Re: [Samba] User policy in samba

ows clients should thus still obey those policies, but Samba as a server just doesn't enforce them, which also means that non-Windows clients will ignore them. At least that's how I'm understanding it. Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and

Re: [Samba] Samba 4 Admt to other Domain Windows Server 2008

the reason. But this is just a guess; I can't really help you any further. Read the linked page; that might give you some ideas. Pekka L.J. Jalkanen On 21.5.2013 12:39, wong lmark wrote: > I had transfer all FSMO roles to Win DC, copy and paste the sysvol in > Win DC. > But the wi

Re: [Samba] Samba 4 Admt to other Domain Windows Server 2008

things won't work. Pekka L.J. Jalkanen On 21.5.2013 9:33, wong lmark wrote: > I had added the Windows 08 DC in Samba 4 domain. But I cannot migrate > the SID when I tick "Migrate User SID", it will show "Could not verify > auditing and TcpipClientSupport on domains. Will

Re: [Samba] Samba 4 Admt to other Domain Windows Server 2008

so ADMT simply cannot work without a Windows DC in the source. Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC

m understanding it correctly. For reversed direction (to get the uid from username), try: "wbinfo -S `wbinfo -n Administrator`" Although in most cases you should be able to just run "getent passwd username" to find the uid, whether the account is a windows account or not. Pek

Re: [Samba] Sudden authentication failures, hex dumps in log.samba

On 14.5.2013 19:49, Pekka L.J. Jalkanen wrote: > On 14.5.2013 19:31, Andrew Bartlett wrote: >> On Tue, 2013-05-14 at 11:04 +0300, Pekka L.J. Jalkanen wrote: >>> On 14.5.2013 8:04, Andrew Bartlett wrote: >>>> The issue is the same >>>> for all of these ac

Re: [Samba] Sudden authentication failures, hex dumps in log.samba

On 14.5.2013 19:31, Andrew Bartlett wrote: > On Tue, 2013-05-14 at 11:04 +0300, Pekka L.J. Jalkanen wrote: >> On 14.5.2013 8:04, Andrew Bartlett wrote: >>> The issue is the same >>> for all of these accounts. We simply have a password encoded in a >>> format

Re: [Samba] Sudden authentication failures, hex dumps in log.samba

On 14.5.2013 8:04, Andrew Bartlett wrote: > On Mon, 2013-05-13 at 14:24 +0300, Pekka L.J. Jalkanen wrote: > >>> Any ideas how to resolve this problem? >> >> No comments, it seems. >> >> I can see that even if this is a bug in Samba it would be reall

[Samba] Winbind failover timeout?

way that Winbind actually handles these failover situations internally? How transparent should the failover process be in practice? Any experiences? Thanks, Pekka L.J. Jalkanen On 10.5.2013 21:14, Pekka L.J. Jalkanen wrote: > Hello all, > > I've a box running Samba 3.5.6 (Debian Sque

Re: [Samba] Sudden authentication failures, hex dumps in log.samba

On 10.5.2013 16:32, Pekka L.J. Jalkanen wrote: > On 10.5.2013 14:04, Pekka L.J. Jalkanen wrote: >> Question: how much more verbosity for log.samba would be needed to >> further investigate this problem? I'd rather not log everything with >> "-d10" for extend

[Samba] Samba 3 member, winbind caching and DC availability

dn't been queried after the last winbind restart and before the DC went offline. So the likelihood of the scenario 'B' feels all too great. Any recommendations for avoiding it? Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Sudden authentication failures, hex dumps in log.samba

On 10.5.2013 14:04, Pekka L.J. Jalkanen wrote: > Question: how much more verbosity for log.samba would be needed to > further investigate this problem? I'd rather not log everything with > "-d10" for extended periods of time, because I really can't know how > long

[Samba] Sudden authentication failures, hex dumps in log.samba

ng akin to Windows's security log and see all successful and failed login attempts. Can this be achieved by normal krb5 logging settings in krb5.conf (as described on man 3 krb5_openlog)? Any recommended logging settings? Pekka L.J. Jalkanen -- To unsubscribe from this list go to t

Re: [Samba] samba-tool domain exportkeytab failure

On 7.5.2013 2:32, Andrew Bartlett wrote: > On Mon, 2013-05-06 at 13:41 +0300, Pekka L.J. Jalkanen wrote: >> On 4.5.2013 0:22, Andrew Bartlett wrote: >>> >>> It would be useful to know why samba-tool exportkeytab didn't work, it >>> is tested in our make t

Re: [Samba] Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.

to it and demote your Samba DC(s) before trying any of this. This probably won't solve your DNS problems, though. But at least for me, it got the RSAT working. Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

On 6.5.2013 16:31, Pekka L.J. Jalkanen wrote: > On 6.5.2013 13:41, Pekka L.J. Jalkanen wrote: >> I think that the thing I'm going to try right now is to actually run the >> MS adprep.exe tool that ships with W2k8 R2. It should add RODC support >> to the schema and MS a

Re: [Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

On 6.5.2013 13:41, Pekka L.J. Jalkanen wrote: > I think that the thing I'm going to try right now is to actually run the > MS adprep.exe tool that ships with W2k8 R2. It should add RODC support > to the schema and MS also tells to run it before installing any W2k8 DCs > (R

Re: [Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

On 4.5.2013 0:22, Andrew Bartlett wrote: > On Fri, 2013-05-03 at 19:21 +0300, Pekka L.J. Jalkanen wrote: >> On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote: >>> >>> So it seems that for some reason, exporting the keytab from Samba DC >>> doesn't work. I tr

