search for: ldbedit

...PM, Rowland Penny via samba wrote: > If you need to edit the NCs in sam.ldb.d, use '--cross-ncs' with the > ldb command, this allows you safely change things. There have been > reports of AD being destroyed by directly editing the ldb's in sam.ldb.d Looking at the man page of ldbedit, I see no reference to --cross-ncs Tried: > ldbedit --cross-ncs -e nano -H ./CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=COM but that gives the ldbedit --help page. MJ

Hello all, When I run ldbedit on idmap.ldb some of my SIDs seem to be missing. The below output demonstrates the problem quite clearly: root at server:/# wbinfo -n administrator S-1-5-21-3663128747-3839060396-3176805764-500 SID_USER (1) root at server:/# ldbedit -e /usr/bin/vim -H /var/lib/samba/private/idmap.ldb objectsid=S-1...

On 04/01/16 23:26, Jonathan Hunter wrote: > The story gets deeper, also.. (nothing is ever easy, right? :-)) > > Using the ldbsearch command above, I could at least view the SIDs that have > access to the OU. > > One of them should be a group called "mysecretou Managers"; I can see from > ADUC that my user is indeed still a member of this group (so far, so good).

On 05/01/16 21:24, Jonathan Hunter wrote: > On 5 January 2016 at 15:02, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > >> I'll try to use ldbedit to grant myself permissions on the OU again .. Is >> ldbedit safe to use: >> >> - on a running Samba server (or do I need to stop samba) >> - in a multi-DC environment (or do I need to run it and make the same >> changes on each DC) >> > Answering my own quest...

...rrent SAMBA "4.3.6-GIT-UNKNOWN" One account name "produktion-a" resulted in some "weird" chars within the CN string: CN=Produktion A-Studio (alt?),CN=Users,DC=srg2,DC=local which seems to make further problems - i.e. the records inaccessible by samba-tool and ldbedit: ~# samba-tool dbcheck --fix Checking 448 objects ERROR: incorrect GUID component for member in object CN=redaktion,CN=Users,DC=srg2,DC=local - <GUID=35115b3b-264b-431f-a8a0-e2812d434fde>;<SID=S-1-5-21-3768878909-3194017282-2874830551-1170>;CN=Produktion A-Studio (alt?),CN=Users,DC=sr...

On 5 January 2016 at 15:02, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > I'll try to use ldbedit to grant myself permissions on the OU again .. Is > ldbedit safe to use: > > - on a running Samba server (or do I need to stop samba) > - in a multi-DC environment (or do I need to run it and make the same > changes on each DC) > Answering my own question here... it would appear n...

...in as root on the DC >> itself >> - but how do I view the permissions and edit them from the commandline? >> > > They are stored in a hidden attribute called 'nTSecurityDescriptor' and if > you want to see it, you will have to explicitly ask for it e.g. > > ldbedit -e nano -H /usr/local/samba/private/sam.ldb -b > OU=SUDOers,DC=samdom,DC=example,DC=com -s sub > "(&(objectClass=organizationalUnit)(objectCategory=organizationalUnit))" > nTSecurityDescriptor > Perfect, thank you - I can now see this attribute. I also figured out that by...

Dear All, Need some advise on a Missing DNS entry I've a missing DNS entry where it will now show on the RAST tools but still it can be query... I try ldbedit and it show below Do you think I should delete this record and recreate it again? or there is a better way. Thank You Regards, Min Wai ldbedit -e nano -H /var/lib/samba/private/sam.ldb --show-binary --cross-ncs -b "DC=kl01.amtb-.org.my,CN=MicrosoftDNS,DC=DomainDnsZones,DC=kl01,DC=amtb-m,D...

Hi How do I ldbedit this dn? CN=*,OU=auto.users,ou=automount,DC=bar,DC=foo It's the * that I can't get. Cheers, Steve

...t; itself >>> - but how do I view the permissions and edit them from the commandline? >>> >> >> They are stored in a hidden attribute called 'nTSecurityDescriptor' and >> if you want to see it, you will have to explicitly ask for it e.g. >> >> ldbedit -e nano -H /usr/local/samba/private/sam.ldb -b >> OU=SUDOers,DC=samdom,DC=example,DC=com -s sub >> "(&(objectClass=organizationalUnit)(objectCategory=organizationalUnit))" >> nTSecurityDescriptor >> > > Perfect, thank you - I can now see this attribute. I...

