similar to: smbclient fails only for the domain Administrator

Version 4.0.6-GIT-4bebda4 Hi I have sssd up and running. It works fine except that getent only returns domain users if I specify the object e.g. getent passwd and getent group return only local users but getent passwd steve2 steve2:*:3000034:20513:steve2:/home/users/steve2:/bin/bash and getent group Domain\ Users Domain Users:*:20513: work fine. /etc/nsswitch.conf passwd: compat sss group:

Hi everyone. I have a Linux nsupdate client sending dns update requests via sssd. Just gone from 4.1.2 to 4.1.3. I've done this: http://linuxcostablanca.blogspot.com.es/2013/09/samba4-bind9dlz-stale-dns-records-with.html After which the forward zone update is working fine: 2014-01-10T12:32:35.376142+01:00 hh16 named[4963]: samba_dlz: starting transaction on zone hh3.site

Hi I have a s3 fileserver joined to a s4 DC Here is smb.conf on the fileserver: [global] workgroup = HH3 realm = HH3.SITE security = ADS kerberos method = system keytab winbind enum users = Yes winbind enum groups = Yes idmap config *:backend = tdb idmap config *:range = 3000-4000 idmap config HH3:backend = ad idmap config HH3:range = 20000-40000000 idmap config HH3:schema_mode = rfc2307 winbind

Hi I know that this has been addressed before but I couldn't find a solution. Summary: when attempting to write a dns record using nsupdate, nothing gets written to the zone due to the error: ; TSIG error with server: tsig verify failure Everything is working. We can login to the domain from the same client and we have sssd sending the dyndns update requests which also produce the same

Hi I'm trying to make a share called dropbox rw for members of a group. /usr/local/samba/etc/smb.conf [global] server role = domain controller workgroup = CACTUS realm = hh3.site netbios name = HH3 passdb backend = samba4 template shell = /bin/bash [netlogon] path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts read only = No [sysvol] path =

Samba 4.0.6 git both DC and fileserver with openSUSE 12.3 clients Hi I'm trying to debug why logins to Linux clients are sometimes slow. Here is a login with the user steve2 requesting his (automounted) home folder: ] Kerberos: TGS-REQ authtime: 2013-05-01T20:57:27 starttime: 2013-05-01T20:57:27 endtime: 2013-05-02T06:57:27 renew till: 2013-05-02T20:57:25 Kerberos: AS-REQ steve2 at HH3.SITE

Hi 4.0.8 file server in a 4.0.8 domain After a user logs in on a Linux client which is joined to the domain, smbd is constantly looking for files which don't exist: Here is the file server log after a user login to a Linux client has settled down: [2013/08/24 18:43:24.748511, 3] ../source3/smbd/vfs.c:1140(check_reduced_name) check_reduced_name [steve2/.icons/gnome] [/home/users]

Hi Same checkout, same provision, same machine. openSUSE samba --version Version 4.0.0alpha18-GIT-c3a7573 hh3:/home/steve # ldapsearch -H ldap://192.168.1.3 cn=steve2 -b "dc=hh3,dc=site" -Y GSSAPI SASL/GSSAPI authentication started <snip> and all is OK. Ubuntu samba --version Version 4.0.0alpha18-GIT-c3a7573 root at hh3:/tmp# ldapsearch -H ldap://192.168.1.3 cn=steve2 -b

Hi everyone Ubuntu 11.10 Version 4.0.0alpha18-GIT-23a0343 Added a user called steve2. The first time I used winbind, no problems: wbinfo -i steve2 gave me the info I needed for user and group. But now it doesn't work: wbinfo -i steve2 failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user steve2 I can logon OK: smbclient //localhost/home -Usteve2 Password for

Hi I'm trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong

Hi I'm trying to get an Ubuntu 14.04 client to update its rr to a working bind dns DC with Samba 4.1.7. The setup is the same as with our openSUSE clients with sssd 1.11.15 sssd.conf id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False /etc/hosts 127.0.0.1 lubuntu-laptop.hh3.site lubuntu-laptop 127.0.1.1 localhost But it is sending a request for the wrong

Hi I have Samba 4 installed and working. I recently changed FQDN to dns name hh3.hh3.site. It works OK and e.g. on a windows 7 box which joined the domain, users can logon. But I have a mess in the keytab: klist -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 HH3$@HH3.HH1.SITE 2

Version 4.2.0pre1-GIT-20999fc openSUSE BIND9.9.3 Hi We're getting refusal of ddns updates using nsupdate from a client sending the updates from sssd: 2013-09-14T22:53:36.517230+02:00 hh16 named[11055]: samba_dlz: starting transaction on zone hh3.site 2013-09-14T22:53:36.522244+02:00 hh16 named[11055]: samba_dlz: disallowing update of signer=CATRAL\$\@HH3.SITE name=catral.hh3.site type=A

Hi After starting Samba 4, before anyone can do anything, Administrator has to do a kinit to get a new ticket. This creates a cache /tmp/krb5cc_0 with an expiry time. I've created a host principal and put it into the keytab: samba-tool spn add host someuser samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/HH3.SITE How can I keep Samba 4 up without having to get a new

Running Samba 4.0.9, we have added a pair of Samba4 domain controllers to an existing Win2003 domain. How do we determine whether RFC2037 attributes already exist in the domain? And how would we go about adding them to an already existing domain?

Hi all, (Trying to connect squid, postfix, dovecot, pptp, etc ... to AD) Samba 4.0.9, as PDC, on Ubuntu 12.04.3 server. Compiled with : ./configure --enable-debug --enable-selftest Domain provision : /usr/local/samba/bin/samba-tool domain provision Despite my reads and tries, I'm unable to list the AD users from Linux. /usr/local/samba/bin/wbinfo -t /usr/local/samba/bin/wbinfo -u

Hi, I have been having issues with NTLMv2 on newly provisioned domains, using Samba 4.1 from backports on Debian Wheezy. Everything seems to be working fine, except for NTLMv2 authentication with Squid and "ntlm_auth" on newer Windows versions. If I set "Lmcompatibility" down on the Windows PCs, then authentication works, but that is temporary workaround at best. I have

Version 4.0.0alpha18-GIT-957ec28 After starting samba -i -d3, wbinfo -i someuser gives this: ldb_wrap open of secrets.ldb using SPNEGO Selected protocol [8][NT LANMAN 1.0] Cannot reach a KDC we require to contact cifs/hh3.site at SITE : kinit for HH3$@SITE failed (Cannot contact any KDC for requested realm) SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS ldb_wrap open of

Hi everone. Ubuntu 12.04 v3.6 clients with winbind joined to 12.04 Samba4 DC Clients: smb.conf [global] realm = polop.site workgroup = POLOP security = ADS wide links = Yes unix extensions = No template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes idmap uid = 300000-400000 idmap gid = 20000-30000 /etc/nsswitch.conf passwd: compat winbind group: compat

Hi everyone Version 4.0.0alpha18-GIT-bfc7481 I'm using nslcd to map Samba 4 users to uid:gid and home directory. At startup I get this: ldb_wrap open of secrets.ldb WARNING: no socket to connect to and /var/log/messages shows: Jan 15 14:20:13 hh3 nslcd[2425]: [334873] failed to bind to LDAP server ldap://h h3.site/: Can't contact LDAP server: Transport endpoint is not connected Jan