search for: arbeitsgrupp

...ttp_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered resolve_lmhosts: Attempting lmhosts lookup for name adc1<0x20> Password for [ARBEITSGRUPPE\Administrator]: workgroup is ARBEITSGRUPPE realm is arbeitsgruppe.mydomain.at Calling bare provision lpcfg_load: refreshing parameters from /root/dc_backup/tmprncCaw/etc/smb.conf lpcfg_load: refreshing parameters from /root/dc_backup/tmprncCaw/etc/smb.conf Looking up IPv4 addresses Looking up IPv6...

I happily and trustfully use Louis' backup-script from https://github.com/thctlo/samba4 to dump AD content via cronjob. Is it necessary/recommended to do that on *each* samba DC? Is there something server-specific in the dump(s) or is it enough to do that once per domain? thanks ...

...ts > > 127.0.0.1 localhost > > # The following lines are desirable for IPv6 capable hosts > > ::1 localhost ip6-localhost ip6-loopback > > ff02::1 ip6-allnodes > > ff02::2 ip6-allrouters > > > > # This server name and ip. > > 10.0.0.221 main.arbeitsgruppe.secret.tld main > > 10.0.0.224 backup.arbeitsgruppe.secret.tld backup > > > > > > Second. Post you resolv.conf that was asked already. > > That should contain something like: > > search arbeitsgruppe.secret.tld > > Server IP_of_DC > > > > >...

...should do something additional: We had a mixed setup in the field, some PCs had a WINS server configured, some not. We removed the WINS info from DHCP and saw no new problems (we wanted to have things the same way on all clients). Yesterday the local admin tried to join a new PC and entered "ARBEITSGRUPPE" for the domain to join and not the "long form" ARBEITSGRUPPE.our.tld This had worked before many times and we assume it was resolved by WINS in a way. Now he got (sorry, german): ********************************************************************* Der Domänenname "ARBEITSG...

...gidNumber=*))' sAMAccountName uidNumber gidNumber -P | grep uidN | sort -n ... shows me uidNumbers: uidNumber: 0 uidNumber: 1000 .. up to 1077 So my idmap range was completely wrong, I assume. I now have on the member server: # cat /etc/samba/smb.conf [global] security = ADS workgroup = ARBEITSGRUPPE realm = arbeitsgruppe.secret.tld log file = /var/log/samba/%m.log log level = 1 idmap config * : backend = tdb #idmap config * : range = 2000-2999 ## idmap config for the ARBEITSGRUPPE domain idmap config ARBEITSGRUPPE:backend = ad idmap config ARBEITSGRUPPE:range = 1000-9999 username...

...ade ? > > I don't think it is, can I suggest you remove any and all lines you > > have added and restart samba > > that was the output of testparm Ah, can I introduce you to 'samba-tool testparm' > > smb.conf on DC: > > > [global] > workgroup = ARBEITSGRUPPE > realm = arbeitsgruppe.secret.tld > netbios name = BACKUP > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > dns forwarder = 10.0.0.254 > > [netlogon] > path = /var/lib/samba/sysvol/arbeitsgruppe.secret.tld/scripts > read only...

Am 2017-09-25 um 16:29 schrieb Rowland Penny via samba: >> DC # samba-tool user create kamleitnerl Le26xxx >> --nis-domain=arbeitsgruppe --unix-home=/home/kamleitnerl >> --uid-number=10070 --login-shell=/bin/false --gid-number=100 >> > > Where did you get the GID '100' from ? > Is this the gidNumber for Domain Users ? I think so: # wbinfo --gid-info=100 ARBEITSGRUPPE\domain users:x:100: ? > Can...

...my head. Why does it "contact" a domain called "MAIN" ? that is the hostname of that server, not the domain name! would be nice to get a quick reply, I am at the customer and this should work asap .... Thanks! -> [global] security = ADS workgroup = ARBEITSGRUPPE realm = ARBEITSGRUPPE.MY.TLD map to guest = Bad User log file = /var/log/samba/%m.log log level = 3 idmap config * : backend = tdb idmap config * : range = 3000-7999 ## idmap config for the ARBEITSGRUPPE domain idmap config...

.../winbindd/idmap_tdb_common.c:140(idmap_tdb_common_allocate_id) Error allocating a new GID [2017/11/27 11:25:02.768213, 1] ../source3/winbindd/idmap_tdb_common.c:68(idmap_tdb_common_allocate_id_action) Fatal Error: GID range full!! (max: 2999) I increased this from 2999 to 9999: idmap config arbeitsgruppe:schema_mode = rfc2307 idmap config arbeitsgruppe:range = 10000-9999999 idmap config arbeitsgruppe:backend = ad idmap config * : range = 2000-9999 idmap config * : backend = tdb and restarted smbd/nmbd/winbindd Today it crashed again, but without those lines: [2017/11/27 11:25:02.768228, 1]...

And in addition to Rowlands comments.. Correct you hosts file to /etc/hosts 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters # This server name and ip. 10.0.0.221 main.arbeitsgruppe.secret.tld main 10.0.0.224 backup.arbeitsgruppe.secret.tld backup Second. Post you resolv.conf that was asked already. That should contain something like: search arbeitsgruppe.secret.tld Server IP_of_DC Remove map to guest = Bad User from you smb.conf the default is ok. Try that and see...

Am 2017-12-04 um 12:42 schrieb Rowland Penny: > II take it that 'arbeitsgruppe' is the workgroup name, it should be > 'ARBEITSGRUPPE' in the 'idmap config' lines. The output of testparm shows them lowercase, smb.conf has it in uppercase: [global] security = ADS workgroup = ARBEITSGRUPPE realm = arbeitsgruppe.hidden.tld...

