search for: dsdb_access

...entually it hits "host" resolution and uses /etc/hosts to resolve the name. Changing the directive so that "host" is first and then re-running the command just removes the lmhosts errors; however the "ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - <dsdb_access: Access check failed ..." is still present. ----- On May 22, 2019, at 11:52 AM, Mike Ray mray at xes-inc.com wrote: > Setting the log level to 10 shows this blurp in the output of the ldapcmp > command: > > resolve_lmhosts: Attempting lmhosts lookup for name > dc3.otherintern...

...it hits "host" resolution and uses /etc/hosts to resolve the name. > > Changing the directive so that "host" is first and then re-running the command just removes the lmhosts errors; however the "ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - <dsdb_access: Access check failed ..." is still present. > > ----- On May 22, 2019, at 11:52 AM, Mike Ray mray at xes-inc.com wrote: > >> Setting the log level to 10 shows this blurp in the output of the ldapcmp >> command: >> >> resolve_lmhosts: Attempting lmhosts lookup f...

...t;>> >>> Whats the result.? >> The failure is still present -- no change in the output of the command: >> >> # samba-tool ldapcmp dc3.domain.local dc5.domain.local DNSFOREST >> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - >> <dsdb_access: Access check failed on CN=Configuration,DC=domain,DC=local> <> >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in >> _run >> return self.run(*args, **kwargs) >> File "/usr/lib/python2.7/dist-packages/samba...

...OS? Content of /etc/hosts /etc/resolv.conf /etc/nsswitch.conf /etc/samba/smb.conf > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mike > Ray via samba > Verzonden: woensdag 22 mei 2019 16:48 > Aan: samba > Onderwerp: [Samba] dsdb_access Access check failed on CN=Configuration > > All- > > I've got 3 DCs (version 4.9.6-12) that, prior to today, were > running without issue (as best I could tell). > > Every night I run a few commands to monitor the status of the > DCs/domain. I run: > * dbcheck --...

...n dc5.your.dns.domain.tld ... >> >> Whats the result.? > The failure is still present -- no change in the output of the command: > > # samba-tool ldapcmp dc3.domain.local dc5.domain.local DNSFOREST > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - <dsdb_access: Access check failed on CN=Configuration,DC=domain,DC=local> <> > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py"...

> OK -- I fixed this issue. > > The fix also fixed the issue where the following ldapsearch command use to return but no longer did: > # ldapsearch -x -H ldap://DC -b dc=domain,dc=local "(&(gidNumber=xxxx)(!(uidNumber=*)))" > > The answer is that I needed to re-add "acl:search = no" to the smb.conf to all DCs. > > The question is why? > > I

OK -- I fixed this issue. The fix also fixed the issue where the following ldapsearch command use to return but no longer did: # ldapsearch -x -H ldap://DC -b dc=domain,dc=local "(&(gidNumber=xxxx)(!(uidNumber=*)))" The answer is that I needed to re-add "acl:search = no" to the smb.conf to all DCs. The question is why? I upgraded from a custom compiled Samba ~4.0 to

No -- we never ran classicupgrade. We created the original DCs with a custom package (that should be close, but not exactly the same as 4.0.6). We then took a fresh 4.9 DC, joined it to the old domain, removed the old DCs and transferred the FSMO roles. As our original DCs should be close to 4.0.6, I would think this bug doesn't quite apply as it was supposedly fixed by 4.0.1. ----- On May

> > OK -- I fixed this issue. > > > > The fix also fixed the issue where the following ldapsearch command use to return but no longer did: > > # ldapsearch -x -H ldap://DC -b dc=domain,dc=local "(&(gidNumber=xxxx)(!(uidNumber=*)))" > > > > The answer is that I needed to re-add "acl:search = no" to the smb.conf to all DCs. > > >

...r with the KCC command). However, this morning, I find that the LDAPCMP command is failing on all 3 DCs. The error is the same on all DCs and the same for domain, configuration, etc: # samba-tool ldapcmp dc5 DC3 DNSFOREST ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - <dsdb_access: Access check failed on CN=Configuration,DC=domain,DC=local> <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 972, in run...