Hello, after migration from a NT style domain to Samba AD (running 4.7.8) with the classicupgrade method I have two group objects in the AD tree with german umlauts which I can't access or delete. When I try I get a error which says literally "object not found on the server". Same when using other LDAP tools. It's not a great problem, but how can I get rid of this two group

Hi, dbcheck tells us we have two "dangling forward links" that I am trying to get rid of. On my test domain, I have simply done ldbedit -e nano -H ./CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=COM to remove them. While that seems to have worked nicely, dbcheck report zero errors now, it is something that I should never have done, or do in production, according to Andrew: "We realise this is a difficult problem for you and oth...

...org,dc=uk [...] # returned 127 records # 127 entries # 0 referrals Even logging in as MYDOMAIN\Administrator I can't view or change the permissions of ou=mysecretou using ADUC/ADSIEdit (This is exactly as I originally set it). So, how can I change the permissions from the commandline? Do I use ldbedit on a with different parameters, or on a separate ldb file? Is there a "ldapmodify" command I can run - this would presumably work better, as any changes would then be replicated to other DCs as well. Thanks! Jonathan -- "If we knew what it was we were doing, it would not be calle...

...(my user object shows it listed via 'Member Of' in ADUC). However, I cannot view the group's members - probably related to the object for the group itself actually being inside the errant OU with the strict permissions (although I am definitely a member, as above) I'll try to use ldbedit to grant myself permissions on the OU again .. Is ldbedit safe to use: - on a running Samba server (or do I need to stop samba) - in a multi-DC environment (or do I need to run it and make the same changes on each DC) ? :) Ta J

...t for convenience and if you like nano (nobody's perfect ;p ) you can > "export EDITOR=/path/to/your/nano" to avoid "-e nano" on command line. Add > that export to your .bashrc and others apps needed an editor would have a > change to use nano too. > > Back to ldbedit: > ldbedit -H $sam > 'CN=Guest,CN=Users,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr' > no matching records - cannot edit > > Damned! Why? ldbedit is not working with DN as do ldbdel but use searches > as do most of tools. The right way to use is: > ldbedit -H $sam 'CN=...

...an't delete it? First for convenience and if you like nano (nobody's perfect ;p ) you can "export EDITOR=/path/to/your/nano" to avoid "-e nano" on command line. Add that export to your .bashrc and others apps needed an editor would have a change to use nano too. Back to ldbedit: ldbedit -H $sam 'CN=Guest,CN=Users,DC=ad,DC=dgfip,DC=finances,DC=gouv,DC=fr' no matching records - cannot edit Damned! Why? ldbedit is not working with DN as do ldbdel but use searches as do most of tools. The right way to use is: ldbedit -H $sam 'CN=Guest' -b 'CN=Users,DC=ad,...

On Mon, 23 Jul 2018 11:27:38 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > How are you searching and what with ? I used the ADUC tool and LDAPAdmin. > > Have you tried ldbedit ? > > ldbedit -e <your favourite editor> -H /path/to/sam.ldb > > This will display everything in the editor and you can then search in > that for the groups. You should then be able to create a filter to > delete the groups Yes, the objects in question are displayed, on...

...n/samba-tool group add SambaTool-DL-Sec --group-scope=Domain --group-type=Security Added group SambaTool-DL-Sec getent group shows nothing root at dc1:~# /usr/local/samba/bin/wbinfo -n SambaTool-DL-Sec S-1-5-21-3390367671-3527586854-3401016232-1128 SID_ALIAS (4) root at dc1:~# /usr/local/samba/bin/ldbedit -e vi -H /usr/local/samba/private/idmap.ldb objectsid=S-1-5-21-3390367671-3527586854-3401016232-1128 no matching records - cannot edit Shows in ADUC. root at dc1:~# /usr/local/samba/bin/samba-tool group add SambaTool-GG-Sec --group-scope=Global --group-type=Security Added group SambaTool-GG-Sec...

...;3000009' on the DC 'Everyone' >> Permissions are fine, but migration did not create "Users" group in AD. >> How can I resolve it? > I would be very very surprised if it hasn't been created, 'wbinfo -g' > will not show it though, try this: > ldbedit -e nano -H /var/lib/samba/private/sam.ldb > '(&(objectclass=group)(cn=users))' # editing 1 records # record 1 dn: CN=Users,CN=Builtin,DC=ads,DC=ccenter,DC=lan cn: Users description: Users are prevented from making accidental or intentional system- wide changes and can run most app...

Hi, Does anyone have experience of using ldbedit or similar, to remove the duplicates below? (Is that even the right way for me to go?) Can I perhaps query something using ldbsearch, to find the duplicates, before using ldbedit? On Sun, 18 Nov 2018 at 21:37, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > [...] > In my database, as...