On Tue, 2013-08-27 at 16:07 -0300, Bruno Vane wrote:
Hi Steve,
Seems that this attribute does not matter, see my user bruno.vane:
primaryGroupID: 513
gidNumber: 100
Hi
How are you obtaining the infromation from AD?
If you set:
gidNumber: 100
in the DN of a user, then that is what will
On Wed, 2013-08-28 at 00:06 +0200, Luca Olivetti wrote:
Al 27/08/13 23:02, En/na Rowland Penny ha escrit:
If nslcd needs the posix objectclasses, then that is their bug, windows
does not use them so Samba 4 doesn't either.
I wouldn't be so sure, since many (all?) of the attributes
On Wed, 2013-08-28 at 00:30 +0200, Luca Olivetti wrote:
Al 27/08/13 23:56, En/na Gary Greene ha escrit:
If you set it up with '--use-rfc2307', nslcd needs configured as though it
is talking to an SFU 3.5 DC. The RFC 2307bis attributes never add
additional classes to the AD member
On 27/08/13 23:06, Luca Olivetti wrote:
Al 27/08/13 23:02, En/na Rowland Penny ha escrit:
If nslcd needs the posix objectclasses, then that is their bug, windows
does not use them so Samba 4 doesn't either.
I wouldn't be so sure, since many (all?) of the attributes specified by
rfc2307 are
Hi,
I try to use nslcd with samba 4 for get suers and group for AD.
if I do a ldapsearch, I have a message :
Server not in kerberos database
if I do a getent passwd, nslcd display same error message.
log of samba4:
[2013/08/28 10:15:47, 3]
On Wed, 2013-08-28 at 10:34 +0200, Stéphane PURNELLE wrote:
Hi,
I try to use nslcd with samba 4 for get suers and group for AD.
if I do a ldapsearch, I have a message :
Server not in kerberos database
Hi
You get those errors when you are not joined to the domain. Is this the
DC or a
Hi,
On the DC
File-server and DC are on the same server.
---
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
samba-boun...@lists.samba.org wrote on 28/08/2013
On Wed, 2013-08-28 at 11:03 +0200, Stéphane PURNELLE wrote:
Hi,
On the DC
File-server and DC are on the same server.
Hi
Is it really there?
nslookup admin01
ldbsearch --url=/usr/local/samba/private/sam.ldb cn=admin01
samba-tool domain exportkeytab /tmp/test.keytab --principal=ADMIN01$
Hi Steve
nslookup : OK
ldbsearch --url=/usr/local/samba/private/sam.ldb cn=admin01: see output
file steve2.log
samba-tool domain exportkeytab /tmp/test.keytab --principal=ADMIN01$: see
output file steve3.log
klist -k: see output file steve4.log
This last command has a bad result for
Al 28/08/13 09:58, En/na steve ha escrit:
filter passwd (objectclass=user)
to /etc/nslcd.conf
and that gave me the missing users.
I suppose I should add also a
filter group (objectclass=group)
[...]
With recent versions of nslcd, neither of the filters are needed and
serve only to slow
On Wed, 2013-08-28 at 13:17 +0200, Luca Olivetti wrote:
Al 28/08/13 09:58, En/na steve ha escrit:
filter passwd (objectclass=user)
to /etc/nslcd.conf
and that gave me the missing users.
I suppose I should add also a
filter group (objectclass=group)
[...]
With recent
Hi samba team,
, We have recently moved samba to 4.0.7 since then acl are not working when
we try to set any deny permission from windows hosts. The error is as shown
below in log.smbd
[2013/08/21 02:49:36.322907, 0]
../source3/smbd/posix_acls.c:1814(add_current_ace_to_acl)
Hello again,
I wanted to notify everybody that I managed to overcome this problem.
The issue was that CN=MicrosoftDNS,DC=ForestDnsZones,... branch was
missing because
the Forest was operating in Windows 2000 native functional level.
The thing that I did was, transfer all FSMO roles back to
Hi all,
I can't seem to figure this one out.
I have a test rig Samba 4 VM up and running nicely. Have imported my old
Samba 3 directory and am using nslcd to get users and groups back to *nix.
I have a perl login script which generates on-the-fly .bat scripts per user
as they login using the
Update on this.
It appears that the groups command is working, it takes a while to filter
through for some reason (like, about 15 minutes). Any ideas why it should
be so slow to update?
c:)
On 28 August 2013 16:17, Chris Alavoine chr...@acs-info.co.uk wrote:
Hi all,
I can't seem to figure
Hi,
I have a setup where two Domain's exist. 1 domain is in a DMZ and the other
on an internal network. Both running Window 2003 R2. They have an external
NTLM trust setup between them, from DMZ to Internal.