Re: [Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

On 26.4.2013 13:05, Pekka L.J. Jalkanen wrote: > > So it seems that for some reason, exporting the keytab from Samba DC > doesn't work. I tried to kinit first using the domain admin account, but > to no avail--exportkeytab still throws the same error. > > Now, for the

Re: [Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

On 26.4.2013 6:13, Andrew Bartlett wrote: > On Wed, 2013-04-24 at 17:39 +0300, Pekka L.J. Jalkanen wrote: >> By the way, is a kerberos keytab actually necessary to decrypt the >> GSS-API packets in Wireshark? Samba Wiki >> (https://wiki.samba.org/index.php/Capture_Packets)

Re: [Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

http://wiki.wireshark.org/Kerberos Just trying to figure out how to inspect my own capture here... Pekka L.J. Jalkanen On 24.4.2013 17:18, Pekka L.J. Jalkanen wrote: > On 23.4.2013 19:24, Michael Wood wrote: >> On 23 April 2013 16:43, Pekka L.J. Jalkanen >> wrote: >>> Nothi

Re: [Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

On 23.4.2013 19:24, Michael Wood wrote: > On 23 April 2013 16:43, Pekka L.J. Jalkanen wrote: >> Nothing. It just works. I can even explicitly change it to point to the >> Samba 4 DC and it still works. >> >> It is just Vista and newer RSATs that are the problem. And the

Re: [Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

Nothing. It just works. I can even explicitly change it to point to the Samba 4 DC and it still works. It is just Vista and newer RSATs that are the problem. And they also work just fine as long as the selected DC is the W2k3R2 DC... Pekka L.J. Jalkanen On 23.4.2013 16:39, Hisham Attar wrote

Re: [Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

o Samba are definitely not going to do so overnight, so the different DCs must co-exist for quite some time. Also, people are most likely going to run various different RSAT versions, so the compatibility of those is an important factor, too. Pekka L.J. Jalkanen On 23.4.2013 0:29, Hisham Atta

[Samba] New Windows 8 RSAT and "OU=Domain Controllers" support?

that tool is anyway only shipped with Windows 2008, and I don't have that. Should I file a bug? Or is this error expected? Any experiences by people who regularly run newer RSATs? What about those that also have Windows DCs, like me? Thanks, Pekka L.J. Jalkanen PS. The Win 8 RSAT that I&#x

Re: [Samba] Synchronising password of some AD users with an external LDAP?

On 26.2.2013 23:34, Andrew Bartlett wrote: > On Tue, 2013-02-26 at 18:16 +0200, Pekka L.J. Jalkanen wrote: >> True, webservers can authenticate against AD in a similar fashion to >> other LDAPs. But that's not the whole story. >> >> The thing is that Samba 4 is desi

Re: [Samba] Recommended Upgrade technique for 4.0.3 (was Re: Should I run dbcheck and sysvolreset when upgrading 4.0.0 to 4.0.3?)

On 26.2.2013 23:53, Andrew Bartlett wrote: > On Tue, 2013-02-26 at 13:36 +0200, Pekka L.J. Jalkanen wrote: >> On Sat, 2013-02-16 Andrew Bartlett wrote: >>> On Sat, 2013-02-16 at 12:55 +1100, Andrew Bartlett wrote: >>>> On Fri, 2013-02-15 at 12:52 +1100, Andrew Bartlet

Re: [Samba] Synchronising password of some AD users with an external LDAP?

, on the other hand, hardly runs on Windows. And even if it can be run (by compiling under Cygwin, perhaps?) it would be rather pointless. Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Synchronising password of some AD users with an external LDAP?

without kerberos backing, using SASL as an authentication vehicle: http://www.openldap.org/lists/openldap-software/201002/threads.html#3 Perhaps I'll try that route. Pekka L.J. Jalkanen On 26.2.2013 16:13, Daniel Müller wrote: > Apache can authenticate against samba4 ads the same way

[Samba] Synchronising password of some AD users with an external LDAP?

to Samba 4, so committing to any software that depends on the continued availability of a Windows DC simply won't do. How could I accomplish this synchronisation with Samba 4? Can anyone nudge me to the right direction? Or is possible at all? Pekka L.J. Jalkanen -- To unsubscribe from this list

Re: [Samba] Recommended Upgrade technique for 4.0.3 (was Re: Should I run dbcheck and sysvolreset when upgrading 4.0.0 to 4.0.3?)

t,CN=SAMBA4DC,OU=Domain Controllers,DC=mydomain,DC=site? [YES] Failed to correct missing instanceType on CN=RID Set,CN=SAMBA4DC,OU=Domain Controllers,DC=mydomain,DC=site by setting instanceType=4 : (65, "objectclass_attrs: at least one mandatory attribute ('rIDNextRID') on entry 

Re: [Samba] Samba 4 install fails, no matter what I do [SOLVED]

This was a simple memory allocation problem, and entirely my own fallacy. For details, see https://lists.samba.org/archive/samba/2012-August/168709.html Pekka On 31.7.2012 15:32, Pekka L.J. Jalkanen wrote: > I can't install Samba 4 in practically any fashion. > > I've tr

Re: [Samba] "make install" fails, can't link libreplace.inst.so [SOLVED]

ng all possible library combinations) attempted to run "make test", I got an error that clearly informed me that no more memory could be allocated. Pekka On 30.7.2012 20:32, Pekka L.J. Jalkanen wrote: > I can compile Samba4 beta 4, but can't install it: > > &g

[Samba] "make install" fails, can't link libreplace.inst.so

ibreplace.inst.so} make: *** [install] Error 1 Could anybody help me to figure out how to diagnose this problem? The example above is from a tarball source, but the same first happened with git source (git checkout samba-4.0.0beta4). Pekka L.J. Jalkanen -- To unsubscribe from this list go to the f