similar to: Problems resolving most users with winbind and AD/SFU

Problem solved. Sort-of. I just don't know why the solution works. Here's what I found... First, I tried updating SFU 3.5 with the following hotfixes: 913030, 886655, 887531, 932143, 883520, 894186, 931930, 892561, 896428, 888993, 932143, and 939778. No change. Second, I used ADSI Edit from the Win2k support tools to compare side-by-side a working account with a "Could not get

On Mon, 21 Sep 2009, Timo Aaltonen wrote: > > > Hi! > > I'm trying to set up a samba client to authenticate from AD (Win2k8), by > using rfc2307 schema mode to map uidNumber, gidNumber and unixHomeDirectory. > The latter two seem to work, while uidNumber doesn't, at least according to > 'wbinfo -i $uid', which shows the uid as the default starting

Hi Problems with wbinfo this time. With -u/-g/-n it works, but -i doesn't. The log.winbindd-idmap is filled with this: [2010/01/28 10:32:56, 4] libsmb/namequery_dc.c:73(ads_dc_name) ads_dc_name: domain=* [2010/01/28 10:32:56, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: ", *" [2010/01/28 10:32:56, 3] libads/dns.c:343(dns_send_req)

Hi, I'm using samba 3.0.23c, and having a bit of trouble getting it to play nice with my active directory. I'm using Windows Small Business Server 2003 with the SFU 3.5 NIS server/schema extensions installed. I have samba configured to use ad as the idmap backend, and sfu for nss info. When running getent passwd, only a few active directory users show up, and I get lots of errors

Has anyone else gotten samba functioning with idmap_ad and multiple domains? In our environment we have a domain with two child domains. There is one child domain for students, and another for faculty staff. Our servers are joined to the student domain, but need to be able to enumerate users in the staff domain. When attempting to lookup a user (wbinfo -i 'NAU\car3') that only exists

>> >> Hello Samba team ! >> >> On my network I have three Samba-4.1.17 domain controllers (Debian Jessie) >> : >> -> One PDC : pdc01 >> -> Two "slave" DC : sdc02, sdc03 >> >> I don't know why, but sometimes Samba receive the SIGTERM signal and >> restart even if I remove it from the logrotate configuration. On >>

Back on February 28, 2018, I started a thread "User permissions of profile/home directory lost" describing a problem occurring with my wife's user account. Since that time the random problem has persisted so I turned on some debugging. I have been able to determine that somehow her account idmap is broken. Here is the entry for my wife's SID as found in the idmap.ldb file

Hello Samba team ! On my network I have three Samba-4.1.17 domain controllers (Debian Jessie) : -> One PDC : pdc01 -> Two "slave" DC : sdc02, sdc03 I don't know why, but sometimes Samba receive the SIGTERM signal and restart even if I remove it from the logrotate configuration. On "pdc01" I see : ---------- pdc01 (log.samba) ---------- SIGTERM: killing children

Hi folks, I'm trying to delete an entry in the idmap database in a ctdb-managed cluster, but I get: "Could not remove gid to sid mapping" when doing: # wbinfo --remove-gid-mapping=956781,S-1-5-21-861567501-1417001333-682003330-493603 Could not remove gid to sid mapping or # wbinfo --set-gid-mapping=18400,S-1-5-21-861567501-1417001333-682003330-493603 Could not create or

hi again. after some tests, (on my operational domain and on a new testdomain) i detected this behavior: on samba 4.11.6 sometimes the new DNS-records finisches on a wrong dns zone. the problem occurs, if more then 5 records are created with the same name in more then one domain zone for example: testa1.jupiter.mydom.org testa2.jupiter.mydom.org testa3.jupiter.mydom.org

Hello, I'm running Mandrake 9.2 and Samba-3.0.2a I'm connecting a Samba Server as a Domain member to an 2003 ADS, called TEST2. I've been able to create the computer account. I've also tested successfully, from Chapter 7 of ' Samba HOWTO Collection' with a W2K client logon/mount a share from the samba server using Kerberos. The testing of the smbclient was also

Hi again, I just started to debug things on the samba4 side: When trying to mount the Windows NFS share, I get the following error on the samba4 dc (just grepping for nfs in the logs): auth_check_password_send: Checking password for unmapped user [S5DOM.TEST]\[nfs/nfsclient.mydom.test]@[] map_user_info_cracknames: Mapping user [MYDOM.TEST]\[nfs/nfsclient.mydom.test] from workstation []

On Tue, 7 Aug 2018 14:59:56 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 7 Aug 2018 14:55:24 +0200 > Henry Jensen via samba <samba at lists.samba.org> wrote: > > > On Tue, 7 Aug 2018 12:51:33 +0100 > > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > > > > > > Failed to modify SPNs on

On Tue, 7 Aug 2018 12:51:33 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > > > > Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: > > > > spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] > > > > account[db1$] hostname[(null)] nbname[mydom] ntds[(null)] > > > > forest[mydom.lan] domain[mydom.lan]

Hi Rowland, On Tue, 7 Aug 2018 09:46:24 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > > Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: > > spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] > > account[db1$] hostname[(null)] nbname[mydom] ntds[(null)] > > forest[mydom.lan] domain[mydom.lan] > > > > At

Hello, No it's a AD classicupgraded from a Samba 3 PDC Here's a user example from my DC uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users) groupes=513(MYDOM\domain us ers),1151(MYDOM\evaluation),1214(MYDOM\procedures),12021(MYDOM\s13cadre),12041 (MYDOM\s13-grh),1264(MYDOM\zsbw),1001(MYDOM\s13),3000005(BUILTIN\users) my first user start at uid 1001 (1000 was the

Hello, I've got some log entries like these on our DCs: Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] account[db1$] hostname[(null)] nbname[mydom] ntds[(null)] forest[mydom.lan] domain[mydom.lan] At first I thought it was about missing SPN entries, but adding these did not resolve the problem: # samba-tool

Hello everybody, ? I have a new AD which is installed on a Windows Server 2019. Now I want to add a Samba DC to this AD. The Samba DC is in the same subnet. Samba Server: Ubuntu 18.04 Samba 4.10.6 ? The Windows AD has the following settings: PS C: \ Users \ Administrator> Get-ADForest ApplicationPartitions: {DC = DomainDnsZones, DC = mydom, DC = local, DC = ForestDnsZones, DC = mydom,

Hai Christian, > Can someone reproduce this? No, tried, but sorry, works fine for me on my 4.11.6 server. And what is you try it like this. samba-tool dns add dc1.zone1.domain.de 0.168.192.in-addr.arpa 157 PTR zone1.domain.de -U Administrator samba-tool dns add dc1.zone1.domain.de 1.168.192.in-addr.arpa 157 PTR zone2.domain.de -U Administrator I tested on my production where i have 6

Dear Rowland, our windows admin assured me that they have set uidNumber and gidNumber in the range. I have requested screenshots for confirmation. Now we are one step further: "getent passwd | grep mdecker" now lists the AD account. mdecker:*:13667:7142:Decker, Martin:/home/MYDOM/mdecker:/bin/false With "getent passwd mdecker" however, it shows