Displaying 20 results from an estimated 7000 matches similar to: "Winbind does not read uidNumber"
2015 Mar 12
3
AD DC out of sync
Hi Marc,
>> The cause is that the password change didn' reach both AD DCs, but only
>> one. The other one still had the old value as could be seen by
>> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of
>> seconds brings them back to sync and Windows logons work as they used to.
>> Any idea, what I should do next time to obtain valuable output
2014 Jul 03
1
Strong cryptography for Kerberos available?
If I query the AD DC I see:
root at samba4:/# ldapsearch -H ldap://samba.ad.microsult.de -Y GSSAPI
'(sAMAccountName=mgr)'
SASL/GSSAPI authentication started
SASL username: Administrator at AD.MICROSULT.DE
SASL SSF: 56
SASL data security layer installed.
I would like to see SASL SSF: 112. Does anyone know whether and where
this can be configured?
Regards,
- lars.
2014 Aug 08
1
User disappears, when enabling RC2307
I'm trying to configure a Samba 3.6.6 file server running on a Synology
NAS to use uid/gid from RFC2307. The file server knows the users from
the AD, but it does not use the uid stored in the AD. The smb.conf:
[global]
printcap name=cups
winbind enum groups=yes
workgroup=AD
encrypt passwords=yes
security=ads
local master=no
2014 Sep 11
1
change primaryGroupID - unwilling to perform
My tool is growing fast and it takes me to the finishing line for
setting up my new user database. But nw I came across another strange issue:
I'd like to change the primaryGroupID. It is currently set to 513, which
simply does not exist. I wanted to set to 100, which exists and actually
the user is a member of this group, but then I get the following exception:
ldap.UNWILLING_TO_PERFORM:
2014 Jun 24
2
Join AD fails DNS update
This topic has been on the list two years ago, already, but apparently
to no conclusion.
I'm trying to join a Debian Wheezy machine (Samba 3.6.6) to my freshly
made backports AD (Samba 4.1.7). This is what I see:
root at samba4:/# net ads join -U Administrator at AD.MICROSULT.DE
Enter Administrator at AD.MICROSULT.DE's password:
Using short domain name -- AD
Joined 'SAMBA4' to
2014 Dec 29
2
samba_dlz Failed to configure reverse zone
And some more information about this strange effect apparently no-one
has seen before.
I now added the missing zone:
samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U Administrator
and it claims that the zone is okay, but the next one is missing:
Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using
driver dlopen
Dec 29 10:31:12 verdandi named[2601]:
2014 Sep 23
2
NFS4 with samba4 AD for authentication
It's probably difting slightly off the topic, but I know that there are
some people listening here, who have a decent expertise. I'm trying to
setup a file server (nfs4 at ad.domain) and mount from a client
(hunin at ad.domain) using the user database and especially Kerberos
provided by my AD (samba at ad.domain).
It already works nicely, if I forget about krb5, i.e. idmapd is
2015 Jan 28
1
[SOLVED] samba_dlz Failed to configure reverse zone
Last month I struggled with a severe DLZ issue and today I could solve
it. Credits for the important idea go to Peter Serbe, thanks!
I checked the DNS contents using RSAT. There was nothing wrong with SOA
nor NS entries, but the reverse zones were actually forward zones with
proper names in the in-addr.arpa. domain. I built proper reverse zones
and deleted the forward-reverse zones and Bind
2014 Dec 22
2
samba_dlz Failed to configure reverse zone
I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting
the service failed:
Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u
bind -4
Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var'
2014 Jun 18
1
Mount share on Synology NAS (Samba 3.6.9) as client of Samba 4.1.9 AD DC
I set-up a basic AD DC using samba 4.1.9 successfully. I joined my NAS
to the domain, i.e. I saw no errors and see the users and groups of my
AD listed in the GUI of the NAS. When I try to connect to a share of the
NAS the following happens:
mgr at ws1:~$ smbclient -U 'AD\mgr' //nas/Test
Enter AD\mgr's password:
Domain=[AD] OS=[Unix] Server=[Samba 3.6.9]
tree connect failed:
2014 Oct 20
1
join fails: invalid server state
I'm launching the final phase of getting my new Samba4 AD DC productive.
