Displaying 20 results from an estimated 10000 matches similar to: "user cannot access shares on new ad-dc"
2017 Sep 29
3
user cannot access shares on new ad-dc
> On 29.09.2017 11:44 Rowland Penny wrote:
> Have you set up the libnss_winbind links, PAM and /etc/nsswitch.conf ?
Yes, I had modified two lines in /etc/nsswitch.conf:
passwd: files winbind
group: files winbind
No, I had not seen a pointer to libnss, but now did
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/i386-linux-gnu/
ln -s
2018 Nov 06
3
classicupgrade
Hai,
Ok, i expected a bit different outputs.
On my DC, i use /home/samba/sysvol and /home/samba/netlogon.
This is what i expected.
getfacl /home/samba/
getfacl: Removing leading '/' from absolute path names
# file: home/samba/
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
group::rwx
group:BUILTIN\134administrators:rwx
2019 Sep 19
3
Script to sync xID/idmap.ldb, some questions...
I'm scripting the ''replica'' of DC xID db (idmap.ldb) between DCs,
following:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings
but i've two question.
1) because i've just in place the sysvol replica, i've thinked of
copying the 'idmap.ldb.bak' file on sysvol share (in debian,
2016 Jun 14
3
since i added second DC i have some trouble
Hi,
i provisioned a domain and all went well, until i added the second dc....
for example:
the new DC2 tells me:
getfacl /usr/local/samba/var/locks/sysvol
# file: usr/local/samba/var/locks/sysvol
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
user:BUILTIN\134administrators:rwx
user:BUILTIN\134users:r-x
user:ELEMAY\134guest:rwx
user:ELEMAY\134domain\040guests:r-x
2016 Jun 14
3
since i added second DC i have some trouble
On 6/14/2016 1:16 PM, Rowland penny wrote:
> On 14/06/16 17:38, J. Echter wrote:
>> Hi,
>>
>> i provisioned a domain and all went well, until i added the second
>> dc....
>>
>> for example:
>>
>> the new DC2 tells me:
>>
>> getfacl /usr/local/samba/var/locks/sysvol
>>
>> # file: usr/local/samba/var/locks/sysvol
>> #
2018 Jun 14
4
Admin UID changed with upgrade to 4.8.2
On Thu, 14 Jun 2018 09:39:46 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> And i did read the Comment to for Rowland below,
> On debian you need :
> libnss-winbind libpam-winbind to be installed.
> I think you miss one of these.
They are the glue that connects Samba to nsswitch and allows 'getent
passwd username' to work. Without
2018 Nov 06
3
classicupgrade
Hello Luis
tomorrow i'm not in office, reply to you thursday
One question : who is owner and whats rights for dir
/home
/home/samba
/home/samba/sysvol
because, from windows client, user into domain admins, when i change in
security tab, explorer always crash
bye
Il 06/11/2018 17:16, L.P.H. van Belle via samba ha scritto:
> Ok, next,
>
> From a windows pc connect to
2017 Jan 13
1
Duplicate xidNumbers
Hello Samba team,
I have 3 production samba DCs version 4.5.1 serving the same domain (2
sites) and all are having the same problems, I believe based on two
duplicate xidNumbers described below.
xidNumbers 3000002 & 3000003 have two SIDs assigned while xidNumbers
3000011 & 3000012 have no SIDs assigned. Is fixing this as simple as
moving one of the duplicates to the empty xidNumber
2017 Aug 24
5
sysvolreset doesn't reset all ACLs
Ok, rechecked this, your correct. This did work fine.
In now at samba 4.6.7, you?
This worked untill ( last i checked ) 4.6.5 :-(( now sysvolreset is totaly broken. :-((
New thing for my ToDo list..
Try this script, the rights are my defaults "after a sysvol reset"
Place the script somewhere within /var/lib/samba
Preffered that location .
Run it with : bash script.sh sysvol/
!
2018 Nov 06
5
classicupgrade
Hai,
I suggest, start reading here, it explains all.
https://lists.samba.org/archive/samba/2018-February/213690.html
The script in that thread is not changing anything by default.
I suggest try it and post the output.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden:
2018 Mar 21
2
Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
I've hitted the error in subject trying a backup of my sysvol.
Mar 21 11:13:31 vdcsv1 winbindd[3494]: [2018/03/21 11:13:31.234373, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Mar 21 11:13:31 vdcsv1 winbindd[3494]: Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!
