Displaying 20 results from an estimated 88 matches for "vdcsv1".
2018 Mar 21
2
log error about permissions in truncated share path...
In syslog of my DC (2:4.5.12+dfsg-2+deb9u2~bpo8+1) i found sometime rows like:
Mar 21 09:53:40 vdcsv1 smbd[22686]: [2018/03/21 09:53:40.826081, 0] ../source3/param/loadparm.c:3244(process_usershare_file)
Mar 21 09:53:40 vdcsv1 smbd[22686]: process_usershare_file: stat of /var/lib/samba/usershares/sysvo failed. Permesso negato
Mar 21 09:53:40 vdcsv1 smbd[22686]: [2018/03/21 09:53:40.831949, 0]...
2017 Oct 20
2
Some hint reading password expiration data...
...: 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
But in the new 'AD' domain i'm setting up, seems that things does not
work like this.
If i set the same policy:
samba-tool domain passwordsettings set --max-pwd-age=90
and i chage the password, i get:
root at vdcsv1:~# pdbedit -v gaio
Unix username: gaio
NT username:
Account Flags: [U ]
User SID: S-1-5-21-160080369-3601385002-3131615632-1105
Primary Group SID: S-1-5-21-160080369-3601385002-3131615632-513
Full Name: Marco Gaiarin
Home Directory:...
2018 Mar 21
0
log error about permissions in truncated share path...
On Wed, 21 Mar 2018 11:02:02 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> In syslog of my DC (2:4.5.12+dfsg-2+deb9u2~bpo8+1) i found sometime
> rows like:
>
> Mar 21 09:53:40 vdcsv1 smbd[22686]: [2018/03/21 09:53:40.826081,
> 0] ../source3/param/loadparm.c:3244(process_usershare_file) Mar 21
> 09:53:40 vdcsv1 smbd[22686]: process_usershare_file: stat
> of /var/lib/samba/usershares/sysvo failed. Permesso negato Mar 21
> 09:53:40 vdcsv1 smbd[22686]: [2018/03/21 09:...
2017 Oct 23
0
Some hint reading password expiration data...
Sorry, i came back on this, but:
> In another, more generic, way: how password policies are enforced?
still i need an answer on this question.
I've done some tests, using my account, that pdbedit say:
root at vdcsv1:~# LANG=C pdbedit -v gaio
Unix username: gaio
NT username:
Account Flags: [U ]
User SID: S-1-5-21-160080369-3601385002-3131615632-1105
Primary Group SID: S-1-5-21-160080369-3601385002-3131615632-513
Full Name: Marco Gaiarin
Home Dire...
2019 Feb 15
2
Demoted/removed a DC, and the NS records?
...In chel di` si favelave...
> This is a known problem, you cannot 'reload' Bind9 on a Samba DC, you
> have to restart it.
Ah. 'known' not to me... ;-)
> Check the Bind conf files (including logrotate) for 'reload' and replace
> with 'restart'
root at vdcsv1:~# find /etc -name bind9 | grep reload
root at vdcsv1:~#
And there's no logrotate conf snippet for bind. In various
files/scripts:
root at vdcsv1:~# find /etc -name bind9
/etc/init.d/bind9
/etc/ppp/ip-up.d/bind9
/etc/ppp/ip-down.d/bind9
/etc/default/bind9
/etc/network/if-down.d/bind9...
2017 Sep 26
1
Domain member server: user access
...Im pretty sure this is a bug in the DC part.
>
> Ahem, sorry, but i'm lost in following this therad. I've hust setup my
> test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,
> lous) on a debian jessie.
>
> Very minimal configuration:
>
> root at vdcsv1:~# samba-tool testparm
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
> netbios name = VDCSV1
> realm = AD.FVG.LNF.IT
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupd...
2019 Sep 24
2
'samba-tool testparm --section' bugs?
I've coded some scripts that extract some info from a smb.conf section.
In DC works:
root at vdcsv1:~# samba-tool -V
4.5.16-Debian
root at vdcsv1:~# samba-tool testparm --section sysvol
[sysvol]
path = /var/lib/samba/sysvol
read only = No
root at vdcsv1:~# samba-tool testparm --section-name=sysvol
[sysvol]
path = /var/lib/samba/sysvol
read only = No
in DM no:
root at vdmsv1:~...
2018 May 15
0
Query for DC in the same site...
...t the domain get more complex, i want to limit
server lookups to the DC in the same site.
Googling around lead me to:
https://patternbuffer.wordpress.com/2007/12/13/finding-your-active-directory-site-and-domain-controllers/
and seems to work. With the local network i can get the site:
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=Subnets,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=10.5.0.0/16)" siteObject
# record 1
dn: CN=10.5.0.0/16,CN=Subnets,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it
siteObject: CN=SanVito,CN=Sites,CN=Con...
2017 Sep 26
1
Domain member server: user access
...to the one you placed in the gidNumber attribute in Domain Users.
I can confirm that.
Using ADUC i've noted that 'Domain Users' have no GID assigned, so
seems that some samba ''internal'' logic assign GID 100 'by default'.
After assigning GID 10513:
root at vdcsv1:~# net cache flush
root at vdcsv1:~# getent group "Domain Users"
LNFFVG\domain users:x:10513:
root at vdcsv1:~# wbinfo -G 10513
S-1-5-21-160080369-3601385002-3131615632-513
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''...
