similar to: LAM (ldap acc manager) with samba4

Performing the backup, for example on an external hard drive and restoring after all ok, the permissions will not be changed? In NT4 use the "lam" for management. Can I use ldap account manager for managing Samba4 ADDC or should only use the RSAT? Or is possible using both? On Thu, Sep 22, 2016 at 3:08 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Thu,

Hey Luke, thanks for the help!!! It's working now!!! God bless you and your family!! :D Remember that GPOs need to run as the context of either the computer or the > user. Computers typically do not have access to many folders on a file > server, even as "Everyone". That is why the NETLOGON folder works. > > If you're deploying as a USER configuration, then it

Which GPO? Computer or User Configuration? Remember that GPOs need to run as the context of either the computer or the user. Computers typically do not have access to many folders on a file server, even as "Everyone". That is why the NETLOGON folder works. If you're deploying as a USER configuration, then it should run as the context of the user, meaning the Everyone permission

Hi Elias, > I thought it worked, but after I uninstalled the software that I deployed > via user scope, it did not reinstall. I selected the "Redeploy application" > option, but it also did not work. The user scope GPO are run with the privileges and access tokens of the logged on user, so the user have local admin rights for install and need access rights to the share you

The saga continues... I've spent a whole day with log level 5 and 7 and no error. All I have to do is return the log to the default and the error reappears. I monitored the "LDAP Query: Duration", but I didn't notice any crashes in the queries. I don't know if it's a long time, but some queries took 1.5s. Is there anything else I can do? On Mon, Mar 25, 2024 at

On Thu, 16 Nov 2017 18:51:19 -0200 Elias Pereira <empbilly at gmail.com> wrote: > Yes, as I mentioned, I will use another dns domain. :) > > In the old domain was provisioned with the option --use-rfc2307. I > believe that it is the attributes that you mention? If so, can I > migrate the users to the new DC, so that they have the same ID? > No, all

1.5 seconds is pretty long, I would look into what those queries are. I would also look into repeated queries, sometimes these things are clients stuck in a loop where they don't complete because they expect some termination condition. Andrew Bartlett On Tue, 2024-04-02 at 09:25 -0300, Elias Pereira via samba wrote: > The saga continues... > I've spent a whole day with log level 5

Hello Andrew, 1. What is the explanation for the fact that when the log level is set to 5 or 7, the NT_STATUS_IO_TIMEOUT error does not appear, but when it is at the default log level, it does? Another point I've noticed before is that when I run the command "samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes" (*Checked 15337 objects (0 errors)*), and in another

Hello Andrew, What's the explanation for when the log level is set to 5, the error NT_STATUS_IO_TIMEOUT doesn't appear, but when it's at the default log level, it does? On Mon, Mar 18, 2024 at 10:33?AM Elias Pereira <empbilly at gmail.com> wrote: > hi Andrew, thanks for the help!!! > > It seems to me the LDAP process being busy would be the root cause here. >>

On Thu, 2024-04-11 at 14:21 -0300, Elias Pereira wrote: > Hello?Andrew, > > 1. What is the explanation for the fact that when the log level is > set to 5 or 7, the NT_STATUS_IO_TIMEOUT error does not appear, but > when it is at the default log level, it does? I don't have an explanation for this, sorry. ?Have you looked into the 1.5 second queries, what is sending them and

> > Simple answer: > Administrator, No > Domain Admins, Yes Ok. It was already that way. root at fileserver:/etc/samba# getent group ... domain admins:x:10004: domain users:x:10000: dap:x:10003: dti:x:10001: For some reason with the administrator user is not working, I put my user as domain admin and include him as a member of unix and now I can access the security tab.

Hi Rowland, Could you tell me what the correct permissions are for the bind9 files? On Wed, Jan 3, 2024 at 5:46?PM Elias Pereira <empbilly at gmail.com> wrote: > The only 'problem' I can see is that the group is set to 'bind' instead >> of 'root', why is this ? > > If I'm not mistaken, I did it on the wiki, but maybe I needed an older >

hi, I created a lab to test adding the eduPerson schema. I took the schema from the link below and followed the wiki to add the schema. hxxps:// github.com/REFEDS/eduperson/blob/master/schema/activedirectory/eduPerson.adschema.ldf I split the ldif into 3 parts. attrs.ldif classes.ldif auxiliaryClass.ldif At first there was no error when adding the ldifs with the commands given in the wiki. To

Hi samba list!!! Douglas, /usr/sbin/samba_kcc is made in python. Does it have a link to source4/dsdb/kcc/kcc_periodic.c which is made in C? The errors that appear in my DCs have their output in the C code. Correct me if I'm wrong, but I read in some old posts on the list that samba would have a new code for kcc (python code?), which would be closer to what M$ uses. Could this have anything

Found it! :) I thought in make a script more or less that way. #!/bin/bash # GROUP=ADM GUID=10000 # Domain Users UID=10000 # get the next ID ? for USER in $(samba-tool group listmembers $GROUP) do samba-tool user edit $USER -H ldap://samdom.example.com \ -U administrato --nis-domain=samdom \ --unix-home=/home/$USER \ --uid-number=${NEXTID} \

hi Andrew, thanks for the help!!! It seems to me the LDAP process being busy would be the root cause here. > Working out what is going on here shouldn't is a detective task - I always > start with a wireshark trace. The client making all the noise/traffic will > be the one causing the trouble. In the wireshark analysis, should I filter only by the ldap protocol or leave

Hello list, I tried to set up a folder on our fileserver domain member, so I can deploy software for users' machines, but is not working. If I put the software inside "netlogon" it installs correctly. \\172.16.1.7\storage\programs Auth Users - read & execute, list folder contents, read and write Do I need other permissions? -- Elias Pereira

Hello members I really have ran out of options here, and I don't know how to resolve this issue. I have a Samba LDAP primary domain controller. I have been using LAM - LDAP Account Manager to manage the accounts. The command line appears to be working correctly ie - getent passwd, getent group, id username, id computer, adding and removing accounts. Problem: When I logon to the LAM page

root at fileserver:~# getfacl /home/dados/ getfacl: Removing leading '/' from absolute path names # file: home/dados/ # owner: root # group: domain\040admins user::rwx group::rwx other::--- Still with the same problem. No security tab on windows machine. :( The "Administrator" and "Domain Admins" also need to have an unix attribute? On Tue, May 30, 2017 at 4:08 PM,

hello guys, In my tests lab did the migration ldap base of the old samba3 to Samba4 ADCD. It's possible to migrate directories and files from users of the old samba3 to Samba4 ADDC? -- Elias Pereira