similar to: Samba 4 empty password

Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)

Hello. Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. Windows 7 machines may fail to get a ticket: [2012/10/03 09:31:54, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ con-11$@KLIN.KIFATO-MK.COM from ipv4:192.168.1.138:49682 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM [2012/10/03 09:31:54, 3]

Hi, I had Samba 4.2.14 working as AD DC with shares. After upgrade to version 4.3.11 AD DC authentication, ADUC, etc, stopped working. Shares still work fine. OS. Oracle Linux 6.x with UEK, uptodate. Samba compiled from source. Upgrade procedure (nothing special): ./configure --enable-selftest make make install Testparm output: # Global parameters [global] workgroup = EXAMPLE realm =

After a user changes their password (CTRL-ALT-DEL) in our Samba 4 domain (4.1.12) they lose access to any stored passwords on their Windows PC. I've set the log level in smb.conf to 4 and enabled the GPO to record DPAPI log entries in Windows to get the below log data. My reading of the two is that the Windows PC believes it is failing to reset the access to its DPAPI store (where the saved

I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES NOT ########## /etc/exports ##########

Hello I've migrated a samba 3 server to a samba 4 (.all the tests mentioned in this howto are succesfull) .But i can't open a session with a workstation on samba4 domain : approbation problem. The workstation name which can't connect is "admin-pc" Any idea ? *Here are the logs of log.samba * Kerberos: Looking for ENC-TS pa-data -- *admin-pc$@SC* [2012/12/06 12:50:59,

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >

Hi all. I'm experiencing a little problem when I rename an already joined windows machine. The rename operation is done in the traditional way "Computer properties> advanced settings> Computer name> change" in a windows 7 Machine. The rename itself finishes successful, but when I check the computer name in the ADUC, the old name is still displayed. Checking the object

Hi All, We have a mixed environment running with Windows and Linux with samba as the domain controller.  Smart card login is configured and working properly with pkinit and certs, etc (https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login) though I don't think this is related. A handful of Windows clients are regularly getting their accounts locked during what seems to be a

We have setup Samba 4.1 as a PDC. We have successfully connected several Windows 2008 Servers to the domain and created various users/groups. During an application installation on the Windows server, it runs the command in SQL server: master..xp_logininfo 'MYDOMAIN\useraccount' SQLserver is running as a service user created on the domain (here called MYDOMAIN) This returns: Msg

Hi, I've migrated a Windows Server 2003 Active Directory to Samba and am running both servers in parallel. Samba is run under Debian Linux, Version is 4.1.17-Debian. My Problem is, that Client Computers cannot log in when their Logins contain Spaces. We were able to reproduce this by adding/removing spaces from a username and making login fail/work with this. Umlauts are not a problem.

Hi, Did you find any solution? I am facing exactly the same scenario. -CentOS 6.7 -Samba Version 4.4.3 -BIND_DLZ 9.9.8 Some workstations suddenly are unable to login, unless I reboot or rejoin the domain. The only odd event I see in the client is the one already said: Log Name: System Source: Microsoft-Windows-Security-Kerberos Event ID: 4 Task Category:

Well, in my option, you the have found your problem. https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx 3) ..... After the unique system information is removed, .... And https://blogs.msdn.microsoft.com/aaron_margosis/2009/11/05/machine-sids-and-domain-sids/ Says: Mark?s point is that SIDs must be unique within the authority in which they are used. So while DEMOSYSTEM

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

>>This can occur when the target server principal name (SPN) is registered >>on an account other than the account the target service is using. Hmm, multiple computers with the same serial cause these things. So first make sure this computers serial isnt used before. Or 2 computers with the same name in the netwerk, happens with not syspreped computers. Keep an eye on your samba

There is additional info in the logs of the source DC (dcdo1, log level 2, manually triggered another replication): ==================== [2017/12/27 12:31:29.695121,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)   ../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on DC=ad,DC=kdu,DC=com using filter (uSNChanged>=5415) [2017/12/27

After reviewing logs I found that my previous assumption was wrong. Situation: - i'm trying to start live migration from hyper-v host A (BMSRV4-HYPERV) to hyper-v host B (BM-SRV-5) from host B (logged in as user from DOMAIN ADMINS group). Kerberos constrained delegation is set in accordnance to microsoft instructions with proper SPN's set (well, proper as in with the workaround I

Hmm, looks like it's not. I've just set the password for something that cracklib-check would argue using both ad management tools and at windows login. Should it work that way or I'm missing something? My dc's smb.conf: [global] workgroup = KURSK realm = KURSK.MTT netbios name = DEBIAN-DC server role = active directory domain controller

Rowland, - the DN "CN=DCNH1,..." exists on all 3 DCs (pointing the Sites and Services console to each of them). - I also checked that "samba-tool dbcheck" completes w/o showing errors. - the objectGUID DNS aliases of all DCs are resolvable against all 3 DCs' builtin DNS - I forced a full sync from the FSMO holder (dcge1) to the 2 other DCs which finished w/o errors. -

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >