similar to: Changing AD domain short name (aka workgroup)

2016-06-24 12:28 GMT+02:00 Rowland penny <rpenny at samba.org>: > On 24/06/16 11:13, mathias dufresne wrote: > >> Hi all, >> >> Is it possible to change the workgroup name of an AD hosted by Samba? Is >> it >> sufficient to just change "workgroup = " option on all DC and restart >> them? >> or is this short name written also inside

2017-07-27 16:33 GMT+02:00 mathias dufresne <infractory at gmail.com>: > > > 2017-07-27 15:14 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org> > : > >> On Thu, 27 Jul 2017 08:51:52 +0100 >> Rowland Penny via samba <samba at lists.samba.org> wrote: >> >> > On Thu, 27 Jul 2017 08:36:51 +0100 >> > Rowland Penny via

Hi all, I just add into my AD a user with different values for attributes "CN" and "name". Here is an extract of the LDIF used to add this user: ------------------------------------------------------------------------------------ dc202:~# egrep 'cn:|name:' mathias.ldif cn: Mathias Dufresne (CN) *name: mathias.dufresne*

PS: I could share information about what should be modified to modify the very same GPO, I didn't yet as I'm not sure anyone there would be interested and because that would work only for that kind of GPO. 2016-07-06 17:08 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Context: several teams have to manage only a a bunch of the company's > computers, so these

Thank you Rowland for that reply, even if answer to Q2 is not a list of deplicated attributes but the schema which contains all attributes. To answer you: I'm trying to understand. I'm currently working for one company to help them design an AD hosted by Samba. I won't be there to manage it and they already have peoples working with LDAP trees, these coming with their own habits. I

Thank you a lot Luca! I was able to change searchFlags using ldbedit command and I can't test right now the ldbmodify tool as samba seems to be indexing it's database (one thread eating 100% CPU for several minute, since I launched a ldbsearch on "uid" field). I'll try without my typo error (thank you again :) the ldbmodify command (to stop telling it doesn't work when

Hi all, As I'm lazy I would like to script GPO creation and I did not found anything relevant yet. Anyone already tried to extract whole information regarding one GPO from LDAP tree? That would be a nice option to perform that task, giving us possibility to create one GPO, extract it, modify LDIF, inject it.

The issue is (almost) solved. As shown the previously explained process to repair, nothing's clear about that resolution. Perhaps just the big clean-up was necessary, perhaps synchronisation of a first DC was necessary, no idea. Anyway replication is working, almost. On 4 DCs among 5: ldbsearch -H $sam objectclass=* dn | tail -3 # returned 50968 records # 50965 entries # 3 referrals On one

Hi all, System is Centos 7 and Samba is 4.2.1 sernet version. The database contains 120k users and 150k computers. It's size is 3.3GB on DC01 where the imports were performed and 2.8GB on the second DC. I was trying to index uid attribute and I have a strange behaviour. According to https://msdn.microsoft.com/en-us/library/ms679765%28v=vs.85%29.aspx it is the "searchFlags"

Hi, Thank you for this answer, unfortunately I was not able to re-hash password as they are hashed into LDB database. First I retrieved the hash: ldbsearch -H $sam '(cn=some user)' unicodePwd # record 1 dn: CN=some user,OU=Users Management,DC=ad,DC=example,DC=com unicodePwd:: COwwLgiqqaHRyhy4HxWp4A== This "unicodePwd" attribute comes from a quick search into "user"

On Mon, 2015-11-16 at 16:50 +0100, mathias dufresne wrote: > transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 Looking at that line in your version of Samba may give you some idea why it failed. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer,

I loved to find out how to achieve that. I did looked for information, all I found was that: https://social.technet.microsoft.com/Forums/en-US/3e184d10-09e3-4eab-9131-6694b86879f8/modify-default-value-of-loginshell-attribute?forum=winserverDS Unfortunately it seems to list all users (I don't know these MS commands but "Get-AdUser -Filter"...) then sending that list to something to

Hi all, When created through RSAT OUs receive, by default, ACLs to refuse removal. When created through LDIF and ldbadd OUs do not receive these ACLs. Is there a way to create these ACLs using command line tools? Cheers, mathias

On Thu, 31 Aug 2017 16:27:12 +0200 mathias dufresne <infractory at gmail.com> wrote: > PS: the short way to explain %u is adding domain/workgroup to > username is the fact we are using trust relationship? > Probably, what you have to get your head around is this: The users 'fred', 'DOMAINA\fred' and 'DOMAINB\fred' are all different users. Winbind will

On 21/09/2020 15:00, Elias Pereira via samba wrote: > Another doubt is about this bydefaults entry. > The dc4 has this entry, but the dc3 does not. The dc3 is the fmso roles guy. > Does it work that way or is there something wrong there? Whilst there are a few attributes that do not replicate, all DN's should. > * Comparing [DOMAIN] context... > > * DN lists have different

Hello, after stumbling in almost every thread, that it makes sense to have RFC2307 enabled, I wanted to switch an AD DC to it and follwed this wiki page https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD When I try to import the modified ldif file, I get an error message: ERR: (Entry already exists) "Entry CN=ypServ30,CN=RpcServices,CN=System,DC=ad,DC=url,DC=de already exists"

On Wed, 5 Oct 2016 12:04:53 +0200 mathias dufresne via samba <samba at lists.samba.org> wrote: > I just tested on some DC running also 4.4.5 and "getent group > my_group" does not show groups content. > > I read here > http://serverfault.com/questions/625416/samba-4-group-members-not-shown-in-getent-group > a proposal to use samba-tool as a replacement but

Hi, After more investigations I'm now believing that we have some issue on our AD site declaration. I'll be back once I would have get more information. Best regards, M. Le jeu. 8 nov. 2018 à 11:22, mathias dufresne <infractory at gmail.com> a écrit : > Hi all, > > AD version is MS 2008R2. > > smb.conf is : > [global] > workgroup = AD > security = ADS

2017-08-30 16:15 GMT+02:00 mathias dufresne <infractory at gmail.com>: > > > 2017-08-30 16:05 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org> > : > >> On Wed, 30 Aug 2017 15:01:05 +0200 >> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: >> >> > Small addition. >> > >> > > have in

2016-10-19 8:56 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Wed, 19 Oct 2016 08:47:25 +0200 > mathias dufresne <infractory at gmail.com> wrote: > > > > > > > > > The domain member will ask its nameserver (which should be an AD > > > DC), > > > > > > > The client send request to its resolver, which