similar to: Enabling NIS after samba4 installation

OK, further to my previous message I've configured BIND, but when I try to run samba_dnsupdate I get the following: Nov 18 16:19:23 sles-shire named[6112]: samba b9_putrr: unhandled record type 0 Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: starting transaction on zone _msdcs.main.adlab.netdirect.ca Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: disallowing update of

Hi, >Ah, I think I see the problem, If I remember correctly, you joined the >the Samba DC to a Windows DC and if you didn't have IDMU installed on >the Windows DC, you wouldn't get the required objects in AD created on >the Samba DC either. Really, IDMU was not installed. There is the file ypServ30.ldif ls /usr/share/samba/setup/ ... ypServ30.ldif But, I believe the

Is this a problem? Does this mean no replication links exist? michael at sles-bree:~> samba-tool drs showrepl -k yes Bree\SLES-BREE DSA Options: 0x00000025 DSA object GUID: 7ea641b0-d418-4c74-a4fa-c15b852467b8 DSA invocationId: 1017ff29-756c-4777-b395-b481f4b5387c ==== INBOUND NEIGHBORS ==== ==== OUTBOUND NEIGHBORS ==== ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name:

We've joined an RODC to the domain (Windows 2008R2 running a W2003 FFL/DFL AD) but are getting these errors on first startup. It was joined with: samba-tool domain join main.adlab.netdirect.ca RODC --realm=main.adlab.netdirect.ca --username=administrator at main.adlab.netdirect.ca --dns-backend=BIND9_DLZ but we get these errors right after startup: Nov 28 12:35:27 sles-bree samba[3939]:

Hello, I'm trying to get samba4 up and running as a DC in a lab environment. I have a freshly installed AD environment (W2012R2 servers, W2008R2 functional level) and I'm trying to join samba4 to it as a domain controller. When I try, I get this: # samba-tool domain join ad.netdirect.ca DC -Uadministrator --realm=AD.NETDIRECT.CA -W AD Finding a writeable DC for domain

I've set up a lab for testing Samba 4.1 as an RODC emulating a satellite office setup, using the sernet packages on SLES11SP2. ## Problem 1 samba_dnsupdate is failing: ==> /var/log/samba/log.samba <== [2013/11/18 13:22:37.416193, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure [2013/11/18

We have a couple Samba4 AD domains we've implemented and I've noticed a difference between how users look when created via ADUC versus samba-tool. Created via ADUC, the following extra attributes are added: msSFU30Name: bilbo msSFU30NisDomain: netdirect unixHomeDirectory: /home/bilbo unixUserPassword: ABCD!efgh12345$67890 Created via samba-tool, the following extra attributes are added:

I was hoping this would be simpler. I'd like to prepopulate an RODC with all users accounts that are permitted. But I can only pre-populate one at a time: samba-tool rodc preload (<SID>|<DN>|<accountname>) sles-shire:~ # samba-tool group listmembers 'Allowed RODC Password Replication Group - Shire' Allowed RODC Password Replication Group - Global WIN7-SHIRE$ bilbo

I just checked the SOA records on my samba DCs and noticed a few oddities: michael at sles-bree:~> for i in ad{1..4} sles-bree sles-shire; do host -t soa main.adlab.netdirect.ca $i | grep SOA; done main.adlab.netdirect.ca has SOA record ad1.main.adlab.netdirect.ca. hostmaster.main.adlab.netdirect.ca. 177 900 600 86400 3600 main.adlab.netdirect.ca has SOA record ad2.main.adlab.netdirect.ca.

OK! I'm getting farther and farther! :) I've managed to preload user and computer passwords onto a samba RODC: *sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 'win7-shire$' --server main.adlab.netdirect.ca** *Replicating DN CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca Exop on[CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca]

Hi, I performed the procedures below on Samba4-DC1 (Master) and apparently everything went fine. /etc/init.d/samba-ad-dc stop sed -i -e 's/${DOMAINDN}/DC=empresa,DC=com,DC=br/g' \ -e 's/${NETBIOSNAME}/SAMBA4-DC1/g' \ -e 's/${NISDOMAIN}/empresa/g' \ /tmp/ypServ30.ldif root at samba4-dc1:/tmp# ldbmodify -H /var/lib/samba/private/sam.ldb

I've configured a new RHEL DC with sernet samba 4.1.4 and a domain just upgraded from classic with an LDAP backend. I need to configure the DC with user accounts and since: * I can't use winbind on a DC * I can't use SSSD with the sernet packages it looks like the best thing to use is LDAP. I've configured it with: authconfig --enableldap --enableldapauth

(to clarify, in case people are skimming this thread and think it is fixed..) The problem still occurs - id mappings are still being overwritten.. :(

Hello, I've finished a new HowTo this week (please proofread): https://wiki.samba.org/index.php/Using_RFC2307_on_a_Samba_DC Regards, Marc

I would like to get samba4 working with AD and rfc2307 attributes, while allowing the nice remote management available via samba4. Using sernet-samba packages on 4.1.3-7.el6.x86_64 CentOS 6. I have samba4 configured as follows: krb5.conf: [libdefaults] default_realm = MAIN.ADLAB.NETDIRECT.CA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable =

While I have all the uid's and gid's entered on every user and group, the server can't find or recognize them. Not in getent, not in commands referencing AD users or groups. I'm going to go ahead and install another Ubuntu server with Samba and create a Samba DC. I'll keep this stand alone server and see if it starts working after I get the Samba DC properly joined to the

Oh Boy. User 'Administrator' in your existing directory has SID S-1-5-21-2070472328-935435760-1634736958-1000, expected it to be S-1-5-21-2070472328-935435760-1634736958-500 ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: User 'Administrator' in your existing directory does not have SID ending in -500 It's not all

Yup, strange - right! Samba 4.2.2 RFC2307 attributes were added as follows: # sed -e 's/${DOMAINDN}/dc=MYDOMAIN,dc=MY,dc=TLD/g' \ -e 's/${NETBIOSNAME}/MYDOMAIN/g' \ -e 's/${NISDOMAIN}/MYDOMAIN/g' \ /usr/local/samba/share/setup/ypServ30.ldif > ypServ30-JMH.ldif # service samba4 stop # ldbmodify -H

Hi Howland, That is precisely what I cannot do. I do this by windows using Rsat, and when I select the NIS domain to be able to assign the gid or uid it does not appear, so I can't use samba just as a file server. Do you know if there is a way to reset or show NIS Domain? Is there any way to assign uidNumber & gidNumber attributes via console? Best regards, Gabriel Franca -----

I have 3 Samba 4 Domain Controllers and 1 Member server, been running in production for almost a year and very pleased with the results so far. I have winbind installed and working on all of my servers and I am also quite happy with that as well, except that the inconsistent uid and gid mapping is starting to cause some problems for me. I have done a fair bit of research and I think I would