search for: svmetal

...php/Testing_Dynamic_DNS_Updates https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#TroubleshootingAnd tried everything possible. Writing mail to lists is the last instance for me...On every of our DCs: samba_dnsupdate --verbose IPs: ['192.168.45.1'] Looking for DNS entry A dc03x.samdom.svmetal.cz 192.168.45.1 as dc03x.samdom.svmetal.cz. Looking for DNS entry NS samdom.svmetal.cz dc03x.samdom.svmetal.cz as samdom.svmetal.cz. Looking for DNS entry NS _msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz as _msdcs.samdom.svmetal.cz. Looking for DNS entry A samdom.svmetal.cz 192.168.45.1 as samdo...

...dates > https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Troubl eshootingAnd tried everything possible. Writing mail to lists is > the last instance for me...On every of our DCs: > samba_dnsupdate --verbose > IPs: ['192.168.45.1'] > Looking for DNS entry A dc03x.samdom.svmetal.cz 192.168.45.1 > as dc03x.samdom.svmetal.cz. > Looking for DNS entry NS samdom.svmetal.cz > dc03x.samdom.svmetal.cz as samdom.svmetal.cz. > Looking for DNS entry NS _msdcs.samdom.svmetal.cz > dc03x.samdom.svmetal.cz as _msdcs.samdom.svmetal.cz. > Looking for DNS entry A samdom...

...I just switched to internal DNS. It's been a long time, I'm gradually recalling how it was. > OK, try this: > > samba_dnsupdate --verbose --all-names --use-samba-tool samba_dnsupdate --verbose --all-names --use-samba-tool IPs: ['192.168.45.1'] force update: A dc03x.samdom.svmetal.cz 192.168.45.1 force update: NS samdom.svmetal.cz dc03x.samdom.svmetal.cz force update: NS _msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz force update: A samdom.svmetal.cz 192.168.45.1 force update: SRV _ldap._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389 force update: SRV _ldap._tcp.dc._msd...

Yes. In the first name, I wrote DOMAIN, but our real workgroup is SVMETAL, as you cas see in smb.conf. [global] netbios name = fs0001 workgroup = SVMETAL security = ADS realm = SAMDOM.SVMETAL.CZ dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab acl allow execute always = True idmap config *:backend = tdb idmap config *:range = 70...

Hello everybody. I just upgraded our Fedora fileserver to version 30, which has Samba 4.13.2. Now, I can see this errors in log: check_ntlm_password: Authentication for user [dmu60evo] -> [dmu60evo] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 Auth: [SMB2,(null)] user []\[dmu60evo] at [?t, 19 lis 2020 15:50:26.373477 CET] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]

> It should work ;-) > Can you post your smb.conf and /etc/named.conf files > Rowland Hello Rowland. Of course I can: cat /etc/samba/smb.conf # Global parameters [global] workgroup = SVMETAL realm = samdom.svmetal.cz netbios name = DC01 server services = -dns server role = active directory domain controller idmap_ldb:use rfc2307 = yes allow dns updates = nonsecure log level = 1 dns:3 auth_audit:3 max log size = 102400 load printers = no printing...

...was curious about why the Bind could not work too. > Please post the log where an update fails. There is nothing in /var/log/samba/log.samba even with "log level = dns:10". >From /var/log/messages: Aug 21 14:22:08 dc03x named[15860]: samba_dlz: starting transaction on zone samdom.svmetal.cz Aug 21 14:22:08 dc03x named[15860]: client 192.168.45.26#63596: update 'samdom.svmetal.cz/IN' denied Aug 21 14:22:08 dc03x named[15860]: samba_dlz: cancelling transaction on zone samdom.svmetal.cz systemctl status named: srp 21 14:22:08 dc03x named[15860]: samba_dlz: starting transactio...

...es as we run this domain 2 years. So what's next? Do you think that I have to rearrange UIDs and GIDs in our domain to match numeric pattern as in cleanly provisioned domain? Thanks for you time. Have a nice day. Yours sincerely Jiří Černý System administrator +420 775 860 300 cerny at svmetal.cz helpdesk at svmetal.cz SV metal spol. s r.o. Divec 99 500 03 Hradec Králové Czech republic www.svmetal.cz >>> Jiří Černý 4.9.2017 13:53 >>> Hello everyone. I'm trying to fix sysvol rights, because i see errors in output of /usr/bin/samba-tool ntacl sysvolcheck ERROR(...

...r network, we have some really ancient machines, which are SMB one only. These are CNC machines with some embedded Windows like 95, so upgrade of OS is impossible. While that machines communicate with fileserver, I can see this message in log.samba on DC: ? Auth: [NETLOGON,ServerAuthenticate] user [SVMETAL]\[TCL3030$] at [Mon, 05 Oct 2020 10:31:40.762795 CEST] with [DES] status [NT_STATUS_DOWNGRADE_DETECTED] workstation [(null)] remote host [ipv4:192.168.1.28:1076] mapped to [(null)]\[(null)]. local host [ipv4:192.168.1.1:139] NETLOGON computer [TCL3030] trust account [(null)]?. Does it mean, when...

Hello everyone. I'm trying to fix sysvol rights, because i see errors in output of /usr/bin/samba-tool ntacl sysvolcheck ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samdom.svmetal.cz/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(...

