Displaying 20 results from an estimated 8000 matches similar to: "Authentication problem with Windows client"
2014 Jan 15
2
Samba 4 and Debian
I've wasted the last two days trying to get various versions of samba 4
packages getting to run under Wheezy.
? Wheezy's own packages are incomplete betas.
? Inverse provides their own packages (for SOGo), but they only care
about getting their one use case to work; smbd doesn't work all, winbind
has problems, and the postinst script resets my smb.conf with nonsense.
Before I try
2014 Apr 25
2
Determining PDC in Samba4?
As sysvol replication seems to be safest when using rsync, how can I
determine the PDC (to avoid accidentally starting the replication on a
slave)? Windows' ADUC has the "Operations Masters" window which shows
them, how do I query this from within Samba?
--
Mit freundlichen Gr??en, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 |
2013 Jul 15
2
Re: The firewall just doesn't make any sense
Could *somebody* shed some light on how the firewall is supposed to
work? I haven't even managed to get trivial firewall rules to work. As
mentioned, the examples in the documentation generate completely
nonsensical rulesets, and if I try writing my own, they make even less
sense.
For example:
> <filter name='test-eth0' chain='root'>
> <rule
2014 Aug 19
1
Intermittent failures of internal DNS
Every once in a while, the DNS fails to resolve external domains ? but
the DNS forwarder is still reachable (8.8.8.8, I assume it would be
noticeable if it had any issues).
What debug class is used by the DNS code? I don't really want to put
several DCs on log level 10 for possibly days?
--
Mit freundlichen Gr??en, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und
2014 Aug 01
1
Re: XP and virtio
----- Original Message -----
> From: "Sven Schwedas" <sven.schwedas@tao.at>
> To: libvirt-users@redhat.com
> Sent: Friday, August 1, 2014 2:29:22 AM
> Subject: Re: [libvirt-users] XP and virtio
>
> On 2014-07-31 20:05, Mauricio Tavares wrote:
> > So I need to create a XP vm. I am using lvm logical volumes for
> > its disk, so I am using virtio.
2015 Apr 08
1
Samba 4 , ful list of LDAP-style attributes
Thanks Sven, good Idea
let's see if i am getting this right:
1) use MS ADSI editor to add few more attributes to the "users" class
2) use ldapmodify from my ubuntu server to populate those attributes
would that work?
___________________________________________________________________________________________
Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX:
2014 May 28
1
winbindd 4.1.7 resolves group memberships for all but primary group
We're using a bunch of AD groups ? all users/groups are created and
managed with ADUC. Domain Users is the primary group for all users, plus
a few for our departments (and Domain Admins). All groups have their
posixGroup attributes filled out.
wbinfo --group-info and getent group show the correct membership for all
groups except Domain Users.
smb.conf: http://pastebin.com/ymrXZJ5u
Already
2015 Jan 07
2
Duplicate (not so) single-valued attributes on some DCs?
We've run into a small issue over the holidays (I can't pinpoint it due
to nobody being in the office for the past three weeks and thus not
noticing anything): At least one LDAP entry has an (single-valued!)
attribute duplicated on *some* DCs, but not all of them ? and said
attribute hasn't been modified in six months.
Microsoft's ADSI just crashes when trying to open the entry on
2014 Mar 14
2
Modifying the AD scheme, how?
I'm trying to add schema extensions to my Samba (4.1.5) server, as per
> https://wiki.samba.org/index.php/Samba4/Schema_extenstions
However, importing the example file (after replacing the DOMAIN_TOP_DN)
fails:
> $ ldbmodify -H sam.ldb /tmp/automount.ldif --option="dsdb:schema update allowed"=true
> Unable to find attribute automountMapName in the schema
> ERR:
2019 Jul 04
2
`samba-tool dbcheck --cross-ncs --fix` fails: governsID already exists as an attributeId or governsId
On 03.07.19 18:04, Rowland penny via samba wrote:
>>>> How do I get rid of these bogus Schema entries, and how do I fix the
>>>> user account?
