Displaying 20 results from an estimated 10000 matches similar to: "Samba4, idmap.ldb & ID_TYPE_BOTH"
2015 Feb 21
2
Samba4, idmap.ldb & ID_TYPE_BOTH
On 20/02/15 21:27, Davor Vusir wrote:
>
> Rowland Penny skrev den 2015-02-19 18:15:
>> OK, there is a discussion over on samba-technical about nss_winbind
>> and the question about Administrator being mapped to 0 was raised.
>> Now I have always thought that it should, but in fairness, I decided
>> to see what happens when it isn't, so I removed Administrator
2015 Jul 03
3
Clients unable to get group policy...
On 03/07/15 15:18, Ryan Ashley wrote:
> The only Unix client I can think of would be the Buffalo NAS. It runs
> Samba3 and hosts various shares via SMB. DNS is handled by BIND9 on the
> Samba4 DC. DNS does work and the domain name resolves to the IP address
> of the server. DHCP is also handled on the DC. As for the GPO's, they're
> in the correct place as far as I can tell.
2015 Jul 03
2
Clients unable to get group policy...
On 03/07/15 15:58, Ryan Ashley wrote:
> They left a PC on, so I got the info. The info pissed me off, but not
> because of the issue. This time it worked flawlessly, but I got the
> error from the event log from prior attempts. First, today's results.
>
> C:\Users\reachfp.KIGM>gpupdate
> Updating Policy...
>
> User Policy update has completed successfully.
>
2015 Jul 02
5
Clients unable to get group policy...
On 02/07/15 16:55, Ryan Ashley wrote:
> Rowland, here is what I found in the ldb.
>
> # record 68
> dn: CN=S-1-5-32-544
> cn: S-1-5-32-544
> objectClass: sidMap
> objectSid: S-1-5-32-544
> type: ID_TYPE_BOTH
> xidNumber: 3000000
> distinguishedName: CN=S-1-5-32-544
>
> # record 70
> dn: CN=S-1-5-32-549
> cn: S-1-5-32-549
> objectClass: sidMap
>
2015 Feb 21
0
Samba4, idmap.ldb & ID_TYPE_BOTH
Rowland Penny skrev den 2015-02-21 10:35:
> On 20/02/15 21:27, Davor Vusir wrote:
>>
>> Rowland Penny skrev den 2015-02-19 18:15:
>>> OK, there is a discussion over on samba-technical about nss_winbind
>>> and the question about Administrator being mapped to 0 was raised.
>>> Now I have always thought that it should, but in fairness, I decided
2015 Jun 30
2
Clients unable to get group policy...
On 30/06/15 17:18, Ryan Ashley wrote:
> I hate to revive this, but before I push my client through an upgrade, I
> have to be sure my issue is with ACLs not being supported, as suggested.
> Squeeze does have ACL support.
>
> root at dc01:/samba/var/locks# getfacl sysvol
> # file: sysvol
> # owner: root
> # group: 3000000
> user::rwx
> user:root:rwx
>
2014 Dec 01
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 17:46, steve wrote:
> On 01/12/14 18:25, Rowland Penny wrote:
>> On 01/12/14 17:16, steve wrote:
>>> On 01/12/14 18:11, Rowland Penny wrote:
>>>> On 01/12/14 17:09, steve wrote:
>>>>> On 01/12/14 17:31, Greg Zartman wrote:
>>>>>> On Mon, Dec 1, 2014 at 1:33 AM, Rowland Penny
>>>>>> <rowlandpenny at
2014 Dec 01
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 18:23, steve wrote:
> On 01/12/14 19:11, Rowland Penny wrote:
>> On 01/12/14 17:46, steve wrote:
>>> On 01/12/14 18:25, Rowland Penny wrote:
>>>> On 01/12/14 17:16, steve wrote:
>>>>> On 01/12/14 18:11, Rowland Penny wrote:
>>>>>> On 01/12/14 17:09, steve wrote:
>>>>>>> On 01/12/14 17:31, Greg Zartman
2014 Dec 01
2
uidNumber. ( Was: What is --rfc2307-from-nss ??)
