similar to: Sernet 4.3.X package is no longer free :/

Hi Mark, list, On 10/08/2015 05:29 AM, Mark Foley wrote: > Maurik, > > You are right. I am currently using 4.1.17 and have the same failed login > messages as you describe. There is, however, a bit more information further down > in the logfile: > > [2015/10/07 16:51:24.076283, 2] authentication for user [HPRS/Administrator] FAILED with error NT_STATUS_WRONG_PASSWORD >

I used to also get related log messages of the form: auth_check_password_send: Checking password for unmapped user [HPRS]\[mark]@[ROVER] auth_check_password_send: mapped user is: [HPRS]\[mark]@[ROVER] but now all I get is the auth_check_password_recv in the log. Perhaps the change is due to an upgrade to Samba, or perhaps a change I made to my smb.conf log options? (see log config in my

I am running Samba Version 4.1.23 as an AD/DC on Linux Slackware64 14.1. I am logging samba messages to /var/log/samba/log.samba with logging set to the following in smb.conf: log level = 2 passdb:5 auth:10 winbind:2 lanman:10 I have a script that scans this logfile for message like the following: auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\thisuser] FAILED with

On Sun, 26 Jun 2016 09:24:16 Rowland penny <rpenny at samba.org> wrote: > ... > So, if you are looking for an ipaddress of a failed login attempt, it > seems you can get it. That looked interesting. I tried creating the logfile /var/log/samba/.log.samba.%m and restart samba. What it did was immediately create separate log files for each currently attached workstation:

On 26/06/16 06:16, Mark Foley wrote: > I used to also get related log messages of the form: > > auth_check_password_send: Checking password for unmapped user [HPRS]\[mark]@[ROVER] > auth_check_password_send: mapped user is: [HPRS]\[mark]@[ROVER] > > but now all I get is the auth_check_password_recv in the log. Perhaps the change is due to an > upgrade to Samba, or perhaps

Ho Mourik Thanks for your reply, any other attribute which we can duplicate? Br. Umar On Fri, Jan 23, 2015 at 1:47 PM, mourik jan heupink - merit < heupink at merit.unu.edu> wrote: > Hi, > > In AD, the attribute mail can only exist once. > > MJ > > On 01/23/2015 05:27 AM, Umar Draz wrote: > >> Hi All >> >> I am tying to create a user in SAMBA 4

Hi, I can be wrong but for me UID and GID are UNIX concepts. If your workstations are Windows systems, those UID/GID are not necessary. This does not address your issue but it could help to understand things and to avoid searching in the wrong direction... Cheers, mathias 2015-10-12 20:41 GMT+02:00 mourik jan c heupink <heupink at merit.unu.edu>: > Some extra info from the samba

Hai Mourik Jan/Victor. > MJ definitely understands the problem I'm facing.... Yes, and i do to but you wont listen... ALL My client pc's, windows and linux computers, dont have any uid/gid assigned. My client pc's do access the DCs and multiple member servers with shares. I do distribute settings and files with GPO and these files are on a member server. Yes also as

Am 06.10.2015 um 21:26 schrieb mourik jan c heupink: > I have checked all our policy directories on sysvol, and I have a > "Registery.pol" only in some "/Machine" directories, and none in "/User" > or "/Group Policy". Do you have any policy in the User tree in the GPME in that GPO? If you never defined one, then the file is missing. Try e. g.

None of my computers have a UID/GID and my GPO works fine. Add the line i suggested to the share, and setup your rights Gr. Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mourik jan c > heupink > Verzonden: dinsdag 17 november 2015 18:55 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Permission Issues with

Hi, To make our AD more robust, I'd like to provide more than one dns forwarder, like for example: dns forwarder = 8.8.8.8 8.8.4.4 However, this seems to break dns resolution completely (and without logging errors in the logs!): # Host test.com not found: 3(NXDOMAIN) With only one forwarder things work: $ test.com has address 208.64.121.161 Am I really allowed to specify only one

On 10/7/2015 7:31 AM, mourik jan c heupink wrote: > On 7-10-2015 13:18, mourik jan c heupink wrote: >> So my dc3 seems unsynced or so. >> >> So I am now checking to make sure that my rsync replication script >> works as it should. (I'm guesssing it does NOT) > > The rsync seems to be working as it should, so now I'm > guessing that idmap.ldb differs

dear list, in the output of pdbedit -L -v heupink I'm getting these errors: convert_string_allocate: Conversion error: Illegal multibyte sequence(???p? ????????) Any ideas where to look..? Are these serieus errors..? (it looks as if the errors occur BEFORE the actual ldap connection is opened, so I guess they're not ldap related...) My samba is 3.0.14a, and system is sles9 Below find

On 7-10-2015 14:52, mourik jan c heupink wrote: > I am not sure what to check or do next..? > I checked filesystems, and there is a difference: dc3 = ext4 dc4/dc2 = xfs But ext4/xfs should both support acl and user_xattr Problem dc3 is mounted like: > /dev/vda3 on /var/lib/samba type ext4 (rw,relatime,user_xattr,barrier=1,data=ordered) I don't see the problem... But I DO get

dear list, I'm trying to migrate nt4 to samba3, and have two issues at the moment. First is: I'm getting two (small?) errors using smbldap-populate on my ldap database. At first I tried ignoring this, but now also rpc net vampire complains. (maybe because of this..?) This is the output of smbldap-populate: <quote> server:/usr/local/sbin # smbldap-populate Using builtin directory

Hi all, Further to my AD clients through NAT question: has anyone ever tried this diagnostics tool from microsoft in their samba4 AD installation: http://www.microsoft.com/en-us/download/confirmation.aspx?id=24009 It's supposed to verify connectivity requirements for AD functionality. (replication, port status, etc, etc) At our site, it crashes on verification of udp on port 137. I

But the issue is: we have many users that do not login locally using windows-workstations, but instead use variour kinds of remote access, like web interfaces, email, vpn, etc, etc. I am not sure what would happen with those services, if I would set accounts to 'change password on next logon'... I know this would work in the case of 'regular' 'interactive logons' as I

On 18/11/15 10:24, mourik jan c heupink wrote: > > > On 18-11-2015 10:59, Rowland Penny wrote: >> OK, I am trying to understand this as well, I take it that the uidNumber >> you add is a unique number that is inside the range you have set in >> smb.conf, but what about the gidNumber? do you set it to '515' and is >> this also inside the range? > Yep.

Hi, Is it possible to test our AD for weak passwords? We have set max password age, and password complexity etc. However, we would like to know that the passwords that are CURRENTLY still in the system are good or weak. Perhaps some kind of tool to test dictionary passwords etc, but preferably locally on the /var/lib/samba databases to not lockout the accounts due to too many failed

On 18/11/15 09:37, mourik jan c heupink wrote: > > > On 18-11-2015 10:13, L.P.H. van Belle wrote: >> Hai Mourik Jan/Victor. >> >>> MJ definitely understands the problem I'm facing.... >> Yes, and i do to but you wont listen... > > Could it perhaps be that the vital detail is that Viktor (and me too) > are not using windows (security tab) to manage