similar to: AD, get security descriptor of LDAP object

How please? Before posting I tried by myself but I did not succeed I did asked: ldbsearch -H $sam ou=utilisateurs securityDescriptor # record 1 dn: OU=Utilisateurs,DC=ad,DC=domain # Referral .... 2016-09-07 12:06 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Wed, 7 Sep 2016 11:57:25 +0200 > mathias dufresne via samba <samba at lists.samba.org> wrote:

Hi all, I just add into my AD a user with different values for attributes "CN" and "name". Here is an extract of the LDIF used to add this user: ------------------------------------------------------------------------------------ dc202:~# egrep 'cn:|name:' mathias.ldif cn: Mathias Dufresne (CN) *name: mathias.dufresne*

Hi all, A working search using ldapsearch on some object containing parenthesis in attribute's value: ------------------------------------------------------------------------------------------------- ldapsearch -Y GSSAPI -h dc200 -b 'DC=ad,DC=domain,DC=tld' -s sub 'CN=CID 85 \(Join\)' dn SASL/GSSAPI authentication started SASL username: administrator at AD.DOMAIN.TLD SASL SSF:

Thank you Rowland for that reply, even if answer to Q2 is not a list of deplicated attributes but the schema which contains all attributes. To answer you: I'm trying to understand. I'm currently working for one company to help them design an AD hosted by Samba. I won't be there to manage it and they already have peoples working with LDAP trees, these coming with their own habits. I

Hi all, I'm wondering about winbind[d] behaviour. I tried the following with: auth methods = sam winbindd and the same with only one d: auth methods = sam winbind One user: ldbsearch -H $sam '(cn=another.fakeuser)' homeDirectory loginShell gidnumber uidnumber # record 1 dn: CN=another.fakeuser,OU=a,OU=Standards,OU=Utilisateurs,DC=ad,DC=dgfip homeDirectory: */home/another.fakeuser*

Complete event id of : > But still, events log show a warning about kerberos ticket from LsaSrv > source and right after a permission denied on GPT.ini And a getfacl of the problem GPO SID please, i'll check. And a output of ipconfig /all on the problem pc. And question, dedicated IP or dhcp IP? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba

Thank you a lot Luca! I was able to change searchFlags using ldbedit command and I can't test right now the ldbmodify tool as samba seems to be indexing it's database (one thread eating 100% CPU for several minute, since I launched a ldbsearch on "uid" field). I'll try without my typo error (thank you again :) the ldbmodify command (to stop telling it doesn't work when

The issue is (almost) solved. As shown the previously explained process to repair, nothing's clear about that resolution. Perhaps just the big clean-up was necessary, perhaps synchronisation of a first DC was necessary, no idea. Anyway replication is working, almost. On 4 DCs among 5: ldbsearch -H $sam objectclass=* dn | tail -3 # returned 50968 records # 50965 entries # 3 referrals On one

Hi all, System is Centos 7 and Samba is 4.2.1 sernet version. The database contains 120k users and 150k computers. It's size is 3.3GB on DC01 where the imports were performed and 2.8GB on the second DC. I was trying to index uid attribute and I have a strange behaviour. According to https://msdn.microsoft.com/en-us/library/ms679765%28v=vs.85%29.aspx it is the "searchFlags"

To see which DC is used by Windows client: open a MSDOS console, type "set", look for LOGONSERVER=\\<your_dc> <your_dc> is the DC used to connect on. If issue comes from one DC I would have on sysvol synchronisation between DC, ACL on all sysvol, DNS entries (but I don't think that's a DNS issue if you have only GPO issue). 2016-03-29 14:51 GMT+02:00 Sébastien Le

Ok, where your pc's get the DNS info from? Server : AD-DC + DNS Or Server : AD-DC + Some other server with DNS Can you give the output of dig NS your.domain.tld and tel us what what is. > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sébastien Le Ray > Verzonden: dinsdag 29 maart 2016 16:31 > Aan: samba at

Hi all, I'm having a test AD domain composed with 2 DC, using Sernet's version of Samba 4.2.2. These two DC are Centos 6.6 (dc20) and Debian 7.8 (dc00). These two are using TDB as a backend (as we have no other choice at this stage of Samba's development). *dc20*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # returned 27392 records # *27389* entries # 3 referrals

On Mon, 2015-11-16 at 16:50 +0100, mathias dufresne wrote: > transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 Looking at that line in your version of Samba may give you some idea why it failed. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer,

Hi, Thank you for this answer, unfortunately I was not able to re-hash password as they are hashed into LDB database. First I retrieved the hash: ldbsearch -H $sam '(cn=some user)' unicodePwd # record 1 dn: CN=some user,OU=Users Management,DC=ad,DC=example,DC=com unicodePwd:: COwwLgiqqaHRyhy4HxWp4A== This "unicodePwd" attribute comes from a quick search into "user"

Thank you all for these detailed answers. This size happened on DC where the import were done. Database with Samba 4 was always significantly bigger on this host than on the replicated ones. According to that I'll try the dump trick which would also teach me some things : ) I'll came back after tests... For LMDB the start seems to be there: https://jhrozek.fedorapeople.org/sambaxp

I found this one. Check which one works for you. http://www.eventid.net/display-eventid-40960-source-LSASRV-eventno-8508-phase-1.htm Im sure this is not a samba configuration problem. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle > Verzonden: dinsdag 29 maart 2016 16:18 > Aan: samba at

On my site with samba 4.18 on centos 6: 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' failed with this result msDS-NC Type failed : [root at s4master ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave -Uadministrator Password for [TPLK\administrator]: * Comparing [DOMAIN] context... * Objects to be compared: 606 Comparing: 'CN=Builtin,DC=tplk,DC=loc'

27.06.2016 18:45, mathias dufresne: > Perhaps you don't have yet duplicate objectSid as that's not supposed to be > possible. > Rather than scripting something to look for objectSid used twice I would > start with dbcheck and other tools to verify that your database is > consistent and identical on all servers. [root at pdc ~]# samba-tool dbcheck Checking 3346 objects

Hi again, Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann: > Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: > Hi, Mathias and all > thank you for your answer. > > > Hi all, > > > > SPN = servicePrincipalName > > > > A simple search returning all servicePrincipalName declared in your AD: > > ldbsearch -H $sam

Hi Mathias and all. Am Donnerstag, 24. März 2016, 13:26:12 CEST schrieb mathias dufresne: > Hi, > > I'm glad that helped you : ) > > About SPN, I found that link few days ago: > https://adsecurity.org/?page_id=183 > It tries to list the string values available usable for SPN. > > And it gives also that link: >