Displaying 20 results from an estimated 1000 matches similar to: "sanmba4 DC to DC sync: not all attributes are synced"
2010 Nov 19
1
After host name change: Failed to add user ... with error: The account's primary group is invalid
Hi,
I've got Samba 3.5.6 (SerNet packages) running on Debian Lenny. User information is stored in LDAP via ldapsam:editposix. I changed both the host name and the workgroup name as I had to move the host to a new internal subnet.
I noticed that a new sambaDomainName entry was created (containing a new sambaSID). Unfortunately, the Administrator user still contains both the old sambaSID and
2018 Mar 12
2
Accentuation in the user's CN
Hi folks,
I manage the AD with rsat and recently we had problems with the CN of some
users that have accentuation. When checking the user configuration via
samba-tool user edit <username> in the location where the CN should be
readable, a hexadecimal or something of that type appears.
E.g: Acentuação da Silva
dn: CN=Acentuação da Silva,OU=TESTE,DC=teste,DC=intra
objectClass: top
2015 Nov 26
4
About password expiry
Hi every one:
I'm using samba4 as domain controller and a I want to check every 1 hour in my mail server the password expiration for every user in the domain. I need to kow what is the attribute used in samba4.
Using ldbsearch i see badPasswordTime and accountExpires, but in the microsoft documentation said that accountExpires is used for represent the date when the account expires. Can i use
2019 Dec 05
2
security = ads, backend = ad parameter not working in samba 4.10.10
On 05/12/2019 19:48, S?rgio Basto wrote:
> I made the packages [1] (BTW I'm a fedora packager maintainer ).
>
> [1] https://github.com/sergiomb2/sambaad
You have used heimdal and not MIT, haven't you ?
>
>>> I just migrate the users and his password nothing more ... I had
>>> to
>>> remove a lot of fields, OU(s) etc for example: [1] .
>> Just
2013 Feb 11
2
S4 Cannot Unlock Account
I have come across a few accounts (out of 300+) that seem to be locked that
will not unlock. These accounts were migrated from S3. Can someone advise -
what am I missing here?
I've reset the password several times via RSAT, checking the "Unlock
Account" checkbox, which has not helped. Resetting the user's password via
smbpasswd gives me:
pdb_try_account_unlock: Account dmscott
2023 Oct 22
1
Question about silos and Authentication policies
Talking to myself again ;-)
Samba-tool is working a little bit different then the silo/policy
management on a Windows-DC.
On a Windows-DC after assigning the user and host to the silo you have
to assign the silo to the user and the host. When assigning the user and
host to the silo with samba-tool, the assignment to the user and the
host will be done at the same time. So now my policy looks
2023 Oct 23
2
Question about silos and Authentication policies
Hi Stefan,
We had a long weekend in New Zealand, I'm catching up now to your emails.
Some of the slight differences between Windows tools I've already picked
up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm
always open to learning what things are missing or different etc.
On 23/10/23 02:58, Stefan Kania via samba wrote:
> Talking to myself again ;-)
>
>
2017 Jun 19
1
New AD user cannot access file share from member server
On Mon, 19 Jun 2017 15:08:45 +0200
Viktor Trojanovic <viktor at troja.ch> wrote:
> Not sure if it matters but here is the AD object of a user with no
> issues:
>
> [root at GJSERVER ~]# ldbsearch -H /var/lib/samba/private/sam.ldb -b
> 'ou=office,dc=samdom,dc=example,dc=ch' -s sub
> "(&(objectclass=person)(samaccountname=jd))"
> # record 1
> dn:
2013 Mar 17
1
Samba4 Dc Winbind and uidNumbers
Hi all,
I'm trying to get the unix extensions working in AD. I'm obviously missing
something, but I can't see what...
I've just created user Jim (ADUC) and added a uidnumber (ADSIEdit). From
this and what I have below, user Jim should have uidNumber of 12345 (from
AD) and not be prefixed with Domain name. This isn't happening. Does anyone
have any idea why not?
cheers,
Jim
2016 Jul 04
2
[samba as AD] Hidden attributes
Hi all,
Is there a way to extract the whole attributes of objects, even hidden
attributes, using ldbsearch or any samba tool?
Hidden attributes have to be hidden from ldapsearch which can be used
through network and so, remotely. ldbsearch can be used only locally by
root, which [should] limit who is using it, so perhaps I thought it was
possible : )
2019 Dec 05
2
security = ads, backend = ad parameter not working in samba 4.10.10
On 05/12/2019 19:08, S?rgio Basto wrote:
> I did a new AD with a new name.
