search for: sam3dc

Hi Andrew, I've setup a new Samba 4 box (sam4dc) on Ubuntu 14.04 with Samba 4.3.11. I have the following Just to clarify, sam3DC is the current DC with samba 3.6.3 smb.conf [global] workgroup = STEST netbios name = Sam4DC password server = Sam3DC (This is the current DC) security = user resolv.conf nameserver = 192.168.10.1 (IP of Sam3DC) I can ping the sam3dc from the sam4dc box using fqdn. When I try to...

Hi Harry, Here are the outputs. I've attached them as logs with this email too. root at sam3dc:/tmp/ldifs-gr# ldapmodify -Y external -H ldapi:/// -f olcdbindex.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={1}hdb,cn=config" root at sam3dc:/tmp/ldifs-gr# service slapd stop...

...ba Classic's existing DC (only one in the first stage). To do so we did the following - Installed slapd, ldap-tools, smblad-tools - dpkg-reconfigure slapd - ldapwhoami -H ldap:// -x, gave us anonymous - Stopped the samba service - Added the following to smb.conf passdb backend = ldapsam:ldap://sam3dc.mydomain/ idmap backend = ldap://sam3dc.mydomain/ ldap admin dn = cn=root,dc=mydomain ldap delete dn = no ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Hosts ldap passwd sync = yes ldap suffix = dc=mydomain ldap user suffix = ou=Users ldapsam:tr...

...History: 00000000000000000000000000000000000000000000000000000000 00000000 sambaAcctFlags: [U ] sambaPwdLastSet: 1520247253 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Tried to add the machine to the domain using the "sadmin" Mar 6 00:22:28 sam3dc slapd[5581]: <= bdb_equality_candidates: (uid) not indexed Mar 6 00:22:28 sam3dc slapd[5581]: <= bdb_equality_candidates: (gidNumber) not indexed Mar 6 00:22:28 sam3dc slapd[5581]: <= bdb_equality_candidates: (gidNumber) not indexed Mar 6 00:22:28 Dozer5 slapd[5581]: <= bdb_equality_...

Hi Andrew, I was able to domain join the server to the domain, had to add in client ipc signing = auto security = domain Then it comes up with Joined "sam4Dc" to the domain. What does that step actually do? Coming back to your comments. At a point in time both servers will be DCs. The plan is that after that point Samba3 box will cease to become a DC and act as a file server only. So

On Wed, 2018-02-21 at 15:06 +1000, Rob Thoman wrote: > Hi Andrew, > > I've setup a new Samba 4 box (sam4dc) on Ubuntu 14.04 with Samba 4.3.11. I have the following > > Just to clarify, sam3DC is the current DC with samba 3.6.3 > > smb.conf > > [global] > workgroup = STEST > netbios name = Sam4DC > password server = Sam3DC (This is the current DC) > security = user > > resolv.conf > nameserver = 192.168.10.1 (IP of Sam3DC) > > I c...

...some things a bit, also in addition about the smb.conf in classic mode dns forwarder is predecated, so i suggest avoiding the option. this part, you set ssl off but also set the ports to the ssl ports. ldap ssl = off ldap passwd sync = yes /etc/ldap/ldap.conf BASE dc=mydomain URI ldap://sam3dc.mydomain ldap://sam3dc.mydomain:666 use URI ldaps://sam3dc.mydomain or ldaps://sam3dc.mydomain:666 and ldap ssl = on. long a go i write a classic on a debian sarge, there might be still some parts useable to help you in your setup, if a classic setup is a must. google, big samba howto debian on...

Hi Gruss, Had to ditch the VM and start again. Here is the info: tdbdump secrets.tdb |egrep -v '^data|^}|^{' key(21) = "SECRETS/SID/mydomain" key(18) = "SECRETS/SID/sam3dc" key(42) = "SECRETS/LDAP_BIND_PW/cn=admin,dc=mydomain" key(25) = "SECRETS/DOMGUID/mydomain" key(42) = "SECRETS/MACHINE_SEC_CHANNEL_TYPE/mydomain" key(42) = "SECRETS/MACHINE_LAST_CHANGE_TIME/mydomain" key(34) = "SECRETS/MACHINE_PASSWORD/mydomain&quot...

On Wed, 28 Feb 2018 20:41:43 +1000 Rob Thoman via samba <samba at lists.samba.org> wrote: > > root at sam3dc # smbldap-populate > Use of qw(...) as parentheses is deprecated at /usr/share/perl5/ > smbldap_tools.pm line 1423, <DATA> line 522. > Unable to open /etc/smbldap-tools/smbldap.conf for reading ! > Compilation failed in require at /usr/sbin/smbldap-populate line 30. > BEGIN fai...

