similar to: Samba4, idmap.ldb & ID_TYPE_BOTH

On 20/02/15 21:27, Davor Vusir wrote: > > Rowland Penny skrev den 2015-02-19 18:15: >> OK, there is a discussion over on samba-technical about nss_winbind >> and the question about Administrator being mapped to 0 was raised. >> Now I have always thought that it should, but in fairness, I decided >> to see what happens when it isn't, so I removed Administrator

On 03/07/15 15:18, Ryan Ashley wrote: > The only Unix client I can think of would be the Buffalo NAS. It runs > Samba3 and hosts various shares via SMB. DNS is handled by BIND9 on the > Samba4 DC. DNS does work and the domain name resolves to the IP address > of the server. DHCP is also handled on the DC. As for the GPO's, they're > in the correct place as far as I can tell.

On 03/07/15 15:58, Ryan Ashley wrote: > They left a PC on, so I got the info. The info pissed me off, but not > because of the issue. This time it worked flawlessly, but I got the > error from the event log from prior attempts. First, today's results. > > C:\Users\reachfp.KIGM>gpupdate > Updating Policy... > > User Policy update has completed successfully. >

On 02/07/15 16:55, Ryan Ashley wrote: > Rowland, here is what I found in the ldb. > > # record 68 > dn: CN=S-1-5-32-544 > cn: S-1-5-32-544 > objectClass: sidMap > objectSid: S-1-5-32-544 > type: ID_TYPE_BOTH > xidNumber: 3000000 > distinguishedName: CN=S-1-5-32-544 > > # record 70 > dn: CN=S-1-5-32-549 > cn: S-1-5-32-549 > objectClass: sidMap >

Rowland Penny skrev den 2015-02-21 10:35: > On 20/02/15 21:27, Davor Vusir wrote: >> >> Rowland Penny skrev den 2015-02-19 18:15: >>> OK, there is a discussion over on samba-technical about nss_winbind >>> and the question about Administrator being mapped to 0 was raised. >>> Now I have always thought that it should, but in fairness, I decided

On 30/06/15 17:18, Ryan Ashley wrote: > I hate to revive this, but before I push my client through an upgrade, I > have to be sure my issue is with ACLs not being supported, as suggested. > Squeeze does have ACL support. > > root at dc01:/samba/var/locks# getfacl sysvol > # file: sysvol > # owner: root > # group: 3000000 > user::rwx > user:root:rwx >

On 01/12/14 17:46, steve wrote: > On 01/12/14 18:25, Rowland Penny wrote: >> On 01/12/14 17:16, steve wrote: >>> On 01/12/14 18:11, Rowland Penny wrote: >>>> On 01/12/14 17:09, steve wrote: >>>>> On 01/12/14 17:31, Greg Zartman wrote: >>>>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny >>>>>> <rowlandpenny at

On 01/12/14 18:23, steve wrote: > On 01/12/14 19:11, Rowland Penny wrote: >> On 01/12/14 17:46, steve wrote: >>> On 01/12/14 18:25, Rowland Penny wrote: >>>> On 01/12/14 17:16, steve wrote: >>>>> On 01/12/14 18:11, Rowland Penny wrote: >>>>>> On 01/12/14 17:09, steve wrote: >>>>>>> On 01/12/14 17:31, Greg Zartman

On 01/12/14 19:16, steve wrote: > On 01/12/14 19:30, Rowland Penny wrote: >> On 01/12/14 18:23, steve wrote: >>> On 01/12/14 19:11, Rowland Penny wrote: >>>> On 01/12/14 17:46, steve wrote: >>>>> On 01/12/14 18:25, Rowland Penny wrote: >>>>>> On 01/12/14 17:16, steve wrote: >>>>>>> On 01/12/14 18:11, Rowland Penny

Rowland Penny skrev den 2015-02-19 18:15: > OK, there is a discussion over on samba-technical about nss_winbind > and the question about Administrator being mapped to 0 was raised. Now > I have always thought that it should, but in fairness, I decided to > see what happens when it isn't, so I removed Administrator from > idmap.ldb and restarted samba. Before restarting

> On 29.09.2017 11:44 Rowland Penny wrote: > Have you set up the libnss_winbind links, PAM and /etc/nsswitch.conf ? Yes, I had modified two lines in /etc/nsswitch.conf: passwd: files winbind group: files winbind No, I had not seen a pointer to libnss, but now did ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/i386-linux-gnu/ ln -s

Hi Rowland, I'm also not an expert, but with the amount of help you provide on the list, I will defer to you. I'd love to know your rational for prefering the "change ownership to administrator" approach over the "change group to Domain Admins approach". If it's just gut, that's fine too! Thanks! -----Original Message----- From: samba-bounces at

Hai, Ok, i expected a bit different outputs. On my DC, i use /home/samba/sysvol and /home/samba/netlogon. This is what i expected. getfacl /home/samba/ getfacl: Removing leading '/' from absolute path names # file: home/samba/ # owner: root # group: BUILTIN\134administrators user::rwx user:root:rwx group::rwx group:BUILTIN\134administrators:rwx

Hello Luis tomorrow i'm not in office, reply to you thursday One question : who is owner and whats rights for dir     /home     /home/samba     /home/samba/sysvol because, from windows client, user into domain admins, when i change in security tab, explorer always crash bye Il 06/11/2018 17:16, L.P.H. van Belle via samba ha scritto: > Ok, next, > > From a windows pc connect to

Hi, I'm using Samba 4.0.5 and when I use ls -la or getfacl on eg: sysvol/Policies directory Samba dies with this error message: ==> samba/samba.log <== [2013/07/10 07:49:30, 0] ../lib/util/fault.c:72(fault_report) =============================================================== [2013/07/10 07:49:30, 0] ../lib/util/fault.c:73(fault_report) INTERNAL ERROR: Signal 11 in pid 3222

On 22/06/16 13:44, lingpanda101 at gmail.com wrote: > On 6/22/2016 8:19 AM, L.P.H. van Belle wrote: >> And dont forget : >> https://wiki.samba.org/index.php/Idmap_config_ad >> >> I also noticed and incorrect mapping, which "looks" like rights >> issues like in the thead here. ( it is imo not a right issue.. ) read >> on.. >> >>

Also, I'm not sure whether this has any relevance to the problem but I did at one point try to set up a secondary AD server but was struggling to get it going so demoted it using "Demote an Offline Domain Controller" from this page https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC I also went through the "Verifying the Demotion" checks on this page and all looked

Please read the reported bug and bjorn answer.. which does not help any to a solution of fix, or explenation. But the big question now is, does someone somewhere know what bjorn is talking about. i did search for "gencache" but no go here.. just from old documentation. https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html gencache.tdb Generic caching database.

I've hitted the error in subject trying a backup of my sysvol. Mar 21 11:13:31 vdcsv1 winbindd[3494]: [2018/03/21 11:13:31.234373, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent) Mar 21 11:13:31 vdcsv1 winbindd[3494]: Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains! Looking on internet/list archive leadme to recent post (november 2017) and this

Hi root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes ...some error information... Checked 3647 objects (2 errors) root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix Checking 3647 objects Checked 3647 objects (0 errors) root at dc1:~ # getfacl /usr/local/samba/var/locks/sysvol/ getfacl: Removing leading '/' from absolute path