similar to: Yet another "Can I change user's SID" question

My concern wasn't a phylosophical one but a pragmatic one. Learning about poor choices when lowering memset is probably quite useful. Having a flag that just turns off idiom recognition for it may just work around the problem. But the problem may still exist. In any case, I'm not fundamentally against such a flag but it just seems like something that could 1. Hide a problem 2. Get a bit

I've got this on the backup DC root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516 3000000 while root at bdc:~# ldbedit -H /usr/local/samba/private/idmap.ldb objectsid=S-1-5-21-1166961617-3197558402-3341820450-516 shows correct xid 3000019 and on the primary DC I've got itk at dc:/$ wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516 3000019

17.07.2015, 17:30, "Rowland Penny" <rowlandpenny241155 at gmail.com>: > On 17/07/15 12:03, Andrej Surkov wrote: >>  I've got this on the backup DC >> >>  root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516 >>  3000000 > > OK, you have problems there, but not what you think. On my first DC > (note I don't have

Hello all, When I run ldbedit on idmap.ldb some of my SIDs seem to be missing. The below output demonstrates the problem quite clearly: root at server:/# wbinfo -n administrator S-1-5-21-3663128747-3839060396-3176805764-500 SID_USER (1) root at server:/# ldbedit -e /usr/bin/vim -H /var/lib/samba/private/idmap.ldb objectsid=S-1-5-21-3663128747-3839060396-3176805764-500 # 0 adds 0 modifies 0

Hi Rowland, On 10/16/2017 05:13 PM, Rowland Penny via samba wrote: > If you need to edit the NCs in sam.ldb.d, use '--cross-ncs' with the > ldb command, this allows you safely change things. There have been > reports of AD being destroyed by directly editing the ldb's in sam.ldb.d Looking at the man page of ldbedit, I see no reference to --cross-ncs Tried: > ldbedit

On Mon, 23 Jul 2018 11:27:38 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote: > How are you searching and what with ? I used the ADUC tool and LDAPAdmin. > > Have you tried ldbedit ? > > ldbedit -e <your favourite editor> -H /path/to/sam.ldb > > This will display everything in the editor and you can then search in > that for the groups. You

Hi colleagues, it seems i've hit a bug in SAMBA as follows: The local windows network admin of our local radio station filled / transferred some user account data into our new FreeNAS by the Win RSAT. We are setting up SAMBA as a PDC incl. directory service and use the current stable FreeNAS with its current SAMBA "4.3.6-GIT-UNKNOWN" One account name "produktion-a"

Greetings, Rowland Penny! >>> Hi Louis, It works for me >>> This appears in log.smbd on my DC when I run the same command: >>> [2015/03/30 10:15:42.442881, 3] >>> ../source3/smbd/service.c:856(make_connection_snum) >>> dc01 (ipv6:::1:43602) connect to service IPC$ initially as user NT >>> AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000013)

On 5 January 2016 at 15:02, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > I'll try to use ldbedit to grant myself permissions on the OU again .. Is > ldbedit safe to use: > > - on a running Samba server (or do I need to stop samba) > - in a multi-DC environment (or do I need to run it and make the same > changes on each DC) > Answering my own question here... it

Hi, Does anyone have experience of using ldbedit or similar, to remove the duplicates below? (Is that even the right way for me to go?) Can I perhaps query something using ldbsearch, to find the duplicates, before using ldbedit? On Sun, 18 Nov 2018 at 21:37, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > [...] > In my database, as reported by the domain join command above, I have

2016-05-26 13:51 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Parenthesis are not yet a good idea with Samba. A colleague created users > with parenthesis in CN field and we just can't use ldbsearch to look for > them, as long as we set parenthesis in LDAP filter. We must use wildcard to > avoid the bug (bug because we can use escaped parenthesis in filters with

Thank you, Rowland! On 4 January 2016 at 10:36, Rowland penny <rpenny at samba.org> wrote: > On 04/01/16 01:43, Jonathan Hunter wrote: > >> I can view the data using ldbsearch when logged in as root on the DC >> itself >> - but how do I view the permissions and edit them from the commandline? >> > > They are stored in a hidden attribute called

> I think it would be easier to: > > ldbedit -e nano -H /var/lib/samba/private/sam.ldb --cross-ncs -b > "DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=com" > "(DC=21)" > > On a DC. > > Rowland Well, not so simple... I tried ldbedit -e vim -H /usr/local/samba/private/sam.ldb --cross-ncs -b

Dear list, Does anybody know how to lower the tombstone lifetime in samba 4.5 or later? There used to be a wiki entry, but this has been deleted as it is probably not adequate anymore: https://wiki.samba.org/index.php/Restoring_deleted_AD_objects#Changing_the_defaults_for_msDS-deletedObjectLifetime_and_tombstoneLifetime I used to change the attribute tombstoneLifetime in CN=Directory

Hi Rowland, after we solved the puzzle today here is what we found: The Samba PDC with tdbsam backend was installed a loooooong time ago. Many updates and distributions later, the Samba PDC was still running with with the same databases and the same smb.conf. The only thing that someone sometime changed was the hostname and the NetBIOS-Name in smb.conf. BUT in secrets.tdb was still the old name.

Greetings, Rowland Penny! >>>>> Hi Louis, It works for me >>>>> This appears in log.smbd on my DC when I run the same command: >>>>> [2015/03/30 10:15:42.442881, 3] >>>>> ../source3/smbd/service.c:856(make_connection_snum) >>>>> dc01 (ipv6:::1:43602) connect to service IPC$ initially as user NT >>>>>

On 08/01/16 10:31, Ole Traupe wrote: > > > Am 04.01.2016 um 19:24 schrieb Rowland penny: >> On 04/01/16 17:23, Ole Traupe wrote: >>> No ideas on that? >>> >>> Ole >>> >>> >>> >>> Am 18.12.2015 um 13:44 schrieb Ole Traupe: >>>> I accidentally created a SRV record with a false port. I then >>>>

So... I've been running Samba 3.6 for too long and I upgraded. I did save my packages for 3.6, but I don't _think_ I'm going back. Points for the group: - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it seems to be a known problem (tm), so I'll move on. - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate complains. Strange thing, tho: all

Am 2017-01-01 um 16:04 schrieb Rowland Penny via samba: > So it looks like you only have 77 users, but cannot have any local Unix > users because your Unix users start at 1000. How do feel about changing > the uidNumbers ? feels scary and I'd like to avoid that :-) > if so, the easiest way will be to open the AD database > with ldbedit: > > ldbedit -e nano -H

Am 08.01.2016 um 12:03 schrieb Ole Traupe: > > > Am 08.01.2016 um 11:47 schrieb Rowland penny: >> On 08/01/16 10:31, Ole Traupe wrote: >>> >>> >>> Am 04.01.2016 um 19:24 schrieb Rowland penny: >>>> On 04/01/16 17:23, Ole Traupe wrote: >>>>> No ideas on that? >>>>> >>>>> Ole >>>>>