Displaying 20 results from an estimated 10000 matches similar to: "Info/Feedback on Samba bug #8744..."
2019 Oct 01
3
Removed a DC but...
Some month ago a local branch office closed; the local branch had a DC,
that i've simply removed the dc with:
samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
(see https://lists.samba.org/archive/samba/2019-February/221195.html)
But this leave some old DNS records, eg:
root at vdcsv1:~# host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed
2019 Feb 15
6
Demoted/removed a DC, and the NS records?
Following:
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
i've demoted and removed a DC. Seems all went as expected:
root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
Password for [LNFFVG\gaio]:
Deactivating inbound replication
Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize
2018 Nov 26
3
Different LDAP query in different DC...
I need to do a simple query, against some LDAP data in 'laster draft
schema' format i've added to te samba/AD schema.
All LDAP query return the same result on all (6) of the DC:
root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember
Enter LDAP Password:
2017 Dec 14
5
[Curiosity] 'netbios aliases' works in AD mode?
Ahem no one reply me.
A little fast-rewind: i need to have some 'aliases' to my servers (DM);
seems i need to add in smb.conf:
netbios aliases = FILESV
but also add a 'SPN'; trying to look around for an examples, lead me to
''nothing'', or to examples that seems to me unrelated.
Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host
is
2020 Jan 07
2
Domain 'resync', DC with FSMO roles LDAP troubles...
Happy new year to all!
Samba 4.9.17 on stretch, Louis package.
On 22/12, at midnight, office closed, i suffered a network outgage that 'broke in
two' my domain.
On 23/12, at 14.00, network come back. After that, some scripts written
around ldbsearch i run on DM (against vdcsv1 that is the DC with FSMO
roles) start to complain:
Failed to bind - LDAP client internal error:
2019 Oct 02
3
Removed a DC but...
Hai,
The steps shown here dont work?
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
If that is the case and you besides that free of errors.
Then upgrade, and try again once your on at least samba 4.9 or 4.10.
As im hoping you are upgrade straight to Buster.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
2019 Jan 17
3
Winbind, cached logons and 'user persistency'...
I've noted that some weeks ago, but i was upgrading all my PVE cluster
so i've considered it benevolent.
Yesterday i've updated my main switch, disconnecting for a brief lag of
time all my ''infrastructutes''.
My SMTP server (exim) start to complain about 'unroutable addresses':
2019-01-16 18:32:40 1gjp3Q-0006aw-TG <= root at sv.lnf.it H=(3jane.sv.lnf.it)
2017 Dec 07
2
[Curiosity] 'netbios aliases' works in AD mode?
On Thu, 2017-12-07 at 10:48 +0100, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
> In chel di` si favelave...
>
> > > This lead me to another question: in this way, aliases are ''domain
> > > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
> > > another DM aliased 'file' in another LAN, as
2018 Sep 04
4
Upgraded a member server to 4.8, rfc2307 data?
I'm starting to upgrade my domain members to debian stretch/samba 4.8,
using louis packages.
Domain controllers still on jessie/samba45.
Upgrade went smooth, but after upgrade seems that the DM was not able
anymore to retrieve rfc2307 data, eg:
root at vdmsv2:~# getent passwd gaio
gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false
root at vdmsv2:~# ldbsearch -H
2017 Nov 30
2
Troubles on Roaming Profiles...
i've seen that is similar to your latest test.
What about a gpresult -h result.html. The GPo is appplied to the user?
Greetings!!
2017-11-30 13:29 GMT+01:00 Daniel Carrasco <d.carrasco at i2tic.com>:
> I don't know if is relevant and maybe is the same as GPO that you've
> created, but Ive a profiles folder with this configuration:
>
> [profiles]
> path
2019 Sep 19
3
Script to sync xID/idmap.ldb, some questions...
I'm scripting the ''replica'' of DC xID db (idmap.ldb) between DCs,
following:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings
but i've two question.
1) because i've just in place the sysvol replica, i've thinked of
copying the 'idmap.ldb.bak' file on sysvol share (in debian,
2015 Jan 05
0
Info/Feedback on Samba bug #8744...
Hai,
Im not into radius (yet)... but you can try upgrading samba.
echo "# Backports repository" >> /etc/apt/sources.list.d/debian-backport.list
echo "deb http://ftp.nl.debian.org/debian/ wheezy-backports main " >> /etc/apt/sources.list.d/debian-backport.list
apt-get update && apt-get upgrade
and try again.
Greetz,
Louis
>-----Oorspronkelijk
2020 Oct 01
2
Freeradius logon with machine account...
With Samba in NT mode, i was able to enable wireless access using
machine account, and worked decently.
Now i want to try again in AD mode, but i've not found info, and i've
just hit a trouble:
Oct 1 14:31:55 vdmsv1 radiusd[13555]: rlm_ldap (ldap): Opening additional connection (25), 1 of 31 pending slots used
Oct 1 14:31:55 vdmsv1 radiusd[13555]: (187) Login incorrect:
2020 Sep 11
4
Winbind offline cache and strangeness...
I've setup a portable system (ubuntu 16.04) joined to my AD domain,
that in their primary network works as expected.
But in this 'COVID time', the portable start to roam around, and users
say me that, suddenly after some days of use, get incredibly
sloooowww... after that users reboot, and cannot get back in, login
refused.
I've setup a VPN, but clearly if users cannot login
2020 Jul 22
2
Err: Naming violation
Mandi! Rowland penny via samba
In chel di` si favelave...
> You probably cannot, you seem to have added the misc.schema incorrectly (it
> probably cannot be added correctly)
> Please stop trying to get NIS to work with AD, you do not need it, nobody
> use NIS with AD, actually very few people still use NIS.
Apart that this is not 'NIS', but a draft (and expired) schema used
2018 Nov 28
2
Different LDAP query in different DC...
> Why?!
Sorry but... someone can point me in the right direction? Really i
don't know how to look for that problem...
I summarize:
a) an LDAP lookup for some data works in ALL DC past one
b) in that non-working DC, a direct query against the sam.ldb reveal
that data are here (so, seems to me an ACL problem)
c) checking sync status between DCs reveal no sync troubles.
Where i can
2018 May 30
2
PAM only and Kerberos...
Mandi! Robert Marcano via samba
In chel di` si favelave...
> Yes, check the documentation of krb5.conf.
Ahem, 'apt-get install krb5-doc' misses. ;-)
> In summary you will need to
> disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set
> you admin and kdc hostnames there, something like:
How can i determine kdc and master_kdc values? All DC server are
2018 Nov 22
2
NTP strangeness...
In our network we found some client with clock differences.
Some machine have effectively some troubles, eg have NO 'Windows Time'
service defined, probably some glitches happened when moving from our
old NT-like domain.
Anyway, catching for that, we have found some other strangeness.
Windows time service run:
C:\Users\gaio>sc query w32time
NOME_SERVIZIO: w32time
TIPO
2017 Nov 21
3
Time synchronization and Password Policies
You guys mix to things.
> AFAIK is the 'privileges' that are host-specific.
Is correct.
>the policies are on the domain (in the LDAP data,
> the root DN, look at them!).
Yes, but only the GPO policies and these are not applied to the samba server.
And because of that, samba-tools password settings needs to be set on every DC.
Greetz,
Louis
> -----Oorspronkelijk
2017 Oct 27
2
Some hint reading password expiration data...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> It is an operational attribute. simply addÂ
> msDS-UserPasswordExpiryTimeComputed
> to the list of attributes requested when searching for the user.
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge
# record 1
dn: