search for: mydom

...me tests, (on my operational domain and on a new testdomain) i detected this behavior: on samba 4.11.6 sometimes the new DNS-records finisches on a wrong dns zone. the problem occurs, if more then 5 records are created with the same name in more then one domain zone for example: testa1.jupiter.mydom.org testa2.jupiter.mydom.org testa3.jupiter.mydom.org testa4.jupiter.mydom.org testa5.jupiter.mydom.org testa6.jupiter.mydom.org testa7.jupiter.mydom.org ... testa1.saturn.mydom.org testa2.saturn.mydom.org testa3.saturn.mydom.org te sta4.saturn.mydom.org testa5.saturn.mydom.org testa6.saturn.mydom....

...i > detected this behavior: > > > > on samba 4.11.6 sometimes the new DNS-records finisches on a wrong dns > zone. > > the problem occurs, if more then 5 records are created with the same > name in more then one domain zone > > for example: > testa1.jupiter.mydom.org > testa2.jupiter.mydom.org > testa3.jupiter.mydom.org > testa4.jupiter.mydom.org > testa5.jupiter.mydom.org > testa6.jupiter.mydom.org > testa7.jupiter.mydom.org > ... > testa1.saturn.mydom.org > testa2.saturn.mydom.org > testa3.saturn.mydom.org > te > sta4.s...

Hi again, I just started to debug things on the samba4 side: When trying to mount the Windows NFS share, I get the following error on the samba4 dc (just grepping for nfs in the logs): auth_check_password_send: Checking password for unmapped user [S5DOM.TEST]\[nfs/nfsclient.mydom.test]@[] map_user_info_cracknames: Mapping user [MYDOM.TEST]\[nfs/nfsclient.mydom.test] from workstation [] auth_check_password_send: mapped user is: [MYDOM]\[nfs/nfsclient.mydom.test]@[] expr: (&(sAMAccountName=nfs/nfsclient.mydom.test)(objectclass=user)) sam_search_user: Couldn't...

...metimes the new DNS-records finisches on > a wrong dns > >> zone. > >> > >> the problem occurs, if more then 5 records are created > with the same > >> name in more then one domain zone > >> > >> for example: > >> testa1.jupiter.mydom.org > >> testa2.jupiter.mydom.org > >> testa3.jupiter.mydom.org > >> testa4.jupiter.mydom.org > >> testa5.jupiter.mydom.org > >> testa6.jupiter.mydom.org > >> testa7.jupiter.mydom.org > >> ... > >> testa1.saturn.mydom.org >...

...8 14:55:24 +0200 > Henry Jensen via samba <samba at lists.samba.org> wrote: > > > On Tue, 7 Aug 2018 12:51:33 +0100 > > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > > > > > > Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: > > > > > > acl: spn validation failed for spn[TERMSRV/DB1.MYDOM] > > > > > > uac[0x1000] account[db1$] hostname[(null)] nbname[mydom] > > > > > > ntds[(null)] forest[mydom.lan] domain[mydom.lan] > > > > > > > >...

On Tue, 7 Aug 2018 12:51:33 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > > > > Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: > > > > spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] > > > > account[db1$] hostname[(null)] nbname[mydom] ntds[(null)] > > > > forest[mydom.lan] domain[mydom.lan] > > > > > > > > At first I thought it was abou...

Hello, No it's a AD classicupgraded from a Samba 3 PDC Here's a user example from my DC uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users) groupes=513(MYDOM\domain us ers),1151(MYDOM\evaluation),1214(MYDOM\procedures),12021(MYDOM\s13cadre),12041 (MYDOM\s13-grh),1264(MYDOM\zsbw),1001(MYDOM\s13),3000005(BUILTIN\users) my first user start at uid 1001 (1000 was the administrator account on the S3...

...i.samba.org/index.php/Setup_a_Samba_AD_Member_Server#Set_up_a_basic_smb.conf". I also am using NIS extensions on my AD according the wiki tutorials. Through ADUC tool I modified the security group "Domain Users": I did choose tab [UNIX Attribute] and there I assigned the NIS domain = MYDOM and the GID=10000 to that group. Issue: ====== My membersrv1 (172.19.100.3) fails to resolve mappings! See output below... ----OUTPUT ON DC1----------------------------------------------------------------------------------------------------- root at DC1:~$ getent passwd root:x:0:0:root:/root:/bi...

Hi Rowland, On Tue, 7 Aug 2018 09:46:24 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > > Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: > > spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] > > account[db1$] hostname[(null)] nbname[mydom] ntds[(null)] > > forest[mydom.lan] domain[mydom.lan] > > > > At first I thought it was about missing SPN entries, but adding these > >...

Hello, I've got some log entries like these on our DCs: Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] account[db1$] hostname[(null)] nbname[mydom] ntds[(null)] forest[mydom.lan] domain[mydom.lan] At first I thought it was about missing SPN entries, but adding these did not resolve the problem: # samba-tool spn list db1$ db1...

