similar to: Domain Admins default ownership is BUILTIN\Administrators

I've now spun up a second DC ready for a migration from an old DC. Just checking over a few things and have hit this problem: Objects created by Domain Admins members default to ownership by BUILTIN\Administrators. So, when JohnDoe is logged on as JohnDoe and creates a file, its ownership becomes BUILTIN\Administrators. I've played with perms for over an hour and cannot make any sense

Hi Rowland - thank you for replying. I have now demoted and removed the temporary DC with the intention of repeating the exercise from scratch later this week. It was a Ubuntu Server 18.04.1 and the smb.conf was very vanilla: [global] workgroup = ACASTA realm = ACASTA.INTRA netbios name = UBUNTU server role = active directory domain controller dns forwarder - 192.168.200.3 idmap_ldb:use rfc2307 =

I’m looking to replace a DC within a small network by adding a new DC and transferring FMSO roles, then demoting the old DC (https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC). I am able to successfully deploy the new DC following directions in https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory. However, I am struggling with ID mappings – I’m not really

Hi List I've spun up a fresh Debian 8 VM to test out the upgrade steps for a Debian samba 4.1.17 package deployment to a compiled samba 4.2.5. All seem s to work fine (apt-get remove samba first, followed by configure/make/install), but I get the following errors in my samba.log: samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor Is this

Hi Rowland - just wanted to follow up and say thanks. It was a dependency issue with pam. All sorted now. May I quickly double check that the current Samba wiki is correct - there is no automatic sysvol replication? Therefore, I must replicate my old DC sysvol to the new DC before transferring FMSO roles and demoting the old DC?? -----Original Message----- From: Rob Mason Sent: 26 November 2018

Hi List, I am trialling a small Samba4 AD server supporting 10 users (running fine). I also have exim smtp and dovecot imap running on the same Debian Wheezy box. Simplistically, what I would like to achieve is for an AD user account to also authenticate to imap and smtp using the same credentials. I previously used Samba3 'unix password sync' to ensure that any domain users were

Hi Rowland - It was krb5-user, libpam-winbind and libnss-winbind. But this was partly due to not having the Universe repo installed from the Ubuntu 18 Live image (this has to manually added when using the live image). I've copied across idmap.ldb from the old (only) DC. Assuming no changes, I can just replicate Sysvol prior to migration? thanks -- Rob Mason -----Original Message----- On

Many thanks Rowland. Yes, I don't understand idmaps, but I _think_ I'm getting it. I have added the gid of 60002 for Domain Admins and undertaken some 'chgrp' tasks. I've now got a domain member with shares that presents the correct ownership. All looks good. I'm still slightly confused why I have two ranges within my member smb.conf: idmap config * : backend = tdb

On 12/6/2018 3:40 AM, Rowland Penny via samba wrote: > On Wed, 5 Dec 2018 17:36:43 -0500 > Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote: > >> >> On 12/5/2018 3:10 PM, Rowland Penny via samba wrote: >>>> >>>> That sucks. I'm assuming Centos has the same problems? >>> >>> No, Centos has an even bigger

I've spent some time updating, upgrading and generally consolidating an old Samba AD. I've managed to remove a very old unsupported (4.2) Samba AD DC following migration to a couple of new DC's - that seems to have worked out OK. Workstation logons and GPO's working fine. I'm now left with one problem after joining a new Samba (4.5.12) member server to the domain for file

Hi Again - following on from my last request for help, I'm now attempting to setup LDAP auth against my working samba4 AD. Simplistically, I'm trying initially to SSH into my AD server (working) using nslcd. I've tried method #1 from https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns lcd My simple config is: uid nslcd gid nslcd uri

Hi, i'm getting a coredump on a specific msg, i've attached the gdb. file on disk i noticed W=<vsize> is missing. 1571209735.M744550P1608.rwvirtual65,S=15886:2,S Best regards, mail.log Oct 18 14:41:39 rwvirtual10 dovecot: imap(johndoe at company.nl)<15868><qjTFpy6VPsMKAAok>: Error: Mailbox INBOX.Debug: UID=1041: read(/data/mail/

I'm having a great deal of difficulty with integrating dovecot 2.0.9 with a new installation of samba4 4.1.11 and would appreciate anyones help who has this working. *Problem 1:* if dn= cn=Administrator,dc=ourhome,dc=net with dnpass = ***** ---------------I get NT_STATUS_LOGON_FAILURE but dn = "Administrator at ourhome.net" with dnpass = **** works I guess I shouldn't complain

Hello list, using AD with rfc2307 provisioned and NIS extensions are available. In ADUC tool I choose the group "Domain Admins" and click on the [UNIX Attributes] tab. I activate it for my domain and choose the GID=500. When I execute on my member server "net cache flush && getent group 500" I get the result domain admins:x:500:johndoe,name1,name2 So far so good,

> On Wed, 2 Jan 2019 14:42:39 +0000 > Rob Mason <rob at acasta.co.uk<mailto:rob at acasta.co.uk>>> wrote: > >> Many thanks Rowland. Yes, I don't understand idmaps, but I _think_ >> I'm getting it. I have added the gid of 60002 for Domain Admins and >> undertaken some 'chgrp' tasks. I've now got a domain member with >>

I am migrating a Freebsd 8.2 Samba 3.5.11 system to Freebsd 9.1 Samba 4.0.4. I copied over all of the users home directories, local accounts, and the tdb files. I ran the classic upgrade tool, got the server up and running, and users could login however they were on fresh local profiles rather than roaming profiles. In the log file for the station, I found the following message [2013/04/13

Hello everybody, What is the best way to delete an user mailbox (ex: /var/mail/johndoe ) when all attachments (for all users) are in a common directory with SIS deduplication (ex: mail_attachment_dir = /var/mail/attachments ) ? Trying to delete user mailbox directory (rm) and do the command : doveadm -v purge -u johndoe leave all johndoe's attachments orphelin. Best regards,

Hi list, I am experimenting with two member servers (both samba4). I am using following configuration: membersrv:/etc/samba/smb.conf: ========================== [...] username map = /etc/samba/smbmap [...] membersrv:/etc/samba/smbmap: ========================= !root = MYDOM\johndoe MYDOM\foo MYDOM\bar MYDOM\Administrator Administrator So the domain users from my AD called "John Doe",

Hi, I'm having problems accessing home directories though NFS. This setup uses LDAP and Kerberos. Users defined on the local host work fine. This is what dovecot writes in the logs while trying to log in as the user johndoe: ---- Mar 19 14:10:54 jack dovecot-auth: nss_ldap: reconnecting to LDAP server... Mar 19 14:10:54 jack dovecot-auth: nss_ldap: reconnected to LDAP server after 1

Hello list, I am using the Microsoft ADUC (Active Directory Users & Computers) tool from the RSAT suite for creating and modifying my domain users. I am aware of the "copy" functionality which really is very nice to use. Unfortunately I am missing two important actions during the user-creation process which I try to describe: 1.) When I use the template feauture (by using the