similar to: Domain join problem

We have been using Samba for many years. The company has just switched from an NT domain to an Active Directory domain. The new server is running Windows Server 2003. We are having trouble configuring our Solaris 8 server so it can join the domain as a server. Just getting Samba to compile and link was interesting enough. This included downloading and compiling a new version of the BerkeleyDB,

Here is my configuration: smb.conf: [global] server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 500 log level = 3 workgroup = DEVTST-CORP realm = DEVTST-CORP.GO2UTI.COM security = ADS password server = sinmdp04.devtst-corp.go2uti.com passdb backend = tdbsam domain master = no

I made my configuration look identical to what is in the Samba Wiki, and still the same results: everything works perfectly as long as the user account is in both AD and the local passwd file. If I remove the account from the local passwd file, I cannot map the share. While looking around, I encountered this: https://bugzilla.samba.org/show_bug.cgi?id=9862. This bug refers to Samba 4.1 and

Got it. I changed that section as follows: idmap config *:backend = tdb idmap config *:range = 5000-29999 idmap config DEVELOPMENT:backend = ad idmap config DEVELOPMENT:schema_mode = rfc2307 idmap config DEVELOPMENT:range = 30000-99999 It did not change the “map to guest = Bad Uid” issue, however. The error I see in the log file is

No joy. I added winbind to the passwd, shadow, and group lines and it is still not working. I also switched back to ad instead of rid (I deleted the Samba database files in /var/lib/samba and rejoined the domain when I switched), and still the same. If the account exists locally I can authenticate against AD and map the share. No local account and it fails. -Mark

Thanks for the help with this, Rowland. > Where these 2008 DCs upgraded from an earlier version ? (2000, 2003) Yes, the two Windows servers were migrated over the years to Server 2008 (one is 2008 R2). I've now moved the _msdcs folder and made it a zone in the forest, restarted NETLOGON, and set the functionality of the forest to Server 2008, then rebooted both windows servers. This

I have a requirement where I need to make a directory tree on a Linux system available to a group of users that authenticate against an AD system. I have successfully joined my system to our AD domain and I am able to manage access to a share with a security group in AD, so long as the group members also have accounts on the Linux system. I need to be able to set it up so that the user accounts

The only way it seems to work is if I do have both the local and AD user with the same name. But my goal here is to not require that, to have the AD account only. I have applied Unix attributes to the users. testuser uidNumber = 30089 and gidNumber = 100. However, when I try to query with wbinfo, I was unable to look that up: wbinfo -i "DEVELOPMENT\testuser" failed to call

On 09/10/15 22:42, Tovey, Mark wrote: > Here is my configuration: > > smb.conf: > > [global] > server string = Samba Server Version %v > > log file = /var/log/samba/log.%m > max log size = 500 > > log level = 3 > > workgroup = DEVTST-CORP > realm = DEVTST-CORP.GO2UTI.COM > security = ADS

I downloaded the source code for Samba 4.0.0, the same as is distributed with my OS. I applied the patch as described in Bug 9862, compiled and installed the code, and now it works as expected. Having the user account in AD only is sufficient, I no longer have to have the account also in the Linux server's passwd file. So indeed, it appears that I have encountered the "map to guest =

Hi, I am testing share parameters, and have the following share definition: ## Section - [shareA] [shareA] path = /tmp/shareA writelist = user1 and do not understand why user1 cannot write files in the share when connected as user1. Unix permissions for the share files are rw for everyone, and the share directory has wide-open permissions. Samba version is 3.0.20b-3.4-SUSE.

know that as my first day I shouldn't spam off this mailing list but : as it tells I did, but they won't be usefull... http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ compiling.html I compiled the new stable version in /root/samba_test with #configure --prefix=/root/samba_test but when I launch the servers they don't want to rise up neither /root/samba_test/sbin/smbd

I hope this is the right place to post this. I am running SuSe 8.2 Linux on an IBM 1 gig processor at work. I installed samba 3.0.5 on it and followed the instructions in the online book "Samba-3 by Example" for chapter 9 "Active Directory Domain with Samba Domain Member Server <http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm>" to the tee (of

On 09/10/15 18:54, Tovey, Mark wrote: > > Got it. I changed that section as follows: > > idmap config *:backend = tdb > > idmap config *:range = 5000-29999 > > idmap config DEVELOPMENT:backend = ad > > idmap config DEVELOPMENT:schema_mode = rfc2307 > > idmap config DEVELOPMENT:range = 30000-99999 > > It did

I have checked the DNS configuration as you recommended, and run more tests. It seems that winbidndd recover itself within about 10 minutes after the DC has been shutdown, not sure where that sort of timeout comes from :( # sleep 60; while true; do date; wbinfo -u; sleep 60; done Thu Aug? 1 16:39:32 CEST 2019 HYPERFILE\guest HYPERFILE\defaultaccount HYPERFILE\krbtgt HYPERFILE\administrator

On 08/10/15 23:20, Tovey, Mark wrote: > I have a requirement where I need to make a directory tree on a Linux system available to a group of users that authenticate against an AD system. I have successfully joined my system to our AD domain and I am able to manage access to a share with a security group in AD, so long as the group members also have accounts on the Linux system. I need

Hello, we are in troubles with smbd processes which are rapidly growing in terms of memory usage. We did implement a mean that gives us ability to dynamically mount or unmount samba shares. I prepared a simple script which demonstrates this very closely. Script loops following operations: - touch samba config file to make it newer - send SIGHUP to smbd process (kill -1 <smbd_pid>) -

A small update... I was able to remove the "Cannot reach a KDC" errors by disabling Apparmor. However, the original WERR_DNS_ERROR_RCODE_NAME_ERROR error remains and is now the first error in the log. > Thanks for the help with this, Rowland. > > > Where these 2008 DCs upgraded from an earlier version ? (2000, 2003) > > Yes, the two Windows servers were migrated

So I made the primary group for the testuser account be smbgrp, and it's gidNumber is 30124. Still nothing. "getent passwd testuser" returns nothing unless testuser is in the local passwd file, and then it returns the attributes that are in the passwd file, not the AD system. Some time ago I put together a configuration that uses Linux SSSD to communicate with AD. That allows

On 09/10/15 20:57, Tovey, Mark wrote: > No joy. I added winbind to the passwd, shadow, and group lines and it is still not working. I also switched back to ad instead of rid (I deleted the Samba database files in /var/lib/samba and rejoined the domain when I switched), and still the same. If the account exists locally I can authenticate against AD and map the share. No local account