search for: rpidc1

...haracter" issue. I have it on good authority from the "father" of > Slackware himself that I should be able to upgrade this package w/o too much > difficulty. > > --Mark > If I find the GUID for a DC, then use it in searches, I get results like these: adminuser at rpidc1:~ $ host -t CNAME fb453823-737c-4a8b-93e1-dc197e236d50 fb453823-737c-4a8b-93e1-dc197e236d50 has no CNAME record Doing an 'A' record search using the GUIDs FQDN, gets me this: adminuser at rpidc1:~ $ host -t A fb453823-737c-4a8b-93e1-dc197e236d50._msdcs.samdom.example.com. fb453823-737c-4...

...A 0d2a3ba9-4ade-45de-85c7-321ba69caee0._msdcs.hprs.local > > > host: idnkit idn_encodename to idn failed: prohibited character found > > > > That is strange, if I obtain the GUID's on my DCs and run a similar > > command, I get this: > > > > adminuser at rpidc1:~ $ host -t A > > fb453823-737c-4a8b-93e1-dc197e236d50._msdcs.samdom.example.com > > fb453823-737c-4a8b-93e1-dc197e236d50._msdcs.samdom.example.com is an > > alias for rpidc1.samdom.example.com. > > rpidc1.samdom.example.com has address 192.168.1.2 > > > > Rowl...

...y from the "father" of > > Slackware himself that I should be able to upgrade this package w/o too much > > difficulty. > > > > --Mark > > > > If I find the GUID for a DC, then use it in searches, I get results like > these: > > adminuser at rpidc1:~ $ host -t CNAME fb453823-737c-4a8b-93e1-dc197e236d50 > fb453823-737c-4a8b-93e1-dc197e236d50 has no CNAME record > > Doing an 'A' record search using the GUIDs FQDN, gets me this: > > adminuser at rpidc1:~ $ host -t A > fb453823-737c-4a8b-93e1-dc197e236d50._msdcs.samdom....

...t_Pwnam_internals cause this problem. > > HY Wu. You only need local Unix users (the ones that are in /etc/passwd) on a Samba AD DC for local administration and as I said earlier, any local Unix users are unknown to AD. If I run getent on one of my DCs, I get thing like this: adminuser at rpidc1:~ $ getent passwd rowland SAMDOM\rowland:*:3000020:100:Rowland Penny:/home/SAMDOM/rowland:/bin/bash To all intents and purposes, 'rowland' is a local Unix user and can log into the DC, but 'rowland' isn't in /etc/passwd: adminuser at rpidc1:~ $ cat /etc/passwd | grep 'rowl...

...; > > HY Wu. > > You only need local Unix users (the ones that are in /etc/passwd) on a > Samba AD DC for local administration and as I said earlier, any local > Unix users are unknown to AD. > > If I run getent on one of my DCs, I get thing like this: > > adminuser at rpidc1:~ $ getent passwd rowland > SAMDOM\rowland:*:3000020:100:Rowland Penny:/home/SAMDOM/rowland:/bin/bash > > To all intents and purposes, 'rowland' is a local Unix user and can log > into the DC, but 'rowland' isn't in /etc/passwd: > > adminuser at rpidc1:~ $ cat...

Rowland Penny via samba <samba at lists.samba.org> ? 2024?1?25? ?? ??6:42??? > On Thu, 25 Jan 2024 18:27:48 +0800 > hhyy ww via samba <samba at lists.samba.org> wrote: > > > Hi list, > > > > My case : > > Local UNIX user : ZTEST > > domain : uuq.ork > > domain user : UUQ\ztest > > smb.conf for standalone samba : /home/hywu/smb.conf

Hi, I demoted an outdated and offline DC following to: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC Everthing appears to work well but there is still one, perhaps minor, question regarding to the dns SOA-record: The zone _msdcs.samdom.example.com still lists the demoted server in the SOA record. Is it ok to manually change it to fsmo holder dc or an other dc? Thanks in advance

...ant to be member of local-groups like: libvirt, kvm, > docker, vboxusers > > You can do this with: usermod -a -G <group> <domain-user>, this > mechanism works much better than pam_group (which does not work for > this purpose). It worked for myself: SAMDOM\rowland at rpidc1:~ $ groups domain users dialout cdrom floppy audio video plugdev scanner BUILTIN\administrators BUILTIN\users domain admins denied rodc password replication group rowland testgroup It just didn't help with the problem > > I do this when a domain-user logs in and the reverse when (s)he l...

...rt, > > kvm, docker, vboxusers > > > > You can do this with: usermod -a -G <group> <domain-user>, this > > mechanism works much better than pam_group (which does not work for > > this purpose). > > It worked for myself: > > SAMDOM\rowland at rpidc1:~ $ groups > domain users dialout cdrom floppy audio video plugdev scanner > BUILTIN\administrators BUILTIN\users domain admins denied rodc > password replication group rowland testgroup > > It just didn't help with the problem > > > > I do this when a domain-user l...

