Displaying 20 results from an estimated 6000 matches similar to: "unique index violation on objectSid on samba ad"
2015 Oct 19
2
unique index violation on objectSid on samba ad
ok =( Guess I should repeat all the work from scratch. So just to check if
I got it right:
1) Create a new container. Provision a ad dc on it. Can I join some machine
to apply some gpo's and to create users at this point? I'll delete it
afterwards
2) Power down the container from 1) and use it as a template for every
other dc I need just by changing ip/dns
3) Create another template for
2015 Oct 19
3
unique index violation on objectSid on samba ad
Let me explain myself here. We ship video surveillance systems with
build-in ad domain controllers on 2 servers. Right now we have 4 active
projects and 3 more this year. Provisioning dc's by hand each time is a
pain I would like to avoid.
There's not much I want from a domain: groups 'video' and 'video admins' to
exist, gpo's to auto redirect user profiles to network
2015 Oct 19
0
unique index violation on objectSid on samba ad
On 19/10/15 14:07, Krutskikh Ivan wrote:
> ok =( Guess I should repeat all the work from scratch. So just to check if
> I got it right:
>
> 1) Create a new container. Provision a ad dc on it. Can I join some machine
> to apply some gpo's and to create users at this point? I'll delete it
> afterwards
Well NO , there is no point.
>
> 2) Power down the container from
2015 Oct 19
0
unique index violation on objectSid on samba ad
Hello Ivan,
Am 19.10.2015 um 12:42 schrieb Krutskikh Ivan:
> I think, I've done something stupid here. At first I've created 2 lxc
> containers and provisioned one as dc.office.mtt and joined second one to
> the first ad bdc.tsnr.mtt.
You should not name your DC something like "backup" (bdc). If the first
one (dc) gets lost, you only have one. There's no primary,
2015 Oct 02
3
sysvol acl's broken beyond repair
Hi everyone.
I ran into notorios gpo error on windows clients. When I go to my dc
controller and run
samba-tool ntacl sysvolcheck
I get an error:
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: DB ACL on GPO directory
/usr/local/samba/var/locks/sysvol/tsnr.mtt/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
2016 Jun 27
2
unique index violation on objectSid
Hi all!
Today, after two years of production, I get this error:
samba-tool user create test20160627 testpassword
ERROR(ldb): Failed to add user 'test20160627': -
../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in
CN=test20160627,CN=Users,DC=ad... - ../lib/ldb/ldb_tdb/ldb_index.c:1148:
unique index violation on objectSid in CN=test20160627,CN=Users,DC=ad...
Help me
2015 Oct 20
1
unique index violation on objectSid on samba ad
We actually sell whole systems with isolated lan and centralized
authentication and password management. Typically about 7 servers and 5
workstations.
2015-10-19 18:58 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 19/10/15 16:23, Krutskikh Ivan wrote:
>
>> And if you really want to work with cloning, then provision the first,
>>> join the second, do
2015 Oct 19
3
unique index violation on objectSid on samba ad
>And if you really want to work with cloning, then provision the first,
>join the second, do all your change, take a snapshot of both. Then you
>have the same setup again for the next customer. As long as the
>customers never will met and two of your systems come into the same
>network, is is no problem, because the domain would have the same name,
>SID, etc.
I did more or less
2016 Jun 28
6
unique index violation on objectSid
27.06.2016 18:45, mathias dufresne:
> Perhaps you don't have yet duplicate objectSid as that's not supposed to be
> possible.
> Rather than scripting something to look for objectSid used twice I would
> start with dbcheck and other tools to verify that your database is
> consistent and identical on all servers.
[root at pdc ~]# samba-tool dbcheck
Checking 3346 objects
2015 May 27
1
check password script for samba 4 ad dc
I would like to bump my question
2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>:
> Hmm, looks like it's not. I've just set the password for something that
> cracklib-check would argue using both ad management tools and at windows
> login. Should it work that way or I'm missing something?
>
> My dc's smb.conf:
>
> [global]
>
2016 Jun 28
0
unique index violation on objectSid
I'm understand, why I get error about unique index violation on objectSid:
samba-tool fsmo show
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,...
