search for: zhuchenko

.... * Objects to be compared: 1550 * Result for [SCHEMA]: SUCCESS * Comparing [DNSDOMAIN] context... * Objects to be compared: 196 * Result for [DNSDOMAIN]: SUCCESS * Comparing [DNSFOREST] context... * Objects to be compared: 19 * Result for [DNSFOREST]: SUCCESS > > 2016-06-27 15:21 GMT+02:00 Zhuchenko Valery <zvn at belkam.com>: > >> Hi all! >> >> Today, after two years of production, I get this error: >> >> samba-tool user create test20160627 testpassword >> >> ERROR(ldb): Failed to add user 'test20160627': - >> ../lib/ldb/ldb_t...

Hello guys. Continuing Zhuchenko Valery question,I would like to know if someone from the list has deployed a child domain in samba 4. I have a samba 4 domain controller running on gentoo.My goal is to set up a domain and authentication domain only. But I need a root domain forest and a child domain.I am using verion 4.2.11I would...

Hi, all. What is greatest period for AD DC (non FSMO) can be unavailable, for example, because network segment is unavailable for long time (3, 4 weeks)? Is the controller will be removed from AD automatically? And what to do after this network segment will become available? I have read about tombstoneLifeTime attribute of Directory Service (Configuration, Services, Windows NT), which default

On 28/06/16 12:05, Zhuchenko Valery wrote: > I'm understand, why I get error about unique index violation on objectSid: > > samba-tool fsmo show > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,... > > Last created object h...

...would be a lazy action: change tombstoneLifetime which is by default 180 days to only 1 day. Doing that tomorrow all deleted objects will be deleted and if you are lucky - I can't guaranty that will work - you will able to reuse these RIDs. Hoping this helps... M. 2016-06-28 13:05 GMT+02:00 Zhuchenko Valery <zvn at belkam.com>: > I'm understand, why I get error about unique index violation on objectSid: > > samba-tool fsmo show > RidAllocationMasterRole owner: CN=NTDS > > Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,... >...

..._AD_DC > > And not, dont forget if pc's/servers that have there DNS pointed to that server. > If so, adjust that also. > > > Greetz, > > Louis > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Zhuchenko Valery via samba >> Verzonden: dinsdag 14 april 2020 10:38 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] maximum ad domain controller unavialability time >> >> Hi, all. >> >> What is greatest period for AD DC (non FSMO) can be unavailable, for >...

hi, samba team and other, client software calls samba and samba reads /etc/samba/smb.conf where some parameter contains variable %i (client ip address), but when samba calls samba-dcerpcd, it again reads /etc/samba/smb.conf where some parameter contains variable %i and at that moment %i is not client ip address, it is equal 0.0.0.0 for example I need client ip1 and client ip2 to get

Am 29.07.24 um 13:20 schrieb Zhuchenko Valery via samba: > hi, samba team and other, > > client software calls samba and samba reads /etc/samba/smb.conf where > some parameter contains variable %i (client ip address), but when samba > calls samba-dcerpcd, it again reads /etc/samba/smb.conf where some > parameter co...

"hosts allow" about access to browseable share, I need different shares lists 29.07.2024 15:33, Christian Naumer via samba: > Am 29.07.24 um 13:20 schrieb Zhuchenko Valery via samba: >> hi, samba team and other, >> >> client software calls samba and samba reads /etc/samba/smb.conf where >> some parameter contains variable %i (client ip address), but when >> samba calls samba-dcerpcd, it again reads /etc/samba/smb.conf where &gt...

Am 29.07.24 um 13:48 schrieb Zhuchenko Valery via samba: > "hosts allow" about access to browseable share, I need different shares > lists How about "access based share enum" as a Machine is also just a user you could use the "valid users" option.

user may be same, but from client ip1 this user can't see shares, which can see from client ip2. need share enumeration by client ip 29.07.2024 16:20, Christian Naumer via samba ?????: > Am 29.07.24 um 13:48 schrieb Zhuchenko Valery via samba: >> "hosts allow" about access to browseable share, I need different >> shares lists > > How about "access based share enum" as a Machine is also just a user > you could use the "valid users" option. > > > -- ? ???????...