...esolution and uses /etc/hosts to resolve the name. >> >> Changing the directive so that "host" is first and then re-running the command >> just removes the lmhosts errors; however the "ERROR(ldb): uncaught exception - >> LDAP error 32 LDAP_NO_SUCH_OBJECT - <dsdb_access: Access check failed ..." is >> still present. >> >> ----- On May 22, 2019, at 11:52 AM, Mike Ray mray at xes-inc.com wrote: >> >>> Setting the log level to 10 shows this blurp in the output of the ldapcmp >>> command: >>> >>> resolve...

On 23/05/2019 20:45, Mike Ray wrote: > OK -- I fixed this issue. > > The fix also fixed the issue where the following ldapsearch command use to return but no longer did: > # ldapsearch -x -H ldap://DC -b dc=domain,dc=local "(&(gidNumber=xxxx)(!(uidNumber=*)))" > > The answer is that I needed to re-add "acl:search = no" to the smb.conf to all DCs. > >

...me -d) DNSFOREST > As in dc5.your.dns.domain.tld ... > > Whats the result.? The failure is still present -- no change in the output of the command: # samba-tool ldapcmp dc3.domain.local dc5.domain.local DNSFOREST ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - <dsdb_access: Access check failed on CN=Configuration,DC=domain,DC=local> <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 972, in run...

...default GPO-s (as in the \SysVol\domain.of\Policies\ folder and subfolders) of my domain. Trying to delete the old GPO-s I run into errors, both in the windows mmc and on the dc with runing samba-tools as root. ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <dsdb_access: Access check failed on CN={97A64DB0-B51D-4A70-80A3-7F47483B0EB2},CN=Policies,CN=System,DC=domain,DC=of > <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run Reprovisioning is not an option; since this is an active, "in use" s...

Hello, I want to delete a OU in my Samba AD. On RSAT I get "Access denied" When I try it with ldapvi I get "dsdb_access: Access check failed on" I have also try to repair the samba DB with samba-tool dbcheck --cross-ncs --fix --yes but that does not solve the problem. The OU is a self generated one. Best regards

...untered a few problems with 2 Samba 4 rc3 DCs serving domain migrated from Windows 2003 R2. I post them altogether, since they look related. 1. Unable to create or delete GPOs. # bin/samba-tool gpo create somegpo ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <dsdb_access: Access check failed on CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com> <> File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.7/site-packages/samba...

...domain.of\Policies\ folder and subfolders) of my domain. >> Trying to delete the old GPO-s I run into errors, both in the windows >> mmc and on the dc with runing samba-tools as root. >> ERROR(ldb): uncaught exception - LDAP error 50 >> LDAP_INSUFFICIENT_ACCESS_RIGHTS - <dsdb_access: Access check failed >> on >> CN={97A64DB0-B51D-4A70-80A3-7F47483B0EB2},CN=Policies,CN=System,DC=domain,DC=of >> > <> >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", >> line 175, in _run If you just lost your sysvol folder con...

...t;domain.of", I just masked it. *Listing of the sysvol folder gives* sysvol # find . . ./domain.of/ ./domain.of/scripts The DC is a *4.1.6 ubuntu* packaged samba Trying to *delete one of the gpo*-s gives: ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <dsdb_access: Access check failed on CN={MASKED},CN=Policies,CN=System,DC=domain,DC=of> <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/gpo.py", l...

...> \SysVol\domain.of\Policies\ folder and subfolders) of my domain. > Trying to delete the old GPO-s I run into errors, both in the windows > mmc and on the dc with runing samba-tools as root. > ERROR(ldb): uncaught exception - LDAP error 50 > LDAP_INSUFFICIENT_ACCESS_RIGHTS - <dsdb_access: Access check failed > on > CN={97A64DB0-B51D-4A70-80A3-7F47483B0EB2},CN=Policies,CN=System,DC=domain,DC=of > > <> > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 175, in _run > > Reprovisioning is not an option; since this is...

Hi Basti, > I want to delete a OU in my Samba AD. > On RSAT I get "Access denied" > When I try it with ldapvi I get "dsdb_access: Access check failed on" > I have also try to repair the samba DB with samba-tool dbcheck > --cross-ncs --fix --yes but that does not solve the problem. > > The OU is a self generated one. what do you mean by "self generated one". If you create a new OU in ADUC, it is...