search for: humgen

...uld find. I've said I'm desperate... Please see the configs and the tests. May the force be with you :) Many thanks in advance! Environment: Ubuntu Server 16.04.1 + Samba 4.3.9 ### DOMAIN CONTROLLER root at hg-dc1:/etc/samba# cat smb.conf # Global parameters [global] workgroup = HUMGEN realm = HUMGEN.0ZONE netbios name = HG-DC1 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc idmap_ldb:use rfc2307 = yes dns-nameservers 127.0.0.1 tls...

...se see the configs and the tests. May the force be with you :) > > Many thanks in advance! > > Environment: Ubuntu Server 16.04.1 + Samba 4.3.9 > > ### DOMAIN CONTROLLER > root at hg-dc1:/etc/samba# cat smb.conf > # Global parameters > [global] > workgroup = HUMGEN > realm = HUMGEN.0ZONE > netbios name = HG-DC1 > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc > > idmap_ldb:use rfc2307 = yes >...

...amba - General mailing list wrote >> >> [2017/01/11 16:42:34.522067, 1] >> >> ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token) >> >> gss_accept_sec_context failed with [ Miscellaneous failure (see >> >> text): Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) >> >> in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] >> >> [2017/01/11 16:42:34.522095, 1] >> >> ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit) >> >> SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STAT...

...error on the domain_member_file_server in the file <IP-address-of-client.log> saying: >>> [2017/01/11 16:42:34.522067, 1] ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] [2017/01/11 16:42:34.522095, 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit) SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE [2017/01/11 16:42:34.525704, 1] ../lib/param/loadparm....

...ogons = NO" and this is default. >> Please note also the behavior of "hosts allow ... except" on the AD-DC >> >> here it comes... >> >> root at hg-dc1:/etc/samba# cat smb.conf >> ## Global parameters >> [global] >> workgroup = HUMGEN >> realm = HUMGEN.0ZONE >> netbios name = HG-DC1 >> server role = active directory domain controller >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >> drepl, winbindd, ntp_signd, kcc >> #dnsupdate >> ## all dns...

Samba - General mailing list wrote >> [2017/01/11 16:42:34.522067, 1] >> ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token) >> gss_accept_sec_context failed with [ Miscellaneous failure (see text): >> Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) in keytab >> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] >> [2017/01/11 16:42:34.522095, 1] >> ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit) >> SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE > > Looks li...

...NO", if "domain > logons = NO" and this is default. > Please note also the behavior of "hosts allow ... except" on the AD-DC > > here it comes... > > root at hg-dc1:/etc/samba# cat smb.conf > ## Global parameters > [global] > workgroup = HUMGEN > realm = HUMGEN.0ZONE > netbios name = HG-DC1 > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc > #dnsupdate > ## all dns and dhcp is static for humg...

...ease note also the behavior of "hosts allow ... except" on the > >> AD-DC > >> > >> here it comes... > >> > >> root at hg-dc1:/etc/samba# cat smb.conf > >> ## Global parameters > >> [global] > >> workgroup = HUMGEN > >> realm = HUMGEN.0ZONE > >> netbios name = HG-DC1 > >> server role = active directory domain controller > >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > >> drepl, winbindd, ntp_signd, kcc > >>...

...scriptPath was configured: \\member_server\netlogon\login.bat. 3. To bind the homeDrive I had to put a colon (:) after the drive letter. 4. (question = how changing/correct surname, givenName?) wbinfo output is slightly different on ad-dc and domain member with regard to the Geckos On the ad-dc: HUMGEN\test:*:9439:5000: WT. Test --given-name=Want To:/home/HUMGEN/test:/bin/false The Geckos on ad-dc are composed from initials + surname + givenName. On the domain member (real Geckos field or may be description) : test:*:9439:5000:Want to Test://hg004.humgen.0zone/test/linhome:/bin/bash The Geckos...

...ctly. I will... > You must be using an old version of samba-tool, it doesn't do that now. Version 4.3.9 from the last fresh ubuntu LTS. And I asked on FreeNode, they would not upgrade to the 4.4. branch if 4.3 hasn't bugs... > No they are not: > > dn: CN=test,CN=Users,DC=humgen,DC=0zone > ...... > primaryGroupID: 513 Oh, I hoped winbind would give me: uidNumber: 9439 gidNumber: 5001 ... from the posix attributes > This makes the users primary group 'Domain Users' and as such, the > primary group must have a gidNumber, or all your users will be...

...colon (:) after the drive letter. > > 4. (question = how changing/correct surname, givenName?) > wbinfo output is slightly different on ad-dc and domain member with > regard to the Geckos I think you mean 'gecos', a Gecko is a type of lizard ;-) > > On the ad-dc: > HUMGEN\test:*:9439:5000: WT. Test --given-name=Want > To:/home/HUMGEN/test:/bin/false > > The Geckos on ad-dc are composed from initials + surname + givenName. > > On the domain member (real Geckos field or may be description) : > test:*:9439:5000:Want to > Test://hg004.humgen.0zone...

...; wrote: > Samba - General mailing list wrote > >> [2017/01/11 16:42:34.522067, 1] > >> ../source3/librpc/crypto/gse.c:496(gse_get_server_auth_token) > >> gss_accept_sec_context failed with [ Miscellaneous failure (see > >> text): Failed to find cifs/hg004.humgen.0zone at HUMGEN.0ZONE(kvno 1) > >> in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] > >> [2017/01/11 16:42:34.522095, 1] > >> ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit) > >> SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE...

Thank you Rowland for looking into this! >> WHAT I DO NOT GET CORRECTLY are the UID and GID of users and groups >> on the domain member (PARTIALLY DEPENDING if I have the lines with >> "idmap config *:..." or not ??? - see below) > « [hide part of quote] > > Have you added uidNumber & gidNumber attributes to the user & > groupobjects in AD ?

...uld not upgrade to the 4.4. branch if > 4.3 hasn't bugs... Ubuntu will not want to materially change an LTS version and Samba changes so fast, in fact version 4.5.0 is slated for release in min September. > > > > No they are not: > > > > dn: CN=test,CN=Users,DC=humgen,DC=0zone > > ...... > > primaryGroupID: 513 > > Oh, I hoped winbind would give me: > uidNumber: 9439 > gidNumber: 5001 > ... from the posix attributes > Well, it will use the uidNumber as the users Unix UID, but winbind will use the gidNumber attribute from '...

...Number inside the range > > 5000-30000 ? > > No, Domain Users has no GID. > Until now it was unimportant to me. All my users are in the group > "hg_allg" with GID 5001. As primary group in unix passwd in the old > NT domain. No they are not: dn: CN=test,CN=Users,DC=humgen,DC=0zone ...... primaryGroupID: 513 This makes the users primary group 'Domain Users' and as such, the primary group must have a gidNumber, or all your users will be ignored by winbind. Do not think of changing the users primaryGroupID, windows expects all users to be members of 'Domai...