Displaying 20 results from an estimated 2000 matches similar to: ""wbinfo --sid-to-gid" returns false gids"
2015 Jul 17
1
"wbinfo --sid-to-gid" returns false gids
17.07.2015, 17:30, "Rowland Penny" <rowlandpenny241155 at gmail.com>:
> On 17/07/15 12:03, Andrej Surkov wrote:
>> I've got this on the backup DC
>>
>> root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516
>> 3000000
>
> OK, you have problems there, but not what you think. On my first DC
> (note I don't have
2015 Jul 17
0
"wbinfo --sid-to-gid" returns false gids
On 17/07/15 12:03, Andrej Surkov wrote:
> I've got this on the backup DC
>
> root at bdc:~# wbinfo --sid-to-gid S-1-5-21-1166961617-3197558402-3341820450-516
> 3000000
OK, you have problems there, but not what you think. On my first DC
(note I don't have a 'primary' or a 'backup' DC, I just have DC's) if I
run 'wbinfo --name-to-sid=Domain\
2015 Feb 21
2
Samba4, idmap.ldb & ID_TYPE_BOTH
On 20/02/15 21:27, Davor Vusir wrote:
>
> Rowland Penny skrev den 2015-02-19 18:15:
>> OK, there is a discussion over on samba-technical about nss_winbind
>> and the question about Administrator being mapped to 0 was raised.
>> Now I have always thought that it should, but in fairness, I decided
>> to see what happens when it isn't, so I removed Administrator
2015 Jan 30
2
rfc2307 deprecated in Windows 2012 R2?
On 30/01/15 16:55, Hans-Kristian Bakke wrote:
> I still do not follow you. An additional reason for including
> administrator in the first place, not including that I actually want
> it to work against the linux boxes like every other domain user, was
> because winbind returns the exact same mapping when using idmap
> backend RID with range 300000-499999 (i.e not rfc2307 attributes)
2016 Oct 26
3
NT_STATUS_INVALID_SID
I have a brand-new install of Debian 8 without systemd and a
freshly-built Samba 4 install with issues. I created this as a
standalone AD DC, setup group policies, etc and then took it to the
client location. Now nothing works. I keep getting "RPC server
unavailable" on Windows machines and trying to list shares on the DC
itself results in NT_STATUS_INVALID_SID. I am lost as there are
2015 Jan 30
1
rfc2307 deprecated in Windows 2012 R2?
On 30/01/15 17:29, Hans-Kristian Bakke wrote:
> On one of your DCs? As in you run Samba for your DCs?
>
> This thread was using Server 2012 R2 as DCs, and that was what my
> response was aimed at. I am also using Server 2012 R2 for DCs. In this
> case the Administrator is "just a user" seen from the linux boxes.
> That Administrator is assigned a root-role in a Samba DC
2015 Feb 19
4
Samba4, idmap.ldb & ID_TYPE_BOTH
OK, there is a discussion over on samba-technical about nss_winbind and
the question about Administrator being mapped to 0 was raised. Now I
have always thought that it should, but in fairness, I decided to see
what happens when it isn't, so I removed Administrator from idmap.ldb
and restarted samba. Before restarting samba, I checked a few things, on
the DC, getfacl returned this for
2016 Oct 27
4
NT_STATUS_INVALID_SID
On Wed, 26 Oct 2016 17:27:37 -0400
Ryan Ashley via samba <samba at lists.samba.org> wrote:
> I guess I should note that it seems like the high SIDs will resolve,
> except for 300000. Below is an example.
>
> root at dc01:~# l /var/lib/samba/sysvol/medarts.lan/
> total 16
> drwxrws---+ 4 MEDARTS\reachfp 3000000 4096 Oct 17 17:45 Policies
> drwxrws---+ 2 MEDARTS\reachfp
2015 Jan 30
2
rfc2307 deprecated in Windows 2012 R2?
On 30/01/15 16:20, Hans-Kristian Bakke wrote:
> I do not understand the point about issues with administrator beeing
> mapped to a "random" rfc2307 UID. You need to explain the details
> surrounding that part to me as my experience is that this is OK and
> even necessary.
>
> The only reason for not giving Administrator a "random" UID/GID that I
> can think
2017 Jan 11
4
Corrupted idmap...
Rowland, no domain user can authenticate on any system and running
sysvolreset followed by sysvolcheck results in a crash. If the sysvol
permissions are correct, sysvolcheck does not crash. If I attempt to
join a NAS or workstation to the domain I get NT_STATUS_INVALID_SID.
Researching these symptoms turns up a thread about a corrupt idmap.ldb
where a group SID and user SID may be the same or
2017 Jan 12
2
Corrupted idmap...
