Displaying 20 results from an estimated 133 matches for "arbeitsgrupp".
Did you mean:
arbeitsgruppe
2019 Aug 30
2
backup AD content
...ttp_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name adc1<0x20>
Password for [ARBEITSGRUPPE\Administrator]:
workgroup is ARBEITSGRUPPE
realm is arbeitsgruppe.mydomain.at
Calling bare provision
lpcfg_load: refreshing parameters from
/root/dc_backup/tmprncCaw/etc/smb.conf
lpcfg_load: refreshing parameters from
/root/dc_backup/tmprncCaw/etc/smb.conf
Looking up IPv4 addresses
Looking up IPv6...
2019 Aug 30
5
backup AD content
I happily and trustfully use Louis' backup-script from
https://github.com/thctlo/samba4
to dump AD content via cronjob.
Is it necessary/recommended to do that on *each* samba DC? Is there
something server-specific in the dump(s) or is it enough to do that once
per domain?
thanks ...
2016 Dec 30
7
ADS domain member: winbind fails
...ts
> > 127.0.0.1 localhost
> > # The following lines are desirable for IPv6 capable hosts
> > ::1 localhost ip6-localhost ip6-loopback
> > ff02::1 ip6-allnodes
> > ff02::2 ip6-allrouters
> >
> > # This server name and ip.
> > 10.0.0.221 main.arbeitsgruppe.secret.tld main
> > 10.0.0.224 backup.arbeitsgruppe.secret.tld backup
> >
> >
> > Second. Post you resolv.conf that was asked already.
> > That should contain something like:
> > search arbeitsgruppe.secret.tld
> > Server IP_of_DC
> >
> >
>...
2018 May 17
2
DNS entry for resolving the DC
...should do something additional:
We had a mixed setup in the field, some PCs had a WINS server
configured, some not. We removed the WINS info from DHCP and saw no new
problems (we wanted to have things the same way on all clients).
Yesterday the local admin tried to join a new PC and entered
"ARBEITSGRUPPE" for the domain to join and not the "long form"
ARBEITSGRUPPE.our.tld
This had worked before many times and we assume it was resolved by WINS
in a way. Now he got (sorry, german):
*********************************************************************
Der Domänenname "ARBEITSG...
2017 Jan 01
3
ADS domain member: winbind fails [SOLVED]
...gidNumber=*))' sAMAccountName
uidNumber gidNumber -P | grep uidN | sort -n
... shows me uidNumbers:
uidNumber: 0
uidNumber: 1000
.. up to 1077
So my idmap range was completely wrong, I assume.
I now have on the member server:
# cat /etc/samba/smb.conf
[global]
security = ADS
workgroup = ARBEITSGRUPPE
realm = arbeitsgruppe.secret.tld
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
#idmap config * : range = 2000-2999
## idmap config for the ARBEITSGRUPPE domain
idmap config ARBEITSGRUPPE:backend = ad
idmap config ARBEITSGRUPPE:range = 1000-9999
username...
2016 Dec 30
3
ADS domain member: winbind fails
...ade ?
> > I don't think it is, can I suggest you remove any and all lines you
> > have added and restart samba
>
> that was the output of testparm
Ah, can I introduce you to 'samba-tool testparm'
>
> smb.conf on DC:
>
>
> [global]
> workgroup = ARBEITSGRUPPE
> realm = arbeitsgruppe.secret.tld
> netbios name = BACKUP
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 10.0.0.254
>
> [netlogon]
> path = /var/lib/samba/sysvol/arbeitsgruppe.secret.tld/scripts
> read only...
2017 Sep 25
1
Domain member server: user access
Am 2017-09-25 um 16:29 schrieb Rowland Penny via samba:
>> DC # samba-tool user create kamleitnerl Le26xxx
>> --nis-domain=arbeitsgruppe --unix-home=/home/kamleitnerl
>> --uid-number=10070 --login-shell=/bin/false --gid-number=100
>>
>
> Where did you get the GID '100' from ?
> Is this the gidNumber for Domain Users ?
I think so:
# wbinfo --gid-info=100
ARBEITSGRUPPE\domain users:x:100:
?
> Can...
2016 Dec 30
3
ADS domain member: winbind fails
...my head.
Why does it "contact" a domain called "MAIN" ? that is the hostname of
that server, not the domain name!
would be nice to get a quick reply, I am at the customer and this should
work asap ....
