similar to: change primaryGroupID - unwilling to perform

Hi, I'm trying to modify the objectSid of a group using python-ldap. I've found that I need a server control to do it but doesn't work. The code that I'm using: modlist = [ (ldap.MOD_REPLACE, 'objectSid', s3sid_packed) ] LDB_CONTROL_PROVISION_OID = "1.3.6.1.4.1.7165.4.3.16" LDB_CONTROL_RELAX_OID = "1.3.6.1.4.1.4203.666.5.12"

Hi everyone samba --version Version 4.0.0alpha18-GIT-bfc7481 openSUSE 12.1 If I do this: ldbmodify --url=/usr/local/samba/private/sam.ldb -b dc=hh3,dc=site dn: CN=steve6,CN=Users,DC=hh3,DC=site changetype: modify add: objectclass objectclass: posixaccount - replace: primarygroupid primarygroupid: 1134 I get an error something like: ERR: (Unwilling to perform) error 53 If however I do the

Well, seems like I hit every mudhole that could be on the way ... root at samba4:/# getent passwd | grep mgr mgr:*:10000:10000:Lars LH. Hanke:/home/AD/mgr:/bin/bash root at samba4:/# ldapsearch -LLL -D "CN=Administrator,CN=Users,DC=ad,DC=microsult,DC=de" -x -W '(uid=mgr)' uid uidNumber gidNumber sAMAccountName name gecos Enter LDAP Password: dn: CN=Lars LH.

It's probably difting slightly off the topic, but I know that there are some people listening here, who have a decent expertise. I'm trying to setup a file server (nfs4 at ad.domain) and mount from a client (hunin at ad.domain) using the user database and especially Kerberos provided by my AD (samba at ad.domain). It already works nicely, if I forget about krb5, i.e. idmapd is

This topic has been on the list two years ago, already, but apparently to no conclusion. I'm trying to join a Debian Wheezy machine (Samba 3.6.6) to my freshly made backports AD (Samba 4.1.7). This is what I see: root at samba4:/# net ads join -U Administrator at AD.MICROSULT.DE Enter Administrator at AD.MICROSULT.DE's password: Using short domain name -- AD Joined 'SAMBA4' to

I recently upgraded Samba on my DC from a working 4.3 installation to 4.5.0. Once done, I followed the instructions here: https://wiki.samba.org/index.php/Updating_Samba#Fixing_replPropertyMetaData_Attributes and ran: samba-tool dbcheck --cross-ncs --fix --yes After that, I can no longer access the shares on this machine. I get the "Security ID structure is invalid" error above. In

And some more information about this strange effect apparently no-one has seen before. I now added the missing zone: samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U Administrator and it claims that the zone is okay, but the next one is missing: Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using driver dlopen Dec 29 10:31:12 verdandi named[2601]:

On 10/5/16 11:17 AM, Rowland Penny via samba wrote: > On Wed, 5 Oct 2016 10:37:51 -0400 > Ron García-Vidal via samba <samba at lists.samba.org> wrote: > >> Here is some more information that could be helpful. This is the >> entry for LDAP User in ldbedit: >> >> # record 253 >> dn: CN=LDAP User,CN=Users,DC=dc1,DC=mydomain,DC=net >> objectClass: top

On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote: > On 10/5/16 11:17 AM, Rowland Penny via samba wrote: >> On Wed, 5 Oct 2016 10:37:51 -0400 >> Ron García-Vidal via samba <samba at lists.samba.org> wrote: >> >>> Here is some more information that could be helpful. This is the >>> entry for LDAP User in ldbedit: >>> >>> # record

On 10/6/16 12:50 PM, lingpanda101--- via samba wrote: > On 10/6/2016 12:35 PM, Ron García-Vidal via samba wrote: >> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote: >>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote: >>>> On Wed, 5 Oct 2016 10:37:51 -0400 >>>> Ron García-Vidal via samba <samba at lists.samba.org> wrote: >>>>

If I query the AD DC I see: root at samba4:/# ldapsearch -H ldap://samba.ad.microsult.de -Y GSSAPI '(sAMAccountName=mgr)' SASL/GSSAPI authentication started SASL username: Administrator at AD.MICROSULT.DE SASL SSF: 56 SASL data security layer installed. I would like to see SASL SSF: 112. Does anyone know whether and where this can be configured? Regards, - lars.

Last month I struggled with a severe DLZ issue and today I could solve it. Credits for the important idea go to Peter Serbe, thanks! I checked the DNS contents using RSAT. There was nothing wrong with SOA nor NS entries, but the reverse zones were actually forward zones with proper names in the in-addr.arpa. domain. I built proper reverse zones and deleted the forward-reverse zones and Bind

I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting the service failed: Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u bind -4 Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var'

On 10/6/16 1:02 PM, Rowland Penny via samba wrote: > On Thu, 6 Oct 2016 12:35:54 -0400 > Ron García-Vidal via samba <samba at lists.samba.org> wrote: > >> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote: >>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote: >>>> On Wed, 5 Oct 2016 10:37:51 -0400 >>>> Ron García-Vidal via samba <samba

Currently, when CIFS users create files these get "Domain Users" as their group. I would appreciate a different group in general and yet another group for some selected users. Googling until my fingers bled I learned that this group is somehow magically encoded in the RID 513 set as primaryGroupID for all users. With Samba3 there used to be commands like 'net groupmap' to

Hello All, I have a custom built version of Samba 4.19.2 running on Rocky Linux 9. When I attempt to change a password via LDAP, I get an error, "Unwilling to Perform". In Google searches I found that this is due to password complexity requirements. However, in my case, I get the error no matter how complex the password. Also, I have the following line in my smb.conf file: ldap

Hi Marc, >> The cause is that the password change didn' reach both AD DCs, but only >> one. The other one still had the old value as could be seen by >> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of >> seconds brings them back to sync and Windows logons work as they used to. >> Any idea, what I should do next time to obtain valuable output

Hi When I add the posixGroup class to an AD group, add a user to the group and set their primaryGroupID, I can add members to the group: samba-tool group addmembers debusers lynn2 ERROR(ldb): Failed to add members "lynn2" to group "debusers" - samldb: member CN=lynn2,CN=Users,DC=hh3,DC=site already set via primaryGroupID 1106 where lynn2 is a user who has been added to

I'm trying to configure a Samba 3.6.6 file server running on a Synology NAS to use uid/gid from RFC2307. The file server knows the users from the AD, but it does not use the uid stored in the AD. The smb.conf: [global] printcap name=cups winbind enum groups=yes workgroup=AD encrypt passwords=yes security=ads local master=no

I'm launching the final phase of getting my new Samba4 AD DC productive. I wanted to join the first real workstation, but it failed: # net ads join -U Administrator Enter Administrator's password: Failed to join domain: failed to lookup DC info for domain 'AD.MICROSULT.DE' over rpc: Invalid server state This issue was reported already here: