similar to: join fails: invalid server state

This topic has been on the list two years ago, already, but apparently to no conclusion. I'm trying to join a Debian Wheezy machine (Samba 3.6.6) to my freshly made backports AD (Samba 4.1.7). This is what I see: root at samba4:/# net ads join -U Administrator at AD.MICROSULT.DE Enter Administrator at AD.MICROSULT.DE's password: Using short domain name -- AD Joined 'SAMBA4' to

Well, seems like I hit every mudhole that could be on the way ... root at samba4:/# getent passwd | grep mgr mgr:*:10000:10000:Lars LH. Hanke:/home/AD/mgr:/bin/bash root at samba4:/# ldapsearch -LLL -D "CN=Administrator,CN=Users,DC=ad,DC=microsult,DC=de" -x -W '(uid=mgr)' uid uidNumber gidNumber sAMAccountName name gecos Enter LDAP Password: dn: CN=Lars LH.

It's probably difting slightly off the topic, but I know that there are some people listening here, who have a decent expertise. I'm trying to setup a file server (nfs4 at ad.domain) and mount from a client (hunin at ad.domain) using the user database and especially Kerberos provided by my AD (samba at ad.domain). It already works nicely, if I forget about krb5, i.e. idmapd is

And some more information about this strange effect apparently no-one has seen before. I now added the missing zone: samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U Administrator and it claims that the zone is okay, but the next one is missing: Dec 29 10:31:12 verdandi named[2601]: Loading 'ad.microsult.de' using driver dlopen Dec 29 10:31:12 verdandi named[2601]:

I just upgraded bind9 on my backup DC to 9.9.5-7-Debian and restarting the service failed: Dec 22 12:25:55 verdandi named[18534]: starting BIND 9.9.5-7-Debian -u bind -4 Dec 22 12:25:55 verdandi named[18534]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var'

Hi Marc, >> The cause is that the password change didn' reach both AD DCs, but only >> one. The other one still had the old value as could be seen by >> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of >> seconds brings them back to sync and Windows logons work as they used to. >> Any idea, what I should do next time to obtain valuable output

Last month I struggled with a severe DLZ issue and today I could solve it. Credits for the important idea go to Peter Serbe, thanks! I checked the DNS contents using RSAT. There was nothing wrong with SOA nor NS entries, but the reverse zones were actually forward zones with proper names in the in-addr.arpa. domain. I built proper reverse zones and deleted the forward-reverse zones and Bind

My tool is growing fast and it takes me to the finishing line for setting up my new user database. But nw I came across another strange issue: I'd like to change the primaryGroupID. It is currently set to 513, which simply does not exist. I wanted to set to 100, which exists and actually the user is a member of this group, but then I get the following exception: ldap.UNWILLING_TO_PERFORM:

If I query the AD DC I see: root at samba4:/# ldapsearch -H ldap://samba.ad.microsult.de -Y GSSAPI '(sAMAccountName=mgr)' SASL/GSSAPI authentication started SASL username: Administrator at AD.MICROSULT.DE SASL SSF: 56 SASL data security layer installed. I would like to see SASL SSF: 112. Does anyone know whether and where this can be configured? Regards, - lars.

I'm trying to configure a Samba 3.6.6 file server running on a Synology NAS to use uid/gid from RFC2307. The file server knows the users from the AD, but it does not use the uid stored in the AD. The smb.conf: [global] printcap name=cups winbind enum groups=yes workgroup=AD encrypt passwords=yes security=ads local master=no

I run a Samba4 AD and joined a Synology NAS running Samba 3.6.9. I can access the shares using smbclient or mount -t cifs from all Linux machines (usually running Samba 3.6.6 clients). I can mount the shares from WinXP home and Win7 home. However, with a Win7 Ultimate machine joined to the AD most of the time it doesn't work. I can logon to the machine with my AD credentials, but I am

Hi, I'm going to migrate my old CUPS server to a new setup. It shall provide the printing backend for Samba4 and should integrate as seamless as possible. Both Windows and Linux users should not require additional passwords, but should be authenticated by their Kerberos tickets. Is there anything particular to consider? E.g. has the CUPS server to be joined to the AD and should it run a

It did happen again and this time I was a little less panicked and took some time to figure out what happened. On my primary DC (SAMBA) I did not notice anything extraordinary. However, my secondary (VERDANDI) reported issues: root at verdandi:~# samba-tool drs showrepl Default-First-Site-Name\VERDANDI DSA Options: 0x00000001 DSA object GUID: a03bbb51-1dca-44ae-a4d9-7aa8cb4a1ace DSA

On 29/12/14 09:40, Lars Hanke wrote: > And some more information about this strange effect apparently no-one > has seen before. > > I now added the missing zone: > > samba-tool dns zonecreate verdandi 10.16.172.in-addr.arpa -U > Administrator > > and it claims that the zone is okay, but the next one is missing: > > Dec 29 10:31:12 verdandi named[2601]: Loading

Greg, > Unfortunately, these attributes do not exist as standard, so you would > either have to add a user with ADUC or manually add them yourselves with > ldbedit. As standard on windows, they both start at '10000', though you > can set them to whatever you require, just make sure that they do not > interfere with any local Unix users. If you like to manage Unix users

I created a demo share on my AD DC. After obtaining a copy of Win7 Ultimate I could now verify that the share has all rights granted to anyone (don't know how Windoze call "Jeder" in English). I can read and write the Share using AD\Administrator. AD\StandardUser can mount the share and read, what the Administrator put there. But he cannot create or modify files.

Recently I suddenly lose all permissions both for SMB and NFS4 on my Synology NAS.And similarly after poking some time in muddy waters, it suddenly works again. The NAS runs Samba 3.6.9. What I found, when the permissions were gone: 1. id user still working, didn't work last time so I assume a caching issue here 2. wbinfo -u same as above. This time still worked, last time only reported

Dear Roland, and here we have one reasons / prove regarding Debian and current Samba BIND DLZ issues : http://metadata.ftp-master.debian.org/changelogs//main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u3_changelog MSG >> " * disable dlz until we get a patch to make it build again" Well Debian Maintainers seems seeking missing the dlz patches that RHEL & SLES maintainers created

Ok, it's here: http://pastebin.com/JEnr5wUq The id_offset is that value because i initially didn't use rfc2307 attributes, but instead On 29 January 2015 at 23:27, Tim <lists at kiuni.de> wrote: > @Hans-Kristian: > I'd like to see it. How did you automate this? > > @Andrew: > In another thread I suggested to set the rfc2307 info automatically when a > domain

Today I had another automatic restart of my secondary DC because samba-tool drs showrepl showed errors. The restart was completed at 12:35. This is what I found in log.samba at log level 3: [2016/01/04 12:33:47.201892, 3] ../source4/rpc_server/drsuapi/getncchanges.c:2007(dcesrv_drsuapi_DsGetNCChanges) UpdateRefs on getncchanges for b19509be-c3ee-4a58-9fc9-afd61759a23f [2016/01/04