I can change user's password on remote win-host with smbpasswd
(smbpasswd - r -U ). And I see that smbpasswd
uses source3/libsmb/passchange.c, but I can't find any bindings to do
this from python. Is there python way for changing remote password?
--
Kurbanov Azat,
e-mail: cordal...@gmail.com
--
Am 27.08.2013 10:52, schrieb Marc Muehlfeld:
I had a short search for 0.8 and it seems that since that, some
comfortable changes where done for AD.
If I have time tonight, I'll compile the latest version and try to find
out the differences and comment my examples accordingly. Then the users
can
On Sun, 2013-08-25 at 18:50 +0100, Tris Mabbs wrote:
> Probably should have posted this to "samba-technical" in the
> first place, so re-posting in case anyone has any useful ideas .
>
>
>
> From: Tris Mabbs
>
> Sent: 12 August 2013 23:08
> To: 'samba@lists.samba.org'
> Subject
Am 29.08.2013 00:10, schrieb Luca Olivetti:
Yeah, nslcd works well, but for AD funcionality and speed, sssd is the
only way to go for nss on Samba4 or any m$ server.
Just my €0.02
I'll try it. I only used nslcd because that's what was suggested in the
samba wiki.
The Winbind and sssd Howto is
On Wed, 2013-08-28 at 20:11 -0300, Carlos Alberto Borges Garcia wrote:
> Hi,
>
> I have one Samba4 server running as Active Directory Domain Controller.
> It's working like a charm.
>
> So I needed to add another server to be a Member Server (File Server).
>
> The server is running samba-4.0.9.
Hi,
I have one Samba4 server running as Active Directory Domain Controller.
It's working like a charm.
So I needed to add another server to be a Member Server (File Server).
The server is running samba-4.0.9.
Configured and compiled ok:
./configure --prefix=/usr/local/samba --sysconfdir=/etc
-
On Mon, 2013-08-26 at 22:39 +0530, Prema wrote:
>
>
> Dear Andrew,
>
>
> As per your suggestion , I have attached the gdb log of the samba and
> smbd process log running in the single server mode.
>
> Also when I noted in the perf top, libndr.so consumes the maximum cpu.
> I noticed that it h
Al 28/08/13 23:09, En/na steve ha escrit:
> Yeah, nslcd works well, but for AD funcionality and speed, sssd is the
> only way to go for nss on Samba4 or any m$ server.
> Just my €0.02
I'll try it. I only used nslcd because that's what was suggested in the
samba wiki.
Bye
--
Luca Olivetti
Wetron
On Wed, 2013-08-28 at 20:18 +0200, Luca Olivetti wrote:
> Al 28/08/13 20:11, En/na steve ha escrit:
>
> > Hi
> > Without objectClass: posixAccount
> > you need the filter for nslcd.
> >
> > IOW, for AD, you either must add it yourself or use the nslcd filter.
> >
> > Windows does not need the ob
Many thanks! I'll give this a try.
See ya...
Garth
On 08/28/2013 01:18 PM, Antun Horvat wrote:
To clarify things a bit for others with the same problem, I will try
to explain exact things that I did.
Like I said, one of my issues was that the domain was functioning in
level 2003 native, but
Oi,
Simple bind method: Create a user, add the credentials to the root only
readable file nslcd.conf. Done
Kerberos: Create user, add a SPN, extract keytab, edit nslcd.conf (ok.
This is all done only once.). But then, if I understand it right, I need
something that renews the kerberos ticket fro
To clarify things a bit for others with the same problem, I will try to
explain exact things that I did.
Like I said, one of my issues was that the domain was functioning in
level 2003 native, but the forest remained in the 2000 native
functioning level.
So you need to be sure that both domain
Al 28/08/13 20:11, En/na steve ha escrit:
> Hi
> Without objectClass: posixAccount
> you need the filter for nslcd.
>
> IOW, for AD, you either must add it yourself or use the nslcd filter.
>
> Windows does not need the objectClass. nslcd does unless you want to
> filter everything.
Thank you,
On Wed, 2013-08-28 at 19:15 +0200, Luca Olivetti wrote:
> Al 28/08/13 13:43, En/na steve ha escrit:
>
> >>
> >> 0.8.12 is not recent enough and those filters are needed.