Last created object have objectSid
S-1-5-21-763247336-2482037999-3416227170-2001 (it is record for computer)
Last symbols is 2001, and last assigned RID is 2001:
[root
2016 Jun 28
1
unique index violation on objectSid
On 28/06/16 12:05, Zhuchenko Valery wrote:
> I'm understand, why I get error about unique index violation on objectSid:
>
> samba-tool fsmo show
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,...
>
> Last created object have objectSid
> S-1-5-21-763247336-2482037999-3416227170-2001 (it is
2015 Aug 26
2
Proof of samba 4 ad storing passwords in a secure manner
On Wed, 2015-08-26 at 13:15 +0300, Krutskikh Ivan wrote:
> Thanks, that helped me a lot =) But it doesn't seem that sam.ldb
> holds any password data. I found something similar in file (my domain
> is NOVO.MTT)
>
> /usr/local/samba/private/sam.ldb.d/DC=NOVO,DC=MTT.ldb
Correct, the sam.ldb is a wrapper that loads modules which in turn
loads the other files, which actually
2016 Jun 28
1
unique index violation on objectSid
Hi Valery,
First thank you for this detailed information about your searches. I find
them very interesting.
Here I'm thinking of two workarounds. The first one would be to list
deleted objects RIDs, to verify RID=2002 is really the last one used, being
sure there is no deleted object with RID=2003 and so on. Then once you get
the last RID used, you could change RidNextRid to match this
2015 Oct 19
0
unique index violation on objectSid on samba ad
On 19/10/15 16:23, Krutskikh Ivan wrote:
>> And if you really want to work with cloning, then provision the first,
>> join the second, do all your change, take a snapshot of both. Then you
>> have the same setup again for the next customer. As long as the
>> customers never will met and two of your systems come into the same
>> network, is is no problem, because the
2015 Nov 27
1
Failed to find authenticated user via getpwnam(), denying access
Hi,
I have a very strange issue with samba as an ad member server.
log.smbd goes:
check_ntlm_password: Checking password for unmapped user
[TSNR]\[Administrator]@[ADMIN] with the new password interface
[2015/11/27 19:09:26.196960, 3]
../source3/auth/auth.c:180(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [TSNR]\[Administrator]@[ADMIN]
[2015/11/27 19:09:26.196993, 4]
2015 Oct 19
0
unique index violation on objectSid on samba ad
Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan:
> Let me explain myself here. We ship video surveillance systems with
> build-in ad domain controllers on 2 servers. Right now we have 4 active
> projects and 3 more this year. Provisioning dc's by hand each time is a
> pain I would like to avoid.
>
> There's not much I want from a domain: groups 'video' and
2015 Oct 03
2
sysvol acl's broken beyond repair
Hm, can I fix it manually? Maybe sysvolcheck stumbles on the first error
and misses something more severe later on.
2015-10-03 12:09 GMT+03:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 03/10/15 00:50, Krutskikh Ivan wrote:
>
>> Hi everyone.
>>
>> I ran into notorios gpo error on windows clients. When I go to my dc
>> controller and run
>>
2015 May 20
1
Failed to find authenticated user via getpwnam(), denying access
Hi,
I'm trying a basic setup : samba 4.2 on vm as ad dc, linux server as a dc
member with samba shares and win 7 as a ad member and samba client.
Unix attrs are assigned, windows auth and linux kinit work ok. But when I
try to access samba share from windows a get an error above in my log.smb:
check_ntlm_password: Checking password for unmapped user
[KURSK]\[video]@[EVENT] with the new
2016 Apr 12
2
Failed to re-index objectSid after botched DLZ back-end update
Alright, I'm taking the plunge: We're switching our three AD DCs from Samba internal to BIND_DLZ back end.
I needed a version of BIND with DLZ, as it appears support for that is not so ubiquitous.
I went here first: https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates
We use Ubuntu 14.04 here, and the Debian/Ubuntu instructions fail on apt-get