Displaying 20 results from an estimated 5000 matches similar to: "User accounts being blocked"
2016 Aug 19
2
User accounts being blocked
Dear James,
Thanks for the input.
Even increasing from 5 to 10, the amount of times to miss the password and lock the account (after changing, I wheeled a gpupdate / force), if you miss 3 times the account is locked.
I changed smb.conf log level to 9.
I tried to unlock the account using the samba-tool command line, but without success, because I can only unlock using the RSAT.
I get these
2016 Aug 19
0
User accounts being blocked
Are you using the "samba-tool domain passwordsettings" command to set the
lockout policy, or are you using group policy?
-James Crouch
On Aug 19, 2016 2:03 PM, "Ricardo Pardim Claus" <ricardo.claus at yahoo.com.br>
wrote:
>
>
> Dear James,
> Thanks for the input.
>
> Even increasing from 5 to 10, the amount of times to miss the password and
> lock
2017 Dec 13
2
Replication issue (maybe due to 4.7.0 bug?)
On Wed, 2017-12-13 at 11:37 +0100, Gaetan SLONGO wrote:
> Hi Andrew.
>
> Any idea to solve this ?
You need to turn up the logs on the destination server until you get
more useful log entries leading up to:
==> /var/log/samba/log.samba <==
[2017/12/07 10:10:55.825907, 0]
../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_ap
ply_changes_trigger)
Failed to
2015 Nov 02
2
Join Samba without GC role
Thanks for the answer!
Is that true if we have Subdomains, Samba write to DB information only about join-domain?
And what option --domain-critical-only do? I did not see the difference - with or without.
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Saturday, October 31, 2015 12:14 PM
To: Luchko Dmitriy <Luchko.D at digdes.com>; samba at
2015 Nov 06
2
Join Samba without GC role
It's strange. We have root domain and a lot subdomain. We try to join Samba to one of subdomain.
Active Directory DB (NTDS.dit) without GC = 1.2 Gb, with GC=16 Gb. When we try to join Samba we have samba DB limit 4Gb.
We see that samba replicate information about all domains in forest:
descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=domain1,DC=oao,DC=company not found under
2018 May 24
5
Samba 4.8 RODC not working
Hi,
It's my first try to setup RODC using Samba 4.8. We have latest Samba 4.7 environnement with 2 DC and some file servers.
Joining the DC to the domain is OK using samba-tool domain join command. The domain controller appears in the DC list (MMC)
However, users cannot be authenticated. Samba is running but these ports are closed :
netbios-ssn 139/tcp # NETBIOS session service
2015 Jul 01
3
strange: 20 characters max in samAccountName
Hi all,
Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC.
I can't log in with on Windows systems (Windows 7) when samAccountName are
longer than 20 characters. This seems to be a LAN MAN or NT4 limitation
which should not happen on AD domain.
Any idea what could leads my to that limitation?
I can log in using administrator account or any other having a short
(enough)
2016 Aug 19
2
User accounts being blocked
James,
I configured the account lockout policies by RSAT, GPEDIT.MSC.
By GPEDIT.MSC I set the value = 10 attempts.
Through the samba-tool, I used this command:
# samba-tool domain passwordsettings set --account-lockout-threshold=11
INFO: Current debug levels:
...
pm_process() returned Yes
Module 'tombstone_reanimate' is disabled. Skip registration.lpcfg_servicenumber:
2016 Nov 16
4
Schema Change Breaks Replication
I believe a schema change on a Windows DC (2008rc) has broken
replication with our S4 DCs. Anyone have any tips or pointers to
resolve this?
I have three S4 DCs [CentOS6] and one Windows 2008R2 DC. The Windows
2008R2 DC has the schema master FSMO, and I believe the Exchange schema
was added.
I am willing to pay US dollars to get this issue resolved. I need the
replication restored, the
2013 Nov 04
1
Running SQL Server xp_logininfo with Samba PDC
We have setup Samba 4.1 as a PDC. We have successfully connected several
Windows 2008 Servers to the domain and created various users/groups.
