similar to: Can't set SeDiskOperatorPrivilege to Domain Admins. (NT_STATUS_NO_SUCH_USER) Error.

We’ve just recently moved over to Samba 4. It looks as if “force directory security mode” doesn’t work in samba 4. So I’m trying to setup the Windows ACLs on our groups share. I’ve been working on this for a few days. I’ve read over the docs, it seems like all the google links are purple and I’m still stuck. Hopefully someone here will have an idea. We’re running Windows 2008R2 for our AD

Thanks for everyone chiming in on my problem. I really do appreciate it. Just to clarify, I’m working on a share called Edwards_Public. I’m trying to get it so the members of the AD group called do_superintendent are the only people able to read and write any files in that directory. Here is my global config: workgroup = NSD client signing = yes client use spnego = yes kerberos method = secrets

On Tue, 19 Sep 2017 13:13:45 -0700 Jamie McParland via samba <samba at lists.samba.org> wrote: > Thanks for everyone chiming in on my problem. I really do appreciate > it. > > Just to clarify, I’m working on a share called Edwards_Public. I’m > trying to get it so the members of the AD group called > do_superintendent are the only people able to read and write any >

>From your Global config I see no IDMAP settings. You need that for Linux to recognize your ad users. See my blog top post for example: Monklinux.blogspot.com Try my configuration, should work perfectly. Soz 4 short reply, typing on phone. Lemme know if it works. Note, pay attention to section under installing samba. On Sep 19, 2017 22:19, "Jamie McParland via samba" <samba at

Why not set your permissions from the windows server via security tab on folder properties? I set up mine the following way: smb.conf allows domain admins and domain users full RWX access to share (actual access controlled via ACLs) share perms on linux box chown root."domain admins" /SHAREPATH setacl -m g:"domain admins":rwx,g:"domain users":rx /SHARELOCALPATH

Yes, I’m using sssd. > On Sep 19, 2017, at 1:33 PM, Rowland Penny <rpenny at samba.org> wrote: > > On Tue, 19 Sep 2017 13:13:45 -0700 > Jamie McParland via samba <samba at lists.samba.org> wrote: > >> Thanks for everyone chiming in on my problem. I really do appreciate >> it. >> >> Just to clarify, I’m working on a share called Edwards_Public.

Hi, I was playing with the munin plugin in nsd4 beta4, and saw some strange errors. Directly after starting nsd on linux, I'm seeing: $ ps ax -o pid,ppid,user,args | grep nsd 1638 1 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1641 1638 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1647 1641 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf $ sudo munin-run nsd_munin_memory

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it

Hello, NSD 4.8.0 running on FreeBSD 13.2-RELEASE-p9 and serving both plain and DNSSEC signed zones. I noticed Permission denied errors in the logs for all domains listed in nsd.conf: [2024-01-12 12:20:05.710] nsd[8655]: info: writing zone domain-plain.org to file domain-plain.org [2024-01-12 12:20:05.710] nsd[8655]: error: cannot write zone domain-plain.org file domain-plain.org~: Permission

Hi, Please advise how to use Response Rate Limiting on a server which has multiple NSD server processes (nsd.conf server section has server-count > 1). We have a problem with NSD v3.2.16 repeatedly unblocking and blocking again a single source which is flooding positive queries at a ~steady 700 qps rate. rrl-ratelimit setting is the default 200 qps. The unblock-block happens multiple times

Hello I have this problem since a week or so: The nsd daemon crashes unexpectedly and the nsd log files shows this: [1200299533] nsd[3736]: info: XSTATS 1200299533 1200298484 RR=0 RNXD=0 RFwdR=0 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=0 SAns=40 SFwdQ=0 SDupQ=0 SErr=0 RQ=37 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=0 SFwdR=0 SFail=30 SFErr=0 SNaAns=0 SNXD=0 RUQ=0 RURQ=0 RUXFR=0 RUUpd=1

Hi, I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found something strange when changing (nsd-control reconfig) one zone from: zone: name: 10.in-addr.arpa zonefile: /zones/empty.zone to zone: name: 10.in-addr.arpa request-xfr: 192.168.122.12 NOKEY allow-notify: 192.168.122.12 NOKEY zonefile: /zones/slave/10.rev and doing nsd-control reconfig. After

Hi Chris, I've properly started looking into this yesterday. NSD definitely shouldn't crash, still working on that. However, the provided zone is invalid too(?) I'm not the foremost expert on NSEC3 (or even DNSSEC), but is seems an NSEC3 is missing for bar.foo.com. Empty non-terminals should still have an NSEC3 RR. (Of course, the delegation point should be at bar.foo.com. too and

While SVCB/HTTPS provides a better solution for the browsing use case, I see other use cases where ALIAS/ANAME would be ideal, notably in apex RRs. So while fostering SVCB/HTTPS deployment is a good thing, I wouldn?t mind name server software implementing ALIAS. Including NSD, but I reckon it?s much more challenging to do due to NSD architecture than it was to implement it in PowerDNS. But if

Hi Jean Claude, The message is printed when the bind operation failed. Why that happens is hard to say, I'd need more information for that. As the message does not say: address already in use (or similar), I'm guessing the address is not configured? Best regards, Jeroen On Fri, 2023-04-21 at 18:03 +0200, HAKIZIMANA Jean Claude via nsd-users wrote: > Dear nsd Users, > kindly can

NSD 2.3.2 is a bugfix release. Please see the README document for configuration and installation instructions. You can download NSD from http://www.nlnetlabs.nl/nsd/ Note: we switched to SHA-1 for tarball digest. 2.3.2 ============= FEATURES: - Bug #101: add support for the SPF record. BUG FIXES: - Bug #100: replaced non-portable use of timegm(3) with portable

Hi Jeroen, Attached is the zone I used. Did you add the record for a.bar ? Ex: a.bar 300 IN NS ns.somewhere.net. Chris ________________________________ From: Jeroen Koekkoek <jeroen at nlnetlabs.nl> Sent: Tuesday, October 8, 2024 5:33 AM To: Chris LaVallee <clavallee at edg.io>; nsd-users at lists.nlnetlabs.nl <nsd-users at lists.nlnetlabs.nl> Subject: Re:

Hi Chris, I can reproduce with your zone. Thanks! Best, Jeroen On Tue, 2024-10-08 at 14:07 +0000, Chris LaVallee wrote: > > Hi Jeroen, > > > Attached is the zone I used. Did you add the record for a.bar ? > > > Ex: > > > a.bar ? 300 ? ? IN ?NS ? ? ?ns.somewhere.net. > > > Chris > > > > > > > > > > >

Hi, I found a reproducible seg fault with a DNSSEC signed zone and overlapping config. I'm running NSD 4.10.1. Here's how to reproduce. 2 zones in nsd.conf: zone: name: "foo.com." zonefile: "/zones/foo.com.zone.signed" zone: name: "bar.foo.com." zonefile: "/zones/bar.foo.com.zone" Zone files:

Hi Chris, I'm having trouble trying to reproduce the issue locally. Like you I configure two zones. zone: name: example.com. zonefile: example.com.zone.signed zone: name: bar.example.com. zonefile: bar.example.com.zone The file bar.example.com.zone does not exist. After touching and reloading the signed zone, no segfault occurs. I've tried with and without the