...that I have to rearrange UIDs and GIDs in our > domain to match numeric pattern as in cleanly provisioned domain? > > > Thanks for you time. Have a nice day. > > > Yours sincerely > > Ji??í ??erný > System administrator > > +420 775 860 300 > cerny at svmetal.cz > helpdesk at svmetal.cz > > SV metal spol. s r.o. > Divec 99 > 500 03 Hradec Králové > Czech republic > > www.svmetal.cz > > > >>> Ji??í ??erný 4.9.2017 13:53 >>> > Hello everyone. > I'm trying to fix sysvol rights, because i s...

...ets where are domain controllers), and dynamic DNS update work. But if that notebook connect VPN (with another one IP subnet), dynamic DNS update fail. So is there possibility to force Bind to accept nonsecure updates? Yours sincerely Jiří Černý System administrator +420 775 860 300 cerny at svmetal.cz helpdesk at svmetal.cz SV metal spol. s r.o. Divec 99 500 03 Hradec Králové Czech republic www.svmetal.cz

...es as we run this domain 2 years. So what's next? Do you think that I have to rearrange UIDs and GIDs in our domain to match numeric pattern as in cleanly provisioned domain? Thanks for you time. Have a nice day. Yours sincerely Jiří Černý System administrator +420 775 860 300 cerny at svmetal.cz helpdesk at svmetal.cz SV metal spol. s r.o. Divec 99 500 03 Hradec Králové Czech republic www.svmetal.cz >>> Jiří Černý 4.9.2017 13:53 >>> Hello everyone. I'm trying to fix sysvol rights, because i see errors in output of /usr/bin/samba-tool ntacl sysvolcheck ERROR(...

...urce4/smbd/process_single.c:57(single_accept_connection) single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES [2018/04/22 22:21:57.770716, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[DC01$@SAMDOM.SVMETAL.CZ] at [Sun, 22 Apr 2018 22:21:57.770692 CEST] with [(null)] status [NT_STATUS_NO_SUCH_USER] workstation [(null)] remote host [ipv4:192.168.1.1:43281] mapped to [(null)]\[(null)]. local host [NULL] [2018/04/22 22:21:57.770872, 0] ../source4/smbd/process_single.c:57(single_accept_connection) Sys...

...wner and group of the directory. If Domain Admins has a gidNumber it is just a group and > 'O:DAG:DA' becomes 'O:??G:DA'Deleted. Now, I can do samba-tool ntacl sysvolreset and samba-tool ntacl sysvolcheck without errors.Domain Admins ID is now:getent group 'Domain Admins' SVMETAL\domain admins:x:15655: > It is perfectly safe to edit, in fact if you add another DC, you have to edit it on the second DC by overwriting it with the idmap.ldb from> the first.> > Let me have a look at the classicupgrade code and get back to you, it shouldn't create xidNumbers like...

...eally ancient machines, which are SMB one > only. These are CNC machines with some embedded Windows like 95, so > upgrade of OS is impossible. > While that machines communicate with fileserver, I can see this message > in log.samba on DC: > ? Auth: [NETLOGON,ServerAuthenticate] user [SVMETAL]\[TCL3030$] at > [Mon, 05 Oct 2020 10:31:40.762795 CEST] with [DES] status > [NT_STATUS_DOWNGRADE_DETECTED] workstation [(null)] remote host > [ipv4:192.168.1.28:1076] mapped to [(null)]\[(null)]. local host > [ipv4:192.168.1.1:139] NETLOGON computer [TCL3030] trust account > [(null...

...wner and group of the directory. If Domain Admins has a gidNumber it is just a group and > 'O:DAG:DA' becomes 'O:??G:DA'Deleted. Now, I can do samba-tool ntacl sysvolreset and samba-tool ntacl sysvolcheck without errors.Domain Admins ID is now:getent group 'Domain Admins' SVMETAL\domain admins:x:15655: > It is perfectly safe to edit, in fact if you add another DC, you have to edit it on the second DC by overwriting it with the idmap.ldb from> the first.> > Let me have a look at the classicupgrade code and get back to you, it shouldn't create xidNumbers like...

> I feel I can tell you this without breaking any confidences, the OP sent me their idmap.ldb and the problem boiled down to these three DNs>> CN=S-1-5-32-545> CN=S-1-5-32-544> CN=S-1-5-32-546> > The classicupgrade seems to set these to 'ID_TYPE_GID' instead of 'ID_TYPE_BOTH'.>> RowlandI can confirm this. After changing 'ID_TYPE_GID' to

Yes, that's exactly what I've done.Ok, my group has name "IT admins", but logic is same;)Thank you. However I have one more problem. If I create new group or user and give it UID/GID, this is immediately reachable on linux server. id user, or getent group/passwd and also wbinfo -u/-g/-i can list info about it. But if I assign group to user (or deassign), it spends a lot of time

> Yes, it is a failure, but a failure of the script, it shouldn't print > all those Python errors, it should print something like 'No update > required' for each attempted update and then 'No updates required' Yes, I understand. samba_dnsupdate --verbose --all-names --use-samba-tool gave reasonable output. But samba_dnsupdate --verbose --all-names only just throws ;