...dows NFS Server (2012R2) - Update Hi again, I just hacked the code to also query userPrincipalName in authsam_search_account() (hardcoded my realm for now). Now the NFS client object is found, however password authentication fails: auth_check_password_send: Checking password for unmapped user [MYDOM.TEST]\[nfs/nfsclient.mydom.test]@[] map_user_info_cracknames: Mapping user [MYDOM.TEST]\[nfs/nfsclient.mydom.test] from workstation [] auth_check_password_send: mapped user is: [MYDOM]\[nfs/nfsclient.mydom.test]@[] expr: (&(|(sAMAccountName=nfs/nfsclient.mydom.test)(userPrincipalName=nfs...

Dear Rowland, our windows admin assured me that they have set uidNumber and gidNumber in the range. I have requested screenshots for confirmation. Now we are one step further: "getent passwd | grep mdecker" now lists the AD account. mdecker:*:13667:7142:Decker, Martin:/home/MYDOM/mdecker:/bin/false With "getent passwd mdecker" however, it shows "NT_STATUS_NO_SUCH_USER". getent passwd mdecker winbindd_getpwnam: My domain -- rejecting getpwnam() for MYDOM\mdecker. Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER Also not working: getnet passwd mdec...

...> > > > > On Tue, 7 Aug 2018 12:51:33 +0100 > > > > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > > > > > > > > > > Failed to modify SPNs on > > > > > > > > CN=db1,CN=Computers,DC=mydom,DC=lan: acl: spn validation > > > > > > > > failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] > > > > > > > > account[db1$] hostname[(null)] nbname[mydom] ntds[(null)] > > > > > > > > forest[mydom.lan] domain[mydom.lan] > > &...

...srv2-alias\share but when i try to connect to \\srv1-alias\share I get the following in log.smbd: [2016/12/14 14:26:26.302876, 1] ../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/srv1-alias.mydom.local at MYDOM.LOCAL(kvno 2) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] [2016/12/14 14:26:26.302905, 1] ../auth/gensec/spnego.c:545(gensec_spnego_parse_negTokenInit) SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE [2016/12/14 14:26:26.302925, 2] ../auth/gensec...

...stalled on a Windows Server 2019. Now I want to add a Samba DC to this AD. The Samba DC is in the same subnet. Samba Server: Ubuntu 18.04 Samba 4.10.6 ? The Windows AD has the following settings: PS C: \ Users \ Administrator> Get-ADForest ApplicationPartitions: {DC = DomainDnsZones, DC = mydom, DC = local, DC = ForestDnsZones, DC = mydom, DC = local} CrossForestReferences: {} DomainNamingMaster: WAD.mydom.local Domains: {mydom.local} ForestMode: Windows2008R2Forest GlobalCatalogs: {WAD.mydom.local} Name: mydom.local PartitionContainer: CN = Partitions, CN = Configuration, DC = myd...

Hi list, I am experimenting with two member servers (both samba4). I am using following configuration: membersrv:/etc/samba/smb.conf: ========================== [...] username map = /etc/samba/smbmap [...] membersrv:/etc/samba/smbmap: ========================= !root = MYDOM\johndoe MYDOM\foo MYDOM\bar MYDOM\Administrator Administrator So the domain users from my AD called "John Doe", "Foo" and "Bar" as well as the default samba4 AD "Administrator" account all are mapped to the local "root" account on that particular m...

Thanks Rowland and Louis, after changing from ad to rid, i get all users listed with "getent passwd", not just the ones with uidNumber - which is good. But "getent passwd MYDOM\\mdecker" still does not resolve. In addition, no groups are listed with "getent group". Looking at winbindd debug, it seems that after trying getgrsid on the very first group "Exchange All Hosted Organizations", it stops to retrieve other groups. out: struct wbint...

Thank you for your feedback. I have changed the parameters, but still no success. winbind use default domain = yes idmap config * : range = 1000000-1999999 idmap config MYDOM : range = 100-999999 Regards, Martin 2017-08-18 15:00 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > > See inline comments: > > On Fri, 18 Aug 2017 14:40:54 +0200 > Martin Decker via samba <samba at lists.samba.org> wrote: > > > Dear List...

...in my opinion the problem I will describe in the following has nothing to do with the sync process. The sync occurs every 5min. On a win7 client I open the Group Policy Management Console (run/execute the command "gpmc.msc"). When i right-click on the left pane onto my domain name "mydom.example.com" I can choose "Change Domain Controller...". Inside the window which is opened, on the bottom I see my two domain controllers which I can choose I'd like to connect to. Whatever I can configure while connected on DC1, the changes are propagated to DC2 after max. 5minu...

...he above formulas and they simplify to: > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ID = RID + LOW_RANGE_ID > RID = ID - LOW_RANGE_ID > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > More concretely, assume that you have a domain MYDOM > and a config > > idmap config MYDOM : backend = rid > idmap config MYDOM : range = 100000-200000 > > Now calculate a few examples: > > - The administrator of MYDOM has rid=500 (the admin > of each domain has). So it's unix ID would be > > 500 + 100...