Displaying 20 results from an estimated 29 matches for "svmetal".
Did you mean:
metal
2018 Aug 21
3
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
...php/Testing_Dynamic_DNS_Updates
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#TroubleshootingAnd tried everything possible. Writing mail to lists is the last instance for me...On every of our DCs:
samba_dnsupdate --verbose
IPs: ['192.168.45.1']
Looking for DNS entry A dc03x.samdom.svmetal.cz 192.168.45.1 as dc03x.samdom.svmetal.cz.
Looking for DNS entry NS samdom.svmetal.cz dc03x.samdom.svmetal.cz as samdom.svmetal.cz.
Looking for DNS entry NS _msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz as _msdcs.samdom.svmetal.cz.
Looking for DNS entry A samdom.svmetal.cz 192.168.45.1 as samdo...
2018 Aug 21
0
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
...dates
> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Troubl
eshootingAnd tried everything possible. Writing mail to lists is > the last instance for me...On every of our DCs:
> samba_dnsupdate --verbose
> IPs: ['192.168.45.1']
> Looking for DNS entry A dc03x.samdom.svmetal.cz 192.168.45.1
> as dc03x.samdom.svmetal.cz.
> Looking for DNS entry NS samdom.svmetal.cz
> dc03x.samdom.svmetal.cz as samdom.svmetal.cz.
> Looking for DNS entry NS _msdcs.samdom.svmetal.cz
> dc03x.samdom.svmetal.cz as _msdcs.samdom.svmetal.cz.
> Looking for DNS entry A samdom...
2018 Aug 22
1
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
...I just switched to internal DNS.
It's been a long time, I'm gradually recalling how it was.
> OK, try this:
>
> samba_dnsupdate --verbose --all-names --use-samba-tool
samba_dnsupdate --verbose --all-names --use-samba-tool
IPs: ['192.168.45.1']
force update: A dc03x.samdom.svmetal.cz 192.168.45.1
force update: NS samdom.svmetal.cz dc03x.samdom.svmetal.cz
force update: NS _msdcs.samdom.svmetal.cz dc03x.samdom.svmetal.cz
force update: A samdom.svmetal.cz 192.168.45.1
force update: SRV _ldap._tcp.samdom.svmetal.cz dc03x.samdom.svmetal.cz 389
force update: SRV _ldap._tcp.dc._msd...
2020 Nov 20
2
winbind use default domain = yes doesn't work on Samba 4.13?
Yes.
In the first name, I wrote DOMAIN, but our real workgroup is SVMETAL,
as you cas see in smb.conf.
[global]
netbios name = fs0001
workgroup = SVMETAL
security = ADS
realm = SAMDOM.SVMETAL.CZ
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
acl allow execute always = True
idmap config *:backend = tdb
idmap config *:range = 70...
2020 Nov 19
2
winbind use default domain = yes doesn't work on Samba 4.13?
Hello everybody.
I just upgraded our Fedora fileserver to version 30, which has Samba
4.13.2.
Now, I can see this errors in log:
check_ntlm_password: Authentication for user [dmu60evo] -> [dmu60evo]
FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
Auth: [SMB2,(null)] user []\[dmu60evo] at [?t, 19 lis 2020
15:50:26.373477 CET] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]
2018 Aug 21
1
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
> It should work ;-)
> Can you post your smb.conf and /etc/named.conf files
> Rowland
Hello Rowland. Of course I can:
cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = SVMETAL
realm = samdom.svmetal.cz
netbios name = DC01
server services = -dns
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
allow dns updates = nonsecure
log level = 1 dns:3 auth_audit:3
max log size = 102400
load printers = no
printing...
2018 Aug 21
1
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
...was curious about why the Bind could not work too.
> Please post the log where an update fails.
There is nothing in /var/log/samba/log.samba even with "log level = dns:10".
