similar to: Samba4 KDC Windows 7 clients may fail to get a ticket

Hello. Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. At least 6 accounts behave like this: Kerberos: AS-REQ techgroup at KLIN.KIFATO-MK.COM from ipv4:192.168.1.31:33822 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM ldb: ldb_trace_request: SEARCH dn: <rootDSE> scope: sub expr: (&(objectClass=user)(userPrincipalName=techgroup at KLIN.KIFATO-MK.COM)) control:

Hello. We have a couple of questions regarding Samba 4.1.0pre1-GIT-aad669b running on Gentoo GNU/Linux 1) Is MS 1.2.840.113556.1.4.1941 operator support implemented (planned to be implemented) in Samba 4 internal LDAP server? Please compare: $ ldapsearch -h 192.168.1.32 -x -D 'CN=someadminuser,OU=Administrators,DC=klin,DC=kifato-mk,DC=com' -b

Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)

I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES NOT ########## /etc/exports ##########

Hello, We are trying to setup a SAMBA-Server with users that have empty passwords. We are using: Samba 4.0.8 Kernel 3.10.5 Slackware 14.0 x64 When we set a password the login successes! That's what we get when trying to login: [2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ media1 at BC from ipv4:10.0.99.100:62078 for

Hi, I had Samba 4.2.14 working as AD DC with shares. After upgrade to version 4.3.11 AD DC authentication, ADUC, etc, stopped working. Shares still work fine. OS. Oracle Linux 6.x with UEK, uptodate. Samba compiled from source. Upgrade procedure (nothing special): ./configure --enable-selftest make make install Testparm output: # Global parameters [global] workgroup = EXAMPLE realm =

Hello. We're trying to integrate Samba 4 as a DC in production. We aim to replace our only Windows 2003 Enterprise R2 Russian DC with 2 Samba DCs. However, we've got a replication problem, we aren't shure is it a bug or misconfiguration. Both Windows and Samba DCs are virtual amd64 machines, running under the control of Xen (so, at least the time is the same). Windows VM has GPLPV

Well, in my option, you the have found your problem. https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx 3) ..... After the unique system information is removed, .... And https://blogs.msdn.microsoft.com/aaron_margosis/2009/11/05/machine-sids-and-domain-sids/ Says: Mark?s point is that SIDs must be unique within the authority in which they are used. So while DEMOSYSTEM

We have setup Samba 4.1 as a PDC. We have successfully connected several Windows 2008 Servers to the domain and created various users/groups. During an application installation on the Windows server, it runs the command in SQL server: master..xp_logininfo 'MYDOMAIN\useraccount' SQLserver is running as a service user created on the domain (here called MYDOMAIN) This returns: Msg

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >

I made some progress with the issue, but didn't solve it completely It's basically a kind of bug (i'm not sure if it's on kerberos side or samba, I think samba is the culprit here (?). Microsoft uses kind of weird SPN for Hyper-V. Weird as there are "spaces" in the string - which is kind of unique as far as SPN's go, usually SPN form a complete string. So I kind

hey, now after observe last changes on the weekend… i have also the issue. After 10 hours i can’t connect to the shares on my member server. On Log of DC i found this: [2016/10/02 20:35:45.601265, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ PL0024$@HQ.KONTRAST from ipv4:<member-ip>:55578 for krbtgt/HQ.KONTRAST at HQ.KONTRAST [2016/10/02

so i add the pam yesterday and now after 10 hours no connection to member is possible. :( Same errors in logs i send yesterday OLIVER WERNER Systemadministrator > Am 03.10.2016 um 18:54 schrieb Rowland Penny via samba <samba at lists.samba.org>: > > On Mon, 3 Oct 2016 17:56:07 +0200 > Oliver Werner <oliver.werner at kontrast.de <mailto:oliver.werner at

Hello! I'm trying to get Samba4 working as an additional AD DC. bin/net vampire reports no errors, but when I start sbin/samba I got the following in my var/samba.log: -------------------- [Sun May 23 03:58:08 2010 MSD, 0 ../smbd/server.c:373:binary_smbd_main()] samba version 4.0.0alpha12-GIT-UNKNOWN started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [Sun May 23 03:58:08

After a user changes their password (CTRL-ALT-DEL) in our Samba 4 domain (4.1.12) they lose access to any stored passwords on their Windows PC. I've set the log level in smb.conf to 4 and enabled the GPO to record DPAPI log entries in Windows to get the below log data. My reading of the two is that the Windows PC believes it is failing to reset the access to its DPAPI store (where the saved

Hello. I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain migrated from Windows 2003 R2. I post them altogether, since they look related. 1. Unable to create or delete GPOs. # bin/samba-tool gpo create somegpo ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <dsdb_access: Access check failed on

Hello I've migrated a samba 3 server to a samba 4 (.all the tests mentioned in this howto are succesfull) .But i can't open a session with a workstation on samba4 domain : approbation problem. The workstation name which can't connect is "admin-pc" Any idea ? *Here are the logs of log.samba * Kerberos: Looking for ENC-TS pa-data -- *admin-pc$@SC* [2012/12/06 12:50:59,

Hi All, We have a mixed environment running with Windows and Linux with samba as the domain controller.  Smart card login is configured and working properly with pkinit and certs, etc (https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login) though I don't think this is related. A handful of Windows clients are regularly getting their accounts locked during what seems to be a

Hello, I just found and odd behaviour here on my test environment (debian jessie with samba 4.4.5 backported from sid). I create and ad-dc as usual, adjust nsswitch.conf and enable pam-auth-winbind (ruuning pam-auth-update). I also define /bin/bash as template shell. Now after i create an samba-user and the users home directory (/home/DOMAIN/achim). I can login with that account on the

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com