Looking on internet/list archive leadme to recent post (november 2017)
and this
2016 Jun 14
1
since i added second DC i have some trouble
On 6/14/2016 2:50 PM, J. Echter wrote:
> Am 14.06.2016 um 20:47 schrieb lingpanda101 at gmail.com:
>> On 6/14/2016 1:16 PM, Rowland penny wrote:
>>> On 14/06/16 17:38, J. Echter wrote:
>>>> Hi,
>>>>
>>>> i provisioned a domain and all went well, until i added the second
>>>> dc....
>>>>
>>>> for example:
2016 Jun 27
2
Rights issue on GPO
On 26/06/16 12:43, Achim Gottinger wrote:
> Created an feature request
>
> "add resolving for well known security principals"
>
> https://bugzilla.samba.org/show_bug.cgi?id=11997
>
> Am 25.06.2016 um 12:35 schrieb Achim Gottinger:
>>
>>
>> Am 25.06.2016 um 02:21 schrieb Achim Gottinger:
>>>
>>>
>>> Am 24.06.2016 um 23:16
2016 Jun 25
4
Rights issue on GPO
Am 25.06.2016 um 02:21 schrieb Achim Gottinger:
>
>
> Am 24.06.2016 um 23:16 schrieb Achim Gottinger:
>>
>>
>> Am 24.06.2016 um 22:57 schrieb Rowland penny:
>>> On 24/06/16 21:35, Achim Gottinger wrote:
>>>>
>>>>
>>>> Am 24.06.2016 um 21:24 schrieb Rowland penny:
>>>>> On 24/06/16 19:47, lingpanda101 at
2017 Mar 21
3
Problem sysvolreset
Hai,
Here you go my output of the R2008R2. (64bit)
1) original GPO from the install ( the domain controller policy )
Path : Microsoft.PowerShell.Core\FileSystem::C:\Windows\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
Owner : BUILTIN\Administrators
Group : NT AUTHORITY\SYSTEM
Access : CREATOR OWNER Allow 268435456
NT AUTHORITY\Authenticated Users
2016 Jun 27
6
Rights issue on GPO
Hai,
After lots of testing and checking today im must concluded that achim and mathias are right.
There are "BUILDIN\" security groups which make some GPOs are going wrong.
Also, im getting errors again with sysvolcheck. .. i was in the understanding this was resolved.. but im but off with all info, very buzy at the office atm.
samba-tool ntacl sysvolcheck
ERROR(<class
2017 Jun 16
2
Erro sysvolcheck/sysvolreset
:-|
ls -lnd /opt/samba/var/locks/sysvol
drwxrwx---+ 3 0 3000000 4096 Jun 16 13:56 /opt/samba/var/locks/sysvol
Em 16-06-2017 13:38, Rowland Penny via samba escreveu:
> On Fri, 16 Jun 2017 13:15:19 -0300
> "Carlos A. P. Cunha" <carlos.hollow at gmail.com> wrote:
>
>> OK, sorry, uncomment a line :-D
>>
>> Yes exist!
>>
>> ls -ld
2017 Jul 03
2
Can't create/update Group Policy in Samba 4.6.5
Hai,
In reponse to the why i recommend that.
Since this is a "windows" only share, i recomment to set it up for that usage, with results in better matching for windows rights.
Resulting in better working policies.
The current POSIX rights did not match to my needs and resulted in inconsistant policies.
This is why i use these for profiles and sysvol.
And this is my setup order:
2016 Jun 20
4
Rights issue on GPO
Hi all,
Following this thread with interest, as we are also having some issues
with GPO (they work on and off, unpredictably)
We checked iddap.ldb on the DCs and noticed differences between DCs.
We would like to ask some questions:
On 10-6-2016 9:26, Rowland penny wrote:
> Well, it is and it isn't, yes winbindd will display the user & group
> names for sysvol, but sysvol still
2016 Jan 18
1
ID mapping & sssd
I'm working through learning mapping ids and Rowland has provided the
following advice:
"It is fairly simple, on a DC, users are mapped to (via idmap.ldb) Unix
automatically. On a domain member, you have a choice of backends, but the
two main ones are 'rid' & 'ad'. The 'rid' backend works similar (from an
initial view point) to the DC and maps the users &