Linux clients in the DMZ are joined to the DMZ AD. I'm trying to get the
Linux clients
Hi,
I know that Trusts are not finished but Samba can be Trusted.
I sucessfully finished a trust between Windows 2003 Domain (PREFDOM)
and Samba4 (PREFEITURA). PREFDOM trusts PREFEITURA.
It works fine.
Now, I'm trying to establish a new trust between another Windows 2003
Domain (SIA)
and
Wow! I'm impressed! :-) I also ensured that the domain was at 2003
native but with no improvement.
When you say that in the DNS tool I configured forest wide zone
replication, is that the Win DNS MMC or samba-tool? Can you be
specific? That may have been my problem.
Thanx,
Garth
On
Hello,
I took this out of the OpenSSH auth in SAMBA4 LDAP thread, because it
was drifting away from it's origin question :-)
I played this afternoon a bit with nslcd and kerberos for extending my
Wiki HowTo. But as more as I read, one question comes bigger and bigger:
What are the
On Wed, 2013-08-28 at 18:37 +0200, Marc Muehlfeld wrote:
Hello,
I took this out of the OpenSSH auth in SAMBA4 LDAP thread, because it
was drifting away from it's origin question :-)
I played this afternoon a bit with nslcd and kerberos for extending my
Wiki HowTo. But as more as I read,
Ok, I figured out a way to make all this work in my case. I made Exim use
Dovecot LDA transport instead of local delivery. With dovecot_delivery
transport you can specify -d username (would be -d $local_part in case
of Exim), which will trigger the same userdb lookup that Dovecot will do
later to
On Wed, 2013-08-28 at 18:37 +0200, Marc Muehlfeld wrote:
In your
blog you use k5start for that. Also Fedora 19 and RHEL6 doesn't have it
in their repositories. So something more to compile and to be ensured
that it starts and run. :-)
A quick google shows that both Fedora and Red Hut
Al 28/08/13 13:43, En/na steve ha escrit:
0.8.12 is not recent enough and those filters are needed.
I'll try 0.8.12 later but I doubt it will have changed:
I have 0.8.12
$ rpm -q nss-pam-ldapd
nss-pam-ldapd-0.8.12-3.mga3
With the filter (aimaretti is a migrated user, pruebaunix is a new
Am 28.08.2013 19:11, schrieb steve:
If you're happy with plain text passwords being passed over the network
then use them. There may be some admins that will not be able to do that
though, so. . .
Ok. This is an good argument I haven't tought about. In production I
have used LDAPS. But the
On Wed, 2013-08-28 at 19:15 +0200, Luca Olivetti wrote:
Without the filter
$ id aimaretti
uid=1234(aimaretti) gid=513(Domain Users) grups=513(Domain
Users),675(intranet),676(portal),507(devel)
$ id pruebaunix
id: pruebaunix: l’usuari no existeix
$ LC_ALL=en id pruebaunix
id:
On Wed, 2013-08-28 at 19:27 +0200, Marc Muehlfeld wrote:
Am 28.08.2013 19:11, schrieb steve:
If you're happy with plain text passwords being passed over the network
then use them. There may be some admins that will not be able to do that
though, so. . .
Ok. This is an good argument I
Al 28/08/13 19:30, En/na steve ha escrit:
On Wed, 2013-08-28 at 19:15 +0200, Luca Olivetti wrote:
Without the filter
$ id aimaretti
uid=1234(aimaretti) gid=513(Domain Users) grups=513(Domain
Users),675(intranet),676(portal),507(devel)
$ id pruebaunix
id: pruebaunix: l’usuari no
On Wed, 2013-08-28 at 19:15 +0200, Luca Olivetti wrote:
Al 28/08/13 13:43, En/na steve ha escrit:
0.8.12 is not recent enough and those filters are needed.
I'll try 0.8.12 later but I doubt it will have changed:
I have 0.8.12
$ rpm -q nss-pam-ldapd
nss-pam-ldapd-0.8.12-3.mga3
Al 28/08/13 20:11, En/na steve ha escrit:
Hi
Without objectClass: posixAccount
you need the filter for nslcd.
IOW, for AD, you either must add it yourself or use the nslcd filter.
Windows does not need the objectClass. nslcd does unless you want to
filter everything.
Thank you, I
To clarify things a bit for others with the same problem, I will try to
explain exact things that I did.
Like I said, one of my issues was that the domain was functioning in
level 2003 native, but the forest remained in the 2000 native
functioning level.
So you need to be sure that both
Oi,
Simple bind method: Create a user, add the credentials to the root only
readable file nslcd.conf. Done
Kerberos: Create user, add a SPN, extract keytab, edit nslcd.conf (ok.
This is all done only once.). But then, if I understand it right, I need
something that renews the kerberos ticket
Many thanks! I'll give this a try.
See ya...
Garth
On 08/28/2013 01:18 PM, Antun Horvat wrote:
To clarify things a bit for others with the same problem, I will try
to explain exact things that I did.
Like I said, one of my issues was that the domain was functioning in
level 2003 native, but
On Wed, 2013-08-28 at 20:18 +0200, Luca Olivetti wrote:
Al 28/08/13 20:11, En/na steve ha escrit:
Hi
Without objectClass: posixAccount
you need the filter for nslcd.
IOW, for AD, you either must add it yourself or use the nslcd filter.
Windows does not need the objectClass.
Al 28/08/13 23:09, En/na steve ha escrit:
Yeah, nslcd works well, but for AD funcionality and speed, sssd is the
only way to go for nss on Samba4 or any m$ server.
Just my €0.02
I'll try it. I only used nslcd because that's what was suggested in the
samba wiki.
Bye
--
Luca Olivetti
Wetron
On Mon, 2013-08-26 at 22:39 +0530, Prema wrote:
Dear Andrew,
As per your suggestion , I have attached the gdb log of the samba and
smbd process log running in the single server mode.
Also when I noted in the perf top, libndr.so consumes the maximum cpu.
I noticed that it happens
Hi,
I have one Samba4 server running as Active Directory Domain Controller.
It's working like a charm.
So I needed to add another server to be a Member Server (File Server).
The server is running samba-4.0.9.
Configured and compiled ok:
./configure --prefix=/usr/local/samba --sysconfdir=/etc
On Wed, 2013-08-28 at 20:11 -0300, Carlos Alberto Borges Garcia wrote:
Hi,
I have one Samba4 server running as Active Directory Domain Controller.
It's working like a charm.
So I needed to add another server to be a Member Server (File Server).
The server is running samba-4.0.9.
Am 29.08.2013 00:10, schrieb Luca Olivetti:
Yeah, nslcd works well, but for AD funcionality and speed, sssd is the
only way to go for nss on Samba4 or any m$ server.
Just my €0.02
I'll try it. I only used nslcd because that's what was suggested in the
samba wiki.
The Winbind and sssd Howto
On Sun, 2013-08-25 at 18:50 +0100, Tris Mabbs wrote:
Probably should have posted this to samba-technical in the
first place, so re-posting in case anyone has any useful ideas .
From: Tris Mabbs
Sent: 12 August 2013 23:08
To: 'samba@lists.samba.org'
Subject: Odd Samba
Am 27.08.2013 10:52, schrieb Marc Muehlfeld:
I had a short search for 0.8 and it seems that since that, some
comfortable changes where done for AD.
If I have time tonight, I'll compile the latest version and try to find
out the differences and comment my examples accordingly. Then the users
can
The branch, master has been updated
via 91186fc s3: fix missing braces in nfs4_acls.c
from 617c647 Fix valgrind errors with memmove and talloc pools.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
The branch, master has been updated
via 6e3650e torture: Add buffercheck tests
via 1b1935b smbd: Correctly return INFO_LENGTH_MISMATCH for smb1
via 5634f24 smbd: Fix error return for STREAM_INFO
via b37edda smbd: Revert a93f9c3
via 40f6002 smbd: Correctly
The branch, master has been updated
via 4dd1523 docs: Add man samba-regedit.8.
from 6e3650e torture: Add buffercheck tests
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit
The branch, 1.2.40 has been updated
via 91f522f928f28b3c3463963aedd71a251545b910 (commit)
via dec866151a85cd2574a1e6acefc0125386fe854b (commit)
via 91d60247b360b032a987604f60220176d350daa2 (commit)
via b0d147dbac28a4dd9a5d002ded3f0d0488009ebc (commit)
via
The annotated tag, ctdb-1.2.67 has been created
at 6256a5fce84f13ed3d5b1a7ef23c2d552eed2e07 (tag)
tagging 91f522f928f28b3c3463963aedd71a251545b910 (commit)
replaces ctdb-1.2.66
tagged by Amitay Isaacs
on Thu Aug 29 14:34:10 2013 +1000
- Log
45 matches
Mail list logo