similar to: Authentication problem with Windows client

I've wasted the last two days trying to get various versions of samba 4 packages getting to run under Wheezy. ? Wheezy's own packages are incomplete betas. ? Inverse provides their own packages (for SOGo), but they only care about getting their one use case to work; smbd doesn't work all, winbind has problems, and the postinst script resets my smb.conf with nonsense. Before I try

As sysvol replication seems to be safest when using rsync, how can I determine the PDC (to avoid accidentally starting the replication on a slave)? Windows' ADUC has the "Operations Masters" window which shows them, how do I query this from within Samba? -- Mit freundlichen Gr??en, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 |

Could *somebody* shed some light on how the firewall is supposed to work? I haven't even managed to get trivial firewall rules to work. As mentioned, the examples in the documentation generate completely nonsensical rulesets, and if I try writing my own, they make even less sense. For example: > <filter name='test-eth0' chain='root'> > <rule

Every once in a while, the DNS fails to resolve external domains ? but the DNS forwarder is still reachable (8.8.8.8, I assume it would be noticeable if it had any issues). What debug class is used by the DNS code? I don't really want to put several DCs on log level 10 for possibly days? -- Mit freundlichen Gr??en, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und

----- Original Message ----- > From: "Sven Schwedas" <sven.schwedas@tao.at> > To: libvirt-users@redhat.com > Sent: Friday, August 1, 2014 2:29:22 AM > Subject: Re: [libvirt-users] XP and virtio > > On 2014-07-31 20:05, Mauricio Tavares wrote: > > So I need to create a XP vm. I am using lvm logical volumes for > > its disk, so I am using virtio.

Thanks Sven, good Idea let's see if i am getting this right: 1) use MS ADSI editor to add few more attributes to the "users" class 2) use ldapmodify from my ubuntu server to populate those attributes would that work? ___________________________________________________________________________________________ Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX:

We're using a bunch of AD groups ? all users/groups are created and managed with ADUC. Domain Users is the primary group for all users, plus a few for our departments (and Domain Admins). All groups have their posixGroup attributes filled out. wbinfo --group-info and getent group show the correct membership for all groups except Domain Users. smb.conf: http://pastebin.com/ymrXZJ5u Already

We've run into a small issue over the holidays (I can't pinpoint it due to nobody being in the office for the past three weeks and thus not noticing anything): At least one LDAP entry has an (single-valued!) attribute duplicated on *some* DCs, but not all of them ? and said attribute hasn't been modified in six months. Microsoft's ADSI just crashes when trying to open the entry on

I'm trying to add schema extensions to my Samba (4.1.5) server, as per > https://wiki.samba.org/index.php/Samba4/Schema_extenstions However, importing the example file (after replacing the DOMAIN_TOP_DN) fails: > $ ldbmodify -H sam.ldb /tmp/automount.ldif --option="dsdb:schema update allowed"=true > Unable to find attribute automountMapName in the schema > ERR:

On 03.07.19 18:04, Rowland penny via samba wrote: >>>> How do I get rid of these bogus Schema entries, and how do I fix the >>>> user account? >>> I do not think you can remove anything from the schema, but I believe >>> you can deactivate schema objects, try reading this: >>> >>>

On 03.07.19 17:19, Rowland penny via samba wrote: >> All these object classes were tests we did? years ago, and which have >> been "deleted" (I don't even remember by what mechanism) for almost as >> long. No object should still be using any of these, and on graz-dc-sem >> that's true. > I would love to know how you deleted something from the schema, it

With some slight delay, we did actually manage to get all our old wonky compatibility solutions nuked (turned out there were a few more lurking in the shadows than expected?). Mail servers are no longer domain joined, and unencrypted LDAP is finally gone, together with the terrible PHP scripts that needed it. Which allowed me to finally cleanup all the samba setups:

It's amazing how long Samba just keeps running even when apparently everything's broken. In preparation of finally upgrading our DCs to 41.0, I ran dbcheck on all of them, resulting in: graz-dc-sem: > Checking 3861 objects > Error: governsID CN=ucsUser,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.2 already exists as an attributeId or governsId > Error:

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge

> Keytabs look reasonable, as far as I can see, but why does > graz-dc-sem have the same SPN output as graz-dc-1b in > addition to its own? A snapshotted server/cloned server? I dont know but thats not correct. I suggest, cleanup the DS with FSMO roles. Then remove a failty server and re-add it as a new installed DC. ( the good DS with FSMO) First backup:

The smb.conf hasn't changed since the last three or four times I've posted here asking for help: https://up.tao.at/u/samba/villach-file.txt Top level error I'm seeing is that since today *some* Windows users are denied SMB access to this one member server ("Network password is invalid"), but not all users. Worked fine before today. wbinfo -p/-P work, wbinfo -a shows the

Today's episode of "why is AD break", brought to you by: > [2017/09/05 10:17:06.015617, 3] ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not registered with our KDC: Miscellaneous failure (see text): Server (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > [2017/09/05 10:17:06.015717, 0]

On Thu, Dec 4, 2014 at 5:19 AM, Sven Schwedas <sven.schwedas at tao.at> wrote: > Tbh, you might get away with using PCEngines' APU boards (the successor > to their Alix boards with a massively upgraded CPU) if individual > machines don't need RAID (because everything is replicated anyway). > I considered that, but what would you use for storage?? They have an mSATA

/etc/hostname:villach-file /etc/hosts:# The following lines are desirable for IPv6 capable hosts /etc/hosts:::1 localhost ip6-localhost ip6-loopback /etc/hosts:ff02::1 ip6-allnodes /etc/hosts:ff02::2 ip6-allrouters /etc/hosts:127.0.0.1 localhost /etc/hosts:192.168.16.214 villach-file /etc/krb5.conf:[libdefaults] /etc/krb5.conf: default_realm = AD.TAO.AT /etc/krb5.conf: dns_lookup_realm = true

On 21.05.19 14:16, Rowland penny via samba wrote:> You need to investigate your DB problems Great, but how? > I see no reason to have different smb.conf files for different Unix > domain members, just don't have 'netbios name' in any smb.conf. There's also share definitions in the files which I omitted, which are the actual meat of the config files. > You will also