similar to: Samba 4 disabled users

Hello, I am currently migrating from OpenLDAP to Samba 4 PDC, and I have a webpage (PHP/Apache) available for users so that they can change their password on the existing LDAP server. I attempted to adjust that script to change the password on the Samba 4 AD controller, but I get a "cannot connect" error to LDAP. The web server the password script is running on is not on the same

I am attempting to set up AWS Directory Services to connect with our Samba 4 AD servers, but it is not working. When capturing with Wireshark, I am seeing that Samba 4 is returning "unavailableCriticalExtension (12)" Below is a screenshot of the LDAP query. Sorry, I couldn't figure out how to get Wireshark to copy and paste it all to plain-text. Does anyone have any hints as to

I'm trying to use the same hostname. The meta cleanup - I can't see the demoted controller in ADUC nor in Active Directory Sites and Services. Shall I try via ntdsutil? Regards, Kris -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of lingpanda101 via samba Sent: Monday, April 2, 2018 9:09 PM To: samba at lists.samba.org Subject: Re: [Samba]

Hi all, After demoting one of AD DCs, I’m unable to join the domain again. Demoting was fine. OS is Centos 6 Samba 4.7.6 (with 4.7.4 doesn’t work either) built from sources. klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at DOMAIN.NET.PL Valid starting Expires Service principal 04/02/18 18:44:33 04/03/18 04:44:33 krbtgt/DOMAIN.NET.PL at DOMAIN.NET.PL

Hi, My goal is to make use of samba 4 and freeradius to authenticate user to use wifi network (WPA2 enterprise). The setup is to setup Samba 4.0.3 in machine A and setup freeradius in machine B. By reading: Document A: http://wiki.samba.org/index.php/Samba4/beyond Document B: https://wiki.samba.org/index.php/Samba4/HOWTO/Virtual_Private_Network Document C:

Hi, I was revising our AD ldap user_filter and pass_filter to exclude more types of expired / disabled accounts. I started adding things like: > (&(objectclass=person)(sAMAccountName=%n)(!useraccountcontrol=514)(!(useraccountcontrol=546))(!(useraccountcontrol=66050))(!(useraccountcontrol=8388608))) but then I thought, why not simply do: >

I have a script that is adding about 16,000 users to my domain. While monitoring the script, I noticed that as soon as a user is added, 500 additional RID's are allocated from the RID Master Please see below the output of the "CN=RID Manager$,CN=System" and "CN=RID Set,CN=DC1,OU=Domain Controllers" containers between each user-add As you can see, in "CN=RID

Hello Kris, On 03/02/2020 07:15, Kris Lou via samba wrote: > Unless it's_not_ a global catalog. Check your SRV records again, there > should be corresponding "_gc" records (similar to "_ldap") for each DC. Checked and both DCs pass all tests:- host -t SRV _ldap._tcp.mydomain.com. host -t SRV _gc._tcp.mydomain.com. host -t SRV _kerberos._udp.mydomain.com. host -t

On 03/02/2020 18:49, Kris Lou via samba wrote: > > From windows: > echo %logonserver% \\DC3 > nltest /dsgetdc:<domain> DC:\\DC3 Address: \\192.168.0.218 Dom Guid: bla bla bla ... The command completed successfully. > From a *nix domain member (i.e. client, not DC): > wbinfo --getdcname=<domain> > winbind --ping-dc wbinfo --getdcname=MYDOMAIN DC3 wbinfo

Running Samba 2.2.2, having troubles with preexec when it involves the path parameter: Log on to the samba server as kris, user "users". %U expands to kris, %G expands to users. [profile] path = /data/profile/%U preexec = /bin/mkdir -m 700 /data/profile/%U writable = yes create mode = 0600 directory mode = 0700 This fails to work, Samba reports that it could not

Hey all, We have been working on a pass that uses another pass to count loads and stores prior to performing its own instrumentation. The second pass adds the first as required via the usual getAnalysisUsage function. On one machine, it has been tested and proven to function correctly. On another machine, whenever the second pass is run, it consistently fails the assertion: opt:

Hello, I am using Samba (3.6.12) with Gentoo Linux (Kernel Version 3.7.10) and I have a system integrated with Active Directory (the Microsoft Windows servers are running 2008 Enterprise Edition, Release 2). All is well on that front (I can log in, directories are created, etc.) What I would like to do now is have different /etc/skel directories for different groups. So, for example, if

If the replication schedules are modified in AD Sites and Services, will Samba 4 respect those? I'd like to change some schedules for some of our lower bandwidth remote offices. Kris

I have several Samba 4 AD controllers set up at multiple sites. I set up sites and subnets. We have several /24's at each site, but each site is dedicated a /16, so I set up the Sites & Subnets using the /16's. However, when I log into any system that is joined to the AD domain, it is using a DC at a different site. There doesn't seem to be any consistency to it, but it seems

I am using exim via dovecot_deliver to store messages in Maildir in my $HOME. I am using kmail to retrieve stuff. Unfortunately, something in my data crashes dovecot. I was using 1.0.rc14 from opensuse, but downloaded and installed 1.0.8 from the site. Here is the crash: Dec 5 18:05:09 h743107 dovecot: IMAP(kris): file mail-index-transaction.c: line 629 (mail_index_update_flags_range):

On Sun, 08 Apr 2018 13:34:52 +0200 Kris via samba <samba at lists.samba.org> wrote: > W dniu 2018-04-08 12:49, Rowland Penny via samba napisał(a): > > On Sun, 08 Apr 2018 12:31:26 +0200 > > Kris via samba <samba at lists.samba.org> wrote: > > > >> I should try this command sooner. Now I have made full backup and > >> something is missing: >

Hi, I'm fairly new to samba so apologies if this is an old problem.... When I try 'net ads join -U administrator' I get the following: [2007/05/22 12:15:15, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for storage4 already exists - modifying old account Using short domain name -- ABSOLUTESTUDIOS [2007/05/22 12:15:15, 0]

Hi there, I've recently configured a new server on our network...still having some (newbie) samba issues: Whenever anyone tries to access the new share they get prompted for a username and password (these would smb users and passwords and not the windows AD details, right?). I want the share to be accessed by anyone with the correct group permissions without this prompt... I did

Hello Kris, That was the first thing I checked and the file had not been touched! Aref -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Kris Lou via samba Sent: 09 October 2018 23:15 To: samba Subject: Re: [Samba] Samba server fails to save settings Check your smb.conf. If the changes aren't there, then you'll have to talk to the Yast

> > I was aware that computer accounts were also users in AD, but I hadn't > considered assigning a uidNumber to them. It makes sense that winbind > (in idmap="ad" mode) would not "see" the accounts with a uidNumber. > Naturally, groups of which the computer accounts are members would > need gidNumber assigned as well. This is interesting. I also have a