>>> I do not think you can remove anything from the schema, but I believe
>>> you can deactivate schema objects, try reading this:
>>>
>>>
2019 Jul 03
2
`samba-tool dbcheck --cross-ncs --fix` fails: governsID already exists as an attributeId or governsId
On 03.07.19 17:19, Rowland penny via samba wrote:
>> All these object classes were tests we did? years ago, and which have
>> been "deleted" (I don't even remember by what mechanism) for almost as
>> long. No object should still be using any of these, and on graz-dc-sem
>> that's true.
> I would love to know how you deleted something from the schema, it
2019 Jun 14
5
Spring Cleanup / Migrating Samba 4.5 to 4.10
With some slight delay, we did actually manage to get all our old wonky
compatibility solutions nuked (turned out there were a few more lurking
in the shadows than expected?). Mail servers are no longer domain
joined, and unencrypted LDAP is finally gone, together with the terrible
PHP scripts that needed it.
Which allowed me to finally cleanup all the samba setups:
2019 Jul 03
2
`samba-tool dbcheck --cross-ncs --fix` fails: governsID already exists as an attributeId or governsId
It's amazing how long Samba just keeps running even when apparently
everything's broken.
In preparation of finally upgrading our DCs to 41.0, I ran dbcheck on
all of them, resulting in:
graz-dc-sem:
> Checking 3861 objects
> Error: governsID CN=ucsUser,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.2 already exists as an attributeId or governsId
> Error:
2013 Jul 08
6
Getting nwfilter to work on Debian Wheezy
Hi,
I'm trying to configure nwfilter for KVM, but so far I haven't managed
to figure out a working configuration.
Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is
connected via eth0, part of the external subnet 192.168.17.0/24, and has
an additional subnet 192.168.128.160/28 routed to its main address
192.168.17.125.
The host's subnet is configured as bridge
2017 Sep 05
4
Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
> Keytabs look reasonable, as far as I can see, but why does
> graz-dc-sem have the same SPN output as graz-dc-1b in
> addition to its own?
A snapshotted server/cloned server? I dont know but thats not correct.
I suggest, cleanup the DS with FSMO roles.
Then remove a failty server and re-add it as a new installed DC.
( the good DS with FSMO)
First backup:
2019 May 21
2
Debugging Samba is a total PITA and this needs to improve
The smb.conf hasn't changed since the last three or four times I've
posted here asking for help:
https://up.tao.at/u/samba/villach-file.txt
Top level error I'm seeing is that since today *some* Windows users are
denied SMB access to this one member server ("Network password is
invalid"), but not all users. Worked fine before today.
wbinfo -p/-P work, wbinfo -a shows the
2017 Sep 05
3
Server GC/name.dom/dom is not registered with our KDC: Miscellaneous failure (see text): Server (GC/name/dom@DOM) unknown
Today's episode of "why is AD break", brought to you by:
> [2017/09/05 10:17:06.015617, 3] ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update)
> Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not registered with our KDC: Miscellaneous failure (see text): Server (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown
> [2017/09/05 10:17:06.015717, 0]
2014 Dec 05
2
Samba embedded device?
On Thu, Dec 4, 2014 at 5:19 AM, Sven Schwedas <sven.schwedas at tao.at> wrote:
> Tbh, you might get away with using PCEngines' APU boards (the successor
> to their Alix boards with a massively upgraded CPU) if individual
> machines don't need RAID (because everything is replicated anyway).
>
I considered that, but what would you use for storage?? They have an mSATA
2017 Nov 13
2
Winbind error "Could not fetch our SID - did we join?"
/etc/hostname:villach-file
/etc/hosts:# The following lines are desirable for IPv6 capable hosts
/etc/hosts:::1 localhost ip6-localhost ip6-loopback
/etc/hosts:ff02::1 ip6-allnodes
/etc/hosts:ff02::2 ip6-allrouters
/etc/hosts:127.0.0.1 localhost
/etc/hosts:192.168.16.214 villach-file
/etc/krb5.conf:[libdefaults]
/etc/krb5.conf: default_realm = AD.TAO.AT
/etc/krb5.conf: dns_lookup_realm = true
2019 May 21
3
Debugging Samba is a total PITA and this needs to improve
On 21.05.19 14:16, Rowland penny via samba wrote:> You need to
investigate your DB problems
Great, but how?
> I see no reason to have different smb.conf files for different Unix
> domain members, just don't have 'netbios name' in any smb.conf.
There's also share definitions in the files which I omitted, which are
the actual meat of the config files.
> You will also