similar to: Info/Feedback on Samba bug #8744...

Some month ago a local branch office closed; the local branch had a DC, that i've simply removed the dc with: samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio (see https://lists.samba.org/archive/samba/2019-February/221195.html) But this leave some old DNS records, eg: root at vdcsv1:~# host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed

Following: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC i've demoted and removed a DC. Seems all went as expected: root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion Password for [LNFFVG\gaio]: Deactivating inbound replication Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize

I need to do a simple query, against some LDAP data in 'laster draft schema' format i've added to te samba/AD schema. All LDAP query return the same result on all (6) of the DC: root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember Enter LDAP Password:

Ahem no one reply me. A little fast-rewind: i need to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is

Happy new year to all! Samba 4.9.17 on stretch, Louis package. On 22/12, at midnight, office closed, i suffered a network outgage that 'broke in two' my domain. On 23/12, at 14.00, network come back. After that, some scripts written around ldbsearch i run on DM (against vdcsv1 that is the DC with FSMO roles) start to complain: Failed to bind - LDAP client internal error:

Hai, The steps shown here dont work? https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC If that is the case and you besides that free of errors. Then upgrade, and try again once your on at least samba 4.9 or 4.10. As im hoping you are upgrade straight to Buster. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens

I've noted that some weeks ago, but i was upgrading all my PVE cluster so i've considered it benevolent. Yesterday i've updated my main switch, disconnecting for a brief lag of time all my ''infrastructutes''. My SMTP server (exim) start to complain about 'unroutable addresses': 2019-01-16 18:32:40 1gjp3Q-0006aw-TG <= root at sv.lnf.it H=(3jane.sv.lnf.it)

On Thu, 2017-12-07 at 10:48 +0100, Marco Gaiarin via samba wrote: > Mandi! Andrew Bartlett via samba > In chel di` si favelave... > > > > This lead me to another question: in this way, aliases are ''domain > > > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and > > > another DM aliased 'file' in another LAN, as

I'm starting to upgrade my domain members to debian stretch/samba 4.8, using louis packages. Domain controllers still on jessie/samba45. Upgrade went smooth, but after upgrade seems that the DM was not able anymore to retrieve rfc2307 data, eg: root at vdmsv2:~# getent passwd gaio gaio:*:10000:10513:Marco Gaiarin:/home/LNFFVG/gaio:/bin/false root at vdmsv2:~# ldbsearch -H

I'm scripting the ''replica'' of DC xID db (idmap.ldb) between DCs, following: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings but i've two question. 1) because i've just in place the sysvol replica, i've thinked of copying the 'idmap.ldb.bak' file on sysvol share (in debian,

i've seen that is similar to your latest test. What about a gpresult -h result.html. The GPo is appplied to the user? Greetings!! 2017-11-30 13:29 GMT+01:00 Daniel Carrasco <d.carrasco at i2tic.com>: > I don't know if is relevant and maybe is the same as GPO that you've > created, but Ive a profiles folder with this configuration: > > [profiles] > path

Hai, Im not into radius (yet)... but you can try upgrading samba. echo "# Backports repository" >> /etc/apt/sources.list.d/debian-backport.list echo "deb http://ftp.nl.debian.org/debian/ wheezy-backports main " >> /etc/apt/sources.list.d/debian-backport.list apt-get update && apt-get upgrade and try again. Greetz, Louis >-----Oorspronkelijk

With Samba in NT mode, i was able to enable wireless access using machine account, and worked decently. Now i want to try again in AD mode, but i've not found info, and i've just hit a trouble: Oct 1 14:31:55 vdmsv1 radiusd[13555]: rlm_ldap (ldap): Opening additional connection (25), 1 of 31 pending slots used Oct 1 14:31:55 vdmsv1 radiusd[13555]: (187) Login incorrect:

I've setup a portable system (ubuntu 16.04) joined to my AD domain, that in their primary network works as expected. But in this 'COVID time', the portable start to roam around, and users say me that, suddenly after some days of use, get incredibly sloooowww... after that users reboot, and cannot get back in, login refused. I've setup a VPN, but clearly if users cannot login

Mandi! Rowland penny via samba In chel di` si favelave... > You probably cannot, you seem to have added the misc.schema incorrectly (it > probably cannot be added correctly) > Please stop trying to get NIS to work with AD, you do not need it, nobody > use NIS with AD, actually very few people still use NIS. Apart that this is not 'NIS', but a draft (and expired) schema used

> Why?! Sorry but... someone can point me in the right direction? Really i don't know how to look for that problem... I summarize: a) an LDAP lookup for some data works in ALL DC past one b) in that non-working DC, a direct query against the sam.ldb reveal that data are here (so, seems to me an ACL problem) c) checking sync status between DCs reveal no sync troubles. Where i can

Mandi! Robert Marcano via samba In chel di` si favelave... > Yes, check the documentation of krb5.conf. Ahem, 'apt-get install krb5-doc' misses. ;-) > In summary you will need to > disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set > you admin and kdc hostnames there, something like: How can i determine kdc and master_kdc values? All DC server are

You guys mix to things. > AFAIK is the 'privileges' that are host-specific. Is correct. >the policies are on the domain (in the LDAP data, > the root DN, look at them!). Yes, but only the GPO policies and these are not applied to the samba server. And because of that, samba-tools password settings needs to be set on every DC. Greetz, Louis > -----Oorspronkelijk

In our network we found some client with clock differences. Some machine have effectively some troubles, eg have NO 'Windows Time' service defined, probably some glitches happened when moving from our old NT-like domain. Anyway, catching for that, we have found some other strangeness. Windows time service run: C:\Users\gaio>sc query w32time NOME_SERVIZIO: w32time TIPO

Mandi! Andrew Bartlett via samba In chel di` si favelave... > It is an operational attribute. simply add  > msDS-UserPasswordExpiryTimeComputed > to the list of attributes requested when searching for the user. root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge # record 1 dn: