search for: testadmin

...results below; Queried against Samba 4.11.4 (query is for OU=Business but response is from OU=Test): $ldapsearch -D username at internal.xxx.yy -w password -H ldaps://192.168.1.1 -s one -b ou=business,dc=internal,dc=xxx,dc=yy "(&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin))" # extended LDIF # # LDAPv3 # base <ou=business,dc=internal,dc=xxx,dc=yy> with scope oneLevel # filter: (&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin)) # requesting: ALL # # Test Admin, Test, internal.xxx.yy dn: CN=Test Admin,OU=Test,DC=internal,DC=xxx,DC=y...

...ferently for the same query. Indeed. > This is how it looks when I run a query (I redacted the domain and > account names a bit): > > ldapsearch -D username at internal.xxx.yy -w password -H ldaps://<samba DC> > -s one -b ou=business,dc=internal,dc=xxx,dc=yy samaccountname=testadmin > # extended LDIF > # > # LDAPv3 > # base <ou=business,dc=internal,dc=xxx,dc=yy> with scope oneLevel > # filter: samaccountname=testadmin > # requesting: ALL > # This is a worry. Can you file a bug? I've sent you an invite to our bugzilla. It seems we have an issu...

...ried against Samba 4.11.4 (query is for OU=Business but response is > from OU=Test): > $ldapsearch -D username at internal.xxx.yy -w password -H > ldaps://192.168.1.1 -s one -b ou=business,dc=internal,dc=xxx,dc=yy > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin))" > # extended LDIF > # > # LDAPv3 > # base <ou=business,dc=internal,dc=xxx,dc=yy> with scope oneLevel > # filter: > (&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin)) > # requesting: ALL > # > > # Test Admin, Test, internal.xxx.yy...

...ds (it took me a while to figure out that I needed "tls verify peer = no_check" and "ldap server require strong auth = no" to be able to run the query): samba-4.11.0$ /usr/local/samba/bin/ldbsearch -H ldaps://dc01 -s one -b ou=business,dc=internal,dc=xxx,dc=yy samaccountname=testadmin -Uusername Password for [XXX\username]: # record 1 dn: CN=Test Admin,OU=Test,DC=internal,DC=xxx,DC=yy <snip> distinguishedName: CN=Test Admin,OU=Test,DC=internal,DC=xxx,DC=yy # returned 1 records # 1 entries # 0 referrals samba-4.11.0$ sudo /usr/local/samba/bin/ldbsearch -H ldb:///usr/loc...

...s Great, that rules out some odd client-specific (eg ASN.1 parsing) issues and makes it a little easier for me to test. > > samba-4.11.0$ sudo /usr/local/samba/bin/ldbsearch -H > ldb:///usr/local/samba/private/sam.ldb -s one -b > ou=business,dc=internal,dc=xxx,dc=yy samaccountname=testadmin > -Uusername > # record 1 > dn: CN=Test Admin,OU=Test,DC=internal,DC=xxx,DC=yy > <snip> > distinguishedName: CN=Test Admin,OU=Test,DC=internal,DC=xxx,DC=yy > > # returned 1 records > # 1 entries > # 0 referrals > > > Also, it seems that I was wrong about...

...gt;> >> This is how it looks when I run a query (I redacted the domain and >> account names a bit): >> >> ldapsearch -D username at internal.xxx.yy -w password -H ldaps://<samba >> DC> -s one -b ou=business,dc=internal,dc=xxx,dc=yy >> samaccountname=testadmin >> # extended LDIF >> # >> # LDAPv3 >> # base <ou=business,dc=internal,dc=xxx,dc=yy> with scope oneLevel >> # filter: samaccountname=testadmin >> # requesting: ALL >> # >> >> # Test Admin, Test, internal.xxx.yy >> dn: CN=Test Admin,...

....11.4 (query is for OU=Business but response is > > from OU=Test): > > $ldapsearch -D username at internal.xxx.yy -w password -H > > ldaps://192.168.1.1 -s one -b ou=business,dc=internal,dc=xxx,dc=yy > > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin))" > > # extended LDIF > > # > > # LDAPv3 > > # base <ou=business,dc=internal,dc=xxx,dc=yy> with scope oneLevel > > # filter: > > (&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin)) > > # requesting: ALL > > # > &...

...ese are all VMs I am working on. I have tried it on several different "test" VMs. Blew away VMs and created new ones, still does not work. It takes me a little time to type the info from the directories because I cannot copy/past due to network separation. Contents below: /etc/hostname testadmin /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :1 localhost localhost.localdomain localhost6 localhost6.localdomain6 IPADDR testadmin.mydomain.com testadmin IPADDR DC1.mydomain.com DC1 /etc/resolv.conf search mydomain.com nameserver "ipa...