You get more than a new name
> Samba 4.0.0 don't have demote
Yes, but you could have upgraded to a version that did.
> , I move from a Sernet software to a free
> and open software in Centos 7 (I use RedHat flavor since 2001) .
How did you manage to provision an AD DC using red-hat packages ?
> I just
2011 Dec 28
1
login via Samba 4 LDAP
Hi
I've rfc2703'd the Samba 4 LDAP for a user e.g. steve4. I can search the
database and view it with phpldapadmin. I can't login from a linux console:
ldapsearch -LLL "(cn=steve4)"
SASL/GSSAPI authentication started
SASL username: steve4 at HH3.SITE
SASL SSF: 56
SASL data security layer installed.
dn: CN=steve4,CN=Users,DC=hh3,DC=site
cn: steve4
instanceType: 4
2020 May 02
0
default backend = rid not showing full group information for users
On 2020-05-02 20:20, Rowland penny via samba wrote:
> On 02/05/2020 18:59, Jelle de Jong via samba wrote:
>> On 2020-05-02 16:42, Rowland penny via samba wrote:
>>> On 02/05/2020 15:07, Jelle de Jong via samba wrote:
>>>> Am I wrong to expect that id user and getent group should list me
>>>> the groups the user is part of.
>>>>
2014 Jun 24
3
winbind: homeDirectory being ignored
Something strange here. User created using:
root at dc1:~# samba-tool user add user7 Abcd1234 --uid-number=1007
--home-directory=/home/user7 --login-shell=/bin/bash
User 'user7' created successfully
I can see the homeDirectory attribute in the entry. But the home
directory that winbind returns is just the template one:
root at adclient:~# getent passwd user7
2012 Dec 27
1
Samba4: ldapcmp incorrectly reporting some attributes as missing on secondary controller
Hi,
I have a domain with a single Windows 2003 DC running. Today I created
a Samba4 DC (using 4.0.0 release) and asked it to join the existing
domain as an additional controller. Replication of both the objects
and dns entries appears to be working well, and the usual tests of
adding a user to one and confirming it is available in the other is
similarly working.
However, the `ldapcmp` tool
2023 Oct 23
2
Question about silos and Authentication policies
Thanks Rob for chiming in.
Stefan,
I do want to be very clear, one of the big challanges that we as
developers face building these kind of tools is that we don't run AD
domains day-to-day. So we really value good feedback on the
ergonomics.
If you can test with our work in progress, we are keen to adapt the
tooling where possible to be more in line with what is 'naturally
expected, so
2016 Dec 08
2
winbind rfc2307 - wbinfo -i fails
I'm trying to get Samba 4 AD to work with rfc2307 extensions.
wbinfo -i fails
root at m1:~# wbinfo -i SAMDOM\\demo01
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
winbindd.log it here: http://pastebin.com/X0rEaLt2
Pretty much everything else seems to work:
root at m1:~# wbinfo --ping-dc
checking the NETLOGON for domain[SAMDOM] dc connection to "dc1.samdom.example.com"
2015 Apr 10
2
samba member logon.. question.
El 09/04/15 a les 18:31, Rowland Penny ha escrit:
>
> If your tools rely on the posix objectclasses being there, then they are
> broken. The posix objectclasses are auxiliaries of other AD
> objectclasses and as such, no windows tools will add them.
but, e.g., samba-tool with --uid will:
luca at ubutest:~$ sudo samba-tool user add tararo tarari
--use-username-as-cn
2015 Nov 26
0
About password expiry
Hi,
Use pwdLastSet + your AD password policy to know when password will expire.
Expiration will happen at pwdLastSet + how long this password is valid.
Cheers,
mathias
2015-11-26 6:40 GMT+01:00 Amaury Viera Hernández <avhernandez at uci.cu>:
> Hi every one:
> I'm using samba4 as domain controller and a I want to check every 1 hour
> in my mail server the password
2016 Mar 24
2
Winbind doesn't honor rfc2307 data set in AD (Samba 4.3.6 on Debian jessie)
Hi all, I've just installed Samba 4.3.6 on Debian jessie amd64 (as
described in the wiki [1]) and everything seems to work properly
except for rfc2307 data that winbind doesn't retrieve from AD backend,
shell is always "/bin/false", homedir is always
"/home/DOMAIN/username" and "getent passwd" also lists user without
unix attributes.
I have configured idmap_ad