similar to: Samba 4 AD DC on Fedora, problem with GPOs and denied security for machines

Hi, Some time back I had written to the list about integrating Cisco ISE and facing errors with RPC login. When we actually integrated using ISE 2.4.0357 we noticed that Kerberos authentication is working like a charm. But MS-RPC authentication throws error. From the samba logs, we noticed that ISE workstation is able to negotiate the RPC ports switch to higher Dynamic RPC ports,

Hi all. I'm experiencing a little problem when I rename an already joined windows machine. The rename operation is done in the traditional way "Computer properties> advanced settings> Computer name> change" in a windows 7 Machine. The rename itself finishes successful, but when I check the computer name in the ADUC, the old name is still displayed. Checking the object

I'm trying to fix a replication error that occurs between Win2008R2 (srvwin) and Samba 4.7.6 DCs (srvsamba). Event viewer on Win2008R2 server reports that synchronization failed on a specific Computer object because of schema version misalignment between servers. I've then used repadmin to compare failing object on the two servers. Querying the windows server works but it fails

That was exactly what I was looking for. I hope 4.8 should not be too far away... ;) In the meantime I found this in the logs at level 2: [2018/01/22 21:15:50.010307,  3] ../source4/auth/ntlm/auth.c:240(auth_check_password_send)   auth_check_password_send: Checking password for unmapped user [(null)]\[cn=LDAP,cn=Users,dc=my,dc=domain,dc=com]@[(null)]   auth_check_password_send: user is:

After a user changes their password (CTRL-ALT-DEL) in our Samba 4 domain (4.1.12) they lose access to any stored passwords on their Windows PC. I've set the log level in smb.conf to 4 and enabled the GPO to record DPAPI log entries in Windows to get the below log data. My reading of the two is that the Windows PC believes it is failing to reset the access to its DPAPI store (where the saved

On 3/27/2018 6:37 AM, Erdei Miklos via samba wrote: > Hi, > > I have a test AD running Samba on Ubuntu that I sometimes poke with Sysinternal's ADExplorer. > A few days ago I tried connecting to it, but got a short reply of "The directory service is not available." > As it was working earlier, I tried finding the problem. > After installing a few older releases, I

Hi, On 3/27/2018 6:37 AM, Erdei Miklos via samba wrote: > Hi, > > I have a test AD running Samba on Ubuntu that I sometimes poke with Sysinternal's ADExplorer. > A few days ago I tried connecting to it, but got a short reply of "The directory service is not available." > As it was working earlier, I tried finding the problem. > After

Hi, i have three problems in my AD. i have three DCs, four samba members and some Mac and Windows clients. first problem After some times my Windows and Mac clients can not login with the account cendentials. So i need to reboot the system and works fine. When the problem exists i got on my DC following log: [2016/03/03 12:39:10.029089, 3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)

Dear All, I have recently setup a completely new AD domain on my Linux server, running Samba 4.8.3. From the server, I can authenticate via kerberos and get users and groups through winbind etc. When I try to join a freshly installed Mac running macOS 10.13.6, I receive the error: "Unable to add server. Authentication server failed to completed the requested operation. (5103)" The Mac

Andrew, thanks for answering. My ubuntu shows this: # systemctl | grep kr krb5-admin-server.service loaded active running Kerberos 5 Admin Server krb5-kdc.service loaded active running Kerberos 5 Key Distribution Center Should I disable both? 2017-04-23 12:39 GMT+02:00 Andrew Bartlett <abartlet at samba.org>: > On Sun,

On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote: > this is what kerberos throws in auth.log when I try to log in with a > win2008 client: > > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31 > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 > 3}) > 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, > Client

On Sun, 23 Apr 2017 11:40:45 +0200 Jakub Kulesza <jakkul+samba at gmail.com> wrote: > OK, I've deleted everything what Rowland suggested. THANKS > > Now smb.conf looks like this > > [netlogon] > path = /var/local/samba/var/lib/samba/netlogon > #path = /var/lib/samba/sysvol/biuro.domain/scripts Put netlogon back into sysvol and what happened to the

The client can not access the Windows Share after authorization on samba DC samba_dc_server: samba 4.7.6 krb5-libs 1.15.2-7 windows client: windows7 windows_file_server: windows server 2008 /var/log/samba/mit_kdc.log мар 22 15:43:49 samba_dc_server krb5kdc[17891](info): commencing operation мар 22 15:43:56 samba_dc_server krb5kdc[17891](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 10.2.1.12:

Hi, I have a test AD running Samba on Ubuntu that I sometimes poke with Sysinternal's ADExplorer. A few days ago I tried connecting to it, but got a short reply of "The directory service is not available." As it was working earlier, I tried finding the problem. After installing a few older releases, I found that it was working on Ubuntu 17.04, Samba 4.5.8 and stopped working on

Hai MJ, ( gelukkig nieuwjaar he .. ;-) ) First, why sernet 4.2.5 current is 4.2.7 Upgrade to 4.2.7 first i suggest. And : Last attempt @ Wed Nov 11 <= 11 Nov ? latest really? The "misbehaving server" check the time first. Try to run : knit Administrator samba-tool drs replicate <destinationDC> <sourceDC> --full-sync -k reboot your server, check time, check

Not sure about the high CPU load, but you have the [netlogon] share twice in your smb.conf. Your first matches mine, have you added the second yourself? The second one looks weird with 2 path definitions. Cj Tibbetts schreef op do 18-12-2014 om 08:59 [-0700]: > New to linux and new to Samba so any direction in troubleshooting would be > helpful. Here is what I have so far. > > Within

Hi, I've got ldapsearch mostly working: root at morannon:/usr/local/samba/private/tls# ldapsearch '(sAMAccountName=dumaresq)' SASL/GSSAPI authentication started SASL username: administrator at XXX SASL SSF: 56 SASL data security layer installed. # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (sAMAccountName=dumaresq) # requesting: ALL # results in

Sorry, I missed some relevant part of the logs after the suggested changes: Kerberos: AS-REQ user2 at MYDOMAIN from ipv4:192.168.44.56:2080 for krbtgt/MYDOMAIN at MYDOMAIN [2017/04/21 12:47:37.526742, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Client sent patypes: encrypted-timestamp, 128 [2017/04/21 12:47:37.526772, 3]

I tried the version 4.2.11 and will not let me access the DNS via RSAT, I changed several permissions in several ways and does not allow me access will be a bug? if i try to browse dns from a windows2003 dns management utility in log.samba i got the following message: [2016/04/16 09:39:45.296046, 2] ../source4/rpc_server/dcerpc_server.c:1275(dcesrv_request) dcesrv_request: restrict

On 01/10/15 09:08, Lulzim KELMENI wrote: > > > Hello, > > We have installed samba4 under Ubuntu 14.04.3 LTS. > > root at server:~# samba -V >> Version > 4.2.3-SerNet-Ubuntu-7.trusty > > Sometimes, we have authentication > problems. > > The only thing we found in log file, when it happend, is > this : > >> [2015/09/28 17:27:06.750675, 3]