2017 Nov 09
2
Best practice for creating an RO LDAP User in AD...
...ndum est». ;-)
>
>
> > The setup for the Ad in the link below is the same but if you want
> > access without auth, Have you tried to query the GC ports. ( 3268
> > or 3269 )
>
> No, but now yes and does not work:
>
> gaio at albus:~$ ldapsearch -x -H ldap://vdcsv1:3268/ -b
> DC=ad,DC=fvg,DC=lnf,DC=it "(uid=gaio)"
Try:
ldbsearch -H ldap://vdcsv1:3268 -P -b DC=ad,DC=fvg,DC=lnf,DC=it
'(uid=gaio)'
You will have to do this as root.
Rowland
2017 Sep 26
3
Domain member server: user access
Hai Rowland,
Im pretty sure this is a bug in the DC part.
I'll show.
On the DC.
dc1:~# getent passwd winadmin
NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash
wbinfo --group-info="Domain Users"
NTDOM\domain users:x:100:
id winadmin
uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)
2017 Oct 23
3
Some hint reading password expiration data...
...samba.org> wrote:
>
> Sorry, i came back on this, but:
>
> > In another, more generic, way: how password policies are enforced?
>
> still i need an answer on this question.
>
>
> I've done some tests, using my account, that pdbedit say:
>
> root at vdcsv1:~# LANG=C pdbedit -v gaio
> Unix username: gaio
> NT username:
> Account Flags: [U ]
> User SID: S-1-5-21-160080369-3601385002-3131615632-1105
> Primary Group SID: S-1-5-21-160080369-3601385002-3131615632-513
> Full Name:...
2020 Jan 07
2
Domain 'resync', DC with FSMO roles LDAP troubles...
Happy new year to all!
Samba 4.9.17 on stretch, Louis package.
On 22/12, at midnight, office closed, i suffered a network outgage that 'broke in
two' my domain.
On 23/12, at 14.00, network come back. After that, some scripts written
around ldbsearch i run on DM (against vdcsv1 that is the DC with FSMO
roles) start to complain:
Failed to bind - LDAP client internal error: NT_STATUS_CONNECTION_DISCONNECTED
Failed to connect to 'ldap://vdcsv1.ad.fvg.lnf.it' with backend 'ldap': LDAP client internal error: NT_STATUS_CONNECTION_DISCONNECTED
Failed to conne...
2019 Feb 15
0
Demoted/removed a DC, and the NS records?
Hi Marco,
> Following:
> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
>
> i've demoted and removed a DC. Seems all went as expected:
>
> root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
> Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
> Password for [LNFFVG\gaio]:
> Deactivating inbound replication
> Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize from us
> Changing userControl and container
> Removing Sysvol...
2017 Oct 27
2
Some hint reading password expiration data...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> It is an operational attribute. simply add
> msDS-UserPasswordExpiryTimeComputed
> to the list of attributes requested when searching for the user.
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge
# record 1
dn: DC=ad,DC=fvg,DC=lnf,DC=it
maxPwdAge: -77760000000000
# returned 1 records
# 1 entries
# 0 referrals
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sa...
2017 Sep 26
0
Domain member server: user access
...amba
In chel di` si favelave...
> Im pretty sure this is a bug in the DC part.
Ahem, sorry, but i'm lost in following this therad. I've hust setup my
test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,
lous) on a debian jessie.
Very minimal configuration:
root at vdcsv1:~# samba-tool testparm
Press enter to see a dump of your service definitions
# Global parameters
[global]
netbios name = VDCSV1
realm = AD.FVG.LNF.IT
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = LNFFVG
server role =...
2019 Feb 15
6
Demoted/removed a DC, and the NS records?
Following:
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
i've demoted and removed a DC. Seems all went as expected:
root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
Password for [LNFFVG\gaio]:
Deactivating inbound replication
Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize from us
Changing userControl and container
Removing Sysvol reference: CN=VDCUD1,CN=Enterp...
2018 Mar 21
2
Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
I've hitted the error in subject trying a backup of my sysvol.
Mar 21 11:13:31 vdcsv1 winbindd[3494]: [2018/03/21 11:13:31.234373, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Mar 21 11:13:31 vdcsv1 winbindd[3494]: Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!
Looking on internet/list archive leadme to recent post (november 2017)...
2019 Dec 06
2
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba
In chel di` si favelave...
> You cannot create an ldap filter using the above, you would have to filter
> the result of the ldap search.
I can confirm:
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account-Control-Computed
# record 1
dn: CN=gaio,OU=Users,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
msDS-User-Account-Control-Computed: 16
[...]
# ret...
2017 Nov 07
2
Best practice for creating an RO LDAP User in AD...
...#39; OU, a 'Restricted' group (i'm short in
fantasy, today ;) and i've created an 'mta' user, both user and group
in 'Restricted' OU, of course.
And i've added 'mta' to 'Restricted' group.
Clearly, in an DC, a xID get assigned to group:
root at vdcsv1:~# getent group Restricted
LNFFVG\restricted:x:3000026:
but by the same way 'mta' user get by default the 'Domain Users' group
(and others, seems):
root at vdcsv1:~# getent passwd mta
LNFFVG\mta:*:3000025:10513:MTA Restricted:/home/mta:/bin/bash
root at vdcsv1:~# id mta
uid=3...