he top level build, just
follow the pattern in the Makefile-smbtorture4 that was indicated.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the fo
> >
> Hi
> Sorry to open this one up again but the problem with startup times on
> openSUSe remain.
>
> The startup is now over 5 minutes. I have removed gnome keyring and the
> pkcs11 stuff.
>
> The delay is the same interactive or not. can anyone point me in t
of the many reasons why we are working on s3fs. When we are
happy with it, we will make it the default, but until then we can only
ask for your patience, and do not recommend the Samba4 DCs be used as
general file servers (ie, use it only for netlogon and sysvol).
Andrew Bartlett
--
Andrew Bartlett
tered: "logon drive"
> Ignoring unknown parameter "logon drive"
>[ OK ]
>
> Can you help me with this
You need to change these in the directory for each user. The smb.conf
is not consulted, as all this information is in AD.
Andrew Bartlett
--
Andrew Bartlett
which I
> > think is what you want.
>
> Yes. I am just wondering if this has always been the case, or if this is
> a recent feature and smb ports = 0 may have been required in earlier
> versions.
This has always been the case. This (inetd) mode of operation is the
original mode of
on details of this process.
In terms of a codename s4fs, that would imply a DC based on the ntvfs
file server, which is what we have agreed to change to be the
non-default option.
I hope this clarifies things,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~ab
a4 demonstrated, and I wish you the very best with this
little demo.
Thanks!
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following UR
On Fri, 2012-04-13 at 23:38 -0400, timothy mcdaniel wrote:
> I get a client not found in kerberos database in samba4 alpha18
> How do I fix this?
This just means the same thing as 'no such user' in kerberos-speak.
At a guess, you entered the wrong username, or it doesn't ex
de you can
run 'samba-tool fsmo transfer' or (if you have turned off the windows
DC) 'samba-tool fsmo seize'. Make sure to use master if you wish to
seize, as I've just fixed that tool.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/
On Thu, 2012-04-19 at 10:29 +0200, steve wrote:
> Hi everyone
>
> I'd like to be able to do something like this:
> samba-tool user setexpiry steve --expiry=30
> Not in windows.
>
> Is it poss. at the cl?
> Cheers,
> Steve
I think you have the syntax wrong.
ich makes the ldap password change extended
operation, so no external program is required (this is more reliable in
any case).
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubsc
ied !!!
>
> So what i've missed ?
You must use the password set/change extended operation, not a write to
userPassword.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
n a session with this new password. It seems, that
> sambaNTPassword et sambaLMPassword must be changed too ... but i don't
> know how to do it ...
There is an 'overlay' for OpenLDAP called smbk5pwd that will help here.
Andrew Bartlett
--
Andrew Bartlett
it started working..
>
>
> unfortunate, it is group policy that we can't disabled it or changeing
> it for everyone..
>
> Do you guys have any idea where i can fix the problem?
Are you using 'security=server'? security=server is incompatible with
ntlmv2.
Andrew
On Fri, 2012-04-06 at 01:38 +0300, George Diamantopoulos wrote:
> On Fri, Apr 6, 2012 at 1:17 AM, Andrew Bartlett wrote:
> >
> > George,
> >
> > Sadly I don't follow the freeNAS bug tracker as part of my daily work.
> > If you or anyone suspects a Samba issue
at least until
we release).
If you can tell me what *exactly* you think is wrong - by example of
Samba4 and Windows 2008 (available for free download), I'll happily fix
it.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
#x27;join' the server to
itself? That can cause this kind of thing.
Changing the administrator password won't be the issue, but if anything
(a join, or reset with any tool) of the machine account password
certainly could update sam.ldb but not the local
secrets.ldb/secrets.keytab.
Andrew
y Samba4's id mapping to internally honour the same id
mapping behaviour of the Samba3 winbindd you deploy on clients would be
welcome and appreciated.
Binding nss_ldap directly against any AD implementation has always been
a bad idea. We built winbindd for this reas
the trusted domain posixOffset parameter in doing that,
but we don't yet auto-allocate that posixOffset (handled on the RID
master).
