Displaying 20 results from an estimated 3000 matches similar to: "upgrading DC 4.5.x to 4.7.x"
2017 Dec 02
3
upgrading DC 4.5.x to 4.7.x
02.12.2017 2:16, mj via samba пишет:
> - power off the old DCs
> - reize fsmo roles, cleanup the database, etc
why not to transfer roles while old DC are online?
> - add new 4.7.2 DCs using their old names/ips
> - remove the temporary DC
why not simply add new DCs to current production domain?
I'm thinking about way to upgrade too, but using "separated environment"
2017 Nov 01
2
kerberos + winbind + AD authentication for samba 4 domain member
I'm going to start with clean centos install, so I might as well use some
additional guidelines, thank You.
When You run kinit, does Your user have ticket already? What I noticed is
that when user has a ticket already, kinit works fine, uses as default
principal the one from ticket.
Can you do kdestroy - then kinit?
Also, on Fedora, did You install samba from source or from repo's RPM?
2017 Dec 02
0
upgrading DC 4.5.x to 4.7.x
Hi,
On 12/02/2017 03:49 PM, Mike Lykov via samba wrote:
> 02.12.2017 2:16, mj via samba пишет:
>
>> - power off the old DCs
>> - reize fsmo roles, cleanup the database, etc
>
> why not to transfer roles while old DC are online?
See your question two
>
>> - add new 4.7.2 DCs using their old names/ips
>> - remove the temporary DC
>
> why not simply
2018 Aug 16
2
explorer.exe crashes on security tab access
I've noticed myself similiar issue.
Windows 10 (v 1803) - window with security tab open crashes on certain
files (yes, just the window, not whole OS). Just before crash i see
unresolved SID which looks like nothing I know (doesn't look like domain
SID - maybe local user SID from samba member server?). All files that
cause this issue are from any of the samba servers.
Same files I can
2019 Oct 22
3
Win7 vs. Win10 GPO Editing
Hi,
I have a problem with GPO editing.
I have some GPO first created with RSAT and GPO editor on Win 7 x64.
I have modified recently this object with RSAT and GPO editor on Win 10 x64
.
If I try to edit the GPO back to Win7 I got the following error (in
french):
La ressource ? $(string.SiteDiscoveryEnableWMI) ? r?f?renc?e dans
l?attribut displayName est introuvable. Fichier
2017 Dec 02
2
upgrading DC 4.5.x to 4.7.x
Thank for all advice,
I have a question about:
"- add new 4.7.2 DCs using their old names/ips
- remove the temporary DC"
Do I understand correctly, You created new machine (or
removed/reinstalled samba completely), used IP/hostname of the previous
DC and just re-added as DC?
Also, did You have any issues after removing temporary DC? Some time ago
i had to remove one DC and I had
2017 Nov 01
5
kerberos + winbind + AD authentication for samba 4 domain member
Hello,
Thank You for fast response. I'm glad that it's a mistake somewhere on
my side, it means it will work when I fix it :)
Ok, first of all:
Everything is on centos 7.4
All config files will be below, but to start off: behaviour is stranger
than I thought, but there is a pattern:
when doing
[DOMAIN\kacper_wirski at vs-files ~]$ kinit -V
Using default cache: /tmp/krb5cc_101003
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Ok, I finally could try it out, and it seems to actually work, but You
need samba 4.7 on all machines, not only AD, but also server with
freeradius. I didn't get a chance to test it locally, that is samba AD +
freeradius on the same server.
Setup: 4.7.6 AD server and 4.6.2 samba member + freeradius didn't work
(got simple "nt_status_wrong_password")
but: 4.7.6 AD and 4.7.1
2017 Nov 01
4
kerberos + winbind + AD authentication for samba 4 domain member
On Wed, 1 Nov 2017 19:49:32 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Wed, 1 Nov 2017 20:28:05 +0100
> Kacper Wirski <kacper.wirski at gmail.com> wrote:
>
> > I'm going to start with clean centos install, so I might as well use
> > some additional guidelines, thank You.
> >
> > When You run kinit, does Your user have
2018 Aug 16
2
explorer.exe crashes on security tab access
By primary group I mean the group that is set by chgrp. that is the group
returned after the pound key (#) from getfacl. In other words the Unix
group and not the one managed by ACLs.
