search for: msad

On 11/20/2015 10:17 AM, mathias dufresne wrote: > > > 2015-11-20 15:11 GMT+01:00 James <lingpanda101 at gmail.com > <mailto:lingpanda101 at gmail.com>>: > > On 11/20/2015 7:40 AM, Ole Traupe wrote: > > > > Am 20.11.2015 um 11:54 schrieb mathias dufresne: > > Hi Ole, > > I'm still not answering your issue

...e following samba bug report: https://bugzilla.samba.org/show_bug.cgi?id=9048 Judging from the bugreport above, I should ask keycloak devs to follow the errorcode number (49) only, and act based on that. As the errorcode itself is identical, it should make things compatible with both samba4 and MSAD. You agree with that analysis? Then I'll ask for it on the keycloak mailinglist. MJ

...: error code 49 - Simple > Bind Failed: NT_STATUS_PASSWORD_MUST_CHANGE] So, finally for the samba-related question: does anyone know if "password required to change" behaviour has perhaps changed between functional levels? Could this be the reason of the different behaviour between MSAD and samba-4.4.4? > root at dc4:~/samba4# samba-tool domain level show > ldb_wrap open of secrets.ldb > Domain and forest function level for domain 'DC=samba,DC=company,DC=com' > > Forest function level: (Windows) 2003 > Domain function level: (Windows) 2003 > Lowest fu...

...> Bind Failed: NT_STATUS_PASSWORD_MUST_CHANGE] > > So, finally for the samba-related question: does anyone know if > "password required to change" behaviour has perhaps changed between > functional levels? Could this be the reason of the different > behaviour between MSAD and samba-4.4.4? > > > root at dc4:~/samba4# samba-tool domain level show > > ldb_wrap open of secrets.ldb > > Domain and forest function level for domain > > 'DC=samba,DC=company,DC=com' > > > > Forest function level: (Windows) 2003 > > Domain...

...Bind Failed: NT_STATUS_PASSWORD_MUST_CHANGE] > > So, finally for the samba-related question: does anyone know if  > "password required to change" behaviour has perhaps changed between  > functional levels? Could this be the reason of the different > behaviour  > between MSAD and samba-4.4.4? No. Just a bug, present in all levels. We just don't allow a log in at all for a user with an expired password. > > root at dc4:~/samba4# samba-tool domain level show > > ldb_wrap open of secrets.ldb > > Domain and forest function level for domain > &g...

Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the 'ccsd-staff' group via getent and wbinfo -g, but...

I'm trying to use winbindd to enumerate and link AD users to their pre- existing UNIX accounts. Right now, winbindd creates new "users" for UNIX based on windows username and groups. What I can't figure out is how to explicitly map the AD users to their pre- existing UNIX accounts. I'd like the users to be able to access their UNIX accounts with their UNIX authentication

...S-isRODC] in of schema I don't know how I messed up the schema partition, and since I don't have any side effect but the ADUC failure message when clicking on the dc entry (everything else works fine), I think that error is lying there for quite some time. The domain was upgraded from a MSAD 2003 domain three or four years ago. So my question is : since my DC is already on 2008R2 domain/forest level, is there anyway I can force the schema upgrade to 2008R2 independently of the samba-tool domain raise command line? Cheers, Denis -- Denis Cardon Tranquil IT Systems Les Espaces...

Hi Since 2006, I used in my departement a Samba solutions based on NT4 style PDC, 2 BDCs and some files servers, desserving one hunderd persons. The backends for passwords and idd are a master and two slave openldap. Now i have to integrate a much larger organisation, an University Hospital, running with Windows AD. For political reasons, I should not maintain DCs anymore, but I will still

...nfo -n detertj S-1-5-21-2143970516-726479814-926709054-4514 User (1) # wbinfo -u | grep -i detertj detertj # wbinfo -s S-1-5-21-2143970516-726479814-926709054-4514 MSOE+detertj 1 # Since i successfully use nss_ldap on other boxen, relying on sfu from MsAD, I'm inclined to believe that the problem isn't with sfu on the MsAD DCs. Btw, this is with samba and winbind v3.0.21a. Here's the pertinent smb.conf verbage when I'm NOT using 'nss info = sfu': winbind enum groups = yes winbind enum users = yes winbind separator...