Am 29.07.24 um 14:35 schrieb Zhuchenko Valery via samba: > user may be same, but from client ip1 this user can't see shares, which > can see from client ip2. > need share enumeration by client ip Have you checked if "hosts allow" in combination with "access based share enum" does what you want?

...names # file: home/samba/test # owner: root # group: root user::rwx user:zvn2:rwx group::r-x mask::rwx other::--- default:user::rwx default:user:zvn2:rwx default:group::r-x default:mask::rwx default:other::r-x 29.07.2024 16:38, Christian Naumer via samba ?????: > Am 29.07.24 um 14:35 schrieb Zhuchenko Valery via samba: >> user may be same, but from client ip1 this user can't see shares, >> which can see from client ip2. >> need share enumeration by client ip > > Have you checked if "hosts allow" in combination with "access based > share enum"...

Hi, all! When I launch (again and again) smbcacls "//myfileserver/share" "" -U user -W domain or smbclient "//myfileserver/share" -U user -W domain -c "ls", in tcpdump output at myfileserver I see multiple calls to controller via ldap, therefore these commands are executed slowly. When I run getent groups at myfileserver, all worked fine, and tcpdump

...D\,... objectSid dn: CN=username\0ADEL:a230f645-268d-4ea9-8993-da3ae7032b4a,CN=Deleted Objects,DC=ad,... objectSid: S-1-5-21-763247336-2482037999-3416227170-2002 it is deleted, but exists. What I can do to solve my problem? May be change rIDNextRID to 2099 on RID Master? Valery 28.06.2016 10:00, Zhuchenko Valery: > 27.06.2016 18:45, mathias dufresne: >> Perhaps you don't have yet duplicate objectSid as that's not supposed to be >> possible. >> Rather than scripting something to look for objectSid used twice I would >> start with dbcheck and other tools to verify th...

Hi all! Today, after two years of production, I get this error: samba-tool user create test20160627 testpassword ERROR(ldb): Failed to add user 'test20160627': - ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=test20160627,CN=Users,DC=ad... - ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in CN=test20160627,CN=Users,DC=ad... Help me

On Tue, 2016-09-13 at 18:59 +0000, Cobra Koral via samba wrote: > Hello guys. Continuing Zhuchenko Valery question,I would like to know > if someone from the list has deployed a child domain in samba 4. > I have a samba 4 domain controller running on gentoo.My goal is to > set up a domain and authentication domain only. But I need a root > domain forest and a child domain. This is n...

Hi, all! There is no check of NS records in this document https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record For example, with two DCs at myzone $ host -t NS myzone dc1 (or dc2, or myzone) must return two records: myzone name server dc1.myzone. myzone name server dc2.myzone. $ host -t NS _msdcs.myzone dc1 (or dc2, or myzone) must return two records: _msdcs.myzone name

...: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC And not, dont forget if pc's/servers that have there DNS pointed to that server. If so, adjust that also. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Zhuchenko Valery via samba > Verzonden: dinsdag 14 april 2020 10:38 > Aan: samba at lists.samba.org > Onderwerp: [Samba] maximum ad domain controller unavialability time > > Hi, all. > > What is greatest period for AD DC (non FSMO) can be unavailable, for > example, because network...

...etion itself removed, which of course means there is no way to communicate the deletion after this final point. I believe Windows automatically blocks replication and disables the netlogon service when it detects such a situation. I'm not sure what samba would do. Alex On 14/04/2020 09:37, Zhuchenko Valery via samba wrote: > Hi, all. > > What is greatest period for AD DC (non FSMO) can be unavailable, for > example, because network segment is unavailable for long time (3, 4 weeks)? > Is the controller will be removed from AD automatically? > And what to do after this network...