similar to: Samba 4 AD share: Access denied

Displaying 20 results from an estimated 3000 matches similar to: "Samba 4 AD share: Access denied"

2016 Oct 26
3
NT_STATUS_INVALID_SID
I have a brand-new install of Debian 8 without systemd and a freshly-built Samba 4 install with issues. I created this as a standalone AD DC, setup group policies, etc and then took it to the client location. Now nothing works. I keep getting "RPC server unavailable" on Windows machines and trying to list shares on the DC itself results in NT_STATUS_INVALID_SID. I am lost as there are
2016 Oct 27
4
NT_STATUS_INVALID_SID
On Wed, 26 Oct 2016 17:27:37 -0400 Ryan Ashley via samba <samba at lists.samba.org> wrote: > I guess I should note that it seems like the high SIDs will resolve, > except for 300000. Below is an example. > > root at dc01:~# l /var/lib/samba/sysvol/medarts.lan/ > total 16 > drwxrws---+ 4 MEDARTS\reachfp 3000000 4096 Oct 17 17:45 Policies > drwxrws---+ 2 MEDARTS\reachfp
2016 Jul 04
2
winbind idmap_ad rfc2037 can't read UIdnumber
Hi samba team ! I try to resolve for hours a problem I have with a Linux Host (Samba 4.3.9 ubutnu 16.04) as AD member.DCs are Windows 2008 R2, One is 2012 R2. Forest level is 2003 R2. my smb.conf : [GLOBAL] netbios name = CR-DEV-01 security = ADS workgroup = ADDOMAIN realm = ADDOMAIN.COM idmap config *:backend = tdb idmap config *:range =
2016 Jul 05
4
winbind idmap_ad rfc2037 can't read UIdnumber
Le 04/07/2016 à 20:09, Rowland penny a écrit : > On 04/07/16 18:35, Raphaël RIGNIER wrote: >> Hi samba team ! >> >> I try to resolve for hours a problem I have with a Linux Host (Samba >> 4.3.9 ubutnu 16.04) as AD member.DCs are Windows 2008 R2, One is 2012 >> R2. Forest level is 2003 R2. >> >> my smb.conf : >> [GLOBAL] >> netbios
2017 Jan 11
4
Corrupted idmap...
Rowland, no domain user can authenticate on any system and running sysvolreset followed by sysvolcheck results in a crash. If the sysvol permissions are correct, sysvolcheck does not crash. If I attempt to join a NAS or workstation to the domain I get NT_STATUS_INVALID_SID. Researching these symptoms turns up a thread about a corrupt idmap.ldb where a group SID and user SID may be the same or
2015 Jul 17
2
"wbinfo --sid-to-gid" returns false gids
I've got this on the backup DC root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516 3000000 while root at bdc:~# ldbedit -H /usr/local/samba/private/idmap.ldb objectsid=S-1-5-21-1166961617-3197558402-3341820450-516 shows correct xid 3000019 and on the primary DC I've got itk at dc:/$ wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516 3000019
2019 Jun 05
2
getent group does not list domain groups - question regarding default gidNumbers on PDC
On 6/5/19 10:06 AM, Rowland penny via samba wrote: >> >> Now I have problems with id mapping configuration: >> >> wbinfo -u works. >> wbinfo -g works. >> getent group does not list domain users and groups. >> >> I logged into PDC and checked gidNumber for "Domain Users": >> >> [root at site-ad ~]# wbinfo --name-to-sid
2015 Apr 19
1
[bug?] idmap.ldb xidNumber attributes overlap with existing users'/groups' uidNumber/gidNumber
Greetings, All! I've discovered a nasty mismatch in my recently upgraded domain. It seems that a number of builtin groups have mappings in idmap.ldb that overlap with posixAccount mappings in the sam.ldb. Namely, # file: var/lib/samba/sysvol/ads.example.com/scripts/ # owner: root # group: 544 user::rwx user:root:rwx group::rwx group:544:rwx group:30000:r-x group:30001:rwx
2017 Jan 13
3
Fwd: Re: Duplicate xidNumbers
Rowland, Thank you for the quick response. I have just run net cache flush no change in problem. I have dumped the idmap.ldp using ldbsearch -H /var/lib/samba/private/idmap.ldb > idmap.txt and did some sorting, that is how I found the duplicates. On 1/13/2017 11:09 AM, Rowland Penny via samba wrote: > samba-tool ntacl > >sysvolreset
2020 Nov 04
2
ID Mapping
On 04/11/2020 00:14, O'Connor, Daniel wrote: > Hmm, you say 'uidNumber' but I have xidNumber: > # editing 1 records > # record 1 > dn: CN=S-1-5-21-1638907138-195301586-368347949-3088 > cn: S-1-5-21-1638907138-195301586-368347949-3088 > objectClass: sidMap > objectSid: S-1-5-21-1638907138-195301586-368347949-3088 > type: ID_TYPE_BOTH > xidNumber: 1044 >
