search for: ldbedited

Hi Rowland, On 10/16/2017 05:13 PM, Rowland Penny via samba wrote: > If you need to edit the NCs in sam.ldb.d, use '--cross-ncs' with the > ldb command, this allows you safely change things. There have been > reports of AD being destroyed by directly editing the ldb's in sam.ldb.d Looking at the man page of ldbedit, I see no reference to --cross-ncs Tried: > ldbedit

Hello all, When I run ldbedit on idmap.ldb some of my SIDs seem to be missing. The below output demonstrates the problem quite clearly: root at server:/# wbinfo -n administrator S-1-5-21-3663128747-3839060396-3176805764-500 SID_USER (1) root at server:/# ldbedit -e /usr/bin/vim -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-3663128747-3839060396-3176805764-500 # 0 adds 0 modifies 0

On 04/01/16 23:26, Jonathan Hunter wrote: > The story gets deeper, also.. (nothing is ever easy, right? :-)) > > Using the ldbsearch command above, I could at least view the SIDs that have > access to the OU. > > One of them should be a group called "mysecretou Managers"; I can see from > ADUC that my user is indeed still a member of this group (so far, so good).

On 05/01/16 21:24, Jonathan Hunter wrote: > On 5 January 2016 at 15:02, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > >> I'll try to use ldbedit to grant myself permissions on the OU again .. Is >> ldbedit safe to use: >> >> - on a running Samba server (or do I need to stop samba) >> - in a multi-DC environment (or do I need to run it and make the

Hi colleagues, it seems i've hit a bug in SAMBA as follows: The local windows network admin of our local radio station filled / transferred some user account data into our new FreeNAS by the Win RSAT. We are setting up SAMBA as a PDC incl. directory service and use the current stable FreeNAS with its current SAMBA "4.3.6-GIT-UNKNOWN" One account name "produktion-a"

On 5 January 2016 at 15:02, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > I'll try to use ldbedit to grant myself permissions on the OU again .. Is > ldbedit safe to use: > > - on a running Samba server (or do I need to stop samba) > - in a multi-DC environment (or do I need to run it and make the same > changes on each DC) > Answering my own question here... it

Thank you, Rowland! On 4 January 2016 at 10:36, Rowland penny <rpenny at samba.org> wrote: > On 04/01/16 01:43, Jonathan Hunter wrote: > >> I can view the data using ldbsearch when logged in as root on the DC >> itself >> - but how do I view the permissions and edit them from the commandline? >> > > They are stored in a hidden attribute called

Dear All, Need some advise on a Missing DNS entry I've a missing DNS entry where it will now show on the RAST tools but still it can be query... I try ldbedit and it show below Do you think I should delete this record and recreate it again? or there is a better way. Thank You Regards, Min Wai ldbedit -e nano -H /var/lib/samba/private/sam.ldb --show-binary --cross-ncs -b

Hi How do I ldbedit this dn? CN=*,OU=auto.users,ou=automount,DC=bar,DC=foo It's the * that I can't get. Cheers, Steve

The story gets deeper, also.. (nothing is ever easy, right? :-)) Using the ldbsearch command above, I could at least view the SIDs that have access to the OU. One of them should be a group called "mysecretou Managers"; I can see from ADUC that my user is indeed still a member of this group (so far, so good). However, "wbinfo -s S-1-5-21-000000000-1111111111-2222222222-1234"

Hello, after migration from a NT style domain to Samba AD (running 4.7.8) with the classicupgrade method I have two group objects in the AD tree with german umlauts which I can't access or delete. When I try I get a error which says literally "object not found on the server". Same when using other LDAP tools. It's not a great problem, but how can I get rid of this two group

Hi, dbcheck tells us we have two "dangling forward links" that I am trying to get rid of. On my test domain, I have simply done ldbedit -e nano -H ./CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=COM to remove them. While that seems to have worked nicely, dbcheck report zero errors now, it is something that I should never have done, or do in production, according to Andrew: "We

Hi, A while ago I successfully set permissions on a section of my LDAP / AD tree, using either ADUC or ADSIEDIT (I forget which). These permissions allowed my own user to access this section of the tree; I removed permissions for 'Domain Admins' etc. to ensure that others would not be able to view or change the data - this has worked great for many months. I have just tried to add a new

On 5 Jan 2016 09:59, "Rowland penny" <rpenny at samba.org> wrote: > > On 04/01/16 23:26, Jonathan Hunter wrote: >> However, "wbinfo -s S-1-5-21-000000000-1111111111-2222222222-1234" does not >> return "DOMAIN\mysecretou Managers" as it should - but rather >> "DOMAIN\mysecretou Managers 2", which is not the name of the group and

2016-05-26 13:51 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Parenthesis are not yet a good idea with Samba. A colleague created users > with parenthesis in CN field and we just can't use ldbsearch to look for > them, as long as we set parenthesis in LDAP filter. We must use wildcard to > avoid the bug (bug because we can use escaped parenthesis in filters with

Parenthesis are not yet a good idea with Samba. A colleague created users with parenthesis in CN field and we just can't use ldbsearch to look for them, as long as we set parenthesis in LDAP filter. We must use wildcard to avoid the bug (bug because we can use escaped parenthesis in filters with ldapsearch, I can be totally wrong but I do believe if ldapsearch permit parenthesis the protocol

On Mon, 23 Jul 2018 11:27:38 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > How are you searching and what with ? I used the ADUC tool and LDAPAdmin. > > Have you tried ldbedit ? > > ldbedit -e <your favourite editor> -H /path/to/sam.ldb > > This will display everything in the editor and you can then search in > that for the groups. You

Here we go again! :) Setup: Ubuntu 12.04.4, Samba 4.1.6 compiled from sources running as AD DC, activated winbind following the wikipage. All on the same server. smb.conf: [global] workgroup = EXAMPLE realm = EXAMPLE.COM netbios name = DC1 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,

Greetings, Rowland Penny! >>> Hi Louis, It works for me >>> This appears in log.smbd on my DC when I run the same command: >>> [2015/03/30 10:15:42.442881, 3] >>> ../source3/smbd/service.c:856(make_connection_snum) >>> dc01 (ipv6:::1:43602) connect to service IPC$ initially as user NT >>> AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000013)

Hi, Does anyone have experience of using ldbedit or similar, to remove the duplicates below? (Is that even the right way for me to go?) Can I perhaps query something using ldbsearch, to find the duplicates, before using ldbedit? On Sun, 18 Nov 2018 at 21:37, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > [...] > In my database, as reported by the domain join command above, I have