similar to: Samba 3 to 4 AD migration - extensive permissions problems

OK, there is a discussion over on samba-technical about nss_winbind and the question about Administrator being mapped to 0 was raised. Now I have always thought that it should, but in fairness, I decided to see what happens when it isn't, so I removed Administrator from idmap.ldb and restarted samba. Before restarting samba, I checked a few things, on the DC, getfacl returned this for

On 20/02/15 21:27, Davor Vusir wrote: > > Rowland Penny skrev den 2015-02-19 18:15: >> OK, there is a discussion over on samba-technical about nss_winbind >> and the question about Administrator being mapped to 0 was raised. >> Now I have always thought that it should, but in fairness, I decided >> to see what happens when it isn't, so I removed Administrator

Hai, Ok, i expected a bit different outputs. On my DC, i use /home/samba/sysvol and /home/samba/netlogon. This is what i expected. getfacl /home/samba/ getfacl: Removing leading '/' from absolute path names # file: home/samba/ # owner: root # group: BUILTIN\134administrators user::rwx user:root:rwx group::rwx group:BUILTIN\134administrators:rwx

Hello Luis tomorrow i'm not in office, reply to you thursday One question : who is owner and whats rights for dir     /home     /home/samba     /home/samba/sysvol because, from windows client, user into domain admins, when i change in security tab, explorer always crash bye Il 06/11/2018 17:16, L.P.H. van Belle via samba ha scritto: > Ok, next, > > From a windows pc connect to

> On 29.09.2017 11:44 Rowland Penny wrote: > Have you set up the libnss_winbind links, PAM and /etc/nsswitch.conf ? Yes, I had modified two lines in /etc/nsswitch.conf: passwd: files winbind group: files winbind No, I had not seen a pointer to libnss, but now did ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/i386-linux-gnu/ ln -s

On 22/06/16 13:44, lingpanda101 at gmail.com wrote: > On 6/22/2016 8:19 AM, L.P.H. van Belle wrote: >> And dont forget : >> https://wiki.samba.org/index.php/Idmap_config_ad >> >> I also noticed and incorrect mapping, which "looks" like rights >> issues like in the thead here. ( it is imo not a right issue.. ) read >> on.. >> >>

Hi root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes ...some error information... Checked 3647 objects (2 errors) root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix Checking 3647 objects Checked 3647 objects (0 errors) root at dc1:~ # getfacl /usr/local/samba/var/locks/sysvol/ getfacl: Removing leading '/' from absolute path

On 03/07/15 15:18, Ryan Ashley wrote: > The only Unix client I can think of would be the Buffalo NAS. It runs > Samba3 and hosts various shares via SMB. DNS is handled by BIND9 on the > Samba4 DC. DNS does work and the domain name resolves to the IP address > of the server. DHCP is also handled on the DC. As for the GPO's, they're > in the correct place as far as I can tell.

On 01/12/14 17:46, steve wrote: > On 01/12/14 18:25, Rowland Penny wrote: >> On 01/12/14 17:16, steve wrote: >>> On 01/12/14 18:11, Rowland Penny wrote: >>>> On 01/12/14 17:09, steve wrote: >>>>> On 01/12/14 17:31, Greg Zartman wrote: >>>>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny >>>>>> <rowlandpenny at

On 03/07/15 15:58, Ryan Ashley wrote: > They left a PC on, so I got the info. The info pissed me off, but not > because of the issue. This time it worked flawlessly, but I got the > error from the event log from prior attempts. First, today's results. > > C:\Users\reachfp.KIGM>gpupdate > Updating Policy... > > User Policy update has completed successfully. >

On Thu, 3 Nov 2016 10:25:00 -0400 lingpanda101 via samba <samba at lists.samba.org> wrote: > On 11/3/2016 9:59 AM, Marcio Demetrio Bacci wrote: > > Thanks Lingpanda101 > > > > Following the result of command: > > > > # file: Policies/{0F1E5B10-3640-4FFE-AA6B-5DE4CFF73625} > > # owner: 10060 > > # group: 30028 > > user::rwx > >

cool! root at dc1:~ # wbinfo -r richard.h 10001 3000008 10000 10014 10004 10005 3000005 3000009 3000000 -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of lingpanda101 via samba Sent: 12 January 2017 22:57 To: samba at lists.samba.org Subject: Re: [Samba] Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies On 1/12/2017 3:47 PM,

Hi Andrew, thanks so much for the feedback. Yes, you're 100% right. I'm new at this and originally changed the default GPO, however subsequently reset the default and created a new GPO. (so this getfacl output is post creation of a new GPO) The getfacl output is shown here: # getfacl /usr/local/samba/var/locks/sysvol/mydomain.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}

On 01/12/14 18:23, steve wrote: > On 01/12/14 19:11, Rowland Penny wrote: >> On 01/12/14 17:46, steve wrote: >>> On 01/12/14 18:25, Rowland Penny wrote: >>>> On 01/12/14 17:16, steve wrote: >>>>> On 01/12/14 18:11, Rowland Penny wrote: >>>>>> On 01/12/14 17:09, steve wrote: >>>>>>> On 01/12/14 17:31, Greg Zartman

On 02/07/15 16:55, Ryan Ashley wrote: > Rowland, here is what I found in the ldb. > > # record 68 > dn: CN=S-1-5-32-544 > cn: S-1-5-32-544 > objectClass: sidMap > objectSid: S-1-5-32-544 > type: ID_TYPE_BOTH > xidNumber: 3000000 > distinguishedName: CN=S-1-5-32-544 > > # record 70 > dn: CN=S-1-5-32-549 > cn: S-1-5-32-549 > objectClass: sidMap >

On 01/12/14 19:16, steve wrote: > On 01/12/14 19:30, Rowland Penny wrote: >> On 01/12/14 18:23, steve wrote: >>> On 01/12/14 19:11, Rowland Penny wrote: >>>> On 01/12/14 17:46, steve wrote: >>>>> On 01/12/14 18:25, Rowland Penny wrote: >>>>>> On 01/12/14 17:16, steve wrote: >>>>>>> On 01/12/14 18:11, Rowland Penny

On 30/06/15 17:18, Ryan Ashley wrote: > I hate to revive this, but before I push my client through an upgrade, I > have to be sure my issue is with ACLs not being supported, as suggested. > Squeeze does have ACL support. > > root at dc01:/samba/var/locks# getfacl sysvol > # file: sysvol > # owner: root > # group: 3000000 > user::rwx > user:root:rwx >

Hi, I'm using Samba 4.0.5 and when I use ls -la or getfacl on eg: sysvol/Policies directory Samba dies with this error message: ==> samba/samba.log <== [2013/07/10 07:49:30, 0] ../lib/util/fault.c:72(fault_report) =============================================================== [2013/07/10 07:49:30, 0] ../lib/util/fault.c:73(fault_report) INTERNAL ERROR: Signal 11 in pid 3222

Hi James The output is as follows... wbinfo --gid-info=10013 => CT\domain admins:x:10013: wbinfo --gid-info=10014 => CT\domain users:x:10014: wbinfo --uid-info=3000000 => BUILTIN\administrators:*:3000000:3000000::/home/BUILTIN/administrators:/bin/false wbinfo --uid-info=3000008 => CT\domain admins:*:3000008:3000008::/home/CT/domain admins:/bin/false Yes I have set

Also, I'm not sure whether this has any relevance to the problem but I did at one point try to set up a secondary AD server but was struggling to get it going so demoted it using "Demote an Offline Domain Controller" from this page https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC I also went through the "Verifying the Demotion" checks on this page and all looked