similar to: Limit Winbind users to some OU

Once more, my bad : ) I'm using Ext4 file system, so no limitation from there (or missed something) 2015-06-01 15:12 GMT+02:00 S?bastien Le Ray <sebastien-samba at orniz.org>: > Hi, > > Is there any possibility that you're using a filesystem which such > limitations? > > Regards > > > Le 01/06/2015 15:11, mathias dufresne a ?crit : > >> Hi,

All DC are running same Samba version : 4.4.2. All DC are hosted on same Centos 7. On broken server(s): wbinfo -i mdufresne failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user mdufresne On working servers: wbinfo -i mdufresne AD.DOMAIN\mdufresne:*:12104:100:Mathias Dufresne (TEMP):/home/AD.DGFIP/mdufresne:/bin/false The smb.conf is:

Hi all, Would it be really complex to add some code to have more database files? The database I have to fill is too large to be hosted into $samba_db/private/DC=DOMAIN,DC=EXAMPLE,DC=COM which is limited to 4GB. The idea would be to create files to host OUs created a domain's root level. For example an OU to host groups: OU=Groups,DC=DOMAIN,DC=EXAMPLE,DC=COM would be hosted in file named:

Thank you all for these detailed answers. This size happened on DC where the import were done. Database with Samba 4 was always significantly bigger on this host than on the replicated ones. According to that I'll try the dump trick which would also teach me some things : ) I'll came back after tests... For LMDB the start seems to be there: https://jhrozek.fedorapeople.org/sambaxp

On Thu, 31 Aug 2017 16:27:12 +0200 mathias dufresne <infractory at gmail.com> wrote: > PS: the short way to explain %u is adding domain/workgroup to > username is the fact we are using trust relationship? > Probably, what you have to get your head around is this: The users 'fred', 'DOMAINA\fred' and 'DOMAINB\fred' are all different users. Winbind will

Hi Jonathan, Thank you for that, that solved the issue. Unfortunately I get another issue: on one DC id <user> gives "no such user". Adding domain (id ad.domain\\<user>) does not help. Adding the whole domain (id ad.domain.tld\\<user>) does not help more. I did checked PAM, NSS and Samba configurations, this server is using same configurations as the two working DC.

On Wed, 5 Oct 2016 12:04:53 +0200 mathias dufresne via samba <samba at lists.samba.org> wrote: > I just tested on some DC running also 4.4.5 and "getent group > my_group" does not show groups content. > > I read here > http://serverfault.com/questions/625416/samba-4-group-members-not-shown-in-getent-group > a proposal to use samba-tool as a replacement but

Hi, You're quiet right, I'm using a 64 bits system and I was surprised by this file size limitation on such a system. My bad regarding the title : ) Cheers, mathias 2015-06-01 15:03 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: > On 01/06/15 13:47, mathias dufresne wrote: > >> Sorry I don't understand you answer. For me 32 bits platforms are dead on

Hi, After more investigations I'm now believing that we have some issue on our AD site declaration. I'll be back once I would have get more information. Best regards, M. Le jeu. 8 nov. 2018 à 11:22, mathias dufresne <infractory at gmail.com> a écrit : > Hi all, > > AD version is MS 2008R2. > > smb.conf is : > [global] > workgroup = AD > security = ADS

2017-08-30 16:15 GMT+02:00 mathias dufresne <infractory at gmail.com>: > > > 2017-08-30 16:05 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org> > : > >> On Wed, 30 Aug 2017 15:01:05 +0200 >> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: >> >> > Small addition. >> > >> > > have in

2016-10-19 8:56 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Wed, 19 Oct 2016 08:47:25 +0200 > mathias dufresne <infractory at gmail.com> wrote: > > > > > > > > > The domain member will ask its nameserver (which should be an AD > > > DC), > > > > > > > The client send request to its resolver, which

Hi Rowland, Thank you for your reply. I'll provide these information but for now I'm suspecting Samba and others things could be installed in a strange manner. I have to check that first... Best regards, mathias Le mar. 6 nov. 2018 à 10:36, Rowland Penny via samba <samba at lists.samba.org> a écrit : > On Tue, 6 Nov 2018 10:16:26 +0100 > mathias dufresne via samba

Sorry I don't understand you answer. For me 32 bits platforms are dead on server side. So nobody would set up a new AD using Samba 4 above a 32 bits system. 2015-06-01 14:34 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>: > > Am 01.06.2015 um 14:09 schrieb mathias dufresne: > >> Still playing with a big database (120k users, 150k computers) I tried to >> split

If my messages seems somehow unreadable - I sent it from Gmail Web UI. mathias dufresne, read my 2 or 3 last messages. I wrote about mounting \\server\share as disk and risky fo viruses crypting files. Also read messages other, who does not work in AirBus. And more over, it' s your oppinion. But I see useless of more discussion at atll. If you want to combine your efforts to help with

On 16/11/15 14:33, mathias dufresne wrote: > Another error coming often: > [2015/11/16 15:11:07.592598, 0] > ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv) > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for >

PS: I could share information about what should be modified to modify the very same GPO, I didn't yet as I'm not sure anyone there would be interested and because that would work only for that kind of GPO. 2016-07-06 17:08 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Context: several teams have to manage only a a bunch of the company's > computers, so these

Hi all, With Samba 4.4.5, on member servers (I did not tried yet on DCs), using "getent group" with or without specifying a group name groups are shown but they are shown as empty groups, no user name is displayed. Is there a way to make them displayed? Cheers, Mathias

You do what you want! The point is the clients must resolve everything. You have two options: A - client resolver is non-DC DNS server: here the non-DC DNS server must be configured to forward DNS requests about AD to AD DNS servers (to DCs) B - client resolver is AD DNS server: here AD DNS server(s) used as resolver(s) must be configured to forward any non-AD DNS request to non-DC DNS server.

2017-08-31 15:54 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>: > On Thu, 31 Aug 2017 15:28:57 +0200 > mathias dufresne via samba <samba at lists.samba.org> wrote: > > > Hi all, > > > > Here there are trust relationship between domains. > > On some file server using Samba 4.4.4 (Centos 7) I must set up my > > shares using %U. When

On 27 January 2016 at 17:40, mathias dufresne <infractory at gmail.com> wrote: > Hi, > > Samba DC generates a krb5.conf into private directory, where the database > is hold. > > Its content should be that: > [libdefaults] > default_realm = SAMBA.DOMAIN.TLD > dns_lookup_realm = false > dns_lookup_kdc = true > > Should only as I get