similar to: Samba 4 AD issues with RPC

Hi Rowland, Sorry, migration using BIND9_DLZ gives the same result Not sure if the following from the migration is of a concern Could not add posix attrs for AD entry for sid=S-1-5-21-3936576374-1604348213-1812465911-3034, ((21, 'Element loginShell has empty attribute in ldb message ()!')) Could not add posix attrs for AD entry for sid=S-1-5-21-3936576374-1604348213-1812465911-3040,

On Mon, 6 May 2019 09:47:44 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote: > Hi Louis, > > Thank you for that. > > I don’t have a /var/lib/samba/bind-dns/dns/ , only > have /var/lib/samba/private/dns. > > Apparmor is now stopped and masked. I had masked the smbd and nmbd > post the migration, have masked the winbind now. > > Have

Hi Rowland, Thank you. Yes to the first point. We are using Bind9 but to continue using it is not necessarily set in stone. If using Samba Internal DNS makes more sense then we can do that too. The question is do we need to do dns-upgrade and use Internal DNS, pre-migration? Then use internal dns during the classic migration? Also, I assume the bind9 service will have to stopped if infact we

Hai, 1) apparmor, disable it, and try again, so we can confirm if its an apparmor settings. 2) winbind is starting from systemd while as AD-DC you should disable that. - stop the member parts of samba and systemd. systemctl stop winbind smbd nmbd samba systemctl disable winbind smbd nmbd samba systemctl mask winbind smbd nmbd samba - enable the samba-ad-dc part in systemd.

Hi, We are running test migration on the following environment in preparation for the prod migration. Any suggestions will be grealty appreciated. OS: Ubuntu18.04 Hypervisor: Proxmox Container (LXC) Samba Version 4.6.7 DNS: BIND9_DLZ AD and File server in the same server. Have gone through the Samba documentation regarding this We get the following when adding a machine (Windows 7) to the

dn: cn=Domain Admins,ou=groups,dc=mydomain objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins description: Netbios Domain Administrators sambaSID: S-1-5-21-3936576374-1604348213-1812465911-512 sambaGroupType: 2 displayName: Domain Admins memberUid: root memberUid: sadmin dn: cn=Domain Users,ou=groups,dc=mydomain objectClass: top objectClass:

Hi , We migrated to AD account in a Ubuntu 16.04 (Samba 4.3.11)and came across issues with user shares. Some of the users were able to access the shares and some were not. The server in question has both AD and File and we followed the samba wiki to enable the Windows ACL To migrate , we ran the following samba-tool domain classicupgrade --dbdir=/var/lib/samba.PDC/dbdir --realm=lin.GROUP

Thanks Elias. But I run samba-tool ntacl sysvolreset and: root at DC02:~# samba-tool ntacl sysvolreset lp_load_ex: refreshing parameters Initialising global parameters Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" Processing section "[sistemas]" ldb_wrap open of idmap.ldb lp_load_ex: refreshing parameters

2017-06-06 15:54 GMT-03:00 Rowland Penny via samba <samba at lists.samba.org>: > On Tue, 6 Jun 2017 15:35:42 -0300 > Epsilon Minus via samba <samba at lists.samba.org> wrote: > >> Hi. I have a problem applying GPO. I do not know where to look >> Reviewing I found this: >> >> # samba-tool ntacl sysvolcheck >> lp_load_ex: refreshing parameters

Hi. I have a problem applying GPO. I do not know where to look Reviewing I found this: # samba-tool ntacl sysvolcheck lp_load_ex: refreshing parameters Initialising global parameters Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" Processing section "[sistemas]" ldb_wrap open of idmap.ldb Module

I'm trying to upgrade from samba3 -> 4. I ran this command: WORKDIR=/usr/local/mobius /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=$WORKDIR/var --use-xattrs=yes --realm=infinityhealthcare.com $WORKDIR/smb.conf but it failed with the error given in this email's subject. What does it mean, and how do I fix it? This is just another is a growing line of errors that

Hi Rowland, Thank you. So should I use BIND9_DLZ? Regards, Praveen -------- Original message -------- From: Rowland Penny via samba <samba at lists.samba.org> Date: 5/12/2017 6:09 PM (GMT+10:00) To: samba at lists.samba.org Subject: Re: [Samba] Samba 4 AD issues with RPC On Tue, 5 Dec 2017 05:08:24 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote: > >

Hello. I have a problem with GPO manage. Sorry for my english is not the best. On the windows, GPO manage, the system send me this error: "The permissions for this GPO in the SYSVOL folder are inconsistent with those in Active Directory. It is recommended that these permissions be consistent. To change the SYSVOL permissions to those in Active Directory, click OK. For more

Hi , I would really appreciate some suggestions re the following issue. We have a LDAP based PDC and a member server. We're use libnss_ldap to auth the users. The LDAP PDC is setup with self signed SSL , we're trying make sure the member server connects to the PDC using SSL. Here is the PDC , smb.conf [global] workgroup = SUNTECH netbios name = SERVER01 security = USER local master =

Hi Gruss, Had to ditch the VM and start again. Here is the info: tdbdump secrets.tdb |egrep -v '^data|^}|^{' key(21) = "SECRETS/SID/mydomain" key(18) = "SECRETS/SID/sam3dc" key(42) = "SECRETS/LDAP_BIND_PW/cn=admin,dc=mydomain" key(25) = "SECRETS/DOMGUID/mydomain" key(42) = "SECRETS/MACHINE_SEC_CHANNEL_TYPE/mydomain" key(42) =

ok, I've investigated the problem more closely. First of all, I didn't mention that I have 2 domain controllers: dc(initial) and bdc (backup). Rsync command /usr/bin/rsync -XAavz --delete-after dc:/usr/local/samba/var/locks/sysvol/* /usr/local/samba/var/locks/sysvol/ fires every 5 minutes on bdc. However, if I try to gpupdate from bdc I get the above error. Gpupdating from dc works

Hi, I joined a new samba-4.7 DC to our AD, replicated everything over, then turned off the old DCs, seized fsmo roles, and added two extra 4.7 DCs. Everything above succeeded without warnings, and everything seems to be running very well finally, except for the sysvolcheck / sysvolreset. We're on xfs, and the File System Support checks on the samba wiki page all pass, although at the

Hi My configuration: smb.conf # Global parameters [global] workgroup = MYSERVER realm = interno.mydomain.com.br netbios name = DC-LINUX server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes ldap server

This is my smb.conf root at DC02:~# cat /etc/samba/smb.conf # Global parameters [global] workgroup = CLINICAGUEMES realm = CLINICAGUEMES.COM.AR netbios name = DC02 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes ldap server require strong

Hi , We ran the classicupgrade today and have come across an issue with sysvol. The users are getting access denied message when accessing sysvol/netlogn. Other shares are ok. The administrator can access the sysvol and netlogin root at dozer5-ad:/var/lib/samba# ls -al total 67 drwxr-xr-x 6 root root 11 May 10 17:33 . drwxr-xr-x 32 root root 32 May