similar to: Attempting a trust between Samba and Windows AD DC

Hi Rowland, Thanks for the swift response. I'm not married to SSSD and am happy to use the best tool for the job, but was just looking for some general advice on my situation. I'll post on the sssd-users mailing as well. Thanks, Chris. On 7 November 2017 at 15:38, Rowland Penny <rpenny at samba.org> wrote: > On Tue, 7 Nov 2017 15:06:55 +0000 > Chris Alavoine via samba

Hi all, I didn't have much luck getting SSSD to work so I'm currently testing out the following: Built a new member server from source on Ubuntu 16.04. I used the following ./configure statement: ./configure --enable-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib/x86_64-linux-gnu This seems to install nicely onto Ubuntu and puts everything in the right

Hi there, I currently have 9 x Samba 4.6.3 Domain Controllers happily replicating and working nicely. We use BIND_DLZ DNS. I have been tasked with adding a Windows 2008 R2 DC to this group which I have done following this guide: https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD All appears to have gone well and replication is working according to

On Wed, 2016-12-07 at 12:23 +0000, Chris Alavoine via samba wrote: > Hi all, > > I've now upgraded to Samba-4.5.2 and I've tried running: > > samba-tool domain tombstones expunge > > but I simpley get: > > Removed 0 objects and 0 links successfully, however I'm still seeing > several hundred errors when running a dbcheck with the "not remocing

Hi all, I currently have 5 DC's all running 4.1.5 and would like to upgrade them to 4.1.11. Should I upgrade the FSMO DC first and then the others or perhaps the other way around? Can anyone see any pitfalls here? Also, should I just: 1. stop samba 2. ./conffigure && make && make install 3. restart samba ? I am also planning on switching to BIND_DLZ (currently running

Hi gents, I have a problem with winbindd uid/gid numbering on my Samba4 domain member server. This is my smb.conf: [global] netbios name = DOM-MEMBER workgroup = EXAMPLE security = ADS realm = EXAMPLE.COM encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 500-100000 idmap config ESSENCE:backend = ad idmap config ESSENCE:schema_mode =

Hi all, I've recently upgraded all our DC's (we have 9 spread over various global Sites) to 4.5.0. I run a dbcheck on our FSMO-owner DC once per day from a cron job and this threw up a ton of errors on the first pass after the upgrade. After running it several times with the --fix flag I've got the errors down to 603 but these last errors are refusing to be removed. Here is an

Hi there, I would like to setup a Samba 4 member server to act as a separate fileserver within my Samba 4 domain. Does anyone have any recommendations for this setup? I've tried to create one following this: https://wiki.samba.org/index.php/Samba4/Domain_Member Which seems to work ok until I try to change any permission on any shares (or anything within the shares). I then get

Hi all, I can't seem to figure this one out. I have a test rig Samba 4 VM up and running nicely. Have imported my old Samba 3 directory and am using nslcd to get users and groups back to *nix. I have a perl login script which generates on-the-fly .bat scripts per user as they login using the root preexec and postexec commands in my smb.conf (which worked out of the box with Samba 4

Hey all, I'm trying to create a .deb installable package of Samba4 so I can add it to my local repository and install from there. Main reason for this is I want to automate Samba builds using puppet. Has anyone had any experience/success with this? I've tried various methods using dh make etc but no luck so far. Thanks, Chris. -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob

Hi all, Am having problems adding a new DC to a Site that doesn't already have a DC in the same subnet. Whenever I try and do a domain join specifying a nearby DC in a different subnet I get this: ERROR(runtime): uncaught exception - (-1073741643, 'NT_STATUS_IO_TIMEOUT') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run

Hi Marc, Thanks for your reply. We are using BIND9_DLZ currently as the DNS backend I manually selected a replication partner (the FSMO roles DC). We do have some errors when doing a dbcheck but I'm not able to fix them. I've detailed this in another post. Here is an example of each type: Example1: *ERROR: incorrect GUID component for member in object

Hi all, Am posting this again with a more helpful subject line... My 5 DC production domain (4.1.7 Ubuntu 12.04) is in a bit of a state. I attempted an upgrade from 4.1.5 to 4.1.7 which appeared to work, but now we have replication errors and am unable to add any new DNS entries. I am now certain that we've fallen foul of the DomainDnsZones DeletedObjects problem that I've been reading

Hi all, A bit of back story. A few years back we upgraded our Samba3 domain to Samba4 using the classicupgrade method. After a few stumbles we got there and now have 9 DC's globally all running 4.5.0. We dropped the ball when naming our domain and now need to change it. This has led me down the path of attempting to join a Windows Server 2008 R2 machine as a DC and then run the RENDOM tool

Hi there, I noticed this bug as we were due to put this into production and wondered if anyone else had seen similar. When browsing a PDC share on Samba 4.1.4 (like Sysvol or netlogon or any other newly created one) from a Windows box we see this error: "\\pdc\share refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure

On Tue, 7 Nov 2017 15:06:55 +0000 Chris Alavoine via samba <samba at lists.samba.org> wrote: > Hi all, > > We are about to integrate a large number of users into our > organisation and I've been tasked with attempting to allow said users > access to our internal systems which are controlled from 10 x Samba > 4.6.3 DC's across several sites. > > All Samba

Hi there, I have a working Samba 4 domain (4.1.5) with several DC's spread over a global network. They are all based on Ubuntu 12.04. At present the domain member fileservers for this network are all running Samba 3.4.7 and using NSLCD and *nix permissions to allow access. This is working nicely. I am now trying to create a new Samba 4 (4.1.7 Ubuntu 12.04) domain member fileserver and have

Hi Rowland, Just saw your message on the lists about adding a tombstone command by using domain.py. I appear to have domain.py in /usr/local/samba/lib/python2.7/site-packages/samba/netcmd, do I need to do something to activate this? Thanks, Chris. On 17 October 2016 at 17:32, Chris Alavoine <chrisa at acs-info.co.uk> wrote: > Hi Marc, > > Unfortunately, I have around 600 of

Hi there, I currently have 6 Samba4 DC's in different offices around the world. I have them all the same site (Default-First-Site-Name). We are having some problems with client machines latching onto the wrong DC and creating unnecessary lag. I'd like to create Sites and tie them to Subnets using RSAT tools. Has anyone had any experience with this? (taking into account that I'll

Hi all, Am trying to find a way to disable SSLv3 protocol in smb.conf on Samba4. I am using the following: tls enabled = yes tls keyfile = tls/myKey.pem tls certfile = tls/myCert.pem tls cafile = With a self-signed cert. But when I remote connect from another host using: openssl s_client -showcerts -connect samba4-dc:636 -ssl3 I get a successful