>From /var/log/messages:
Aug 21 14:22:08 dc03x named[15860]: samba_dlz: starting transaction on zone samdom.svmetal.cz
Aug 21 14:22:08 dc03x named[15860]: client 192.168.45.26#63596: update 'samdom.svmetal.cz/IN' denied
Aug 21 14:22:08 dc03x named[15860]: samba_dlz: cancelling transaction on zone samdom.svmetal.cz
systemctl status named:
srp 21 14:22:08 dc03x named[15860]: samba_dlz: starting transactio...
2017 Sep 05
3
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
...es as
we run this domain 2 years.
So what's next?
Do you think that I have to rearrange UIDs and GIDs in our domain to
match numeric pattern as in cleanly provisioned domain?
Thanks for you time. Have a nice day.
Yours sincerely
Jiří Černý
System administrator
+420 775 860 300
cerny at svmetal.cz
helpdesk at svmetal.cz
SV metal spol. s r.o.
Divec 99
500 03 Hradec Králové
Czech republic
www.svmetal.cz
>>> Jiří Černý 4.9.2017 13:53 >>>
Hello everyone.
I'm trying to fix sysvol rights, because i see errors in output of
/usr/bin/samba-tool ntacl sysvolcheck
ERROR(...
2020 Oct 05
3
Upgrade to Samba 4.12 question
...r network, we have some really ancient machines, which are SMB one
only. These are CNC machines with some embedded Windows like 95, so
upgrade of OS is impossible.
While that machines communicate with fileserver, I can see this message
in log.samba on DC:
? Auth: [NETLOGON,ServerAuthenticate] user [SVMETAL]\[TCL3030$] at
[Mon, 05 Oct 2020 10:31:40.762795 CEST] with [DES] status
[NT_STATUS_DOWNGRADE_DETECTED] workstation [(null)] remote host
[ipv4:192.168.1.28:1076] mapped to [(null)]\[(null)]. local host
[ipv4:192.168.1.1:139] NETLOGON computer [TCL3030] trust account
[(null)]?.
Does it mean, when...
2017 Sep 04
2
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Hello everyone.
I'm trying to fix sysvol rights, because i see errors in output of
/usr/bin/samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception
- ProvisioningError: DB ACL on GPO directory
/var/lib/samba/sysvol/samdom.svmetal.cz/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}
O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED)
does not match expected value
O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(...
2017 Sep 05
0
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
...that I have to rearrange UIDs and GIDs in our
> domain to match numeric pattern as in cleanly provisioned domain?
>
>
> Thanks for you time. Have a nice day.
>
>
> Yours sincerely
>
> Ji??í ??erný
> System administrator
>
> +420 775 860 300
> cerny at svmetal.cz
> helpdesk at svmetal.cz
>
> SV metal spol. s r.o.
> Divec 99
> 500 03 Hradec Králové
> Czech republic
>
> www.svmetal.cz
>
>
> >>> Ji??í ??erný 4.9.2017 13:53 >>>
> Hello everyone.
> I'm trying to fix sysvol rights, because i s...
2018 Aug 21
1
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
...ets where are domain controllers), and dynamic DNS update work. But
if that notebook connect VPN (with another one IP subnet), dynamic DNS
update fail.
So is there possibility to force Bind to accept nonsecure updates?
Yours sincerely
Jiří Černý
System administrator
+420 775 860 300
cerny at svmetal.cz
helpdesk at svmetal.cz
SV metal spol. s r.o.
Divec 99
500 03 Hradec Králové
Czech republic
www.svmetal.cz
2017 Sep 05
1
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
...es as
we run this domain 2 years.
So what's next?
Do you think that I have to rearrange UIDs and GIDs in our domain to
match numeric pattern as in cleanly provisioned domain?
Thanks for you time. Have a nice day.
Yours sincerely
Jiří Černý
System administrator
+420 775 860 300
cerny at svmetal.cz
helpdesk at svmetal.cz
SV metal spol. s r.o.
Divec 99
500 03 Hradec Králové
Czech republic
www.svmetal.cz
>>> Jiří Černý 4.9.2017 13:53 >>>
Hello everyone.
I'm trying to fix sysvol rights, because i see errors in output of
/usr/bin/samba-tool ntacl sysvolcheck
ERROR(...
