similar to: after user password change, member server unable to authenticate

Tim, Thanks for the hint. Usermap for root applied, locally made requests fail now systematically with "Could not connect to server <server address> Connection failed: NT_STATUS_LOCK_NOT_GRANTED" It is kind of improvement :) Random things scare me. -Tom On Tue, Mar 24, 2015 at 7:40 PM, Tim <lists at kiuni.de> wrote: > Hi Tom, > > have a look at this: >

On 25/03/15 19:40, Tim wrote: > Don't be scared and take the challenge! :-) > > Reduce your smb.conf to the minimum as seen in the member server wiki and try it again. It should work then. > > Am 25. M?rz 2015 14:47:16 MEZ, schrieb "Tom S?derlund" <tom.k.soderlund at gmail.com>: >> Tim, >> >> Thanks for the hint. Usermap for root applied,

When setting file permissions from MS environment to a file on a Samba4 share, it can be made in clear text with human readable user/group names and the rights seem to work. However when checking the permissions again from an MS environment, instead of human readable user/group names there are plain SID numbers in their place and there is an icon apparently signifying an unknown SID. How to keep

I've been experimenting with setting up a CentOS 7 client using automount maps from Active Directory via sssd I've followed the instructions given at: https://ovalousek.wordpress.com/2015/08/03/autofs/ and all works fine However, I can't seem to make the client 'see' new map entries added to the map on the AD server - I've tries reducing various timeout settings in

Mark, Below xxx.yyy. is my network prefix. [global] workgroup = DOMAIN realm = DOMAIN.LOCAL server string = Server %v security = ADS client signing = auto client use spnego = yes kerberos method = secrets and keytab log file = /var/log/samba/log.%m log level = 3 max log size = 50 load printers = No printcap name = /dev/null idmap config * :

I have a large number of CentOS machines (both 6 & 7) getting account information from an LDAP database using SSSD. It all works fine and is fairly reliable. However, I'm having problems with persuading the caching system to forget about users when they are deleted from LDAP. I know about sss_cache with either -E or -U options, but that doesn't delete anything, just invalidates the

Hello, we are using sssd version 1.12 on openSUSE 13.1 with Sernet-Samba Packages 4.1.11. Samba runs as a single AD DC We have removed the complete openSUSE samba stuff before testing. sssd runs on the same machine as samba. Our sssd config: -------------------------------------------------------------------------------- [sssd] services = nss, pam config_file_version = 2 domains =

Giving a domain user group privilege SeDiskOperatorPrivilege fails with NT_STATUS_NO_SUCH_PRIVILEGE. The domain is controlled by a MS 2012 R2 DC. Has this privilege been renamed or replaced with some other privilege? How to give the domain user group necessary rights for defining file share permission settings from MS environment? The RHEL 7 file server is running Samba 4.1.1-38 and the id

I del user 'u1': # userdel u1 But: # groups u1 u1 : g1 Is 'u1' delete? Thansk

Hi Rowland, On Tue, Oct 29, 2019 at 5:37 AM Rowland penny via samba < samba at lists.samba.org> wrote: > > I am sorry but you seem to be asking on the wrong list, you appear to be > using sssd (which isn't supported with Samba from 4.8.0), Samba isn't > doing the authentication. > What part of my problem description, or which log entries make you think I am using

(Re-posting to list also.. Sorry forgot Cc. -Tom) Marc, Thanks for your help and clarifications. I was indeed addressing the domain controller (2012 R2) due to my misunderstanding. Addressing the request at the file server (Samba 4) to the file server fails too but with different errors. Rights list succeeds. $ net rpc rights list accounts -UDOMAIN\\Administrator Enter

I see. =) I probably should have set the backend to autorid for "*", but I didn't think the ID mapping really mattered for the specific test I was doing. The "realm list" output shows the client software as winbind (not sssd) and the logs show messages from winbindd as it handles the authentication (in the successful cases), so I think that indicates that winbind is in

Am 23.02.19 um 15:48 schrieb Rowland Penny via samba: >>>>>>> If you have, as you have, 'files sss winbind' in the the passwd >>>>>>> & group line in nsswitch.conf, means this: >>>>>>> First /etc/passwd or /etc/group is searched and if the user or >>>>>>> group is found, this info is returned.

> On 23 Feb 2019, at 14:52, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Sat, 23 Feb 2019 14:21:57 +0100 > Remy Zandwijk via samba <samba at lists.samba.org> wrote: > >> >> >>> On 23 Feb 2019, at 14:07, Rowland Penny via samba >>> <samba at lists.samba.org> wrote: >>> >>> On Sat, 23 Feb 2019

Hi List, I recently upgraded one of our high-volume SMB servers from samba 3.x to samba 4.1.12 (also changing the OS). Now I have a strange problem. The CPU load on the server is very high, processes that are causing it are nslcd or since I changed to it sssd and the smbd processes themselves. ? Top looks like this: --------------------------------- PID USER????? PR? NI? VIRT? RES? SHR S

I am running Samba 4.1.12 with SSSD 1.12.2 on RHEL 7.1. I have joined my system to a Win 2008r2 domain. I have added the necessary unix attributes to all relevant users and groups. When I add a domain group to a directory, either as the primary group or as an ACL, I can access the share locally from the server, but cannot access the share from a Windows system via the SMB share. If I change

I know that ID. I had this 70001 too sometime. It was a cache problem. Try "net cache flush" and after this getent once more. This should work. Regards Tim Am 25. Februar 2015 09:45:40 MEZ, schrieb "Herv? H?noch" <h.henoch at isc84.org>: >Both groups are Samba groups > >wbinfo --group-info gives for each group : >GID of domain users is 513 >GID of info is

I've come across a difference I can't explain between the way Samba behaves on Fedora 20 (4.1.17-1.fc20) and Centos 7 (4.1.12-21.el7). I have a test server of each system (Fedora 20 and Centos 7), each newly built, fully updated, and with the same config file. Each is joined to our AD domain (Windows DCs). Some of our client systems are joined to the domain and use Kerberos tickets

On 04/21/2015 11:39 AM, Rowland Penny wrote: > On 21/04/15 18:24, Ty! Boyack wrote: >> On 04/20/2015 05:30 PM, Andrey Repin wrote: >>> Greetings, Ty! Boyack! >> >> Thanks, and Hi! >>> I dumped (using testparm -v) all of the default settings, and found >>> that >>> With Samba 4, I've found the output of "samba-tool testparm" to

On 14/04/2023 09:23, Anderson Sampaio Mello via samba wrote: > Hello Samba Team, how are you? > > I'm joining linux clients in the company's environment and I would like to > apply GPOs to linux clients, I'm in the testing phase. > > I'm testing with ubuntu clients version 22.04 and the software I used to > join the samba AD was sssd. > Samba does not