...on for [gaio] succeeded (requesting cctype: FILE) > user_flgs: NETLOGON_CACHED_ACCOUNT > > BUT a simple: > > getent passwd gaio I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works for myself. If I disconnect the network and try to ping a DC, I get: ping: rpidc1: Temporary failure in name resolution So the DC cannot be found But, if I run 'getent passwd rowland' I instantly get this: rowland:*:11104:10513:Rowland Penny:/home/rowland:/bin/bash I can log out from 'rowland' and then log in again, though I do appear to get a message from l...

...use. Here is the proof of concept: Log into the DC that you wish to transfer an FSMO role to and show the FSMO owners at present (this list is shortened to just one, the one I will transfer): adminuser at rpidc2:~ $ sudo samba-tool fsmo show DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com Kinit as Administrator (note I am using sudo, but it would be the same if done by root) adminuser at rpidc2:~ $ sudo kinit Administrator Password for Administrator at SAMDOM.EXAMPLE.COM: The Administrato...

...nd like that FSMO role, there can only be one, the DC that holds the role, you should delete the two incorrect ones. I have two DC's and this is the output from my domain: host -t SRV _ldap._tcp.pdc._msdcs.samdom.example.com _ldap._tcp.pdc._msdcs.samdom.example.com has SRV record 0 100 389 rpidc1.samdom.example.com. Rowland

Ah I understand the 512 + 2 thing. But the userAccountControl is still 512 after I run `samba-tool user disable` Rowland Penny via samba <samba at lists.samba.org> ?2023?8?24??? 21:38??? > > On Thu, 24 Aug 2023 21:12:38 +0800 > Reese Wang via samba <samba at lists.samba.org> wrote: > > > I used `samba-tool user disable testuser` to disable a user and > >

...s this and on what OS ? Where are you running the command ? On Debian bullseye with Samba from backports (4.17.10), if I check a user, I get this: dn: CN=usertest3,CN=Users,DC=samdom,DC=example,DC=com .............. userAccountControl: 512 If I then, on a DC, disable the user with: adminuser at rpidc1:~ $ sudo samba-tool user disable usertest3 I get no output and when I check again, I find this: dn: CN=usertest3,CN=Users,DC=samdom,DC=example,DC=com .......... userAccountControl: 514 The user is now disabled. Rowland

Hi Quick question about something I find surprising: In tdb mode : net cache list -s /etc/samba/smb.conf |grep '\-513' Key: IDMAP/GID2SID/100?? ? Timeout: Tue Apr? 9 14:34:48 2024 Value: S-1-5-21-1040823229-2152490729-3717368692-513 id of group "domain users" is?100 But id 100 use by "users" system group: getent group|grep users users:x:100: Is this something

Hi, here are the versions: dc01: Raspberry Pi 3 Model B Rev 1.2 root at dc01:~# cat /etc/debian_version 11.8 root at dc01:~# samba -V Version 4.17.12-Debian root at dc01:~# uname -a Linux dc01 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux Dc02: Raspberry Pi 3 Model B Rev 1.2 root at dc02:~# cat /etc/debian_version 11.8 root at dc02:~# samba -V Version

Mandi! Rowland Penny via samba In chel di` si favelave... > I would undo that, it appears to be wrong. OK, i've undo also i. > I have tested this on a Ubuntu 22.04 computer and it works, so I have > updated the wiki page: > https://wiki.samba.org/index.php/PAM_Offline_Authentication Apparently works as expected: root at dane:~# wbinfo -K gaio Enter gaio's password:

On 5/1/24 17:51, Peter Carlson via samba wrote: > > On 5/1/24 17:32, Peter Carlson via samba wrote: >> >>>>>> In an ideal world, the Samba dns server (be it the internal or >>>>>> Bind9) should just be responsible for the AD domain and forward >>>>>> anything unknown to another dns server (which is how dns servers

...> > Log into the DC that you wish to transfer an FSMO role to and show the > FSMO owners at present (this list is shortened to just one, the one I > will transfer): > > adminuser at rpidc2:~ $ sudo samba-tool fsmo show > DomainDnsZonesMasterRole owner: CN=NTDS > Settings,CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com > > Kinit as Administrator (note I am using sudo, but it would be the same > if done by root) > > adminuser at rpidc2:~ $ sudo kinit Administrator > Password for Administrator at SAMDOM.EXA...

Thank you so far. But unfortunately I could not fix the problems. So I decided to start over again at a situation where all the fsmo roles resides on the old controller. Here is a transcript of what I did and the errors reported: The inititial position srv-kb-dc1:~ # samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=SRV-KB-PRIMDC,CN=Servers,CN=Default-Fi...