similar to: domain users "primary group" does not take effect in UNIX attributes (NIS)

Hi list, I am experimenting with two member servers (both samba4). I am using following configuration: membersrv:/etc/samba/smb.conf: ========================== [...] username map = /etc/samba/smbmap [...] membersrv:/etc/samba/smbmap: ========================= !root = MYDOM\johndoe MYDOM\foo MYDOM\bar MYDOM\Administrator Administrator So the domain users from my AD called "John Doe",

Hello list, I am using the Microsoft ADUC (Active Directory Users & Computers) tool from the RSAT suite for creating and modifying my domain users. I am aware of the "copy" functionality which really is very nice to use. Unfortunately I am missing two important actions during the user-creation process which I try to describe: 1.) When I use the template feauture (by using the

Hello everybody, if I use Microsoft's Active Directory & Users tool to add a home drive mapping to a users profile, I encounter the problem that ADUC tool cannot create automatically the home directory for the desired user. ADUC tool fails with the message, that the share cannot be accessed. My smb.conf contains: [global] template homedir = /data1/homes/%ACCOUNTNAME [homes]

I am facing an issue which I cannot explain myself. The roaming profiles don't work for users that are members of the group "Domain Admins". The [profiles] share on the member server was configured exactly as explained on the wiki for roaming profiles. It works like a charm for all domain users, *BUT*: if a user is member of the group "Domain Admins" it *doesn't* :-(

Hello, I am running Samba 4.1.12/Sernet on Debian Wheezy 64bit and I am about to setup my member server. The DC was provisioned with rfc2307 and extended attributes. I have assigned to the domain group called "Domain Users" the GID=10000. My member server was prepared with ACL+user_xattr and winbind support. My /etc/nsswitch.conf is using "winbind" for passwd+group, and

Hi all, I wonder if there are any pro/cons between using Samba4 of Debian's official Wheezy-backports repository which actually is version 4.1.11 -or- using Samba4 of Sernet's official repository which actually is on version 4.1.12 I understand that Sernet's package at that moment is more recent, but recently I had an issue which was Debian/Samba4 related and unfortunately I made

Hey all, according to the whitepaper http://technet.microsoft.com/en-us/library/cc736591%28v=ws.10%29.aspx I would like to a windows shortcut on the desktop that allows me to open and run the "Group Policy Editor" *for my samba4/AD domain*. The shortcut command should be: "gpedit.msc /gpobject:"LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=mydom,

Dear Davor, would you please stop abusing this thread? The topic and initially posting is talking of something quite different than Rowland used in his first answer and to what you have replied. Thanks for your understanding. And no, uid and gid is not the same (uid!=gid) Regards, Mirco

Hello list, I am facing an issue which I cannot explain myself. The roaming profiles don't work for users that are members of the group "Domain Admins". The [profiles] share on the member server was configured exactly as explained on the wiki for roaming profiles. It works like a charm for all domain users, *BUT*: if a user is member of the group "Domain Admins" it

Oh! I think I did find the error now :-) If I understand "NOW" correctly, I have also to assign a UID to EACH of my AD users in ADUC tool in the [UNIX Attribute] tab, is that correct? I just tried out. In ADUC tool I did choose "testuser3", and on the [UNIX Attribute] tab I activated the NIS domain so it reflects to "MYDOM". Then by default there was UID=10000, I

> OK, make sure that the two idmap.ldb files match and then run > 'samba-tool ntacl sysvolreset' on both machines and see if this cured > this problem. I did: root at dc1:~$ service sernet-samba-ad stop root at dc2:~$ service sernet-samba-ad stop root at dc2:~$ mv /var/lib/samba/private/idmap.ldb /root/idmap.ldb.bak root at dc1:~$ scp /var/lib/samba/private/idmap.ldb

> You are very nearly correct, your smb.conf on the member server has > these lines: > > idmap config MYDOM:backend = ad > idmap config MYDOM:schema_mode = rfc2307 > idmap config MYDOM:range = 500-40000 > > The first line makes winbind use the ad backend, the second ensures that > the rfc2307 attributes are used and the third line sets the range of > users to

I am migrating a Freebsd 8.2 Samba 3.5.11 system to Freebsd 9.1 Samba 4.0.4. I copied over all of the users home directories, local accounts, and the tdb files. I ran the classic upgrade tool, got the server up and running, and users could login however they were on fresh local profiles rather than roaming profiles. In the log file for the station, I found the following message [2013/04/13

Hi Lucas ? Thanks, but the time is in sync on all clients and is updated on login by a login script. There's is no discrepancy in this regard between those clients that work and those that don't. :) ? On Wed 24-04-2013 10:47:?icro MEGAS <micromegas at mail333.com> wrote Check your time sync between clients and server. If the time is not in sync, it can result to Kerberos errors

Hey all, I decided to use the default ranges in the smb.conf of my member server, so I changed my smb.conf and it looks like that: ================================================== [global] netbios name = MEMBERSRV workgroup = MYDOM security = ADS realm = MYDOM.EXAMPLE.COM encrypt passwords = yes idmap config MYDOM:backend = ad idmap

Hi all, I am referring to the official wiki here: https://wiki.samba.org/index.php/Setting_up_a_home_share#Setting_up_the_share_and_filesystem_permissions I was struggling around for many hours before I have found out what caused my issue. Well, I have created the [home] share exactly as epxlained on the How-To, in detail: I am creating on the linux prompt at the member server the directory with

Hello Rowland, Louis and Min, sorry for late reply, I was really busy in the past days. As Min already wrote, I have made the same experience unfortunately. With Rowland's suggested settings it didn't solve the problem. I'm on another issue at the moment and didn't find time to check the rsync/unison process on my own, but I'll promise I'll dive into it as soon as I can.

Hello list, my DC and member server is running Samba 4.1.12. The DC was provisioned with rfc2307 and NIS extensions. Through ADUC tool and the [UNIX Attribute] tab I assigned a uid to the AD user "testuser1" and I also assigned a gid to the AD group "Domain Users". The member server was configured according the official wiki of samba.org. Winbind was configured on the member

> Comment from Rowland: > [...]an AD user without a uidNumber is merely a windows user Hi Rowland, just for my understanding, I have a question. If a domain user in my samba4 AD domain does not have been assigned with a "uid" on the [UNIX Attribute] tab of my ADUC tool, that user in general *cannot* access any of the shares of that particular member server? Is that correct? My

Akemi, all is good now: I have the account in caps and have access to the Contribute tree of pages and my personal page. Thank you very much for your help and patience! I wish everyone was so nice and welcoming as yourself in this world. Tomas On Wed, May 27, 2020 at 10:51 AM Akemi Yagi <amyagi at gmail.com> wrote: > > On Wed, May 27, 2020 at 12:55 AM Tomas Tomecek <ttomecek at