similar to: Strange ID-Mapping behavior

Hey, id mapping is accessible from net command: net cache list you can also clean that cache: net cache flush After flushing the cache your users and groups having uidNumber and/or gidNumber should work as expected (ie using their AD declared uid/gid). Cheers, mathias 2016-05-02 15:18 GMT+02:00 Achim Gottinger <achim at ag-web.biz>: > Sounds like there is an old entry in idmap.ldb.

On 02/05/16 15:08, Stefan Schäfer wrote: > Hi Mathias, > > greping in the output of "net cache list" shows: > > Key: IDMAP/GID2SID/20513 Timeout: Mon May 9 07:29:11 > 2016 Value: S-1-5-21-1891182457-2156988848-2018633412-513 > Key: IDMAP/GID2SID/100 Timeout: Mon May 9 07:29:32 2016 Value: > S-1-5-21-1891182457-2156988848-2018633412-513 >

Hi Mathias, greping in the output of "net cache list" shows: Key: IDMAP/GID2SID/20513 Timeout: Mon May 9 07:29:11 2016 Value: S-1-5-21-1891182457-2156988848-2018633412-513 Key: IDMAP/GID2SID/100 Timeout: Mon May 9 07:29:32 2016 Value: S-1-5-21-1891182457-2156988848-2018633412-513 Key: IDMAP/SID2XID/S-1-5-21-1891182457-2156988848-2018633412-513 Timeout: Mon May 9

Sounds like there is an old entry in idmap.ldb. You can delete that entry if you use rfc3207. On my environment i had alot of old user entrys in idmap.ldb whom i had moved to rfc3207 mapping. With 4.1 this did not matter but with 4.2 samba sometimes picks the values from idmap.ldb. achim Am 02.05.2016 um 14:31 schrieb Stefan Schäfer: > Hi list, > > on one of our servers I found a

In my case flushing the cache did not help. I had around an dozend of user accounts with uidNumbers assigned and left over (dynamic winbind) mappings in idmap.ldb. At first after an flush samba used the uidNumber but after an logoff/logon of the userd getent passwd [user] showed the mapping from idmap.ldb. After i deleted the mapping in idmap.ldb everythiing went back to normal. Under 4.1 the

This question has already been asked in the past, but there was no answer. The above message is logged quite often in /var/log/samba/log.samba-dcerpcd. This is a stand-alone anonymous read-only server. Is it something to worry about? It smells like samba isn't working properly. If yes, how can I fix it? If no, how can I stop samba from logging un-interesting messages? What dcerpcd is

I am installing a new Samba 4.2 Active Directory server on CentOS 7. I followed the Wiki instructions on how to create the server. I am using sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but I cannot get any windows client to successfully join the domain. Each attempt returns the following error message "RPC Server in not available". Below are the config file

Hi, Thank you for your feedback, Andrew. Since Samba is not the only application making use of the TLS_CIPHER_SUITE negotiation rules in ldap.conf, I would like to ensure that all of them still use the highest encryption possible. Currently I had to remove "TLS_CIPHER_SUITE" as a workarrou d in order to let Samba work wirh LDAP in TLS mode. Does anyone have a suggestion how I can apply

02.10.2023 15:22, Norbert Hanke via samba: > on two of my DCs: > > > samba -V > Version 4.17.10-Debian > > file /run/samba/ncalrpc/EPMAPPER > /run/samba/ncalrpc/EPMAPPER: socket Yes, this socket does exist on a DC. It is being listened by "samba: task[rpc] pre-forked worker(0)". It does not exist on a member server, where I observe these log messages. Here,

Hi, unfortunately copying a directory from macOS to a Samba share fails, if the macOS set ACLs in the source directory. The error on macOS side basically informs the user, that the operation can’t be completed because you don’t have permission to access some of the items. Unfortunately macOS automatically sets these ACLs sometimes. Relevant lines in my configuration file: cat

Hi, I make use of shadow_copy2 and root preexec. The vfs root preexec is responsible to auto create home directories which initially don't exist. The script behind it is well tested and works perfectly. Unfortunaltely shadow_copy2 seems to be called before root preexec and fails due to the missing ZFS home share which causes the session to fail completely before root preexec even has a

What would be a working TLS_CIPHER_SUITE in ldap.conf for Samba 4. I'm asking, cause I had to remove TLS_CIPHER_SUITE TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!MD5:!3DES:@STRENGTH from my ldap.conf for samba to work. This wasn't documented anywhere. I think this should be mentoined in the wiki as well as in the man smb.conf under tls.

I've read the documentation that domain trusts should be fully supported with both Kerberos and NTLM authentication. I've created a new 2016 domain on a Windows box and created a Samba domain on a Linux box with a BIND9_DLZ backend. Both servers can resolve both DNS domains forwards and backwards and I am able to connect a Windows 10 client to the Samba domain without any issues. The

Rowland penny via samba ha scritto il 27/08/20 alle 16:43: > [...] > Netbios is intrinsically tied to SMBv1 and? LLMNR (Link-Local Multicast > Name Resolution) is also connected in a way, it allows name resolutions > without a nameserver. So, if you are using it, I personally wouldn't, > ever heard of MITM ? Just to understand a little more... NetBIOS with a wins server

On Wed, Oct 05, 2016 at 05:00:52PM +0200, Leander Schäfer via samba wrote: > When copying to QNAP NAS Samba server instead, all works fine - No need for > "xattr -d com.apple.FinderInfo filename" on macOS side before copying. > There must be a smb.conf solution to this?! man vfs_fruit Cheerio! -slow

Am 18.03.2017 um 10:43 schrieb Rowland Penny via samba: > On Sat, 18 Mar 2017 07:48:27 +0100 > Stefan Schäfer via samba <samba at lists.samba.org> wrote: > >> Hi List, >> >> I found some threads here in the list with similar problems, but >> nothing helped to solve my problem. >> >> We have a very much to old Samba DC (Version 4.1.x) and a new

Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello James, have you ever tested the pv-drivers on W2k SP4? ;-) At first there is a little failure in install.bat. The version-number of w2k starts with "5.00" instead of "5.0.". So your script couldn''t recognize w2k. The rest of the installation looks ok, but after rebooting the vm nothing happens. Theres still the

Hi! I upgraded DC2 and DC3, i will upgrade DC1,, but i will wait In DC3 dont correct message... :-| In DC2/DC3 new msg in syslog many messages equal to this in syslog: May 18 11:50:43 DC3 samba: conn[named_pipe] c[unix:] s[unix:/opt/samba/var/run/ncalrpc/np/netlogon] server_id[2157][2157]:   schannel_check_required: [LOJA09A] is not using schannel What this it is ? Regards On

Hi Andrew, On Thu, 21 Apr 2016, Andrew Bartlett wrote: > On Wed, 2016-04-20 at 20:51 +0100, G.W. Haywood wrote: > > ... > > [2016/04/20 20:31:30.288745, 0] Could not fetch our SID - did we join? > > [2016/04/20 20:31:30.288774, 0] unable to initialize domain list > > > > Of course the join is OK, and winbindd from 3.6.25 has no problem ... > > Is that