• chevron_right

      How to configure SSH access using Samba Active Directory

      pubsub.slavino.sk / sleeplessbestie · Friday, 20 May, 2022 - 11:00 edit

    Configure SSH access using Samba Active Directory. Preparations Ensure that a Fully Qualified Domain Name is defined. $ sudo hostnamectl --static set-hostname voyager.octocat.lab Read how to configure persistent DNS resolver to ensure that server is using DNS resolver provided by Samba Active Directory services. $ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated […]

    Značky: #Debian, #SysOps, #Linux, #Bullseye, #Samba

    • chevron_right

      How to manage global password policy settings in Samba Active Directory

      pubsub.slavino.sk / sleeplessbestie · Wednesday, 18 May, 2022 - 11:00 edit

    Manage global password policy settings in Samba Active Directory. Display current password settings for the domain. $ sudo samba-tool domain passwordsettings show Password information for domain 'DC=octocat,DC=lab' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum password length: 7 Minimum password age (days): 1 Maximum password age (days): 42 Account lockout duration […]

    Značky: #SysOps, #Samba, #Linux

    • chevron_right

      How to manage UNIX groups and users in Samba Active Directory

      pubsub.slavino.sk / sleeplessbestie · Monday, 16 May, 2022 - 11:00 edit

    Manage UNIX groups and users in Samba Active Directory. Create groups. $ sudo samba-tool group add cats --gid-number 8000 --nis-domain OCTOCAT --description "Cats group" Added group cats $ sudo samba-tool group add vampires --gid-number 8001 --nis-domain OCTOCAT --description "Vampires group" Added group dogs $ sudo samba-tool group add octocat --gid-number=10000 --nis-domain=OCTOCAT --description "Octocat group" Added […]

    Značky: #Linux, #SysOps, #Samba

    • chevron_right

      How to fix failed dynamic DNS update with Samba Active Directory and System Security Services Daemon

      pubsub.slavino.sk / sleeplessbestie · Friday, 6 May, 2022 - 11:00 edit

    Fix failed dynamic DNS update with Samba Active Directory and System Security Services Daemon by upgrading internal Samba DNS to BIND. Issue DNS records are updated correctly, but dynamic DNS update process is marked as failed. $ dig s1.example.org +short 172.16.0.117 Sample sssd debug log indicating that there is a problem with dynamic DNS update. […]

    Značky: #sssd, #Samba, #Debian, #Linux, #SysOps, #Bullseye

    • chevron_right

      How to protect Samba DNS server against DNS zone transfer

      pubsub.slavino.sk / sleeplessbestie · Thursday, 7 October, 2021 - 11:00 edit

    Debian Bullseye currently provides Samba 4.13.5. Using BIND as Samba Active Directory DNS backend opens it to the DNS zone transfer. This issue is fixed in Samba 4.15.0 and can be configured using Samba configuration option dns zone transfer clients allow, which default behavior is to deny such requests, but it is not packaged at […]

    Značky: #Bullseye, #Debian, #Linux, #SecOps, #Samba