similar to: DC replication issues / different attributes

Hi Rowland, thanks for your reply. Any clue when this patch goes into production and being pushed into the sernet repository? And will the database be fixed when upgrading or are there any manual steps necessary? Cheers, Julian > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von > Rowland Penny via samba > Gesendet: Mittwoch, 30.

Hi Rowland, we're using the Windows mmc for administrating samba sernet DCs running samba-sernet-ad 4.2.11-9. 4 Domain controllers are present. Primary DC replicates to a second in our local office and to 2 others in a vpn connected network. Changes are made on our primary dc always. DC 3 and 4 and the primary and secondary DC responsible for ssh authentication on our linux boxes having the

I would suggest. Stop samba and winbind Backup /etc/krb5.keytab /var/lib/samba /var/cache/samba Remove everything in : /var/lib/samba /var/cache/samba And remove : /etc/krb5.keytab Put in this config ( from Rowlands suggestion. ) Can you try this smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.local netbios name = vmu09tcse01 dedicated keytab file = /etc/krb5.keytab

Well, I always get 0 results, whether using cn, full username, wildcards, another existing and working user etc. # cat /etc/passwd | grep 'ren_test' returns nothing # wbinfo -u | grep 'ren_test' returns: ren_test4 I also created a backup of all those ldb files and restarted the samba service. Now there's no new sam.ldb but a file looking similar to it. Here's

Well we've changed the logon name (SAMAccountName) and the Name and Surname of the user object. -----Ursprüngliche Nachricht----- Von: Rowland Penny [mailto:rpenny at samba.org] Gesendet: Dienstag, 6. September 2016 11:37 An: samba at lists.samba.org Cc: Julian Zielke <jzielke at next-level-integration.com> Betreff: Re: [Samba] Winbind / Samba auth problem after username change On Tue,

Hi Mathias, thanks for your advice on how to use getent. However you’re mentioning SSSD which is working fine. I was referring to it because we changed to that method lately but the server having the problem is NOT using this new method but the old winbind+samba combination. Sorry it it was confusing. Cheers, Julian Von: mathias dufresne [mailto:infractory at gmail.com] Gesendet: Dienstag, 6.

Hi, before we switched to SSSD we've been implementing the ssh authentication method via Domain using winbind+samba. Version installed on our machines is (still) 2:4.1.6+dfsg-1ubuntu2.14.04.13. So far everything has been working fine, however after we had to change a user's logon name in the domain he can't login anymore. auth.log shows still his old username followed by "from

Hi, short question: Which schedulers are recommended on running a samba smb server using > 1000 files but high I/O on reads/writes on those files? - Julian Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschlie?lich f?r den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte,

No, i dont think is needed for all to rejoin. Now next server, do the same but now dont delete everything Again stop samba and winbind. Backup the 2 /var/lib/samba and /var/cache/samba folder. Now in /var/lib/samba delete winbind*.tdb And *.tdb in /var/cache/samba USE THE SMB.CONF as before, modify it for the needed server. Start samba and winbind again. Type wbinfo -u first and

Good Morning Rowland, oh well, the bad side of the Internet... well the samba stuff was implemented by a former co-worker so I've to get into everything he did. Here’s the information you’ve requested, additionally with my config files I know changed based on the samba wiki: smb.conf: cat /etc/samba/smb.conf [global] workgroup = MYDOMAIN realm = MYDOMAIN.local netbios name =

Hi, our virtual DCs specs are: 1vCPU, 1GB RAM System is running on iSCSI Storage in an Openstack Enviroment. Smb.conf on our DC 03 and 04: ================== # Global parameters [global] workgroup = NLI realm = nli.local netbios name = dc04 server role = active directory domain controller allow dns updates = nonsecure dns forwarder =

AVAHI is not running on our machines. We're using Samba from the official sernet repository. I did a find-command on all sam.ldb files and this is the only one which exists. Also when I delete them and restart the samba service, it's being created again, so I guess it's the correct file the daemon is working with. I've used the ldbsearch with the full logon name, however even

Yes, the change is reflected into groups. The user's DN has all the new information we entered. The group has a memberOf string with the same correct information. A net cache flush on our DCs didn't help either. Since on another server using the same DCs and authentication mechanisms has no problems with the new name it's seems to be a server-related issue and not a DC one. - Julian

On Tue, 6 Sep 2016 15:38:57 +0000 Julian Zielke <jzielke at next-level-integration.com> wrote: > No, getent NEWusername produces a result SHOWING the old username - > not the other way around. The machine is a domain member. We did a > join using net join ads. Where is it displaying the old username ? > > The passwords file has only the standard local users in there. Well

BTW I noticed that most configs use the wildcard parameter. So the smb.conf now uses: idmap config * : backend = rid idmap config * : range = 16777216-33554431 But still no change... I really wonder where this old username is coming from... > -----Ursprüngliche Nachricht----- > Von: Julian Zielke > Gesendet: Dienstag, 6. September 2016 18:10 > An: 'Rowland Penny' <rpenny

Hi, yesterday we experienced a heavy request flooding from multiple servers being a domain member against our Samba Sernet DCs. All those servers are domain members and allow login using PAM (Samba+Winbind). Running TCPDump we had like 400 Requests per 5 seconds like this: tcpdump -i eth0 dst port 389 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0,

- It really ends in local. So I guess I can leave this one. - I've corrected the double entry in nsswitch.conf The command returns: # getent passwd | grep ren_test ren_test4:*:12521:10513:ren_test4:/home/NLI.LOCAL/ren_test4:/bin/bash What I copied into the message before was our object directly from the DC. I thought you said "ldapsearch", not ldbsearch ;-) Well here's the

On Tue, 6 Sep 2016 11:41:59 +0000 Julian Zielke via samba <samba at lists.samba.org> wrote: > OK I think I got some more information for you guys. I just did > “getent passwd <NEWusername>” and got: <OLD > username>:*:<ID>:<ID2>::/home/…/<OLD username>:/bin/bash. > > When I do “su - <NEW username>” I get a valid shell with notification

On Wed, 7 Sep 2016 13:20:32 +0000 Julian Zielke via samba <samba at lists.samba.org> wrote: > I just did a cp -p *.ldb to a backup directory and restarted the > services. Of course I didn't delete it since I don't know whether > this action would be fatal. > > There is a tool for doing this, 'tdbbackup', and deleting sam.ldb etc would be fatal. Rowland

On Tue, 6 Sep 2016 14:56:20 +0000 Julian Zielke <jzielke at next-level-integration.com> wrote: > OK, I've commented out that line, leaving only: > > > idmap config mydomain : backend = rid > > idmap config mydomain : range = 16777216-33554431 > > in the config file. > > Also I did a net cache flush and deleted the database files > at /var/lib/samba.