similar to: DC and member setup.

Okay!!! My member server ip address is 192.168.**.56 (static). When I run your command it is reporting the ip address of 192.168.**.55 (which is my DC02 address.) So, I need to correct this. How do I remove the 'old member server' ip address 192.168.**.55 reference and correct to 192.168.**.56? --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main)

That was a cut/paste error. I've been thinking (danger, danger) when I test kerberos it returns the two DC's are available. Should it be including the member server also? Didn't I see the script setup kerberos on the member server? (Remember this was installed with the gen one scripts, not the newest scripts.) --- ------------------------- Bob Wooden of Donelson Trophy

W7 client domain member? yes. Logged in as domainAdministrator? yes. "SeDiskOperatorPrivilege" set? yes Read "/Setup_and_configure_file_shares_with_Windows_ACLs"? yes. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [2] "Everyone deserves an award!!" On 2015-01-28 10:40, Marcel de Reuver wrote: >

On 28/01/15 16:50, Bob of Donelson Trophy wrote: > > > W7 client domain member? yes. > > Logged in as domainAdministrator? yes. > > "SeDiskOperatorPrivilege" set? yes > > Read "/Setup_and_configure_file_shares_with_Windows_ACLs"? yes. > > --- > > ------------------------- > > Bob Wooden of Donelson Trophy > > 615.885.2846

Hi Bob, Set the rights like this. > /home 775 > > /home/samba 775 > > /home/samba/DT***RM 775 > > /home/samba/DT***RM/profiles 777 for the profiles, after you set the rights in windows, user profiles folders wil be created with the correct rights. and only accessable by the user.. and from here you shoule be able to set the correct rights. Can you give it a try?

Hai Bob. SETDNSDOMAIN='hostname -d' needs to be: SETDNSDOMAIN=`hostname -d` .. so change them all . SETDNSDOMAIN=`hostname -d` SETHOSTNAME=`hostname -s` SERVER_IP_ADDRESS=`hostname -i` and you can ignore : >[....] Stopping domain name service...: bind9rndc: connect failed: >127.0.0.1#953: connection refused > >. ok > >[ ok ] Starting domain name service...:

After restoring the member server and re-running the improved "4-setup-samba4-MEMBER-wheezy.sh" script I am still having the same issue. W7 client still not allowed to access the member server. Administrator still has a uidNumber: getent passwd Administrator administrator:*:50001:50006::/home/samba/DTS***M/users/administrator:/bin/bash I have added a couple is test admin users

On 13/02/15 19:48, Bob of Donelson Trophy wrote: > > > Thank you, Rowland. > > Copied your simpler ntp.conf file into my member server. Made the > appropriate changes. Restarted all the ntp service on all machines (just > in case.) Ran 'ntpq -p' (on member server) and got the correct answer. > Proper connection to DC's. > --- > >

On 13/02/15 17:26, Bob of Donelson Trophy wrote: > > > Copied Roweland's DC ntp.conf file into my two DC's. Restarted (all) > ntp. Member still timing out! > > (I am starting to think that there is 'something' about the sernet > packages that "they" do differently.) > > Rowland, Could I ask you to copy the ntp.conf from your client (appears

On 23/04/15 16:22, Bob of Donelson Trophy wrote: > > > I went and got the newest (upped recently) script. No love. > > I removed the email address line to get more command line output. > > root at dc01:~# ./samba-check-db-repl.sh > Running with with console output > Running : /usr/bin/samba-tool ldapcmp --filter='whenChanged' ldap://dc01 >

Yes, "INTERNAL" was the actual. Generated by script, I presume. Now changed to my workgroup name. Restarted member server. Now 'getent passwd Administrator' returns nothing but, W7 client still cannot connect. (As I have restored and re-run script this morning doesn't that mean it has to be coming over from DC's somehow?) --- ------------------------- Bob Wooden

On 13/02/15 16:43, Bob of Donelson Trophy wrote: > > > Made the suggested adjustments (4 locations in the member server > ntp.conf file) and restarted ntp. > > Still (member server) timing out. > > Not sure what you mean about removing "server 0.debian.pool.ntp.org > iburst" lines. Those on the DC's. Aren't they necessary? > > Running 'ntpq

I have created a DC01 & DC02 with Louis's (generation one) scripts. I have noticed, during some testing that 'pam-auth-update' shows PAM profiles Kerberos, Unix & Winbind listed on DC01. The DC02 only lists Kerberos & Unix and Winbind is missing. I thought that the two DC's were suppose to be identical? If DC01 goes "down" DC02 cannot carry a winbind

Copied Roweland's DC ntp.conf file into my two DC's. Restarted (all) ntp. Member still timing out! (I am starting to think that there is 'something' about the sernet packages that "they" do differently.) Rowland, Could I ask you to copy the ntp.conf from your client (appears to be your laptop) so I could review it's contents? --- ------------------------- Bob

What i forgot to mention. The "maintainence user" is a linux user.. but what are you trying to do? or whats the goal further.. Greetz, Louis >-----Oorspronkelijk bericht----- >Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org] >Namens L.P.H. van Belle >Verzonden: dinsdag 3 februari 2015 8:46 >Aan: samba at lists.samba.org >Onderwerp: Re:

Hi bob, Yes, i have corrected the script online. I replaced the %USERNAME with %U in the old member script, and please dont give the user DOMAIN\Administrator any uid. not 0, nothing.. .no uid.. My best advice, leave Administrator as is and create a new user.. Add that one in "Domain Admins" and that user can have a uid. For setting the rights. Use setfacl to set the base

On 30/01/15 19:14, Bob of Donelson Trophy wrote: > > > There is no uidNumber or gidNumber specifically listed (there is an > objectGuid and an objectSid.) > > Did nothing. > > Now? > > --- > > ------------------------- > > Bob Wooden of Donelson Trophy > > 615.885.2846 (main) > www.donelsontrophy.com [1] > > "Everyone deserves an

Thank you, Rowland. Copied your simpler ntp.conf file into my member server. Made the appropriate changes. Restarted all the ntp service on all machines (just in case.) Ran 'ntpq -p' (on member server) and got the correct answer. Proper connection to DC's. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone

Made the suggested adjustments (4 locations in the member server ntp.conf file) and restarted ntp. Still (member server) timing out. Not sure what you mean about removing "server 0.debian.pool.ntp.org iburst" lines. Those on the DC's. Aren't they necessary? Running 'ntpq -p' on DC's results in correct response. --- ------------------------- Bob Wooden of

I went and got the newest (upped recently) script. No love. I removed the email address line to get more command line output. root at dc01:~# ./samba-check-db-repl.sh Running with with console output Running : /usr/bin/samba-tool ldapcmp --filter='whenChanged' ldap://dc01 ldap://dc02.dtsh***m.dt. Please wait.. this can take a while.. Failed to bind - LDAP error 49