...Domain Administrators (S-1-5-21-1079125125-2089603153-60846589-512) -> Domain Admins Domain Users (S-1-5-21-1079125125-2089603153-60846589-513) -> Domain Users Domain Guests (S-1-5-21-1079125125-2089603153-60846589-514) -> Domain Guests Domain Admins has a few members; among them, account testadmin has UID 0, and account printsetup has UID 12632. Domain Admins has the following rights: net rpc rights list "Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege "Domain Admins" members have no...

...e joined, what does this produce: net ads testjoin > > It takes me a little time to type the info from the directories > because I cannot copy/past due to network separation. Can you explain 'network separation' ? > > Contents below: > > /etc/hostname > testadmin Nothing wrong there. > > /etc/hosts > 127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 :1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 IPADDR  testadmin.mydomain.com   testadmin > IPADDR DC1.mydomain.com            DC1...

...is for OU=Business but response is >>> from OU=Test): >>> $ldapsearch -D username at internal.xxx.yy -w password -H >>> ldaps://192.168.1.1 -s one -b ou=business,dc=internal,dc=xxx,dc=yy >>> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin))" >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <ou=business,dc=internal,dc=xxx,dc=yy> with scope oneLevel >>> # filter: >>> (&(objectCategory=person)(objectClass=user)(sAMAccountName=testadmin)) >>> # requesting: A...

...or Once joined, what does this produce: net ads testjoin > > It takes me a little time to type the info from the directories > because I cannot copy/past due to network separation. Can you explain 'network separation' ? > > Contents below: > > /etc/hostname > testadmin Nothing wrong there. > > /etc/hosts > 127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 :1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 IPADDR testadmin.mydomain.com testadmin > IPADDR DC1.mydomain.com DC1 Agai...

...t some odd client-specific (eg ASN.1 parsing) > issues and makes it a little easier for me to test. > >> >> samba-4.11.0$ sudo /usr/local/samba/bin/ldbsearch -H >> ldb:///usr/local/samba/private/sam.ldb -s one -b >> ou=business,dc=internal,dc=xxx,dc=yy samaccountname=testadmin >> -Uusername >> # record 1 >> dn: CN=Test Admin,OU=Test,DC=internal,DC=xxx,DC=yy >> <snip> >> distinguishedName: CN=Test Admin,OU=Test,DC=internal,DC=xxx,DC=yy >> >> # returned 1 records >> # 1 entries >> # 0 referrals >> >>...

...join > > > > > It takes me a little time to type the info from the directories > > because I cannot copy/past due to network separation. > > Can you explain 'network separation' ? > > > > > Contents below: > > > > /etc/hostname > > testadmin > > Nothing wrong there. > > > > > /etc/hosts > > 127.0.0.1 localhost localhost.localdomain localhost4 > > localhost4.localdomain4 :1 localhost localhost.localdomain localhost6 > > localhost6.localdomain6 IPADDR testadmin.mydomain.com testadmin > > IP...

Yes global is there. testparm output shows everything is ok, no error. ROLE_DOMAIN_Member Then I can press enter and see a dump. yes, wbinfo produces output of mydomain\user I left the domain, rejoined, and still no such user. wbinfo outputs users and groups on command. On Thu, Mar 14, 2019 at 1:59 PM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Thu, 14 Mar 2019

...join > > > > > It takes me a little time to type the info from the directories > > because I cannot copy/past due to network separation. > > Can you explain 'network separation' ? > > > > > Contents below: > > > > /etc/hostname > > testadmin > > Nothing wrong there. > > > > > /etc/hosts > > 127.0.0.1 localhost localhost.localdomain localhost4 > > localhost4.localdomain4 :1 localhost localhost.localdomain localhost6 > > localhost6.localdomain6 IPADDR testadmin.mydomain.com testadmin > > IP...

...10-1005) -> admin Domain Users (S-1-5-21-4126613232-4110127252-2813475210-513) -> elev Domain Users (S-1-5-21-3385878057-2215354411-2021536684-513) -> -1 Backup Operators (S-1-5-32-551) -> bin Users (S-1-5-32-545) -> elev And the /etc/group looks like this: personal:x:1003:installer,testadmin If I try to connect using the smbclient I get the respons: "tree connect failed: NT_STATUS_NO_SUCH_GROUP" Here is some of the logs of the log.smbd. [2003/07/07 10:37:36, 1] sam/idmap_tdb.c:db_idmap_init(319) idmap uid range missing or invalid idmap will be unable to map foreign SIDs...

...nly = No create mask = 0600 directory mask = 0700 [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [repository] path = /repository valid users = testadmin, testuser read only = No [root directory] path = / valid users = mont read only = No

...suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=mydomain,dc=com idmap backend = ldap://127.0.0.1 idmap uid = 10000-20000 idmap gid = 10000-20000 map acl inherit = Yes printing = cups printer admin = Administrator, testadmin [IPC$] path = /tmp hosts allow = 10.10.2, 127. hosts deny = 0.0.0.0/0 [homes] comment = Home Directories valid users = %S read only = No browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok =...