search for: cerruti

....605573,  3] >> ../source3/winbindd/winbindd_samr.c:659(sam_sid_to_name) >>   sam_sid_to_name >> >> >> how can i do ?? >> >> > Please post your smb.conf > > Rowland > -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Fac...

...sorry but nothing happen [root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep gidNumber | awk '{print $NF}' [root at dc1 ~]# -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Fac...

Hello Rowland and thanks for fast answer according with your suggestion i modified my smb.conf like this: [global]         lanman auth = Yes         log file = /var/log/samba/%m.log         ntlm auth = ntlmv1-permitted         realm = LXCERRUTI.COM         security = ADS         winbind offline logon = Yes         winbind use default domain = Yes         workgroup = LXCERRUTI         idmap config lxcerruti : unix_nss_info = yes         idmap config lxcerruti : schema_mode = rfc2307         idmap config lxcerruti : range = 3000-7999...

...>> En yes, for each policy you need to klik on these once. ( >>>> in the gpo policy objects in GPO editor ) >>>> ok >>>>> Can you post smb.conf >>>> [global] >>>>         netbios name = DC1 >>>>         realm = LXCERRUTI.COM >>>>         server role = active directory domain controller >>>>         workgroup = LXCERRUTI >>>>         idmap_ldb:use rfc2307 = yes >>>>         log level = 1 >>>> >>>> [netlogon] >>>>      ...

...h policy you need to klik on these once. ( >>>>> in the gpo policy objects in GPO editor ) >>>>> ok >>>>>> Can you post smb.conf >>>>> [global] >>>>>            netbios name = DC1 >>>>>            realm = LXCERRUTI.COM >>>>>            server role = active directory domain controller >>>>>            workgroup = LXCERRUTI >>>>>            idmap_ldb:use rfc2307 = yes >>>>>            log level = 1 >>>>> >>>>> [netlogon] &...

> It looks like Domain Users does not have a gidNumber attribute, '100' > is the default ID set by Samba in idmap.ldb on a DC. can i change this id or is better if i change id in my userers/folders ?? > How did you carry out the classicupgrade and what from ? like wiki.samba.org suggest in classicupgrade and i used samba 4.9.1 compiled from source -- *Corrado Ravinetto *

Hai, I see : ldap://lxcerruti.com So its setup with a top level domain internaly. Correct ? Check if resolv.conf contains: search lxcerruti.com nameserver IP-OF_THE_DC1 And make very sure you DNS request dont goto the internet. Monitor you gateway and outgoing dns traffic. Just a warning about this. > > > Wha...

Il 26/10/2018 14:49, Rowland Penny via samba ha scritto: > Please post the smb.conf from the PDC. [global]         workgroup = LXCERRUTI         netbios name = SRVCERRUTI         server string = Samba PDC - Versione %v         passwd program = /usr/bin/passwd %u         passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*update*successfully*         lanman auth = Yes     ...

...Did you run the upgrade as 'root' ? yes > Was the output from the upgrade similar to the example on the wiki > page, without errors ? yes if you want, i can destroy my domain and set up new one from scratch -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Fac...

...618 713 553 690 757 501 501 679 501 528 517 501 more,more,more > They should both print a string of numbers, if either doesn't then > there is your problem, but why, is another question. i have many numbers :-) -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Fac...

On Mon, 29 Oct 2018 10:39:21 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > MAGIC !! > after last email i can see my groups in member : > > dr-xr-xr-x.  11 root     g_cerruti          4096 19 ott 10.43 > AntiVirus drwxrwx---.   8 root     g_comdise          4096  7 ott > 2017 CommDise drwxrwx---.   2 root     g_datidirezione       6 21 > apr  2007 DatiDirezione > > very good :-) > > Il 29/10/2018 10:06, Rowland Penny via samba ha scritto: > &gt...

Il 31/10/2018 16:59, Rowland Penny via samba ha scritto: > The 'idmap config' doesn't work on a DC. > The 'winbind' line doesn't work on a DC. ok, this smb.conf is default from classicupgrade i take out they > Do you really need an insecure auth method ? why ?? > Who was the user you where trying to connect as ? a normal user i tried also with users with

...sorry, are all AD users >> i tried also with users with password and without > All users should have a password, they should also exist in AD. yes, but some users have password blank thanks a lot have a good we -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Fac...

Il 05/11/2018 12:09, Rowland Penny via samba ha scritto: > Is 'massaro' one of your existing users carried over by the > classicupgrade ? yes it is, i checked also other users but id is correct : [root at dc1 var]# getent passwd cerr2012 LXCERRUTI\cerr2012:*:570:513::/home/LXCERRUTI/cerr2012:/bin/false [root at dc1 var]# getent passwd dado LXCERRUTI\dado:*:500:513::/home/LXCERRUTI/dado:/bin/false [root at dc1 var]# getent passwd magfilati LXCERRUTI\magfilati:*:597:513::/home/LXCERRUTI/magfilati:/bin/false [root at dc1 var]# getent passwd giu...

On Fri, 26 Oct 2018 12:57:52 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Fri, 26 Oct 2018 13:50:44 +0200 > Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > > > > > > > Il 26/10/2018 13:45, Rowland Penny via samba ha scritto: > > > ldbsearch -Hldap://$(hostname -s) -k yes -P > > >

...r a Unix domain member ? If you are compiling Samba yourself, have you created the libnss_winbind links ? See here: https://wiki.samba.org/index.php/Libnss_winbind_Links Have you set up PAM ? See here: https://wiki.samba.org/index.php/Authenticating_Domain_Users_Using_PAM > > [root at srvcerruti ~]# getent passwd administrator This should only return anything on a DC or a Unix domain member using the winbind 'rid' backend, but you shouldn't use Administrator directly on a Unix machine. > [root at srvcerruti ~]# wbinfo --group-info='Domain users' > domain users:x...

Hallo at all after classicupgrade in my production environment, i found many of this alert in log.wb-LXDOM [2018/11/29 12:07:55.180009,  3] ../source3/winbindd/winbindd_rpc.c:272(rpc_name_to_sid)   name_to_sid: LXDOM\SPECOLA8$ for domain LXDOM [2018/11/29 12:07:55.181274,  3] ../source3/winbindd/winbindd_samr.c:659(sam_sid_to_name)   sam_sid_to_name [2018/11/29 12:07:55.837701,  3]

...10/2018 10:48, Rowland Penny via samba ha scritto: > I am willing to lay money that the gidNumber attribute for Domain Users > contains '513', if so, your ranges are not compatible are yuo a wizard ?? :-) > > What does 'wbinfo --group-info Domain\ Users' return ? on dc LXCERRUTI\domain users:x:100: :-( on member , after i added     idmap config LXCERRUTI : backend = ad Could not get info for group Domain Users > Have you run 'net cache flush' on the Unix domain member ? yes -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerrut...

...and Penny via samba ha scritto: > > ldbsearch -Hldap://$(hostname -s) -k yes -P > > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > > gidNumber | awk '{print $NF}' > > [root at dc1 ~]# wbinfo --group-info='domain users' > LXCERRUTI\domain users:x:100: > [root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > gidNumber | awk '{print $NF}' > [root at dc1 ~]# > > nothing :-( > Then either you do not have the l...

On Fri, 26 Oct 2018 16:47:52 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > thank you for your comprehension > > Il 26/10/2018 16:40, Rowland Penny via samba ha scritto: > > OK, two further ldbsearches: > > > > ldbsearch -Hldap://$(hostname -s) -k yes -P > > '(&(samaccountname=*)(uidNumber=*))' uidNumber | grep uidNumber