can't think of anything else:(
--
To unsubscribe from this list go to the following URL and read the
instructions:
On 29/08/13 20:29, Carlos Alberto Borges Garcia wrote:
But if I run:
id test
id MYNET\test
id MYNET\\test
id t...@mynet.net mailto:t...@mynet.net
I get No such ser
That should be:
id test
not:
id MYNET\\test
--
To unsubscribe from this list
On Tue, 2013-08-27 at 16:07 -0300, Bruno Vane wrote:
Hi Steve,
Seems that this attribute does not matter, see my user bruno.vane:
primaryGroupID: 513
gidNumber: 100
Hi
How are you obtaining the infromation from AD?
If you set:
gidNumber: 100
in the DN of a user, then that is what
the AD
stuff.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
samAccountName
map passwd homeDirectory unixHomeDirectory
sasl_mech GSSAPI
sasl_realm SOME.REALM
krb5_ccname /tmp/nslcd.tkt
hth to speed things up a little.
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Wed, 2013-08-28 at 10:34 +0200, Stéphane PURNELLE wrote:
Hi,
I try to use nslcd with samba 4 for get suers and group for AD.
if I do a ldapsearch, I have a message :
Server not in kerberos database
Hi
You get those errors when you are not joined to the domain. Is this the
DC or a
$
klist -k
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Wed, 2013-08-28 at 13:17 +0200, Luca Olivetti wrote:
Al 28/08/13 09:58, En/na steve ha escrit:
filter passwd (objectclass=user)
to /etc/nslcd.conf
and that gave me the missing users.
I suppose I should add also a
filter group (objectclass=group)
[...]
With recent
On Wed, 2013-08-28 at 18:37 +0200, Marc Muehlfeld wrote:
Hello,
I took this out of the OpenSSH auth in SAMBA4 LDAP thread, because it
was drifting away from it's origin question :-)
I played this afternoon a bit with nslcd and kerberos for extending my
Wiki HowTo. But as more as I read,
On Wed, 2013-08-28 at 18:37 +0200, Marc Muehlfeld wrote:
In your
blog you use k5start for that. Also Fedora 19 and RHEL6 doesn't have it
in their repositories. So something more to compile and to be ensured
that it starts and run. :-)
A quick google shows that both Fedora and Red Hut
: pruebaunix: no such user
Hi
OK then, so just compare the DN of aimaretti with that of pruebauinx.
Post them here if you like:
ldbsearch --url=/usr/local/samba/private/sam.ldb cn=aimaretti
and
ldbsearch --url=/usr/local/samba/private/sam.ldb cn=pruebaunix
Cheers,
Steve
--
To unsubscribe from
On Wed, 2013-08-28 at 19:27 +0200, Marc Muehlfeld wrote:
Am 28.08.2013 19:11, schrieb steve:
If you're happy with plain text passwords being passed over the network
then use them. There may be some admins that will not be able to do that
though, so. . .
Ok. This is an good argument I
On Wed, 2013-08-28 at 19:15 +0200, Luca Olivetti wrote:
Al 28/08/13 13:43, En/na steve ha escrit:
0.8.12 is not recent enough and those filters are needed.
I'll try 0.8.12 later but I doubt it will have changed:
I have 0.8.12
$ rpm -q nss-pam-ldapd
nss-pam-ldapd-0.8.12-3.mga3
On Wed, 2013-08-28 at 20:18 +0200, Luca Olivetti wrote:
Al 28/08/13 20:11, En/na steve ha escrit:
Hi
Without objectClass: posixAccount
you need the filter for nslcd.
IOW, for AD, you either must add it yourself or use the nslcd filter.
Windows does not need the objectClass
On Tue, 2013-08-27 at 01:39 +0200, Marc Muehlfeld wrote:
Hello Steve,
thanks for your suggestions.
Am 27.08.2013 00:40, schrieb steve:
1. Nested groups work fine with nslcd. Please use the latest version:
man nslcd.conf(5)
I use the version Redhat ships. I haven't used
machines? All users I create with ADUC
is getting UID 513. This machines are joined in the domain.
Hi
Add the attribute:
gidNumber: 100
to the DN of Domain Users.
The easiest way to do that is to:
ldbedit --url=/user/local/samba/private/sam.ldb cn=Domain\ Users
HTH
Steve
--
To unsubscribe from
On Tue, 2013-08-27 at 14:33 -0300, Bruno Vane wrote:
Hi Steve,
I did what you said, and when create the user, nothing changes:
Hi
Sorry, you have to add:
gidNumber: 100
to the DN of each user too.
Make sure that you clear the nscd cache after making any change to AD.
Steve
On Tue, 2013-08-27 at 20:11 +0200, Marc Muehlfeld wrote:
Do posixAccount/posixGroup
objectClasses have to be there normally?
No. With the AD schema, you can use all of rfc2307 without the need for
the objectclassed which define them. Just add the attributes.
HTH
Steve
--
To unsubscribe
On Mon, 2013-08-26 at 19:09 +0200, Marc Muehlfeld wrote:
passwd: files ldap
shadow: files ldap
group: files ldap
@marc
Just curious, but why are you trying to pull shadow from the directory?
--
To unsubscribe from this list go to the following URL and read the
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Mon, 2013-08-26 at 18:02 -0300, Bruno Vane wrote:
Hi Steve,
I'm adding users through ADUC, in Remote Server Administration Tool.
new users/groups added
via samba-tool or windows didn't appear.
Ah, I see. It's just that your message said samba-tool (as above
On Tue, 2013-08-27 at 00:12 +0200, Marc Muehlfeld wrote:
Am 25.08.2013 09:27, schrieb Bruno Vane:
I have some Ubuntu LTS servers running openssh server authenticating to
external openldap. I installed a new Ubuntu LTS server with Samba4 to
create a domain and is working very well. I managed
On Tue, 2013-08-27 at 00:28 +0200, Luca Olivetti wrote:
Al 26/08/13 22:54, En/na steve ha escrit:
On Mon, 2013-08-26 at 20:12 +0200, Luca Olivetti wrote:
Al 26/08/13 19:09, En/na Marc Muehlfeld ha escrit:
- Now you should be able to see all accounts (the local and domain
accounts), when
the
capitalisation and the dot.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Sat, 2013-08-24 at 23:27 +, dahopk...@comcast.net wrote:
A quick follow-on ... if I examine the local sam.ldb on the server2 via
ldbedit, it appears the information is correct, but wbinfo still reports
different numbers:
Replication OK then.
wbinfo -i Test24.User
change to AD will not be
reflected until the cache is cleared. I'm almost certain that the issue
can be cured by disabling nscd
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
security = ADS
kerberos method = secrets and keytab
username map = /home/steve/smbmap
log level = 3
[users]
path = /home/users
read only = No
smbmap:
!Administrator = HH3\Administrator
Client:
[global]
workgroup = HH3
realm = HH3.SITE
security = ADS
kerberos method = system keytab
Tested with sssd
1 - 100 of 1661 matches
Mail list logo