Thanks!
->
[global]
security = ADS
workgroup = ARBEITSGRUPPE
realm = ARBEITSGRUPPE.MY.TLD
map to guest = Bad User
log file = /var/log/samba/%m.log
log level = 3
idmap config * : backend = tdb
idmap config * : range = 3000-7999
## idmap config for the ARBEITSGRUPPE domain
idmap config...
2017 Dec 04
2
GID range full!!
.../winbindd/idmap_tdb_common.c:140(idmap_tdb_common_allocate_id)
Error allocating a new GID
[2017/11/27 11:25:02.768213, 1]
../source3/winbindd/idmap_tdb_common.c:68(idmap_tdb_common_allocate_id_action)
Fatal Error: GID range full!! (max: 2999)
I increased this from 2999 to 9999:
idmap config arbeitsgruppe:schema_mode = rfc2307
idmap config arbeitsgruppe:range = 10000-9999999
idmap config arbeitsgruppe:backend = ad
idmap config * : range = 2000-9999
idmap config * : backend = tdb
and restarted smbd/nmbd/winbindd
Today it crashed again, but without those lines:
[2017/11/27 11:25:02.768228, 1]...
2016 Dec 30
2
ADS domain member: winbind fails
And in addition to Rowlands comments..
Correct you hosts file to
/etc/hosts
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# This server name and ip.
10.0.0.221 main.arbeitsgruppe.secret.tld main
10.0.0.224 backup.arbeitsgruppe.secret.tld backup
Second. Post you resolv.conf that was asked already.
That should contain something like:
search arbeitsgruppe.secret.tld
Server IP_of_DC
Remove
map to guest = Bad User
from you smb.conf the default is ok.
Try that and see...
2017 Dec 04
2
GID range full!!
Am 2017-12-04 um 12:42 schrieb Rowland Penny:
> II take it that 'arbeitsgruppe' is the workgroup name, it should be
> 'ARBEITSGRUPPE' in the 'idmap config' lines.
The output of testparm shows them lowercase, smb.conf has it in uppercase:
[global]
security = ADS
workgroup = ARBEITSGRUPPE
realm = arbeitsgruppe.hidden.tld...
2019 Feb 22
4
Debian 9.8 and vanbelle-repos
...g on the bonding settings, you might have hit a reserved name.
I lots my docu on that but i know i configured a bond1 because bond0 didn work right.
And then check these.
wbinfo -pPt ( or wbinfo -p && wbinfo -P && wbinfo -t )
wbinfo --sids-to-unix-ids S-1-22-2-10513
wbinfo -D ARBEITSGRUPPE
wbinfo --all-domains
My bonding setup..
cat /etc/systemd/network/30-bond1*
# /etc/systemd/network/30-bond1-dev1.network
[Match]
MACAddress=78:2b:xx:xx:xx:xx
[Network]
Bond=bond1
# /etc/systemd/network/30-bond1-dev2.network
[Match]
MACAddress=78:2b:xx:xx:xx:xx
[Network]
Bond=bond1
# /etc/sys...
2017 Jan 01
2
ADS domain member: winbind fails [SOLVED]
...xcept that "root", I was unsure now (?)
gidNumber:
# ldbsearch -H /var/lib/samba/private/sam.ldb cn=Domain\ Users | grep
'gidNumber'
gidNumber: 10001
-
smb.conf on member:
idmap config * : backend = tdb
idmap config * : range = 2000-2999
idmap config ARBEITSGRUPPE:backend = ad
idmap config ARBEITSGRUPPE:range = 10000-99999
idmap config ARBEITSGRUPPE:schema_mode = rfc2307
username map = /etc/samba/user.map
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refr...
2017 Sep 25
2
Domain member server: user access
...zonden: maandag 25 september 2017 16:40
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Domain member server: user access
>
> Am 2017-09-25 um 16:29 schrieb Rowland Penny via samba:
>
> >> DC # samba-tool user create kamleitnerl Le26xxx
> >> --nis-domain=arbeitsgruppe --unix-home=/home/kamleitnerl
> >> --uid-number=10070 --login-shell=/bin/false --gid-number=100
> >>
> >
> > Where did you get the GID '100' from ?
> > Is this the gidNumber for Domain Users ?