I wanted to join the first real workstation, but it failed:
# net ads join -U Administrator
Enter Administrator's password:
Failed to join domain: failed to lookup DC info for domain
'AD.MICROSULT.DE' over rpc: Invalid server state
This issue was reported already here:
2015 Apr 23
0
AD DC out of sync
It did happen again and this time I was a little less panicked and took
some time to figure out what happened.
On my primary DC (SAMBA) I did not notice anything extraordinary.
However, my secondary (VERDANDI) reported issues:
root at verdandi:~# samba-tool drs showrepl
Default-First-Site-Name\VERDANDI
DSA Options: 0x00000001
DSA object GUID: a03bbb51-1dca-44ae-a4d9-7aa8cb4a1ace
DSA
2014 Jun 02
1
Fresh ADC: Failed DNS update - NT_STATUS_ACCESS_DENIED
I hopefully cleared all SAMBA files and set up a fresh ADC using:
samba-tool domain provision --use-rfc2307 --domain=UAC --realm=UAC.MGR
--server-role=dc --dns-backend=SAMBA_INTERNAL --targetdir=/srv/files
--adminpass="secret" --option="dns forwarder=172.16.6.11"
The provisioning seemed okay, i.e. nothing hints at any errors and I see
a DOMAIN SID as the final entry as
2014 Dec 29
0
samba_dlz Failed to configure reverse zone
On 29/12/14 09:40, Lars Hanke wrote:
> And some more information about this strange effect apparently no-one
> has seen before.
>
> I now added the missing zone:
>
> samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U
> Administrator
>
> and it claims that the zone is okay, but the next one is missing:
>
> Dec 29 10:31:12 verdandi named[2601]: Loading
2014 Dec 01
3
uidNumber. ( Was: What is --rfc2307-from-nss ??)
Greg,
> Unfortunately, these attributes do not exist as standard, so you would
> either have to add a user with ADUC or manually add them yourselves with
> ldbedit. As standard on windows, they both start at '10000', though you
> can set them to whatever you require, just make sure that they do not
> interfere with any local Unix users.
If you like to manage Unix users
2014 Dec 29
5
samba_dlz Failed to configure reverse zone
Dear Roland,
and here we have one reasons / prove regarding Debian and current Samba BIND DLZ issues :
http://metadata.ftp-master.debian.org/changelogs//main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u3_changelog
MSG >> " * disable dlz until we get a patch to make it build again"
Well Debian Maintainers seems seeking missing the dlz patches that RHEL & SLES maintainers created
2014 Dec 24
0
samba_dlz Failed to configure reverse zone
I dug somewhat deeper into what is going on below and it seems even
stranger. The reverse zone without SOA or NS does not even exist:
root at verdandi:~# samba-tool dns query localhost 10.16.172.in-addr.arpa @
ALL -U Administrator
Password for [AD\Administrator]:
ERROR(runtime): uncaught exception - (9714,
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
File
2014 Dec 31
4
Fwd: Re: Samba4 and sssd, keytab file expires?
Il 2014-12-31 16:29 Dr. Lars Hanke ha scritto:
>>> OK, you can get winbind to update your keytab, you need to alter your
>>> smb.conf slightly. You need to change 'kerberos method = secrets
>>> only'
>>> to either 'kerberos method = secrets and keytab' or 'kerberos method
>>> =
>>> system keytab' and add the line
2015 Feb 02
3
Fileserver Failover with AD and Gluster
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 02.02.2015 um 13:30 schrieb Sven Schwedas:
> On 2015-02-02 12:56, Lars Hanke wrote:
>> I currently plan to move my storage to Gluster. One of the
>> anticipated advantages is to have Gluster replicate data among
>> physical nodes, i.e. if one node dies the file service can live
>> on.
>>
>> AD for
2018 Dec 14
1
[WIP PATCH 02/15] drm/dp_mst: Refactor drm_dp_update_payload_part1()
On Thu, Dec 13, 2018 at 08:25:31PM -0500, Lyude Paul wrote:
> There should be no functional changes here
Would be good to explain what you did refactor here, instead of me trying
to reconstruct it from the patch. Especially pre-coffee that helps :-)
>
> Signed-off-by: Lyude Paul <lyude at redhat.com>
> Cc: Juston Li <juston.li at intel.com>
> ---
>