I have winbind v3.0.26a running on ubuntu server v7.10 (gutsy). I intend to get user & group info from MsActiveDirectory. However, when I type: getent passwd somerandomuser I get the uid and gid for the user, as recorded in the msad schema by virtue of sfu, but the homedir and loginshell that are returned are like what "winbind nss info = template" would return by default: /home/MYDOMAIN/somerandomuser /bin/false Even though the msad attributes msSFU30HomeDirectory and msSFU30LoginShell are set, and differ from t...

...e: ------ beging shell except ------ # ls -ld ./ drwxrws--- 10 root $MND000-TT227MV5K24I 4096 2006-05-10 15:41 ./ # ------ end shell except ------ It must have been known, as I was the one who chgrp'ed the dir originally. I know what the group name is supposed to be. When I look it up in MsAD UsersNGroups, I see it has unix attribute gid = 29922. "wbinfo -G 29922" produces the sid. "wbinfo -s <thesid>" produces: the group's RID shown above, with domain name prefixed, and " 2" suffixed. "wbinfo -n <posixgroupname>&quot...

...ever heard of service principals and says it should work out of the box. I asked them to provide me with a setspn -l listing of the principal of a working configuration, and indeed there is no SPN associated with the DCOM objects. So I guess the authentication probably goes through NTMLv2 in a MSAD environement but seems to require kerberos auth in a Samba4 setup. Is anyone gone through this kind of issue yet? Thanks, Denis -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, b?timent A 12 avenue Jules Verne 44230 Saint S?bastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www...

Hi Andrew, I understand that Samba doesn't support domain renaming, which is why I'm looking for a way to export the data from one domain and import it into a new one. Passwords and machine accounts are not a problem and can be ignored for this exercise. The key things I need to copy across are user accounts and groups, as they would be an absolute pain in the rear end to redo from

...er: 'system error 1240' and then the same verbage about not being authorized. Any ideas what is wrong and/or what to try? Thanks Here are some facts that might help shed light: - wbinfo -u and -g show me the list of users and groups I expect to know of from the MsAD domain MYDOMAIN. - I can ssh into the samba box as a winbound user successfully (i.e. winbind mapped the username's sid to a unix uid and gid; there is no mention of the username in /etc/passwd or /etc/group). - here's the global section of my smb.conf: [global] unix charset...

...39;template homedir' limitation (all users have homedir defined by recognized macros) might be a problem for me: I don't want all the homedirs to have the same parent dir, for performance reasons. The typical example given is 'template homedir = /home/%D/%U'. Since I only have one MsAD domain, this is really equivalent for me to 'template homedir = /home/%U'. Can anyone suggest a use of macros to spread the homedirs out thru multiple hierarchies? Does the %g macro (primary group) have meaning without NIS or mssfu? thanks -- Happy Landings, Jon Detert IT Systems Admin...

...copy across are > user accounts and groups, as they would be an absolute pain in the rear > end to redo from scratch. Samba may miss a few pieces, but its FOSS nature and the python scripting libraries make it a wonderful tools for all AD automation. I'd say that it more versatil than MSAD once you accept to look into the guts of the beast. For our daily work, we have a bunch of in-house scripts for domain management, among others domain rename. For rename, one way of going is to create a new domain with the same domain SID, then recreate all the user/group/machines entries, pip...

...Message: 17 Date: Wed, 11 May 2005 15:33:10 -0400 From: "Kanuri, Seshu (Company IT)" <Seshu.Kanuri@morganstanley.com> Subject: [Asterisk-Users] AreskiCC - Install Problems To: <asterisk-users@lists.digium.com> Message-ID: <EB21B22D20ABCC46816889516502A50402469A4E@NYWEXMB36.msad.ms.com> Content-Type: text/plain; charset="us-ascii" Nabeel, I am trying to install AreskiCC and I get the following errors. Warning: pg_pconnect(): Unable to connect to PostgreSQL server: could not connect to server: Connection refused Is the server running on host localhost and...

...> > I don't know how I messed up the schema partition, and since I don't > have any side effect but the ADUC failure message when clicking on > the dc entry (everything else works fine), I think that error is > lying there for quite some time. The domain was upgraded from a MSAD > 2003 domain three or four years ago. > > So my question is : since my DC is already on 2008R2 domain/forest > level, is there anyway I can force the schema upgrade to 2008R2 > independently of the samba-tool domain raise command line? > > Cheers, > > Denis > &g...

...rwise the following error will occur when transferring roles. Failed to add role 'domaindns': LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <000020AE: SvcErr: DSID-03152DA8, issue 5003 (WILL_NOT_PERFORM), data 0 since the ability to make corrections to the owner of the video is prohibited by MSAD, please fix this in the next version of Samba