similar to: User accounts being blocked

Dear James, Thanks for the input. Even increasing from 5 to 10, the amount of times to miss the password and lock the account (after changing, I wheeled a gpupdate / force), if you miss 3 times the account is locked. I changed smb.conf log level to 9. I tried to unlock the account using the samba-tool command line, but without success, because I can only unlock using the RSAT. I get these

Are you using the "samba-tool domain passwordsettings" command to set the lockout policy, or are you using group policy? -James Crouch On Aug 19, 2016 2:03 PM, "Ricardo Pardim Claus" <ricardo.claus at yahoo.com.br> wrote: > > > Dear James, > Thanks for the input. > > Even increasing from 5 to 10, the amount of times to miss the password and > lock

On Wed, 2017-12-13 at 11:37 +0100, Gaetan SLONGO wrote: > Hi Andrew. > > Any idea to solve this ? You need to turn up the logs on the destination server until you get more useful log entries leading up to: ==> /var/log/samba/log.samba <==  [2017/12/07 10:10:55.825907, 0] ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_ap ply_changes_trigger)  Failed to

Thanks for the answer! Is that true if we have Subdomains, Samba write to DB information only about join-domain? And what option --domain-critical-only do? I did not see the difference - with or without. -----Original Message----- From: Andrew Bartlett [mailto:abartlet at samba.org] Sent: Saturday, October 31, 2015 12:14 PM To: Luchko Dmitriy <Luchko.D at digdes.com>; samba at

It's strange. We have root domain and a lot subdomain. We try to join Samba to one of subdomain. Active Directory DB (NTDS.dit) without GC = 1.2 Gb, with GC=16 Gb. When we try to join Samba we have samba DB limit 4Gb. We see that samba replicate information about all domains in forest: descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=domain1,DC=oao,DC=company not found under

Hi, It's my first try to setup RODC using Samba 4.8. We have latest Samba 4.7 environnement with 2 DC and some file servers. Joining the DC to the domain is OK using samba-tool domain join command. The domain controller appears in the DC list (MMC) However, users cannot be authenticated. Samba is running but these ports are closed : netbios-ssn 139/tcp # NETBIOS session service

I see. Thanks for clarification. Checking the detailed of using debuglevel 10 I see this message: ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5583: Resolving conflict record via existing-record rename 'CN=Vikas Rajan,CN=Users,DC=SUB,DC=DOM,DC=TLDbg' -> 'CN=Vikas Rajan\0ACNF:de5b7fa1-e3ec-4631-a8d7-cdfc137ac3b7,CN=Users,DC=SUB,DC=DOM,DC=TLD' Although it was renamed

Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)

On Mon, 16 Dec 2024 14:52:03 +0000 Peter Mittermayer via samba <samba at lists.samba.org> wrote: > I see. Thanks for clarification. > > Checking the detailed of using debuglevel 10 I see this message: > > ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:5583: Resolving > conflict record via existing-record rename 'CN=Vikas >

James, I configured the account lockout policies by RSAT, GPEDIT.MSC. By GPEDIT.MSC I set the value = 10 attempts. Through the samba-tool, I used this command: # samba-tool domain passwordsettings set --account-lockout-threshold=11 INFO: Current debug levels: ... pm_process() returned Yes Module 'tombstone_reanimate' is disabled. Skip registration.lpcfg_servicenumber:

I believe a schema change on a Windows DC (2008rc) has broken replication with our S4 DCs. Anyone have any tips or pointers to resolve this? I have three S4 DCs [CentOS6] and one Windows 2008R2 DC. The Windows 2008R2 DC has the schema master FSMO, and I believe the Exchange schema was added. I am willing to pay US dollars to get this issue resolved. I need the replication restored, the

We have setup Samba 4.1 as a PDC. We have successfully connected several Windows 2008 Servers to the domain and created various users/groups. During an application installation on the Windows server, it runs the command in SQL server: master..xp_logininfo 'MYDOMAIN\useraccount' SQLserver is running as a service user created on the domain (here called MYDOMAIN) This returns: Msg

On Mon, 16 Dec 2024 13:01:53 +0000 Peter Mittermayer via samba <samba at lists.samba.org> wrote: > While resuming my testing for adding a new DC with higher Samba > version I have some questions: > > 1. do I have to expunge tombstones on each DC or just one (and > replication will remove it from others). - I think it should be run > on all DCs. > > 2. same question

On Mon, 2017-10-16 at 13:07 +0000, Andrej Gessel via samba wrote: > Hello list, > > maybe I saw the same error with backlinks. I try to use Samba 4.7.0 as rodc and perform join with "domain-critical-only"-option. Smb.conf is generated by samba. After starting joined samba I got error like this: Does it change if you don't use that option? > Failed to apply records:

Dear All, Need some help as I was trying to follow the guide below. https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC Until the steps of ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid and my ldbsearch reply with such a result. ldb: unable to dlopen /usr/lib64/samba/ldb/acl.so : /usr/lib64/ldb/libreplace.so: version

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

On Mon, 2017-10-02 at 09:59 +1300, Garming Sam via samba wrote: > Can you provide a bit more logs? At first glance, it doesn't seem quite > related to group memberships. > I agree, we need more logs here. Turn up the log level and see what the error causing that final error is.   However, take care not to publish confidential details like staff names and sensitive attributes like

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >

On Thu, 2017-12-14 at 11:40 +0100, Gaetan SLONGO wrote: > Hi Andrew, > > By increasing global logs (not only drs) I get this : Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3643: Failed to remove backlink of msDS-RevealedDSAs when deleting CN=DMZRODC This is bug https://bugzilla.samba.org/show_bug.cgi?id=13095 and

On Fri, 6 Dec 2024 12:29:03 +0100 Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > Il 06/12/24 10:45, Rowland Penny via samba ha scritto: > > On Fri, 6 Dec 2024 10:19:31 +0100 > > Mitja Tav?ar via samba <samba at lists.samba.org> wrote: > > > >> But the machine accoounts are not completely lost, they seem lost > >> if i query the Read