> >
> > I'll try 0.8.12 later but I doubt it will have changed:
>
> I have 0.8.12
>
> $ rpm -q nss-pam-ldapd
> nss-pam-ldapd-
Al 28/08/13 19:30, En/na steve ha escrit:
> On Wed, 2013-08-28 at 19:15 +0200, Luca Olivetti wrote:
>
>>
>>
>> Without the filter
>>
>>
>> $ id aimaretti
>> uid=1234(aimaretti) gid=513(Domain Users) grups=513(Domain
>> Users),675(intranet),676(portal),507(devel)
>> $ id pruebaunix
>> id: pruebauni
On Wed, 2013-08-28 at 19:27 +0200, Marc Muehlfeld wrote:
> Am 28.08.2013 19:11, schrieb steve:
> > If you're happy with plain text passwords being passed over the network
> > then use them. There may be some admins that will not be able to do that
> > though, so. . .
>
> Ok. This is an good argume
On Wed, 2013-08-28 at 19:15 +0200, Luca Olivetti wrote:
>
>
> Without the filter
>
>
> $ id aimaretti
> uid=1234(aimaretti) gid=513(Domain Users) grups=513(Domain
> Users),675(intranet),676(portal),507(devel)
> $ id pruebaunix
> id: pruebaunix: l’usuari no existeix
> $ LC_ALL=en id pruebaunix
Am 28.08.2013 19:11, schrieb steve:
If you're happy with plain text passwords being passed over the network
then use them. There may be some admins that will not be able to do that
though, so. . .
Ok. This is an good argument I haven't tought about. In production I
have used LDAPS. But the How
Al 28/08/13 13:43, En/na steve ha escrit:
>>
>> 0.8.12 is not recent enough and those filters are needed.
>
> I'll try 0.8.12 later but I doubt it will have changed:
I have 0.8.12
$ rpm -q nss-pam-ldapd
nss-pam-ldapd-0.8.12-3.mga3
With the filter (aimaretti is a migrated user, pruebaunix is a
On Wed, 2013-08-28 at 18:37 +0200, Marc Muehlfeld wrote:
> In your
> blog you use k5start for that. Also Fedora 19 and RHEL6 doesn't have it
> in their repositories. So something more to compile and to be ensured
> that it starts and run. :-)
A quick google shows that both Fedora and Red Hut P
Ok, I figured out a way to make all this work in my case. I made Exim use
Dovecot LDA transport instead of "local delivery". With dovecot_delivery
transport you can specify "-d username" (would be "-d $local_part" in case
of Exim), which will trigger the same userdb lookup that Dovecot will do
late
On Wed, 2013-08-28 at 18:37 +0200, Marc Muehlfeld wrote:
> Hello,
>
> I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it
> was drifting away from it's origin question :-)
>
> I played this afternoon a bit with nslcd and kerberos for extending my
> Wiki HowTo. But as more as
Hello,
I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it
was drifting away from it's origin question :-)
I played this afternoon a bit with nslcd and kerberos for extending my
Wiki HowTo. But as more as I read, one question comes bigger and bigger:
What are the advantag
Wow! I'm impressed! :-) I also ensured that the domain was at 2003
native but with no improvement.
When you say that "in the DNS tool I configured forest wide zone
replication", is that the Win DNS MMC or samba-tool? Can you be
specific? That may have been my problem.
Thanx,
Garth
On 08/28/
Hi,
I know that Trusts are not finished but Samba can be Trusted.
I sucessfully finished a trust between Windows 2003 Domain (PREFDOM)
and Samba4 (PREFEITURA). PREFDOM trusts PREFEITURA.
It works fine.
Now, I'm trying to establish a new trust between another Windows 2003
Domain (SIA)
and Samb
Hi,
I have a setup where two Domain's exist. 1 domain is in a DMZ and the other
on an internal network. Both running Window 2003 R2. They have an external
NTLM trust setup between them, from DMZ to Internal.
Linux clients in the DMZ are joined to the DMZ AD. I'm trying to get the
Linux clients to
Update on this.
It appears that the groups command is working, it takes a while to filter
through for some reason (like, about 15 minutes). Any ideas why it should
be so slow to update?
c:)
On 28 August 2013 16:17, Chris Alavoine wrote:
> Hi all,
>
> I can't seem to figure this one out.
>
> I
Hi all,
I can't seem to figure this one out.
I have a test rig Samba 4 VM up and running nicely. Have imported my old
Samba 3 directory and am using nslcd to get users and groups back to *nix.
I have a perl login script which generates on-the-fly .bat scripts per user
as they login using the roo
Hello again,
I wanted to notify everybody that I managed to overcome this problem.
The issue was that CN=MicrosoftDNS,DC=ForestDnsZones,... branch was
missing because
the Forest was operating in Windows 2000 native functional level.
The thing that I did was, transfer all FSMO roles back to Wind
Hi samba team,
, We have recently moved samba to 4.0.7 since then acl are not working when
we try to set any deny permission from windows hosts. The error is as shown
below in log.smbd
>>
[2013/08/21 02:49:36.322907, 0]
../source3/smbd/posix_acls.c:1814(add_current_ace_to_acl)
add_current_
On Wed, 2013-08-28 at 13:17 +0200, Luca Olivetti wrote:
> Al 28/08/13 09:58, En/na steve ha escrit:
> >> filter passwd (objectclass=user)
> >>
> >> to /etc/nslcd.conf
> >>
> >> and that gave me the missing users.
> >> I suppose I should add also a
> >>
> >> filter group (objectclass=group)
>
> [..
Al 28/08/13 09:58, En/na steve ha escrit:
>> filter passwd (objectclass=user)
>>
>> to /etc/nslcd.conf
>>
>> and that gave me the missing users.
>> I suppose I should add also a
>>
>> filter group (objectclass=group)
[...]
> With recent versions of nslcd, neither of the filters are needed and
> s
Hi Steve
nslookup : OK
ldbsearch --url=/usr/local/samba/private/sam.ldb cn=admin01: see output
file steve2.log
samba-tool domain exportkeytab /tmp/test.keytab --principal=ADMIN01$: see
output file steve3.log
klist -k: see output file steve4.log
This last command has a bad result for me
On Wed, 2013-08-28 at 11:03 +0200, Stéphane PURNELLE wrote:
> Hi,
>
> On the DC
>
> File-server and DC are on the same server.
Hi
Is it really there?
nslookup admin01
ldbsearch --url=/usr/local/samba/private/sam.ldb cn=admin01
samba-tool domain exportkeytab /tmp/test.keytab --principal=ADMIN01$
Hi,
On the DC
File-server and DC are on the same server.
---
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
samba-boun...@lists.samba.org wrote on 28/08/2013 10:58:19
On Wed, 2013-08-28 at 10:34 +0200, Stéphane PURNELLE wrote:
> Hi,
>
> I try to use nslcd with samba 4 for get suers and group for AD.
> if I do a ldapsearch, I have a message :
>
> Server not in kerberos database
Hi
You get those errors when you are not joined to the domain. Is this the
DC or a
Hi,
I try to use nslcd with samba 4 for get suers and group for AD.
if I do a ldapsearch, I have a message :
Server not in kerberos database
if I do a getent passwd, nslcd display same error message.
log of samba4:
[2013/08/28 10:15:47, 3]
../source4/auth/kerberos/krb5_init_context.c:80(sm
On 27/08/13 23:06, Luca Olivetti wrote:
Al 27/08/13 23:02, En/na Rowland Penny ha escrit:
If nslcd needs the posix objectclasses, then that is their bug, windows
does not use them so Samba 4 doesn't either.
I wouldn't be so sure, since many (all?) of the attributes specified by
rfc2307 are not
On Wed, 2013-08-28 at 00:30 +0200, Luca Olivetti wrote:
> Al 27/08/13 23:56, En/na Gary Greene ha escrit:
>
> > If you set it up with '--use-rfc2307', nslcd needs configured as though it
> > is talking to an SFU 3.5 DC. The RFC 2307bis attributes never add
> > additional classes to the AD member
On Wed, 2013-08-28 at 00:06 +0200, Luca Olivetti wrote:
> Al 27/08/13 23:02, En/na Rowland Penny ha escrit:
>
> > If nslcd needs the posix objectclasses, then that is their bug, windows
> > does not use them so Samba 4 doesn't either.
>
> I wouldn't be so sure, since many (all?) of the attributes
On Tue, 2013-08-27 at 16:07 -0300, Bruno Vane wrote:
> Hi Steve,
>
>
> Seems that this attribute does not matter, see my user "bruno.vane":
> primaryGroupID: 513
> gidNumber: 100
Hi
How are you obtaining the infromation from AD?
If you set:
gidNumber: 100
in the DN of a user, then that is what
41 matches
Mail list logo