2015 Jul 17
1
"wbinfo --sid-to-gid" returns false gids
17.07.2015, 17:30, "Rowland Penny" <rowlandpenny241155 at gmail.com>: > On 17/07/15 12:03, Andrej Surkov wrote: >>  I've got this on the backup DC >> >>  root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516 >>  3000000 > > OK, you have problems there, but not what you think. On my first DC > (note I don't have
2019 Jun 05
2
getent group does not list domain groups - question regarding default gidNumbers on PDC
On 6/5/19 11:26 AM, Rowland penny via samba wrote: > On 05/06/2019 10:04, ?ukasz Michalski via samba wrote: >> >>>> >>>> [root at site-ad ~]# wbinfo --sid-to-gid S-1-5-21-4155694911-3186826046-1573605777-513 >>>> 985 (same as 'users' unix gid on host) >>> where did the '985' come from ? >> >> I think from there:
2024 Dec 17
2
preparing for a new site with an extra domain controller
Am 16.12.24 um 12:23 schrieb Rowland Penny via samba: > On Mon, 16 Dec 2024 10:33:59 +0100 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: >> 1) sync it at first >> 2) do not sync it every time with sysvol >> 3) sync it periodically > > I am now not entirely convinced that '3' is required if you only use > the DC in
2016 Jun 20
2
Rights issue on GPO
Hi, > OK, I take it that 3000009 points to CN=S-1-5-11 and it is just > CN=S-1-5-18 that is wrong by pointing at proxmox$ (which incidentally, > is one of your computers) > Try backing up idmap.ldb, then open idmap.ldb in ldbedit, find and > delete the stanza that holds CN=S-1-5-18, it will look like this: > > dn: CN=S-1-5-18 > cn: S-1-5-18 > objectClass: sidMap >
2017 Jun 16
2
Erro sysvolcheck/sysvolreset
:-| ls -lnd /opt/samba/var/locks/sysvol drwxrwx---+ 3 0 3000000 4096 Jun 16 13:56 /opt/samba/var/locks/sysvol Em 16-06-2017 13:38, Rowland Penny via samba escreveu: > On Fri, 16 Jun 2017 13:15:19 -0300 > "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote: > >> OK, sorry, uncomment a line :-D >> >> Yes exist! >> >> ls -ld
2020 Nov 03
2
ID Mapping
On 03/11/2020 13:05, O'Connor, Daniel wrote: > >> On 3 Nov 2020, at 23:21, Rowland penny via samba <samba at lists.samba.org> wrote: >> On 03/11/2020 12:17, O'Connor, Daniel wrote: >>> I tried setting uidNumber et al via the active directory editor and samba-ldbedit, however the mapping doesn't seem to change so I am wondering if it ends up stored
2015 Mar 30
2
Unable to browse system shares of a newly migrated AD DC
Greetings, Rowland Penny! >>> Hi Louis, It works for me >>> This appears in log.smbd on my DC when I run the same command: >>> [2015/03/30 10:15:42.442881, 3] >>> ../source3/smbd/service.c:856(make_connection_snum) >>> dc01 (ipv6:::1:43602) connect to service IPC$ initially as user NT >>> AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000013)
2014 Dec 01
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 17:46, steve wrote: > On 01/12/14 18:25, Rowland Penny wrote: >> On 01/12/14 17:16, steve wrote: >>> On 01/12/14 18:11, Rowland Penny wrote: >>>> On 01/12/14 17:09, steve wrote: >>>>> On 01/12/14 17:31, Greg Zartman wrote: >>>>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny >>>>>> <rowlandpenny at
2015 Jul 03
3
Clients unable to get group policy...
On 03/07/15 15:18, Ryan Ashley wrote: > The only Unix client I can think of would be the Buffalo NAS. It runs > Samba3 and hosts various shares via SMB. DNS is handled by BIND9 on the > Samba4 DC. DNS does work and the domain name resolves to the IP address > of the server. DHCP is also handled on the DC. As for the GPO's, they're > in the correct place as far as I can tell.
2017 Sep 05
3
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Thank you very much for clarifying the ID mapping "magic";) > You do not need 'posixgroup', it is an auxiliary objectclass of group, you can add any of the rfc2307 attributes without it. Well, is there any option to remove it? Because "posixgroup" is on every group that was migrated from Samba 3. And I cannot edit this attribute in ADUC (delete button is grayed).