ows clients should thus still obey those
policies, but Samba as a server just doesn't enforce them, which also
means that non-Windows clients will ignore them. At least that's how I'm
understanding it.
Pekka L.J. Jalkanen
--
To unsubscribe from this list go to the following URL and
the reason. But this is just a guess; I
can't really help you any further. Read the linked page; that might give
you some ideas.
Pekka L.J. Jalkanen
On 21.5.2013 12:39, wong lmark wrote:
> I had transfer all FSMO roles to Win DC, copy and paste the sysvol in
> Win DC.
> But the wi
things won't work.
Pekka L.J. Jalkanen
On 21.5.2013 9:33, wong lmark wrote:
> I had added the Windows 08 DC in Samba 4 domain. But I cannot migrate
> the SID when I tick "Migrate User SID", it will show "Could not verify
> auditing and TcpipClientSupport on domains. Will
so ADMT simply cannot work without a Windows DC in the
source.
Pekka L.J. Jalkanen
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
m understanding it correctly.
For reversed direction (to get the uid from username), try:
"wbinfo -S `wbinfo -n Administrator`"
Although in most cases you should be able to just run "getent passwd
username" to find the uid, whether the account is a windows account or not.
Pek
On 14.5.2013 19:49, Pekka L.J. Jalkanen wrote:
> On 14.5.2013 19:31, Andrew Bartlett wrote:
>> On Tue, 2013-05-14 at 11:04 +0300, Pekka L.J. Jalkanen wrote:
>>> On 14.5.2013 8:04, Andrew Bartlett wrote:
>>>> The issue is the same
>>>> for all of these ac
On 14.5.2013 19:31, Andrew Bartlett wrote:
> On Tue, 2013-05-14 at 11:04 +0300, Pekka L.J. Jalkanen wrote:
>> On 14.5.2013 8:04, Andrew Bartlett wrote:
>>> The issue is the same
>>> for all of these accounts. We simply have a password encoded in a
>>> format
On 14.5.2013 8:04, Andrew Bartlett wrote:
> On Mon, 2013-05-13 at 14:24 +0300, Pekka L.J. Jalkanen wrote:
>
>>> Any ideas how to resolve this problem?
>>
>> No comments, it seems.
>>
>> I can see that even if this is a bug in Samba it would be reall
way
that Winbind actually handles these failover situations internally?
How transparent should the failover process be in practice? Any experiences?
Thanks,
Pekka L.J. Jalkanen
On 10.5.2013 21:14, Pekka L.J. Jalkanen wrote:
> Hello all,
>
> I've a box running Samba 3.5.6 (Debian Sque
On 10.5.2013 16:32, Pekka L.J. Jalkanen wrote:
> On 10.5.2013 14:04, Pekka L.J. Jalkanen wrote:
>> Question: how much more verbosity for log.samba would be needed to
>> further investigate this problem? I'd rather not log everything with
>> "-d10" for extend
dn't been queried after the last winbind
restart and before the DC went offline. So the likelihood of the
scenario 'B' feels all too great.
Any recommendations for avoiding it?
Pekka L.J. Jalkanen
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On 10.5.2013 14:04, Pekka L.J. Jalkanen wrote:
> Question: how much more verbosity for log.samba would be needed to
> further investigate this problem? I'd rather not log everything with
> "-d10" for extended periods of time, because I really can't know how
> long
ng akin to Windows's security log and see all successful and
failed login attempts. Can this be achieved by normal krb5 logging
settings in krb5.conf (as described on man 3 krb5_openlog)? Any
recommended logging settings?
Pekka L.J. Jalkanen
--
To unsubscribe from this list go to t
On 7.5.2013 2:32, Andrew Bartlett wrote:
> On Mon, 2013-05-06 at 13:41 +0300, Pekka L.J. Jalkanen wrote:
>> On 4.5.2013 0:22, Andrew Bartlett wrote:
>>>
>>> It would be useful to know why samba-tool exportkeytab didn't work, it
>>> is tested in our make t
to it
and demote your Samba DC(s) before trying any of this.
This probably won't solve your DNS problems, though. But at least for
me, it got the RSAT working.
Pekka L.J. Jalkanen
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On 6.5.2013 16:31, Pekka L.J. Jalkanen wrote:
> On 6.5.2013 13:41, Pekka L.J. Jalkanen wrote:
>> I think that the thing I'm going to try right now is to actually run the
>> MS adprep.exe tool that ships with W2k8 R2. It should add RODC support
>> to the schema and MS a
On 6.5.2013 13:41, Pekka L.J. Jalkanen wrote:
> I think that the thing I'm going to try right now is to actually run the
> MS adprep.exe tool that ships with W2k8 R2. It should add RODC support
> to the schema and MS also tells to run it before installing any W2k8 DCs
> (R
On 4.5.2013 0:22, Andrew Bartlett wrote:
> On Fri, 2013-05-03 at 19:21 +0300, Pekka L.J. Jalkanen wrote:
>> On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote:
>>>
>>> So it seems that for some reason, exporting the keytab from Samba DC
>>> doesn't work. I tr
On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote:
>
> So it seems that for some reason, exporting the keytab from Samba DC
> doesn't work. I tried to kinit first using the domain admin account, but
> to no avail--exportkeytab still throws the same error.