>
> I think so:
>
> # wbinfo --gid-info=100
&...
2018 Jan 16
3
Failed to finalize nt token
...s as well.
main # smbclient -L main -U kamleitnerl%hispw
session setup failed: NT_STATUS_UNSUCCESSFUL
maybe https://bugzilla.samba.org/show_bug.cgi?id=10604, I am not sure.
--- log on main:
Processing section "[global]"
doing parameter security = ADS
doing parameter workgroup = ARBEITSGRUPPE
doing parameter realm = arbeitsgruppe.hidden-tld.at
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 4
doing parameter idmap config * : backend = tdb
doing parameter idmap config * : range = 2000-3999
doing parameter idmap config ARBEITSGRUPPE:backend = ad...
2018 May 17
0
DNS entry for resolving the DC
...ld, some PCs had a WINS server
> configured, some not. We removed the WINS info from DHCP and saw no
> new problems (we wanted to have things the same way on all clients).
Doesn't this tell you anything ?
>
> Yesterday the local admin tried to join a new PC and entered
> "ARBEITSGRUPPE" for the domain to join and not the "long form"
> ARBEITSGRUPPE.our.tld
You mean, he used the netbios domain name instead of the dns domain
name.
>
> This had worked before many times and we assume it was resolved by
> WINS in a way. Now he got (sorry, german):
Guess...
2017 Dec 28
2
2nd samba DC: NT_STATUS_NO_LOGON_SERVERS
...n_Existing_Active_Directory
replication works afai see
-
We wanted to test services after turning off the first DC, and running
ADC2 and a DM file-server only.
DC1/backup: 10.0.0.224
ADC2: 10.0.0.230
We then get NT_STATUS_NO_LOGON_SERVERS
On the DM server "main" we get:
# nmblookup ARBEITSGRUPPE#1c
added interface em1 ip=10.0.0.221 bcast=10.0.0.255 netmask=255.255.255.0
10.0.0.224 ARBEITSGRUPPE<1c>
10.0.0.230 ARBEITSGRUPPE<1c>
# nmblookup ARBEITSGRUPPE#1b
added interface em1 ip=10.0.0.221 bcast=10.0.0.255 netmask=255.255.255.0
10.0.0.224 ARBEITSGRUPPE<1b>
-
adc2:~# s...
2016 Dec 30
2
ADS domain member: winbind fails
...u have added and restart samba
> >>
> >> that was the output of testparm
> >
> > Ah, can I introduce you to 'samba-tool testparm'
> >
> >>
> >> smb.conf on DC:
> >>
> >>
> >> [global]
> >> workgroup = ARBEITSGRUPPE
> >> realm = arbeitsgruppe.secret.tld
> >> netbios name = BACKUP
> >> server role = active directory domain controller
> >> idmap_ldb:use rfc2307 = yes
> >> dns forwarder = 10.0.0.254
> >>
> >> [netlogon]
> >> path
&...
2017 Sep 01
2
user works on DC, not on DM
...T_FOUND
Could not get info for user hansi
main ~ # wbinfo -a hansi%Kwaksi29+
plaintext password authentication succeeded
challenge/response password authentication succeeded
main ~ # wbinfo -u | grep hansi
hansi
Sure, we restarted the daemons, even rebooted the server.
on DC:
# wbinfo -i hansi
ARBEITSGRUPPE\hansi:*:3000044:100::/home/ARBEITSGRUPPE/hansi:/bin/false
I noticed the --------^^^^^^^ id ... and checked against the id range
on the DM:
[global]
realm = ARBEITSGRUPPE.THEIR.TLD
workgroup = ARBEITSGRUPPE
log file = /var/log/samba/%m.log
load printers = No
printcap name = /dev/null
secu...
2016 Dec 30
2
ADS domain member: winbind fails
Am 2016-12-30 um 12:10 schrieb Rowland Penny via samba:
> Was Samba running before the join ?
I can't tell that anymore as I did hundreds of things inbetween.
> Remove this line from your smb.conf:
>
> idmap config ARBEITSGRUPPE:schema_mode = rfc2307
>
> It is not required as you are using the winbind 'rid' backend.
"rid" was just a try as "ad" didn't work and I had no more ideas ...
I 'd maybe prefer "ad" ?
> Try stopping all Samba processes, then leave the domain...