During an application installation on the Windows server, it runs the
command in SQL server:
master..xp_logininfo 'MYDOMAIN\useraccount'
SQLserver is running as a service user created on the domain (here called
MYDOMAIN)
This returns:
Msg
2017 Oct 17
2
samba 4.7.0 replication errors
On Mon, 2017-10-16 at 13:07 +0000, Andrej Gessel via samba wrote:
> Hello list,
>
> maybe I saw the same error with backlinks. I try to use Samba 4.7.0 as rodc and perform join with "domain-critical-only"-option. Smb.conf is generated by samba. After starting joined samba I got error like this:
Does it change if you don't use that option?
> Failed to apply records:
2014 Feb 05
1
ldb segment fault. Problem on joining as a DC member.
Dear All,
Need some help as I was trying to follow the guide below.
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
Until the steps of
ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)'
--cross-ncs objectguid
and my ldbsearch reply with such a result.
ldb: unable to dlopen /usr/lib64/samba/ldb/acl.so :
/usr/lib64/ldb/libreplace.so: version
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/
CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs
are on different locations connected via IPSec based VPN. No traffic is
filtered out.
All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom:
[root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com
dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com
2017 Oct 14
2
samba 4.7.0 replication errors
On Mon, 2017-10-02 at 09:59 +1300, Garming Sam via samba wrote:
> Can you provide a bit more logs? At first glance, it doesn't seem quite
> related to group memberships.
>
I agree, we need more logs here. Turn up the log level and see what
the error causing that final error is.
However, take care not to publish confidential details like staff names
and sensitive attributes like
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
On Wed, 27 Dec 2017 13:00:05 +0100
"Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote:
> There is additional info in the logs of the source DC (dcdo1, log
> level 2, manually triggered another replication):
> ====================
> [2017/12/27 12:31:29.695121, 2]
>
2017 Dec 14
2
Replication issue (maybe due to 4.7.0 bug?)
On Thu, 2017-12-14 at 11:40 +0100, Gaetan SLONGO wrote:
> Hi Andrew,
>
> By increasing global logs (not only drs) I get this : Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3643: Failed to remove backlink of msDS-RevealedDSAs when deleting CN=DMZRODC
This is bug
https://bugzilla.samba.org/show_bug.cgi?id=13095
and
2018 Jan 16
4
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi,
there is no firewall, all DCs are in the same subnet.
here ist the output of a test, you can see, the CNAME guid entries in
the _msdcs can be resolved on any DC: (DC1 and DC2 are the first and
second DCs, SAMBA3 was added at last.
ldbsearch -H /srv/samba/private/sam.ldb '(invocationId=*)' --cross-ncs
objectguid
# record 1
dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-
2018 Jan 16
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi,
i have the same problem on samba 4.7.3 and 4.7.4.
I start with 2 DCs and the sync works fine. After the join of a third
DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10
times.
in my case i have:
DC1 (with any FSMO Roles)
DC2
new join as DC:
DC3
After the join, the sync from DC2 to DC3 fails.
samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK
samba-tool drs replicate
2016 Jul 17
1
Winbindd segfaults with bind9-dlz trying to login via libwinbind-pam
Hello,
I just found and odd behaviour here on my test environment (debian
jessie with samba 4.4.5 backported from sid).
I create and ad-dc as usual, adjust nsswitch.conf and enable
pam-auth-winbind (ruuning pam-auth-update). I also define /bin/bash as
template shell.
Now after i create an samba-user and the users home directory
(/home/DOMAIN/achim).
I can login with that account on the
2018 Jan 16
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Heinz,
I had exactly the same problem, and used ldbedit to apply the fix.
Thanks for digging into this!
Now I'm interested in the root cause as well ...
Uli
Am 16.01.2018 um 16:48 schrieb Heinz Hölzl via samba:
> no, it seems to work!!!
>
>
> i did a ldapmodify on DC2:
>
> ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f
> serverReference.ldif