similar to: Winbind & user ID's on multiple servers

Is there an option to the net command to not have it update DNS in AD? We are joining servers using the net ads join command and it's changing our static DNS entries to dynamic ones which then get deleted when AD does its DNS scavenging. It seems that dynamically updating DNS is the default. The command we're running is: net ads join -U adminuser%adminpasswd Thanks - Mike Mike

I've just upgraded the version of Samba we're running from 2.2.2 to 3.0.2a and am seeing an issue with permissions on directories. Users can still map the shares that are set up, but cannot access the directories within those shares. This is also not consistent; it's not happening to all users. Our environment: Samba 3.0.2a Domain Authentication to a Win2K server No Winbind Solaris

If I have a Samba server that is part of a Windows 2000 domain and is not a domain controller (all of our authentication goes against a Windows 2000 box), do I need to upgrade to 3.0.4/2.2.9? What is the interaction between a Samba server that is part of a domain and the Windows client if all of the authentication is being done against a Windows 2000 PDC? Mike Auleta Boeing IDS, Philadelphia

We tried that also. It didn't work either. But since I was pointed to bug 1221, I removed the matching of an apostrophe in util_str.c (fell back to 2.2 behaviour) and that looks like it works. My user is able to map his shares again. Thanks for all who helped. Mike -----Original Message----- From: David Brodbeck [mailto:DavidB@mail.interclean.com] Sent: Monday, June 07, 2004 4:23 PM To:

I upgraded our samba server from Solaris 2.6 to Solaris 8, and our Samba software from 2.0.6 to 2.2.1a. I've encountered two problems that I can't seem to find an answer for. In our environment, we NFS mount the filesystems to the samba server, and then share them with samba. It makes our administration easier. 1) Along with our PC's, we also use Microsoft NT Server, Terminal

Hi. I use winbind + squid on Debian Buster to authenticate users + authorize them based on groups they are in. It all works, well, good, but winbind's CPU utilization peaks can reach up to 100%. The same solution ran OK on Debian Jessie with up to 20% CPU utilization at most. The configuration of Buster must have been updated based on the samba version leap/shift compared to Jessie. On

I think I've narrowed down my problem, but I still don't know where to fix it. It appears that scanning the users.map file strips out the apostrophes and the Windows ID never matches: [2004/06/01 16:23:51, 10] lib/username.c:user_in_list(521) user_in_list: checking user o'brienta in list [2004/06/01 16:23:51, 10] lib/username.c:user_in_list(525) user_in_list: checking user

http://lists.samba.org/archive/samba/2005-October/113181.html This sounds exactly like what I'm experiencing... for the second time. I'm starting to think it happens whenever the AD folks create a new domain in the forest. (we just added our asia pacific region a couple days ago) Did you ever figure out what's happening? How did you resolve the issue? I remember last time I had

What do you see/get when you run: dig NS $(hostname -d) With 2 dc's you should see 2 records. In the past this was a bug at samba joins so only 1 NS record existed. Worth to have a look at. And adding this to /etc/resolv.conf: options timeout:2 options attempts:3 options rotate Also might help. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba

Hai Marco, Yes, best is to use the "localhost" dns setup as caching/forwarder only. All you need is for the forwarding is : zone "your.dnsdomain.tld" { type forward; forwarders { IP_DC1; IP_DC2; }; }; zone "168.192.in-addr.arpa" { type forward; forwarders { IP_DC1; IP_DC2; }; }; If you think its still to slow, remove > options attempts:2

Am 31.07.19 um 10:47 schrieb L.P.H. van Belle via samba: > I pointed to that link becuase of the last message. >>> The OU the users were in required read permissions on the Authenticated Users security group! > Im guyessing this is what your problem is, i just dont know where in your AD. OK, that might be the case. So the step is "add/check ACLs on the SYSVOL-share for

BTW I noticed that most configs use the wildcard parameter. So the smb.conf now uses: idmap config * : backend = rid idmap config * : range = 16777216-33554431 But still no change... I really wonder where this old username is coming from... > -----Ursprüngliche Nachricht----- > Von: Julian Zielke > Gesendet: Dienstag, 6. September 2016 18:10 > An: 'Rowland Penny' <rpenny

On Tue, 6 Sep 2016 13:59:43 +0000 Julian Zielke via samba <samba at lists.samba.org> wrote: > BTW, this is our smb.conf: > > # Global parameters > [global] > workgroup = mydomain > realm = mydomain.local > netbios name = myhostname > server string = Samba AD Client Version %v > security = ads > password server = dc03, dc04, dc01, dc02, * You should let Samba

Good Morning Rowland, oh well, the bad side of the Internet... well the samba stuff was implemented by a former co-worker so I've to get into everything he did. Here’s the information you’ve requested, additionally with my config files I know changed based on the samba wiki: smb.conf: cat /etc/samba/smb.conf [global] workgroup = MYDOMAIN realm = MYDOMAIN.local netbios name =

I would suggest. Stop samba and winbind Backup /etc/krb5.keytab /var/lib/samba /var/cache/samba Remove everything in : /var/lib/samba /var/cache/samba And remove : /etc/krb5.keytab Put in this config ( from Rowlands suggestion. ) Can you try this smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.local netbios name = vmu09tcse01 dedicated keytab file = /etc/krb5.keytab

Yes, the change is reflected into groups. The user's DN has all the new information we entered. The group has a memberOf string with the same correct information. A net cache flush on our DCs didn't help either. Since on another server using the same DCs and authentication mechanisms has no problems with the new name it's seems to be a server-related issue and not a DC one. - Julian

Hi, I have posted the following message to Squid-Users forum ( squid-users at lists.squid-cache.org). "I have migrated of Samba 4.2.1 to Samba 4.6.3 as DC, but now my Squid authentication doesn't work. In samba 4.2.1 is working properly. This is my authentication block: auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b DC=empresa,DC=com,DC=br -D

We are using a windows server 2003 active directory as our single sign on server. I have been able to get our RHEL4U6 servers to authenticate with active directory. My concern is that the RID mapping to unix uid/gid range (15000-20000) is stored locally on each machine in a tdb database. So far all of the servers have produced the same mapping, but I do not think it is guarantied. I think the

Hello, Could you please give me some precision about the current state of the winbind support on a member server. I have tried to list what I understand about it. (I suppose that the libnss_winbind symlink are correct in /lib and/or lib64) * samba4 join as member join: samba-tool domain join <dnsdomain> MEMBER smb.conf should contain: idmap_ldb:use rfc2307 = yes the AD DC doesn't

On Tue, 6 Sep 2016 14:56:20 +0000 Julian Zielke <jzielke at next-level-integration.com> wrote: > OK, I've commented out that line, leaving only: > > > idmap config mydomain : backend = rid > > idmap config mydomain : range = 16777216-33554431 > > in the config file. > > Also I did a net cache flush and deleted the database files > at /var/lib/samba.