similar to: 3rd-party tool for creating users as alternative to ADUC

Hello, I am running Samba 4.1.12/Sernet on Debian Wheezy 64bit and I am about to setup my member server. The DC was provisioned with rfc2307 and extended attributes. I have assigned to the domain group called "Domain Users" the GID=10000. My member server was prepared with ACL+user_xattr and winbind support. My /etc/nsswitch.conf is using "winbind" for passwd+group, and

I am facing an issue which I cannot explain myself. The roaming profiles don't work for users that are members of the group "Domain Admins". The [profiles] share on the member server was configured exactly as explained on the wiki for roaming profiles. It works like a charm for all domain users, *BUT*: if a user is member of the group "Domain Admins" it *doesn't* :-(

> Comment from Rowland: > [...]an AD user without a uidNumber is merely a windows user Hi Rowland, just for my understanding, I have a question. If a domain user in my samba4 AD domain does not have been assigned with a "uid" on the [UNIX Attribute] tab of my ADUC tool, that user in general *cannot* access any of the shares of that particular member server? Is that correct? My

Hello list, using AD with rfc2307 provisioned and NIS extensions are available. In ADUC tool I choose the group "Domain Admins" and click on the [UNIX Attributes] tab. I activate it for my domain and choose the GID=500. When I execute on my member server "net cache flush && getent group 500" I get the result domain admins:x:500:johndoe,name1,name2 So far so good,

Hello list, my DC and member server is running Samba 4.1.12. The DC was provisioned with rfc2307 and NIS extensions. Through ADUC tool and the [UNIX Attribute] tab I assigned a uid to the AD user "testuser1" and I also assigned a gid to the AD group "Domain Users". The member server was configured according the official wiki of samba.org. Winbind was configured on the member

Hi list, I am experimenting with two member servers (both samba4). I am using following configuration: membersrv:/etc/samba/smb.conf: ========================== [...] username map = /etc/samba/smbmap [...] membersrv:/etc/samba/smbmap: ========================= !root = MYDOM\johndoe MYDOM\foo MYDOM\bar MYDOM\Administrator Administrator So the domain users from my AD called "John Doe",

Hello list, I'm stuck since 2 days and I have no clue how to troubleshoot and solve that problem. Any help really really appreciated. Scenario: ========= I am using Samba 4.1.12/sernet on DC1 (172.19.100.1) and DC2 (172.19.100.2) with default [netlogon] and [sysvol] share only. I installed an additional samba4 server with fileserving role which is called MEMBERSRV1 (172.19.100.3), which is

Hello everybody, if I use Microsoft's Active Directory & Users tool to add a home drive mapping to a users profile, I encounter the problem that ADUC tool cannot create automatically the home directory for the desired user. ADUC tool fails with the message, that the share cannot be accessed. My smb.conf contains: [global] template homedir = /data1/homes/%ACCOUNTNAME [homes]

Hi all, I am referring to the official wiki here: https://wiki.samba.org/index.php/Setting_up_a_home_share#Setting_up_the_share_and_filesystem_permissions I was struggling around for many hours before I have found out what caused my issue. Well, I have created the [home] share exactly as epxlained on the How-To, in detail: I am creating on the linux prompt at the member server the directory with

Hi, For several linux server on our network we want to allow the AD domain group called "MYDOM\Domain Admins" to login through ssh with their AD credentials. Our DC1 and DC2 are running on Debian 64bit using Samba 4.1.12/Sernet. I'm kinda confused, what exactly I need therefore. Do I need to setup a PAM_authentication as explained on that tutorial here?

Oh! I think I did find the error now :-) If I understand "NOW" correctly, I have also to assign a UID to EACH of my AD users in ADUC tool in the [UNIX Attribute] tab, is that correct? I just tried out. In ADUC tool I did choose "testuser3", and on the [UNIX Attribute] tab I activated the NIS domain so it reflects to "MYDOM". Then by default there was UID=10000, I

> You are very nearly correct, your smb.conf on the member server has > these lines: > > idmap config MYDOM:backend = ad > idmap config MYDOM:schema_mode = rfc2307 > idmap config MYDOM:range = 500-40000 > > The first line makes winbind use the ad backend, the second ensures that > the rfc2307 attributes are used and the third line sets the range of > users to

Hi, i'm getting a coredump on a specific msg, i've attached the gdb. file on disk i noticed W=<vsize> is missing. 1571209735.M744550P1608.rwvirtual65,S=15886:2,S Best regards, mail.log Oct 18 14:41:39 rwvirtual10 dovecot: imap(johndoe at company.nl)<15868><qjTFpy6VPsMKAAok>: Error: Mailbox INBOX.Debug: UID=1041: read(/data/mail/

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I like to know what will happend if: - - one Domain with 2 DCs - - two Admins working on their Windows-ws with RSAT. - - Admin1 is connected to DC1 - - Admin2 is connected to DC2 - - Admin1 creats a user "u1" and a group "g1" - - then the two DCs will lose connection, the user and group is replicated to DC2 - - now Admin1

I'm having a great deal of difficulty with integrating dovecot 2.0.9 with a new installation of samba4 4.1.11 and would appreciate anyones help who has this working. *Problem 1:* if dn= cn=Administrator,dc=ourhome,dc=net with dnpass = ***** ---------------I get NT_STATUS_LOGON_FAILURE but dn = "Administrator at ourhome.net" with dnpass = **** works I guess I shouldn't complain

So, a little bit more investigation shows a problem with idmap -> User - BUILTIN\Administrator uid = 30000 Group - BUILTIN\Administrators gid = 3000000 Group - SAMDOM\Domain Admins gid = 60000 POSIX file ownership is becoming 3000000:60000 It seems that the Administrators group group is set as the owner. What's more, 'Administrators' group name is not mapped when I list the

I'm having a little trouble adding my linux machine to my Windows NT domain... anyone know how to resolve this issue: [root@dev-zope-knox01 root]# smbpasswd -r admin1 -j CTI1 cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine ADMIN1. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT.

I am migrating a Freebsd 8.2 Samba 3.5.11 system to Freebsd 9.1 Samba 4.0.4. I copied over all of the users home directories, local accounts, and the tdb files. I ran the classic upgrade tool, got the server up and running, and users could login however they were on fresh local profiles rather than roaming profiles. In the log file for the station, I found the following message [2013/04/13

Hello everybody, What is the best way to delete an user mailbox (ex: /var/mail/johndoe ) when all attachments (for all users) are in a common directory with SIS deduplication (ex: mail_attachment_dir = /var/mail/attachments ) ? Trying to delete user mailbox directory (rm) and do the command : doveadm -v purge -u johndoe leave all johndoe's attachments orphelin. Best regards,

Hi, I'm having problems accessing home directories though NFS. This setup uses LDAP and Kerberos. Users defined on the local host work fine. This is what dovecot writes in the logs while trying to log in as the user johndoe: ---- Mar 19 14:10:54 jack dovecot-auth: nss_ldap: reconnecting to LDAP server... Mar 19 14:10:54 jack dovecot-auth: nss_ldap: reconnected to LDAP server after 1