There is also the issue that for proper ACL compatibility, uidNumber and
gidNumber actually causes problems - groups (domain administrators in
particular) need to
tps://wiki.samba.org/index.php/SWAT2
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mail
On Sun, 2012-03-11 at 09:26 +0700, Victor Sudakov wrote:
> Andrew Bartlett wrote:
> > >
> > > Is there a way to map all trusted domain users to the guest account?
> > >
> > > As if they were nonexistent users or users from untrusted domains.
> > &g
ver to trust,
> it would be fine too.
Try 'map to guest = bad uid'.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL an
hostname.
Unlike domain controllers, workstations (member servers) can just be
deleted by removing the machine account. ldbdel on the DN for example.
Or just join the replacement under the same name, it should take over
the account.
Andrew Bartlett
--
Andrew Bartlett
what tab to show. This in turn is determined by a sort of
objectClass values from least to most specific.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
sort this out, and check if NTLM2 session security
(NTLMSSP) also sets this. Shouldn't be too hard with a Windows member
of Samba4.
I'm sorry this has taken so many years.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Dev
eral are very difficult to handle correctly in the
general sense, because the way our code is structured, these depend on
global variables. Samba4 is structured such that multiple connections
are handled (potentially) in a single process, and so the global
variables pose a challenge.
Andrew
cular flag.
http://msdn.microsoft.com/en-us/library/cc237070%28v=prot.13%29.aspx is
the only clue I have.
It would be great if we could see some proof that this is set by
Microsoft's RADIUS server in the same situation, just to be sure we
understand it. Or we can ask Microsoft.
Andrew Bartle
netlogon SamLogon request.
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On Sat, 2012-03-03 at 12:16 +0100, NdK wrote:
> Il 03/03/2012 08:04, Andrew Bartlett ha scritto:
>
> >> I've recently setup a Squeeze box with FR and samba. Have had to use
> >> "backports" repo since 3.5.6 didn't work and (IIRC) even 3.5.10 gave
> &
server the incoming SessionSetupAndX request will make a
> system call to look up the user WambatW in the /etc/passwd file. "
>
> My question: if BERYLIUM trusts ANOTHERDOMAIN, and
> ANOTHERDOMAIN\WambatW tries to open a connection to my Samba server,
> what user will be looked
firm it should be set in this situation. (This is the same
logon_parameters that carries the 'allow machine account authentication'
flag).
I dislike the 'lie', but I'm very happy to review such a patch, I just
keep forgetting to add the handling for this myself.
Andrew Bar
NOPROBLEMO to
> SEC_SHARE :-)
I won't repost it to the list, but rest assured that a suitable memorial
will be inscribed. :-)
> And wait a few more days for comments...
Certainly,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
(no client interaction required) is samba-tool
domain samba3upgrade
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read t
On Wed, 2012-02-29 at 11:53 +1100, Andrew Bartlett wrote:
> On Tue, 2012-02-28 at 16:34 -0800, Jeremy Allison wrote:
> > On Wed, Feb 29, 2012 at 01:00:00AM +0100, Volker Lendecke wrote:
> > > to support your proposal, could you start documentation on
> > > wiki.samba.org
On Tue, 2012-02-28 at 16:34 -0800, Jeremy Allison wrote:
> On Wed, Feb 29, 2012 at 01:00:00AM +0100, Volker Lendecke wrote:
> > Andrew,
> >
> > On Wed, Feb 29, 2012 at 10:53:47AM +1100, Andrew Bartlett wrote:
> > > On Tue, 2012-02-28 at 07:30 -0500, Mike Rambo wrot
ll always be a way to allow guest access to a Samba server. We
may change the smb.conf option, but this facility will always remain.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
On Mon, 2012-02-27 at 19:45 -0500, simo wrote:
> On Tue, 2012-02-28 at 10:16 +1100, Andrew Bartlett wrote:
> > On Mon, 2012-02-27 at 17:53 -0500, David Collier-Brown wrote:
> >
> > > Am I correct in thinking this would make all shares have the same
> > > pass
users, falling back to guest if 'guest ok =
yes' was set on the share.
What will happen now is that the password will be ignored, and only the
'guest ok' will be checked, and access will be as guest.
Thanks,
Andrew Bartlett
--
Andrew Bartletthtt
On Mon, 2012-02-27 at 06:39 -0600, John H Terpstra wrote:
> On 02/27/2012 04:58 AM, Andrew Bartlett wrote:
> > I recently proposed on samba-technical that for Samba 4.0, that we
> > change security=share to have the following semantics:
> >
> > - All connections
default.
If you use security=share, and feel that your particular configuration
cannot be handled any other way, please let me know, so we can find the
best to handle your particular requirements.
Thanks,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abar
ed in the multi-protocol NAS
that I now work on, I also understand that others find that is has
caused us challenges in our internal implementation, in particular due
to the ambiguity it creates between local system users and winbind
users.
Therefore, I suspect it will not be extended.
On t
Samba fileserving work but not
> both at the same time.
Why are you trying to do both at the same time on the same principal?
Why not run NFS on a different principal? (eg add a new server-nfs
principal and set a servicePrincpalName: nfs/server)
Andrew Bartlett
--
Andrew Bartlett
ame way, and expect that tools that use AD
would just work against Samba4. Anything else is a bug.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to
On Sat, 2012-02-18 at 12:50 +0100, steve wrote:
> On 02/18/2012 10:31 AM, Andrew Bartlett wrote:
> > On Fri, 2012-02-10 at 19:37 +0100, steve wrote:
> >> samba-tool user add nfs-u
> >> New Password:
> >> ERROR(ldb): Failed to add user 'nfs-u': -
ing FascistCheck() function only wants the prefix,
without the extension.
> 4) How may we list/modify contents of pw_dict.pwd?
I don't think you can. But you can instead change crackcheck to also
check your personal dictionary of banned passwords.
Andrew Bartlett
--
Andrew Bartlett
, and so you may be hitting new ground from time to time. Rest
assured that I will keep trying to assist where I can, but you can also
help by chasing down some of the debugging steps yourself.
Thanks,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
C=site
> changetype: modify
> replace: primarygroupid
> primarygroupid: 1134
>
> It works.
primaryGroupID is special, but you may have found a bug in the handler
for it. We have to confirm that the value being selected does not
conflict with the existing group memberships.
Andre
uot;allow_weak_crypto = true" to communicate with existing Kerberos
> infrastructures if they do not support stronger ciphers.
>
>
>
> Does/will this apply to us?
Heimdal did this a long time ago, so yes. If you wish to use DES, you
have to set that in y
it rw for 'radius' group (or a new group
> I'll make 'radius' user a member)?
This will essentially make radius run as root, as users with access to
secrets.tdb can fake incoming kerberos tickets for any user.
Andrew Bartlett
--
Andrew Bartlett
get:
> Version of "/usr/local/samba/lib/bind9/dlz_bind9.so" should be 2.
>
> I'm stumped, what should I do?
Clearly the bind9 folks have revved the interface. Use bind 9.8 for
now.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~ab
oler'
> error 'SAMBA_4.0.0ALPHA18_DEVELOPERBUILD' not found
>
> stdout and stderr in attached file
If you wish to run provision from the source directory, you need to
rebuild the libs it depends on, by again running 'make' as we relinked
them for the instal
ust be expecting AD. If that is the case, then
running Samba4 as an AD DC would be the supported solution from the
Samba Team.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubsc
n
an AD domain (which we are providing with Samba4), but do not assume
that they will be hostile.
If they claim an interoperability issue, we can refer that to the group
within Microsoft that specifically deals with interoperability issues
for us.
Andrew Bartlett
--
Andrew Bartlet
ation there. Simply remove this line and use a
local passdb for the local users - communication between Samba member
servers and Samba3 DCs is not over LDAP.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team
ure joining likewise to Windows 2008, you
are asking the wrong list, so perhaps you could give more detail as to
which exact Samba versions you are using, and in what roles.
Thanks,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Devel
On Fri, 2012-01-27 at 08:40 +0100, steve wrote:
> On 01/27/2012 05:37 AM, Andrew Bartlett wrote:
> > On Sun, 2012-01-22 at 15:32 +0100, steve wrote:
> >
> >> even though I've made a ldap/hh3.site principal:
> >> hh3:/tmp # samba-tool spn add ldap/hh3.site Ad
it will collect the correct ticket,
and Samba will decrypt it.