...04 PM, Andrew Bartlett <abartlet at samba.org> wrote: > On Wed, 2018-02-21 at 15:06 +1000, Rob Thoman wrote: > > Hi Andrew, > > > > I've setup a new Samba 4 box (sam4dc) on Ubuntu 14.04 with Samba 4.3.11. > I have the following > > > > Just to clarify, sam3DC is the current DC with samba 3.6.3 > > > > smb.conf > > > > [global] > > workgroup = STEST > > netbios name = Sam4DC > > password server = Sam3DC (This is the current DC) > > security = user > > > > resolv.conf > > nam...

Hi Harry, sadmin and tadmin are both admin logins. I was trying to domain join with both. sadmin is in ldap The olcdbindex.ldif gave this error SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={1}hdb,cn=config" ldap_modify: Other (e.g., implementation specific) error (80) additional

...one. Then add the second server 4.x and the promote it to BDC and then demote this one. Just a side info, we didn't want to go tdbsam in both as I read it breaks the domain trust. The domain names are real ones. I ran the commands you suggested, nothing in reply. I tried ldapi:// and ldap://sam3dc.mydomain . Let me run through what I did , /etc/ldap/ldap.conf: BASE dc=mydomain URI ldap://sam3dc.mydomain TLS_CACERT /etc/ldap/ca_certs.pem Imported the samba.ldif from the 3.6.25 binaries. Imported the indices dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcDbIndex olcDbIn...

On Tue, 2018-02-20 at 18:11 +1000, Rob Thoman via samba wrote: > Hi Guys, > Have not had any feedback on this. I found the following article but not > sure if it is valid > > Here is what we are planning, high level > Phase1: > > - Add a new Samba 4 server (VM in a new hardware). Join it to the existing > domain > - Promote this server as DC in the Samba 3

...m: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistent SIDs obey pam restrictions = no dns forwarder = 8.8.8.8 passdb backend = ldapsam:ldap://sam3dc.mydomain/ ldap admin dn = cn=admin,dc=mydomain ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=mydomain ldap user suffix = ou=Users ldap ssl = off ldap passwd sync = yes /etc/ldap/ldap.conf BASE...

...and the promote it to BDC and then demote this one. Just a side > info, we didn't want to go tdbsam in both as I read it breaks the > domain trust. > > The domain names are real ones. > > I ran the commands you suggested, nothing in reply. I tried ldapi:// > and ldap://sam3dc.mydomain . > > Let me run through what I did , > /etc/ldap/ldap.conf: > BASE dc=mydomain > URI ldap://sam3dc.mydomain > TLS_CACERT /etc/ldap/ca_certs.pem > > Imported the samba.ldif from the 3.6.25 binaries. > > Imported the indices > > dn: olcDatabase...

...and the promote it to BDC and then demote this one. Just a side > info, we didn't want to go tdbsam in both as I read it breaks the > domain trust. > > The domain names are real ones. > > I ran the commands you suggested, nothing in reply. I tried ldapi:// > and ldap://sam3dc.mydomain . you are using ubuntu, which use debian slapd packages, so ldapi must work. The advantage of ldapi: You can access your ldap server as unix root user vi sasl external authentication. So this two switches must be used: -Y EXTERNAL -H ldapi:/// 3 examples returning only the dn: very l...

...LL -b dc=afrika,dc=xx -s sub -D > > > cn=admin,dc=afrika,dc=xx -w 'sambadomainname=*' > > > dn: sambaDomainName=SCHULE,dc=afrika,dc=xx > > > > > > I get dn: sambaDomainName=MYDOMAIN, dc=mydomain which is different , > > > should it be MYDOMAIN dc=sam3dc? > > I hope you have got the first line, the second will never work: > > dn: sambaDomainName=MYDOMAIN,dc=mydomain > > dn: sambaDomainName=MYDOMAIN, dc=mydomain > > > > The difference is just one space. Remember ldap is white space sensitive!!! > > > > You m...

...the result of this command: # > ldapsearch -xLLL -b dc=afrika,dc=xx -s sub -D > cn=admin,dc=afrika,dc=xx -w 'sambadomainname=*' > dn: sambaDomainName=SCHULE,dc=afrika,dc=xx > > I get dn: sambaDomainName=MYDOMAIN, dc=mydomain which is different , > should it be MYDOMAIN dc=sam3dc? I hope you have got the first line, the second will never work: dn: sambaDomainName=MYDOMAIN,dc=mydomain dn: sambaDomainName=MYDOMAIN, dc=mydomain The difference is just one space. Remember ldap is white space sensitive!!! You may get trouble with some dns resolver libs, because you use only one...

Yes please On Wed, Feb 28, 2018 at 9:34 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Wed, 28 Feb 2018 20:41:43 +1000 > Rob Thoman via samba <samba at lists.samba.org> wrote: > > > > > root at sam3dc # smbldap-populate > > Use of qw(...) as parentheses is deprecated at /usr/share/perl5/ > > smbldap_tools.pm line 1423, <DATA> line 522. > > Unable to open /etc/smbldap-tools/smbldap.conf for reading ! > > Compilation failed in require at /usr/sbin/smbldap-populate lin...