similar to: Accessing shares with machine account credential...

[ I'm not subscribed to that list, so please put me on CC; i will read reply on the web interface, but please... ] Setup: a domain (PASIAN) that is using samba3 (2:3.5.6~dfsg-3squeeze11) across two routed network, eg, a main network on 10.27.0.0/16 that have the PDC and the BDC, and a slave network on 10.99.0.0/16 that have another BDC. All ?DC use ldap (openldap) as the backend, and every

[[ I've sent that email on list some days ago, with a different subject. No one reply. I was not clear? Please, help me, or give me at least some hint... ]] [ I'm not subscribed to that list, so please put me on CC; i will read reply on the web interface, but please... ] Setup: a domain (PASIAN) that is using samba3 (2:3.5.6~dfsg-3squeeze11) across two routed network, eg, a main

[I'm subscribed, but with mail deliverying turned off. I will read the thread on web archive, but please CC me... i'm subscribed to the italian samba list, but there's no answer there...] I manage some samba domain (samba3 as in debian stable), using LDAP as backend and smbldap-tools. The domains born as windows-only, and they are still windows-prevalent, but i'm inserting here

Mandi! Rowland penny via samba In chel di` si favelave... > > can i safely run 'samba-tool dbcheck --cross-ncs --fix'? > I do not see any reason why not. 1 error fixed, 7 remains: root at vdcsv1:~# samba-tool dbcheck --cross-ncs --fix Checking 4952 objects ERROR: no target object found for GUID component for msDS-NC-Replica-Locations in object

Some month ago a local branch office closed; the local branch had a DC, that i've simply removed the dc with: samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio (see https://lists.samba.org/archive/samba/2019-February/221195.html) But this leave some old DNS records, eg: root at vdcsv1:~# host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed

samba-tool dbcheck --cross-ncs --fix Yes, should be possible, but i normaly do that after i do the following. search for : CN=58eba604-07e5-4c5d-a104-9e6f4907248f And CN=16b8c008-6c59-4b65-9f1b-530751904a75 In _msdc.dom.tld. Verify which GUID is removed, you can see that, then remove the old server GUID. Run : dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it dig CNAME

Mandi! Rowland penny via samba In chel di` si favelave... > You are authenticating to AD, so you need to use information that AD > understands, its dns domain (not an email domain) and the users name, or the > Netbios domain\username. But UPN is written 'domainful', eg 'username at ad.domain.name': root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b

Happy new year to all! Samba 4.9.17 on stretch, Louis package. On 22/12, at midnight, office closed, i suffered a network outgage that 'broke in two' my domain. On 23/12, at 14.00, network come back. After that, some scripts written around ldbsearch i run on DM (against vdcsv1 that is the DC with FSMO roles) start to complain: Failed to bind - LDAP client internal error:

Hai, Im not into radius (yet)... but you can try upgrading samba. echo "# Backports repository" >> /etc/apt/sources.list.d/debian-backport.list echo "deb http://ftp.nl.debian.org/debian/ wheezy-backports main " >> /etc/apt/sources.list.d/debian-backport.list apt-get update && apt-get upgrade and try again. Greetz, Louis >-----Oorspronkelijk

Mandi! Rowland penny via samba In chel di` si favelave... > > samba-tool dbcheck --cross-ncs --fix > > Yes, should be possible, but i normaly do that after i do the following. > Yes, but why wasn't it removed in the first place ? [...] > > Run : > > dig CNAME 58eba604-07e5-4c5d-a104-9e6f4907248f._msdcs.ad.fvg.lnf.it > > dig CNAME

Mandi! Rowland penny via samba In chel di` si favelave... > You cannot create an ldap filter using the above, you would have to filter > the result of the ldap search. I can confirm: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account-Control-Computed # record 1 dn:

With Samba in NT mode, i was able to enable wireless access using machine account, and worked decently. Now i want to try again in AD mode, but i've not found info, and i've just hit a trouble: Oct 1 14:31:55 vdmsv1 radiusd[13555]: rlm_ldap (ldap): Opening additional connection (25), 1 of 31 pending slots used Oct 1 14:31:55 vdmsv1 radiusd[13555]: (187) Login incorrect:

Mandi! Andrew Bartlett via samba In chel di` si favelave... > > This lead me to another question: in this way, aliases are ''domain > > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and > > another DM aliased 'file' in another LAN, as was used before with NT > > like domains (two different domains). > Correct, you

In my scripts i'm using that query to catch DC: host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed 's/.$//' and works, but now that the domain get more complex, i want to limit server lookups to the DC in the same site. Googling around lead me to: https://patternbuffer.wordpress.com/2007/12/13/finding-your-active-directory-site-and-domain-controllers/ and

Happy new year to the list! I'm using Debian wheezy, standard Samba packages, version 2:3.6.6-6+deb7u4. I've hit bug #8744 https://bugzilla.samba.org/show_bug.cgi?id=8744 (referenced in debian BTS as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658707) that prevent me to use machine account auth; i'm using it with freeradius, to automatically connect some wireless clients.

> Ahem no one reply me. Still no feedback. I've done some test by myself. a) i've added in smb.conf: netbios aliases = CUPSSV FILESV b) i've registered the alias as SPNs, now i've: root at vdcsv1:~# samba-tool spn list vdmsv1$ vdmsv1$ User CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it has the following servicePrincipalName: HOST/VDMSV1

Sorry. Still on this issue. Today i'm upgrading my DC (with latest 4.5 from louis repo). Note that i've 7 DC in total. In site 'PP' i've upgraded samba, then rebooted the container. reboot on 'vdcpp2' happen on: Feb 11 13:59:52 vdcpp2 shutdown[33452]: shutting down for system reboot at '14:00:30' bind, ntp and (i suppose) samba was stared. After that,

> You are meaning here, literally: windows client try to register/update > DNS using ONLY the dns provided by DHCP? > Or, speaking differently the same thing, windows client suppose blindly > that DNS got by DHCP ARE AD DCs? Ok, DNS registration seems to work, but on a (form me) strange way... Spotted in logs: Jun 8 10:14:25 vdcud1 named[1049]: client 10.5.2.127#50250: request has

Hai Marco, To prevent this run : systemctl edit bind9 Add: [Service] ExecReload= Save. systemctl daemon-reload That should fix it., as in, this works for me. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: vrijdag 15 februari 2019 12:34 > Aan: samba at

[i'm not subscribe to this list, please put me on CC...] I've asked this on samba-it (italian) mailing list, but with no clue. In my installation (debian sarge, samba 3.0.14a, kernel 2.6 and xfs filesystem) i've put roaming profile on quotas, and something i think strange happens. The client say to the user that cannot update the profile, also if it was under the soft (and hard)