Thanks,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL
d the right way to describe the great things that
upgradeprovision does, and how it relates to dbcheck (also required at
times) and when to run both.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://sa
Base DN
specification and defaults changed mid last year.
> and
>
> # ldapwhoami -H ldap://samba4.kzsdabas.hu -Y GSSAPI
> SASL/GSSAPI authentication started
> SASL username: administra...@kzsdabas.hu
> SASL SSF: 56
> SASL data security layer installed.
> ldap_parse_
he new Samba auth
> method. That is a pretty slick idea and if it does not exist for LDAP or
> TDBSAM, I do wonder why not.
This migration should still be avilable, but the slow process of waiting
for correct passwords may or may not work in your environment.
Andrew Bartlett
--
Andrew Bartl
ed to allocate a new UID, as Microsoft's
implementation has no allocation procedure to use as a pattern.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from t
t;
> > I thanked Jonathan Corbet personally, because indeed, it is a great
> > write-up of the talk we gave.
> >
> > Andrew Bartlett
> >
>
> Could this article be posted in this list, please?
> I don't have access to that site.
That's what the
s):
https://lwn.net/SubscriberLink/475592/263ca50b47faccfb/
> Really good overview of our current status.
I thanked Jonathan Corbet personally, because indeed, it is a great
write-up of the talk we gave.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~a
w Administrator
> > ticket every 10 hours?
> >
> > Thanks,
> > Steve
> >
> >
> That looks really strange.
Indeed. Samba does not require a valid ticket in /tmp/krb5cc_0 to
operate. It creates it's own internal credentials cache when requ
s the terminal server stuff needed here.
http://msdn.microsoft.com/en-us/library/ff635189%28v=PROT.10%29.aspx
See also threads about userParameters on the cifs-protocol list, as we
work out how to deal with this for Samba4.
Andrew Bartlett
--
Andrew Bartlett
provide the arcfour-hmac-md5 Kerberos key
(which is the most important one anyway, as it is the most used).
The Samba3 migration command is 'samba-tool domain samba3upgrade'.
I hope this helps,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet
ell have been
stripped by the mailing list software).
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions
ba GIT master branch. This can migrate from
any Samba3 backend to Samba4.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following UR
x27;samba-tool domain samba3upgrade'.
Please use that from current GIT, as we have recently fixed some
show-stopper bugs with it.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Bind, Ntp and Samba4 work together on Debian Lenny. How can I do it?
Make a wiki account, and then let me know the username. Try not to make
a duplicate of the main HOWTO, but feel free to create a page with
distribution-specific assistance.
Andrew Bartlett
--
Andrew Bartlett
ng this cifsupcall feature but
> then got the same errors using testparm. So maybe this feature is
> required for the 'ads' option and 'realm' parameter. Arg -- does this
> indicate my krb5 libraries are too old and missing some new function?
Did you make clean?
A
the valgrind log without success.
The other script around is the 'myldap-pub.py' script, which has been
used for real-life s3 -> AD migrations, via Samba4.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba T
server.
>
> Does anybody know if this is even possible with Samba4?
Yes, this is exactly what Samba4 provides. Simply move the FSMO roles
to Samba4 before you remove the Windows 2003 DC, and copy the sysvol
share manually (we do not yet sync files using FRS, but we are working
hard to
For krb5.conf, set
[libdefaults]
dns_lookup_kdc = true
It is actually less work to have this 'do the right thing' than to
hard-code a single server :-)
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team
er supported. We just have not
finished removing the code.
The only backend we support is the internal LDB backend.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe
al changes to the
> exchange host - I need that working for a short while longer.
I would love to suggest a Samba solution, but why not join an additional
Windows DC in Window 2000 'mixed mode', so your desktops can join that?
The NT4 server should I think remain a BDC to that domain (aft
Read Only DC, and
allow the local users to have their passwords cached on that DC.
That can be done with Samba4 or Windows 2008.
Technically, only other option would be to use kerberos to the proxy, as
that will not have the same latency. (However, the support in Samba for
this mode is poor at the mo
me. Which version of Samba
was this? Have you tried compiling Samba4 from source?
Upgrading to the latest ubuntu may help, but the best option is simply
to compile the latest Samba4 from source.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Aut
nt/base -Uuser1%base_ubuntu raw.*
We renamed the tests from RAW-* to raw.* a while ago. My guess is that
the smbtorture binary you are currently running would be a very old one
from our Samba 3.x releases, which is not where most of our testsuite
development occurs.
Andrew Bartlett
--
Andrew
nbindd, but critcially, by using the ./configure and make
in the top level (not under source3) you will build with our new build
system. It handles things like -rpath automatically, so you don't need
LD_LIBRARY_PATH tricks.
(You will still need openldap-devel as recommended).
Andrew
DC records so the
> windows client can find the PDC.
>
> http://www.linuxquestions.org/questions/linux-networking-3/does-samba-pdc-need-dns-544436/
I'm sorry, but almost every suggestion in that forum post is wrong.
If you are joining Windows 7 to Samba (3.x) domain controllers, fol
tentionally) modify the DB, but it must read it at runtime,
not via an LDIF file.
Be very careful to note that once a Windows clients finds a domain has
been upgrade to AD, some NT4 features like poledit style NT4 system
policy will no longer work, even if the AD servers are turned off.
Andre
ctly, if you
wiped everything and a reinstall using exactly the same commands doesn't
work.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go
ns why we spent so much time and
effort on building an AD domain controller.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the follo
eed to use a Windows client and a copy of the AD admin tools,
known by names such as the Remove Server Administration Tools (RSAT)).
Andrew Bartlett
--
Andrew Bartlett
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
ld not authenticate user with challenge/response
wbinfo -a is a diagnostic interface. Having space in an NTLM password
will make not difference when connecting from CIFS clients.
Andrew Bartlett
--
Andrew Bartlett
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
n/samba_backup for a script to help with this.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
wiki yet.
'samba-tool join' has become 'samba-tool domain join'
> along with the usage of the command, next I fall back to bin/net in
> the source directory which replies with:
If you have a bin/net binary, it will be very old, and will not link
with the rest of Samba.
The rest of Samba4 is simply not packaged in the RHEL6 RPMs.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instruct
ween types of
contributions. It would have been really good to have their experiences
in the wiki - and I'm sure the same applies to build fixes and other
small but important changes.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartl
In this case it appears to be a real failure, of the
smbd binary failing the raw.open test.
This may be intermittent, or it may be an issue with that code on your
platform. I would be particularly interested if 'make test' passes
when a build is made from under 'source3' with
'Samba3' binaries in an AD domain provided by Samba4).
These failures do not indicate any particular issue with the Samba
codebase, I just need to ensure we skip more tests in this situation.
Andrew Bartlett
--
Andrew Bartlett
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
CIFS proxy supports both accepting forward-able Kerberos
tickets, and newly developed by metze) using S2U4Proxy to get the
tickets itself.
Andrew Bartlett
--
Andrew Bartlett
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
ting to expecting only cleartext passwords from clients.
We would love to, but it is simply cryptographically impossible.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubsc
f users have reported various issues here, which we are yet to
resolve.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and
w2k3 server is used and I couldn't make it this way.
>
> I also tried installing ntpd.
> I'm using Samba4 alpha 15 in a Debian Lenny Box.
ntpd needs to be configured to talk to Samba4. This looks like an
accurate guide:
http://www.whitemiceconsulting.com/2010/12/configuratio
from a Windows client dropping it's HTTP connection
part-way though the handshake. HTTP keep-alives play into this as well
(that's how the 3-way handshake is maintained over 'stateless' HTTP).
Andrew Bartlett
--
Andrew Bartletthttp://
%U'
In any case, both settings are not supported in Samba4.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and re
d user can
request the current time encrypted with the account's password, allowing
an offline attack. It should not ever be set in my view.
The reason the unix clients attempt a login without pre-authentication
is to obtain the salt returned in the reply. It should not be regarded
as an e
trust my test domain with a existent windows AD domain, is
> possible?
> exist an HOWTO that described this procedure?
>
> thanks.
I'm sorry to say that Samba4 does not support domain trusts at the
moment.
Andrew Bartlett
--
Andrew Bartletthttp
701 - 800 of 2760 matches
Mail list logo