similar to: Win2000 / Win2003 ADS dnsHostName and servicePrincipalName

Hi, I am using CIFS 2.01.01 on HPUX11V2. CIFS is running in ADS security-mode. Winbind is used to map the userers from the W2K3-Domain (german) to an tdb-file. The user mapping works fine, but I have problems with the ACLS: setting the ACLS to a file or folder from windows leads in "access denied". I'm the owner of the object and have full access. The really crazy thing is,

I am using samba as a domain member for A W2K Domain. The purpose is provide storage services to Unix and W2K Metaframe Servers using kerberos authentication. ( So we are using Samba 3.0 from a while and SUN NFS with kerberos in the same storage - but no sharing locks as Veritas products offer ). so I used the net command: net ads join This command creted a samba3.0 computer account in

For a variety of reasons, our Redhat 6 boxes have primary DNS FQDNs that don't match our Win2008r2 AD deployment... the Linux boxes being in a variety of <hostname>.<subdomain>.<ourdomain> while the AD is ds.<ourdomain>. This surprisingly doesn't cause us that much grief, so long as we're diligent about keeping our servicePrincipalNames maintained on the

"I expect you don't have just copied your VMs disks without changing VMs hostname and FQDN. I expect you don't fully re-use smb.conf from another DC (you can do that but you must change hostname into smb.conf)." 1) These are new Ubuntu VMs, not cloned, built from scratch. I tried joining them with no smb.conf in /usr/local/samba/etc You have disabled SELinux too 2) AFAIK

Good times... Spent hours today rolling a fresh VM. FAIL itwerks at testes:~$ kinit administrator Password for administrator at CB.CLIFFBELLS.COM: itwerks at testes:~$ klist -e Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: administrator at CB.CLIFFBELLS.COM Valid starting Expires Service principal 03/27/2016 00:07:04 03/27/2016 10:07:04 krbtgt/ CB.CLIFFBELLS.COM

I am trying to determine if it is mandatory for the domain controllers's host FQDN to be within the same DNS domain as the realm's DNS domain. For example: let's say I want the DC to be called smb1.int.example.net but I want the realm to be AD.EXAMPLE.NET. I set "smb1" in /etc/hostname and mapping to the FQDN in /etc/hosts, so that "hostname -f" shows the

Hello, I've a samba 3.0.2a on a mandrake 9.2 with double authentification. A local authentification for users not on my domain and AD authentification for users on my domain. AD where on two win 2k servers. One of these server was moved on win 2003 server and then the AD authentification don't work any more. Here is my smb.conf file. getent passwd give only local users [global]

I ran ldbsearch on my sam.ldb I searched for CBADC02, CBADC03, and TESTES (all VMs that fail to join domain), results are below: CBADC02 shows up a few times: # record 1906 dn: CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu$ objectClass: top objectClass: server instanceType: 4 whenCreated: 20160310044543.0Z uSNCreated: 4215

Morning, On a DC: [root at BPCTASRVSDC003 ~]# samba-tool drs showrepl | grep failure 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0 consecutive failure(s). 0

Hello After failing to join my samba box to winAD 2012, I went and downloaded the sernet packages and samba box join the AD domain using "samba-tool" with no problems. However I've got problems with winbind. wbinfo -u returns: could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! Error looking up domain users Here is my

Thank you very much Louis, Rowland, Mike ! I have made all the changes proposed by Louis but still have the same problem. -> kinit works now with /var/lib/samba/private/secrets.keytab ------------------------ ~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$ ~# ------------------------ -> but samba-tool authentication with machine account fail : ------------------------ ~#

I'm trying to join a RHEL5 host to an AD domain, and can do this successfully when I set those hostname to the same value as the samba "netbios name" parameter. However, when I try with a hostname != netbios name, it fails. Is it possible to join a machine when the hostname isn't the same as the netbios name? The reason for wanting this is because I have a whole load of servers

Dear All, I have succesfully managed to have my kerberos configured n working without error when i say kinit Administrator and after entering password it works fine my krb5.conf -------------- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = BALADIA.LOCAL dns_lookup_kdc = false

Talking to myself again ;-) Samba-tool is working a little bit different then the silo/policy management on a Windows-DC. On a Windows-DC after assigning the user and host to the silo you have to assign the silo to the user and the host. When assigning the user and host to the silo with samba-tool, the assignment to the user and the host will be done at the same time. So now my policy looks

Hello, I'm trying to run smbtorture against another system. I have installed version 4.0.0alpha9 locally. The remote system is registered with ADS as: distinguishedName: CN=bl-uits-cictest,CN=Computers,DC=ads,DC=iu,DC=edu name: bl-uits-cictest dNSHostName: bl-uits-cictest.ads.iu.edu servicePrincipalName: HOST/bl-uits-cictest.ads.iu.edu servicePrincipalName: HOST/BL-UITS-CICTEST The

Hi Stefan, We had a long weekend in New Zealand, I'm catching up now to your emails. Some of the slight differences between Windows tools I've already picked up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm always open to learning what things are missing or different etc. On 23/10/23 02:58, Stefan Kania via samba wrote: > Talking to myself again ;-) > >

Hello, We recently upgraded to the latest Samba3 version v3.0.23c. If the Samba system and the AD belong to the same domain, I am able to perform a 'net ads join' by supplying either a 'Domain Admins' or a 'Domain Users' credential. However if the Samba system and the AD belong to different domain, I can perform the 'net ads join' by supplying a 'Domain

2017-06-21 14:29 GMT+02:00 Prunk Dump <prunkdump at gmail.com>: > Thank you very much Louis, Rowland, Mike ! > > I have made all the changes proposed by Louis but still have the same problem. > > -> kinit works now with /var/lib/samba/private/secrets.keytab > ------------------------ > ~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$ > ~# >

> Hi Mark, can I ask just what you are trying to achieve ? Well, it's rather simple. I want to remove a domain member from the domain. Normally, I do that with ADUC, no problem. But for some reason I was having trouble with ADUC (since resovled, magically), so I thought I'd try the same thing using samba-tool. That's it really. You wrote further: > I hope you can see that

Thanks Rob for chiming in. Stefan, I do want to be very clear, one of the big challanges that we as developers face building these kind of tools is that we don't run AD domains day-to-day. So we really value good feedback on the ergonomics. If you can test with our work in progress, we are keen to adapt the tooling where possible to be more in line with what is 'naturally expected, so