...g on the bonding settings, you might have hit a reserved name. I lots my docu on that but i know i configured a bond1 because bond0 didn work right. And then check these. wbinfo -pPt ( or wbinfo -p && wbinfo -P && wbinfo -t ) wbinfo --sids-to-unix-ids S-1-22-2-10513 wbinfo -D ARBEITSGRUPPE wbinfo --all-domains My bonding setup.. cat /etc/systemd/network/30-bond1* # /etc/systemd/network/30-bond1-dev1.network [Match] MACAddress=78:2b:xx:xx:xx:xx [Network] Bond=bond1 # /etc/systemd/network/30-bond1-dev2.network [Match] MACAddress=78:2b:xx:xx:xx:xx [Network] Bond=bond1 # /etc/sys...

...xcept that "root", I was unsure now (?) gidNumber: # ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ Users | grep 'gidNumber' gidNumber: 10001 - smb.conf on member: idmap config * : backend = tdb idmap config * : range = 2000-2999 idmap config ARBEITSGRUPPE:backend = ad idmap config ARBEITSGRUPPE:range = 10000-99999 idmap config ARBEITSGRUPPE:schema_mode = rfc2307 username map = /etc/samba/user.map winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refr...

...zonden: maandag 25 september 2017 16:40 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Domain member server: user access > > Am 2017-09-25 um 16:29 schrieb Rowland Penny via samba: > > >> DC # samba-tool user create kamleitnerl Le26xxx > >> --nis-domain=arbeitsgruppe --unix-home=/home/kamleitnerl > >> --uid-number=10070 --login-shell=/bin/false --gid-number=100 > >> > > > > Where did you get the GID '100' from ? > > Is this the gidNumber for Domain Users ? > > I think so: > > # wbinfo --gid-info=100 &...

...s as well. main # smbclient -L main -U kamleitnerl%hispw session setup failed: NT_STATUS_UNSUCCESSFUL maybe https://bugzilla.samba.org/show_bug.cgi?id=10604, I am not sure. --- log on main: Processing section "[global]" doing parameter security = ADS doing parameter workgroup = ARBEITSGRUPPE doing parameter realm = arbeitsgruppe.hidden-tld.at doing parameter log file = /var/log/samba/%m.log doing parameter log level = 4 doing parameter idmap config * : backend = tdb doing parameter idmap config * : range = 2000-3999 doing parameter idmap config ARBEITSGRUPPE:backend = ad...

...ld, some PCs had a WINS server > configured, some not. We removed the WINS info from DHCP and saw no > new problems (we wanted to have things the same way on all clients). Doesn't this tell you anything ? > > Yesterday the local admin tried to join a new PC and entered > "ARBEITSGRUPPE" for the domain to join and not the "long form" > ARBEITSGRUPPE.our.tld You mean, he used the netbios domain name instead of the dns domain name. > > This had worked before many times and we assume it was resolved by > WINS in a way. Now he got (sorry, german): Guess...

...n_Existing_Active_Directory replication works afai see - We wanted to test services after turning off the first DC, and running ADC2 and a DM file-server only. DC1/backup: 10.0.0.224 ADC2: 10.0.0.230 We then get NT_STATUS_NO_LOGON_SERVERS On the DM server "main" we get: # nmblookup ARBEITSGRUPPE#1c added interface em1 ip=10.0.0.221 bcast=10.0.0.255 netmask=255.255.255.0 10.0.0.224 ARBEITSGRUPPE<1c> 10.0.0.230 ARBEITSGRUPPE<1c> # nmblookup ARBEITSGRUPPE#1b added interface em1 ip=10.0.0.221 bcast=10.0.0.255 netmask=255.255.255.0 10.0.0.224 ARBEITSGRUPPE<1b> - adc2:~# s...

...u have added and restart samba > >> > >> that was the output of testparm > > > > Ah, can I introduce you to 'samba-tool testparm' > > > >> > >> smb.conf on DC: > >> > >> > >> [global] > >> workgroup = ARBEITSGRUPPE > >> realm = arbeitsgruppe.secret.tld > >> netbios name = BACKUP > >> server role = active directory domain controller > >> idmap_ldb:use rfc2307 = yes > >> dns forwarder = 10.0.0.254 > >> > >> [netlogon] > >> path &...

...T_FOUND Could not get info for user hansi main ~ # wbinfo -a hansi%Kwaksi29+ plaintext password authentication succeeded challenge/response password authentication succeeded main ~ # wbinfo -u | grep hansi hansi Sure, we restarted the daemons, even rebooted the server. on DC: # wbinfo -i hansi ARBEITSGRUPPE\hansi:*:3000044:100::/home/ARBEITSGRUPPE/hansi:/bin/false I noticed the --------^^^^^^^ id ... and checked against the id range on the DM: [global] realm = ARBEITSGRUPPE.THEIR.TLD workgroup = ARBEITSGRUPPE log file = /var/log/samba/%m.log load printers = No printcap name = /dev/null secu...

Am 2016-12-30 um 12:10 schrieb Rowland Penny via samba: > Was Samba running before the join ? I can't tell that anymore as I did hundreds of things inbetween. > Remove this line from your smb.conf: > > idmap config ARBEITSGRUPPE:schema_mode = rfc2307 > > It is not required as you are using the winbind 'rid' backend. "rid" was just a try as "ad" didn't work and I had no more ideas ... I 'd maybe prefer "ad" ? > Try stopping all Samba processes, then leave the domain...