similar to: domain member with winbind, slow smbcacls or smbclient listing

I think, the reason is some files acls, which contain uid or gid, absent in the domain. How to make so that winbindd in this case every time didn't connect with controller, but only periodically update data, using parameters winbind cache time and idmap negative cache time? I think so because in logs I see these strings: ...host has no idea of uid ... ...Connected to LDAP server...

Hello, I have an issue as stated in topic. My samba 4.8.3 file server, which is AD member frequently shows winbind errors (pasted below). From user perspective it seems to work fine, but I'm worried that I have something misconfigured and in the long run, I might run into some errors. My AD DC are running on samba 4.9.x (two of them), compiled from source with BIND as DNS backend (running on

Hi, I invoked several rsync processes simultaneously. The rsync code reads the from a file each time it's invoked. The file read into the script contains lists of filesystems to be sync-ed from client machine to the NFS fileserver. Both the client machine and the NFS fileserver are on separate NIS domain, and have been made to trust one another. The 2 NIS domains are also on separate

adding samba list On Fri, Jan 8, 2016 at 10:22 AM, Partha Sarathi <parthasarathi.bl at gmail.com> wrote: > Hi, > > > We have a customer who facing security issues after changing RID idmap > backend to AUTORID. > > > The History of the issue looks as below, > > 1) When samba configured with RID idmap backend customer requested to > change few permissions,

Thanks for the reply. Now we end-up with mix uid/gid from both ranges in cache TDBs. Few user logins are denied with below error in smbd.log, *[2016/01/07 11:39:44.475960, 1, pid=5202] ../source3/auth/token_util.c:430(add_local_groups* ** SID S-1-5-21-3082371790-1274690562-2878062458-5771 -> getpwuid(10005771) failed** wbinfo --user-info=mariond mariond:*:10015138:110000513:Marion,

Hi, all. What is greatest period for AD DC (non FSMO) can be unavailable, for example, because network segment is unavailable for long time (3, 4 weeks)? Is the controller will be removed from AD automatically? And what to do after this network segment will become available? I have read about tombstoneLifeTime attribute of Directory Service (Configuration, Services, Windows NT), which default

27.06.2016 18:45, mathias dufresne: > Perhaps you don't have yet duplicate objectSid as that's not supposed to be > possible. > Rather than scripting something to look for objectSid used twice I would > start with dbcheck and other tools to verify that your database is > consistent and identical on all servers. [root at pdc ~]# samba-tool dbcheck Checking 3346 objects

Hello guys. Continuing Zhuchenko Valery question,I would like to know if someone from the list has deployed a child domain in samba 4. I have a samba 4 domain controller running on gentoo.My goal is to set up a domain and authentication domain only. But I need a root domain forest and a child domain.I am using verion 4.2.11I would like to know if someone has accomplished this either using dcpromo

hi, samba team and other, client software calls samba and samba reads /etc/samba/smb.conf where some parameter contains variable %i (client ip address), but when samba calls samba-dcerpcd, it again reads /etc/samba/smb.conf where some parameter contains variable %i and at that moment %i is not client ip address, it is equal 0.0.0.0 for example I need client ip1 and client ip2 to get

On 16/07/2019 16:31, Kacper Wirski via samba wrote: > Hello, > > I have an issue as stated in topic. My samba 4.8.3 file server, which is AD > member frequently shows winbind errors (pasted below). From user > perspective it seems to work fine, but I'm worried that I have something > misconfigured and in the long run, I might run into some errors. > > My AD DC are

Hi all! Today, after two years of production, I get this error: samba-tool user create test20160627 testpassword ERROR(ldb): Failed to add user 'test20160627': - ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=test20160627,CN=Users,DC=ad... - ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in CN=test20160627,CN=Users,DC=ad... Help me

Hello, Thank You for prompt reply! As I stated, I don't have any issues that I'm aware of, but this file server is new in my infrastructure and I was worried that something is incorrect. I set minimal logging as a habit, and I bumped winbind recently to maybe see something that would help me solve this problem. What about this: ads_search_retry: failed to reconnect (No logon servers are

Hi. The quick question: Is there a way of forcing a Samba server that is an Active Directory member server to limit lookups to it's local domain only and not all trusted domains? The question in more detail: I have a Samba server that is joined to my local AD domain ("css.ad.example.com"). There are other domains under ad.example.com such as lps.ad.example.com and

I speak about working controller, not about powered off, but network segment doesn't available to other controllers, for pdc emulator, and controller is available for workstations at this network segment. 14.04.2020 13:00, L.P.H. van Belle via samba ?????: > Why would you have a server (DC) that long powered off, it for sure will give delays and less response of the network. > But you

On Thu, Jun 08, 2017 at 09:23:50AM -0700, Andy Qian via samba wrote: > Hi, all, > > we run smbcacls tool from linux machine to set file permissions on > windows server. > > here is our environment: > > > Linux machine: Ubuntu 14.04 LTS, kernel version 3.13.0-112-generic > > Samba version: 4.3.11 > > Windows machine: Windows server 2012 > > >

Am 29.07.24 um 13:20 schrieb Zhuchenko Valery via samba: > hi, samba team and other, > > client software calls samba and samba reads /etc/samba/smb.conf where > some parameter contains variable %i (client ip address), but when samba > calls samba-dcerpcd, it again reads /etc/samba/smb.conf where some > parameter contains variable %i and at that moment %i is not client ip

Am 29.07.24 um 13:48 schrieb Zhuchenko Valery via samba: > "hosts allow" about access to browseable share, I need different shares > lists How about "access based share enum" as a Machine is also just a user you could use the "valid users" option.

"hosts allow" about access to browseable share, I need different shares lists 29.07.2024 15:33, Christian Naumer via samba: > Am 29.07.24 um 13:20 schrieb Zhuchenko Valery via samba: >> hi, samba team and other, >> >> client software calls samba and samba reads /etc/samba/smb.conf where >> some parameter contains variable %i (client ip address), but when

user may be same, but from client ip1 this user can't see shares, which can see from client ip2. need share enumeration by client ip 29.07.2024 16:20, Christian Naumer via samba ?????: > Am 29.07.24 um 13:48 schrieb Zhuchenko Valery via samba: >> "hosts allow" about access to browseable share, I need different >> shares lists > > How about "access based

Am 29.07.24 um 14:35 schrieb Zhuchenko Valery via samba: > user may be same, but from client ip1 this user can't see shares, which > can see from client ip2. > need share enumeration by client ip Have you checked if "hosts allow" in combination with "access based share enum" does what you want?