2018 Apr 23
1
NT_STATUS_TOO_MANY_OPENED_FILES on AD DCs
...urce4/smbd/process_single.c:57(single_accept_connection)
single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES
[2018/04/22 22:21:57.770716, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[DC01$@SAMDOM.SVMETAL.CZ] at [Sun, 22 Apr 2018 22:21:57.770692 CEST] with [(null)] status [NT_STATUS_NO_SUCH_USER] workstation [(null)] remote host [ipv4:192.168.1.1:43281] mapped to [(null)]\[(null)]. local host [NULL]
[2018/04/22 22:21:57.770872, 0] ../source4/smbd/process_single.c:57(single_accept_connection)
Sys...
2017 Sep 05
1
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
...wner and group of the
directory. If Domain Admins has a gidNumber it is just a group and
> 'O:DAG:DA' becomes 'O:??G:DA'Deleted. Now, I can do samba-tool ntacl
sysvolreset and samba-tool ntacl sysvolcheck without errors.Domain
Admins ID is now:getent group 'Domain Admins'
SVMETAL\domain admins:x:15655:
> It is perfectly safe to edit, in fact if you add another DC, you have
to edit it on the second DC by overwriting it with the idmap.ldb from>
the first.> > Let me have a look at the classicupgrade code and get back
to you, it shouldn't create xidNumbers like...
2020 Oct 05
0
Upgrade to Samba 4.12 question
...eally ancient machines, which are SMB one
> only. These are CNC machines with some embedded Windows like 95, so
> upgrade of OS is impossible.
> While that machines communicate with fileserver, I can see this message
> in log.samba on DC:
> ? Auth: [NETLOGON,ServerAuthenticate] user [SVMETAL]\[TCL3030$] at
> [Mon, 05 Oct 2020 10:31:40.762795 CEST] with [DES] status
> [NT_STATUS_DOWNGRADE_DETECTED] workstation [(null)] remote host
> [ipv4:192.168.1.28:1076] mapped to [(null)]\[(null)]. local host
> [ipv4:192.168.1.1:139] NETLOGON computer [TCL3030] trust account
> [(null...
2017 Sep 06
3
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
...wner and group of the
directory. If Domain Admins has a gidNumber it is just a group and
> 'O:DAG:DA' becomes 'O:??G:DA'Deleted. Now, I can do samba-tool ntacl
sysvolreset and samba-tool ntacl sysvolcheck without errors.Domain
Admins ID is now:getent group 'Domain Admins'
SVMETAL\domain admins:x:15655:
> It is perfectly safe to edit, in fact if you add another DC, you have
to edit it on the second DC by overwriting it with the idmap.ldb from>
the first.> > Let me have a look at the classicupgrade code and get back
to you, it shouldn't create xidNumbers like...
2017 Sep 06
1
SOLVED: BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> I feel I can tell you this without breaking any confidences, the OP
sent me their idmap.ldb and the problem boiled down to these three DNs>>
CN=S-1-5-32-545> CN=S-1-5-32-544> CN=S-1-5-32-546> > The classicupgrade
seems to set these to 'ID_TYPE_GID' instead of 'ID_TYPE_BOTH'.>>
RowlandI can confirm this. After changing 'ID_TYPE_GID' to
2017 Sep 07
0
SOLVED: BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Yes, that's exactly what I've done.Ok, my group has name "IT admins",
but logic is same;)Thank you.
However I have one more problem.
If I create new group or user and give it UID/GID, this is immediately
reachable on linux server. id user, or getent group/passwd and also
wbinfo -u/-g/-i can list info about it.
But if I assign group to user (or deassign), it spends a lot of time
2018 Aug 22
0
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
> Yes, it is a failure, but a failure of the script, it shouldn't print
> all those Python errors, it should print something like 'No update
> required' for each attempted update and then 'No updates required'
Yes, I understand. samba_dnsupdate --verbose --all-names --use-samba-tool gave reasonable output. But samba_dnsupdate --verbose --all-names only just throws
;