/ Kacper
> Hello,
>
> I've seem to have found what looks like a bug in Samba 4.8.3. It's
> the same problem as described in
> https://lists.samba.org/archive/samba/2018-March/214589.html.
2018 Aug 16
1
explorer.exe crashes on security tab access
As I said, I haven't got time to look at what's really happening, just
that sometimes windows 10 + some file = security tab just closes/crashes
instantly and clearly there is a long SID that's not like anything I
recognize, might be well known SID (not well known enough though I'd
say, as it's unresolved ;) ). I'm not sure if my experiences are related
to those of OP,
2018 Mar 26
1
freeradius + NTLM + samba AD 4.5.x
It is an issue that I myself would also like to solve.
I found multiple threads in samba and freeradius mailing lists. It seems
that every couple of months there is question like this either here on
FR mailing list and all point down to the same issue, that is:
freeradius uses ntlm_auth (even when using winbind with newer freeradius
versions, it also in the end uses ntlm_auth). And since
2018 Jan 15
5
Avoiding uid conflicts between rfc2307 user/groups and computers
On Mon, 15 Jan 2018 14:55:55 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > > It is not the SYSTEM user (that is a local user to the
> > > workstation, so clearly does not exist on the domain).
> > Yes it does. Look at "Builtin\system" which is also "NT
2017 Sep 17
2
samba 4 ad member - idmap = ad for machine accounts
Hello,
I have samba 4.5.10 file server as AD member (AD is also samba 4.5.10).
I'm using unix extension for windows rsat to set UIDs for all users and
on samba AD member i'd prefer to use idmap = ad to have consistent file
permissions across multiple file servers.
My issue is with machine accounts. RSAT extension doesn't allow for easy
"uid" setting for machine
2018 Nov 20
3
samba AD - bind - deleted DNS entries are not removed completely
Hello,
I've posted about this issue some time ago, but I maybe didn't explain
myself enough and/or didn't supply enough information.
My setup is centos 7.5 samba 4.8.4 AD DCwith BIND as dns backend.
I noticed that some windows clients stopped doing secure dns dynamic
updates because of insufficient rights error.
Upon further digging I realized that all of the entries, that were
2018 Mar 29
2
Failed to find DC in keytab, gpupdate fails
what is the output of "kvno dc.domain.net.pl"? There seems to be
mismatch kvno of the secrets keytab, and what is client expecting (kvno
2). Kvno increments by 1 for every password change. Was there by any
chance password change for the dc$ account and keytab was not recreated?
If You made some upgrades, maybe during process You for example rejoined
the domain (that would set new
2019 Jun 03
2
samba file server - sediskoperatorprivilege not being honored
On 03/06/2019 12:29, Kacper Wirski via samba wrote:
> Hello,
>
> Since nobody picked this up I will try to answer myself (hopefully
> correctly).
>
> I think I just misread documentation on wiki, but I would really
> appreciate a clarification. In the wiki it states:
>
> "To enable other accounts than the domain administrator to set
> permissions on Windows,
2018 Mar 26
3
freeradius + NTLM + samba AD 4.5.x
Also I just facepalmed, as I double checked smb.conf right after sending
mail, and in samba 4.7 there are new options available for "ntlm auth",
as stated in docs:
|mschapv2-and-ntlmv2-only| - Only allow NTLMv1 when the client promises
that it is providing MSCHAPv2 authentication (such as the |ntlm_auth| tool).
So that is is I suppose that special "flag" that is used by
2018 Jul 21
2
samba 4.8 with bind - bugged dns entry in reverse lookup zone
Hello,
I stumbled upon weird error/bug.
My setup:
4.8.3 AD on centos 7.5 (compiled from source).
BIND as dns running on AD DC with secure dns updates setup and working.
Most of the DNS updates are dynamic, some added manually using windows
DNS manager.
One of the PTR entries in reverse lookup zone went missing. It's not
visible in the windows DNS manager, it's nowhere to be found
2018 Mar 27
5
ODP: Re: freeradius + NTLM + samba AD 4.5.x
Hello,
I can definately confirm that it's working.
My basic setup is:
1) Samba 4.7.6 AD DC (2 of them), compiled from source, on centos 7
2) Freeradius 3.0.13 + samba 4.6.2 as domain member, packages straight
from centos repo. // I tested also on freeradius 3.0.14 and samba 4.7.x
smb.conf on the DC is pretty basic, most important is obviously in
[globall]:
ntlm auth =