similar to: Making a Samba DC under a different domain

"I expect you don't have just copied your VMs disks without changing VMs hostname and FQDN. I expect you don't fully re-use smb.conf from another DC (you can do that but you must change hostname into smb.conf)." 1) These are new Ubuntu VMs, not cloned, built from scratch. I tried joining them with no smb.conf in /usr/local/samba/etc You have disabled SELinux too 2) AFAIK

Talking to myself again ;-) Samba-tool is working a little bit different then the silo/policy management on a Windows-DC. On a Windows-DC after assigning the user and host to the silo you have to assign the silo to the user and the host. When assigning the user and host to the silo with samba-tool, the assignment to the user and the host will be done at the same time. So now my policy looks

Hi Stefan, We had a long weekend in New Zealand, I'm catching up now to your emails. Some of the slight differences between Windows tools I've already picked up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm always open to learning what things are missing or different etc. On 23/10/23 02:58, Stefan Kania via samba wrote: > Talking to myself again ;-) > >

Thanks Rob for chiming in. Stefan, I do want to be very clear, one of the big challanges that we as developers face building these kind of tools is that we don't run AD domains day-to-day. So we really value good feedback on the ergonomics. If you can test with our work in progress, we are keen to adapt the tooling where possible to be more in line with what is 'naturally expected, so

I ran ldbsearch on my sam.ldb I searched for CBADC02, CBADC03, and TESTES (all VMs that fail to join domain), results are below: CBADC02 shows up a few times: # record 1906 dn: CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu$ objectClass: top objectClass: server instanceType: 4 whenCreated: 20160310044543.0Z uSNCreated: 4215

Hi Marcel thx. for your fast response. I didn't manage to follow up sooner. I had already verbose logging turned on but I don't seem to find the real reason, why the domain controller searchs for a userPrincipalName instead of servicePrincipalName. Because I wasn't sure whether it is the nfs client process or the server process that failed to get the kerberos ticket when I tried the

2017-06-21 14:29 GMT+02:00 Prunk Dump <prunkdump at gmail.com>: > Thank you very much Louis, Rowland, Mike ! > > I have made all the changes proposed by Louis but still have the same problem. > > -> kinit works now with /var/lib/samba/private/secrets.keytab > ------------------------ > ~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$ > ~# >

Hello Andrew Bartlett, Friday, June 9, 2023, 11:25:01 PM, you wrote: > On Thu, 2023-06-08 at 13:41 +0300, Andrey Repin via samba wrote: >> Greetings, All! >> >> I've added a new DC to the working AD, transferred FSMO roles >> (checked, all 7 >> are ok') and (supposedly) correctly demoted the old DC. >> >> SchemaMasterRole owner: CN=NTDS

On Sun, 2 Oct 2016 22:01:32 -0600 "Paul R. Ganci via samba" <samba at lists.samba.org> wrote: > > > On 10/02/2016 07:57 PM, Paul R. Ganci via samba wrote: > > > > > > On 10/02/2016 06:15 PM, Paul R. Ganci via samba wrote: > >> On 09/11/2016 10:38 AM, Paul R. Ganci via samba wrote: > >> > >>> On 09/11/2016 01:23 AM, Rowland

I'm looking for a way to batch create a list of computers accounts in Active directroy running on Windows 2000 PDC. I tried to use perl ldap to create those objects but I didn't manage to set the sAMAccountType to "805306369" ( apparently this is a read only auto generated value) Is there any way to do that under Linux ? Thanks, Thomas #! /usr/bin/perl use strict; use

On Thu, 12 Oct 2017 13:28:40 -0500 (CDT) Mike Ray <mray at xes-inc.com> wrote: > ----- On Oct 11, 2017, at 5:56 PM, samba samba at lists.samba.org wrote: > > > ----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org > > wrote: > > > >> On Tue, 10 Oct 2017 11:28:09 -0500 (CDT) > >> Andrew Martin <amartin at xes-inc.com> wrote: >

Hi Mathias and all. Am Donnerstag, 24. März 2016, 13:26:12 CEST schrieb mathias dufresne: > Hi, > > I'm glad that helped you : ) > > About SPN, I found that link few days ago: > https://adsecurity.org/?page_id=183 > It tries to list the string values available usable for SPN. > > And it gives also that link: >

Hi again, Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann: > Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: > Hi, Mathias and all > thank you for your answer. > > > Hi all, > > > > SPN = servicePrincipalName > > > > A simple search returning all servicePrincipalName declared in your AD: > > ldbsearch -H $sam

I'm trying to join a RHEL5 host to an AD domain, and can do this successfully when I set those hostname to the same value as the samba "netbios name" parameter. However, when I try with a hostname != netbios name, it fails. Is it possible to join a machine when the hostname isn't the same as the netbios name? The reason for wanting this is because I have a whole load of servers

Joining member Centos 7.8 Linux server with 4.10.4-10.el7 or higher appears to ignore client FQDN when AD domain does not match client domain name.? For example Active Directory Domain is ad1.testdomain.com and the client member server FQDN is? testhost.clients.testdomain.com.? When joining the domain? DNSHostName attribute in AD shows testhost.ad1.testdomain.com when it should be

Hi, Does anyone have experience of using ldbedit or similar, to remove the duplicates below? (Is that even the right way for me to go?) Can I perhaps query something using ldbsearch, to find the duplicates, before using ldbedit? On Sun, 18 Nov 2018 at 21:37, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > [...] > In my database, as reported by the domain join command above, I have

start with fixing the overlapping idmap config. that wont help. check again if host.fqdn a and ptr exists in the dns. check resolv.conf make sure your primary domain is listed first. you left and rejoined the domain, so you can try regenerateing your keytab file also. start with that greetz Louis > Op 19 dec. 2016 om 21:04 heeft Brian Candler via samba <samba at lists.samba.org>

Hello, I'm trying to run smbtorture against another system. I have installed version 4.0.0alpha9 locally. The remote system is registered with ADS as: distinguishedName: CN=bl-uits-cictest,CN=Computers,DC=ads,DC=iu,DC=edu name: bl-uits-cictest dNSHostName: bl-uits-cictest.ads.iu.edu servicePrincipalName: HOST/bl-uits-cictest.ads.iu.edu servicePrincipalName: HOST/BL-UITS-CICTEST The

On Tue, 28 May 2019 11:04:01 +0200 Denis Cardon <dcardon at tranquil.it> wrote: > Hi Mark, > > > Because of other issues using ADUC, I tried to remove a domain member using: > > > >> samba-tool group removemembers "Domain Computers" MARKA\$ > > Removed members from group Domain Computers > > > > As shown, it say it "Removed

Hi, while trying to use Samba4 as KDC for secure NFS (once again) I found something I suspect to be an error: In order for NFS (with krb5) to work it requires a nfs/... principal, so I created one using samba-tool: samba-tool user add nfs-user samba-tool spn add nfs/atom.mydomain.org nfs-user samba-tool domain exportkeytab /etc/krb5.keytab -principal=nfs/atom.mydomain.org After setting up NFS,