I forgot about ldbsearch. Here is a dump of xid numbers.
root at dc01:~# ldbsearch -H /var/lib/samba/private/idmap.ldb | grep xidNumber
xidNumber: 3000028
xidNumber: 3000013
xidNumber: 3000033
xidNumber: 3000003
xidNumber: 3000032
xidNumber: 3000023
xidNumber: 3000019
xidNumber: 3000010
xidNumber: 65534
xidNumber: 3000031
xidNumber: 3000022
xidNumber: 3000026
xidNumber: 3000017
xidNumber: 3000027
2015 Apr 19
1
[bug?] idmap.ldb xidNumber attributes overlap with existing users'/groups' uidNumber/gidNumber
Greetings, All!
I've discovered a nasty mismatch in my recently upgraded domain.
It seems that a number of builtin groups have mappings in idmap.ldb that
overlap with posixAccount mappings in the sam.ldb.
Namely,
# file: var/lib/samba/sysvol/ads.example.com/scripts/
# owner: root
# group: 544
user::rwx
user:root:rwx
group::rwx
group:544:rwx
group:30000:r-x
group:30001:rwx
2015 Jul 03
3
Clients unable to get group policy...
On 03/07/15 15:18, Ryan Ashley wrote:
> The only Unix client I can think of would be the Buffalo NAS. It runs
> Samba3 and hosts various shares via SMB. DNS is handled by BIND9 on the
> Samba4 DC. DNS does work and the domain name resolves to the IP address
> of the server. DHCP is also handled on the DC. As for the GPO's, they're
> in the correct place as far as I can tell.
2015 Jul 02
5
Clients unable to get group policy...
On 02/07/15 16:55, Ryan Ashley wrote:
> Rowland, here is what I found in the ldb.
>
> # record 68
> dn: CN=S-1-5-32-544
> cn: S-1-5-32-544
> objectClass: sidMap
> objectSid: S-1-5-32-544
> type: ID_TYPE_BOTH
> xidNumber: 3000000
> distinguishedName: CN=S-1-5-32-544
>
> # record 70
> dn: CN=S-1-5-32-549
> cn: S-1-5-32-549
> objectClass: sidMap
>
2017 Jun 16
2
Erro sysvolcheck/sysvolreset
:-|
ls -lnd /opt/samba/var/locks/sysvol
drwxrwx---+ 3 0 3000000 4096 Jun 16 13:56 /opt/samba/var/locks/sysvol
Em 16-06-2017 13:38, Rowland Penny via samba escreveu:
> On Fri, 16 Jun 2017 13:15:19 -0300
> "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:
>
>> OK, sorry, uncomment a line :-D
>>
>> Yes exist!
>>
>> ls -ld
2016 Jun 20
2
Rights issue on GPO
Hi,
> OK, I take it that 3000009 points to CN=S-1-5-11 and it is just
> CN=S-1-5-18 that is wrong by pointing at proxmox$ (which incidentally,
> is one of your computers)
> Try backing up idmap.ldb, then open idmap.ldb in ldbedit, find and
> delete the stanza that holds CN=S-1-5-18, it will look like this:
>
> dn: CN=S-1-5-18
> cn: S-1-5-18
> objectClass: sidMap
>
2017 Jan 13
3
Fwd: Re: Duplicate xidNumbers
Rowland,
Thank you for the quick response.
I have just run net cache flush no change in problem. I have dumped the
idmap.ldp using ldbsearch -H /var/lib/samba/private/idmap.ldb >
idmap.txt and did some sorting, that is how I found the duplicates.
On 1/13/2017 11:09 AM, Rowland Penny via samba wrote:
> samba-tool ntacl
> >sysvolreset
2020 Nov 04
2
ID Mapping
On 04/11/2020 00:14, O'Connor, Daniel wrote:
> Hmm, you say 'uidNumber' but I have xidNumber:
> # editing 1 records
> # record 1
> dn: CN=S-1-5-21-1638907138-195301586-368347949-3088
> cn: S-1-5-21-1638907138-195301586-368347949-3088
> objectClass: sidMap
> objectSid: S-1-5-21-1638907138-195301586-368347949-3088
> type: ID_TYPE_BOTH
> xidNumber: 1044
>
2018 Mar 21
2
Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > The trouble came from 'root' or groups '3000002' and '3000003'?
> No and very very probably no & no ;-)
> > How can i fix them? Thanks.
> Fix what? The owner has to be 'root', and you can find out just who
> '3000002' & '3000003' are by opening
2015 Mar 30
2
Unable to browse system shares of a newly migrated AD DC
Greetings, Rowland Penny!
>>> Hi Louis, It works for me
>>> This appears in log.smbd on my DC when I run the same command:
>>> [2015/03/30 10:15:42.442881, 3]
>>> ../source3/smbd/service.c:856(make_connection_snum)
>>> dc01 (ipv6:::1:43602) connect to service IPC$ initially as user NT
>>> AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000013)