>
> Now, for the
On 26.4.2013 6:13, Andrew Bartlett wrote:
> On Wed, 2013-04-24 at 17:39 +0300, Pekka L.J. Jalkanen wrote:
>> By the way, is a kerberos keytab actually necessary to decrypt the
>> GSS-API packets in Wireshark? Samba Wiki
>> (https://wiki.samba.org/index.php/Capture_Packets)
http://wiki.wireshark.org/Kerberos
Just trying to figure out how to inspect my own capture here...
Pekka L.J. Jalkanen
On 24.4.2013 17:18, Pekka L.J. Jalkanen wrote:
> On 23.4.2013 19:24, Michael Wood wrote:
>> On 23 April 2013 16:43, Pekka L.J. Jalkanen
>> wrote:
>>> Nothi
On 23.4.2013 19:24, Michael Wood wrote:
> On 23 April 2013 16:43, Pekka L.J. Jalkanen wrote:
>> Nothing. It just works. I can even explicitly change it to point to the
>> Samba 4 DC and it still works.
>>
>> It is just Vista and newer RSATs that are the problem. And the
Nothing. It just works. I can even explicitly change it to point to the
Samba 4 DC and it still works.
It is just Vista and newer RSATs that are the problem. And they also
work just fine as long as the selected DC is the W2k3R2 DC...
Pekka L.J. Jalkanen
On 23.4.2013 16:39, Hisham Attar wrote
o
Samba are definitely not going to do so overnight, so the different DCs
must co-exist for quite some time. Also, people are most likely going to
run various different RSAT versions, so the compatibility of those is an
important factor, too.
Pekka L.J. Jalkanen
On 23.4.2013 0:29, Hisham Atta
that tool is anyway only
shipped with Windows 2008, and I don't have that.
Should I file a bug? Or is this error expected? Any experiences by
people who regularly run newer RSATs? What about those that also have
Windows DCs, like me?
Thanks,
Pekka L.J. Jalkanen
PS. The Win 8 RSAT that I
On 26.2.2013 23:34, Andrew Bartlett wrote:
> On Tue, 2013-02-26 at 18:16 +0200, Pekka L.J. Jalkanen wrote:
>> True, webservers can authenticate against AD in a similar fashion to
>> other LDAPs. But that's not the whole story.
>>
>> The thing is that Samba 4 is desi
On 26.2.2013 23:53, Andrew Bartlett wrote:
> On Tue, 2013-02-26 at 13:36 +0200, Pekka L.J. Jalkanen wrote:
>> On Sat, 2013-02-16 Andrew Bartlett wrote:
>>> On Sat, 2013-02-16 at 12:55 +1100, Andrew Bartlett wrote:
>>>> On Fri, 2013-02-15 at 12:52 +1100, Andrew Bartlet
, on the other hand, hardly runs on Windows. And even if it can be
run (by compiling under Cygwin, perhaps?) it would be rather pointless.
Pekka L.J. Jalkanen
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
without kerberos
backing, using SASL as an authentication vehicle:
http://www.openldap.org/lists/openldap-software/201002/threads.html#3
Perhaps I'll try that route.
Pekka L.J. Jalkanen
On 26.2.2013 16:13, Daniel Müller wrote:
> Apache can authenticate against samba4 ads the same way
to Samba 4, so
committing to any software that depends on the continued availability of
a Windows DC simply won't do.
How could I accomplish this synchronisation with Samba 4? Can anyone
nudge me to the right direction? Or is possible at all?
Pekka L.J. Jalkanen
--
To unsubscribe from this list
t,CN=SAMBA4DC,OU=Domain
Controllers,DC=mydomain,DC=site? [YES]
Failed to correct missing instanceType on CN=RID
Set,CN=SAMBA4DC,OU=Domain Controllers,DC=mydomain,DC=site by setting
instanceType=4 : (65, "objectclass_attrs: at least one mandatory
attribute ('rIDNextRID') on entry
This was a simple memory allocation problem, and entirely my own
fallacy. For details, see
https://lists.samba.org/archive/samba/2012-August/168709.html
Pekka
On 31.7.2012 15:32, Pekka L.J. Jalkanen wrote:
> I can't install Samba 4 in practically any fashion.
>
> I've tr
ng all possible library combinations) attempted to run "make
test", I got an error that clearly informed me that no more memory could
be allocated.
Pekka
On 30.7.2012 20:32, Pekka L.J. Jalkanen wrote:
> I can compile Samba4 beta 4, but can't install it:
>
>
&g
ibreplace.inst.so}
make: *** [install] Error 1
Could anybody help me to figure out how to diagnose this problem?
The example above is from a tarball source, but the same first happened
with git source (git checkout samba-4.0.0beta4).
Pekka L.J. Jalkanen
--
To unsubscribe from this list go to the f
34 matches
Mail list logo