On 01/12/14 19:16, steve wrote:
> On 01/12/14 19:30, Rowland Penny wrote:
>> On 01/12/14 18:23, steve wrote:
>>> On 01/12/14 19:11, Rowland Penny wrote:
>>>> On 01/12/14 17:46, steve wrote:
>>>>> On 01/12/14 18:25, Rowland Penny wrote:
>>>>>> On 01/12/14 17:16, steve wrote:
>>>>>>> On 01/12/14 18:11, Rowland Penny
2015 Feb 20
0
Samba4, idmap.ldb & ID_TYPE_BOTH
Rowland Penny skrev den 2015-02-19 18:15:
> OK, there is a discussion over on samba-technical about nss_winbind
> and the question about Administrator being mapped to 0 was raised. Now
> I have always thought that it should, but in fairness, I decided to
> see what happens when it isn't, so I removed Administrator from
> idmap.ldb and restarted samba. Before restarting
2017 Sep 29
3
user cannot access shares on new ad-dc
> On 29.09.2017 11:44 Rowland Penny wrote:
> Have you set up the libnss_winbind links, PAM and /etc/nsswitch.conf ?
Yes, I had modified two lines in /etc/nsswitch.conf:
passwd: files winbind
group: files winbind
No, I had not seen a pointer to libnss, but now did
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/i386-linux-gnu/
ln -s
2015 Feb 27
2
Domain Member Server (wheezy) - Unable to edit permissions of share without usermapping - shall I add to Wiki?
Hi Rowland,
I'm also not an expert, but with the amount of help you provide on the list,
I will defer to you.
I'd love to know your rational for prefering the "change ownership to
administrator" approach over the "change group to Domain Admins approach".
If it's just gut, that's fine too!
Thanks!
-----Original Message-----
From: samba-bounces at
2018 Nov 06
3
classicupgrade
Hai,
Ok, i expected a bit different outputs.
On my DC, i use /home/samba/sysvol and /home/samba/netlogon.
This is what i expected.
getfacl /home/samba/
getfacl: Removing leading '/' from absolute path names
# file: home/samba/
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
group::rwx
group:BUILTIN\134administrators:rwx
2018 Nov 06
3
classicupgrade
Hello Luis
tomorrow i'm not in office, reply to you thursday
One question : who is owner and whats rights for dir
/home
/home/samba
/home/samba/sysvol
because, from windows client, user into domain admins, when i change in
security tab, explorer always crash
bye
Il 06/11/2018 17:16, L.P.H. van Belle via samba ha scritto:
> Ok, next,
>
> From a windows pc connect to
2013 Jul 10
2
Sync - sysvol and getfacl
Hi,
I'm using Samba 4.0.5 and when I use ls -la or getfacl on eg:
sysvol/Policies directory Samba dies with this error message:
==> samba/samba.log <==
[2013/07/10 07:49:30, 0] ../lib/util/fault.c:72(fault_report)
===============================================================
[2013/07/10 07:49:30, 0] ../lib/util/fault.c:73(fault_report)
INTERNAL ERROR: Signal 11 in pid 3222
2016 Jun 22
4
Rights issue on GPO
On 22/06/16 13:44, lingpanda101 at gmail.com wrote:
> On 6/22/2016 8:19 AM, L.P.H. van Belle wrote:
>> And dont forget :
>> https://wiki.samba.org/index.php/Idmap_config_ad
>>
>> I also noticed and incorrect mapping, which "looks" like rights
>> issues like in the thead here. ( it is imo not a right issue.. ) read
>> on..
>>
>>
2017 Jan 13
2
Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies
Also, I'm not sure whether this has any relevance to the problem but I did at one point try to set up a secondary AD server but was struggling to get it going so demoted it using "Demote an Offline Domain Controller" from this page
https://wiki.samba.org/index.php/Demote_a_Samba_AD_DC
I also went through the "Verifying the Demotion" checks on this page and all looked
2015 Apr 30
10
FW: [Bug 11241] different ids even when idmap.ldb copied. not abug..
Please read the reported bug and bjorn answer.. which does not help any to a solution of fix, or explenation.
But the big question now is, does someone somewhere know what bjorn is talking about.
i did search for "gencache" but no go here..
just from old documentation.
https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html
gencache.tdb Generic caching database.
2018 Mar 21
2
Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
I've hitted the error in subject trying a backup of my sysvol.
Mar 21 11:13:31 vdcsv1 winbindd[3494]: [2018/03/21 11:13:31.234373, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Mar 21 11:13:31 vdcsv1 winbindd[3494]: Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!
Looking on internet/list archive leadme to recent post (november 2017)
and this
2017 Jan 12
2
Samba 4.5.3 AD DC - issues with sysvol when setting up Group Policies
Hi
root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes
...some error information...
Checked 3647 objects (2 errors)
root at dc1:~ # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
Checking 3647 objects
Checked 3647 objects (0 errors)
root at dc1:~ # getfacl /usr/local/samba/var/locks/sysvol/
getfacl: Removing leading '/' from absolute path