similar to: LDAP getent issues

Hi, I've gone through the following link about member server and also the samba 3 by example and can confirm that nsdc is not enabled. https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member We are having some issues with LDAP authentication. Here is our setup PDC and LDAP(samba classic) = dc01 SambaClassic domain = stdom Member server = fs01 We migrated from TDB to LDAP.

Hi , We ran the classic upgrade and migrated the domain . We were then able to add a Windows Server 2008R2 and dcpromo it. Here are some of the issues we are seeing post migration - Pre the migration, the password backend was LDAP. We had some groups that we had migrated into LDAP from TBD. These groups doesn't seem to have come up in AD. - Any groups that were created in

On Sun, 8 Apr 2018 05:55:18 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote: > Hi, > > I've gone through the following link about member server and also the > samba 3 by example and can confirm that nsdc is not enabled. > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > > We are having some issues with LDAP

Hi Rowland, The issue seems to be due to the groups who decided not to show up in AD. Strangely, even when we added the group with the same name in the AD, it didn't resolv the issue. Even though smb.conf dictates that the user have to a member of a group with that name. Using getent group, we can see the group. Does Samba hold on to the SID of the group somehow? Is there a way to get

Hi, Would the Windows 2008/2012 server be looking for a particular DNS record during DCPROMO? Both the Samba and Windows box are on the same vlan/host/subnet. The UFW has been disabled. Stupid question, do I need to install any RPC package in the Samba box? Would disabling Bind9 using dnsupdate and dns in server roles help? The only issue I see with that is the SRV records will disappear and

Hi Rowland, Thank you. Yes to the first point. We are using Bind9 but to continue using it is not necessarily set in stone. If using Samba Internal DNS makes more sense then we can do that too. The question is do we need to do dns-upgrade and use Internal DNS, pre-migration? Then use internal dns during the classic migration? Also, I assume the bind9 service will have to stopped if infact we

On Mon, 6 May 2019 09:47:44 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote: > Hi Louis, > > Thank you for that. > > I don’t have a /var/lib/samba/bind-dns/dns/ , only > have /var/lib/samba/private/dns. > > Apparmor is now stopped and masked. I had masked the smbd and nmbd > post the migration, have masked the winbind now. > > Have

Hi Rowland, Sorry, migration using BIND9_DLZ gives the same result Not sure if the following from the migration is of a concern Could not add posix attrs for AD entry for sid=S-1-5-21-3936576374-1604348213-1812465911-3034, ((21, 'Element loginShell has empty attribute in ldb message ()!')) Could not add posix attrs for AD entry for sid=S-1-5-21-3936576374-1604348213-1812465911-3040,

Hi, We are running test migration on the following environment in preparation for the prod migration. Any suggestions will be grealty appreciated. OS: Ubuntu18.04 Hypervisor: Proxmox Container (LXC) Samba Version 4.6.7 DNS: BIND9_DLZ AD and File server in the same server. Have gone through the Samba documentation regarding this We get the following when adding a machine (Windows 7) to the

Hi Rowland, I did that initially and that came with Failed to connect to ldap URL 'ldap://lin-pdc.lin - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Hence I removed the whole ldap:// bit After your email I tried again but using ldap://localhost and it seems to have worked. Not sure what the issue is with the fqdn. I could run ldap queries when using fqdn. Regards, Praveen

Hai Praveen, > -----Oorspronkelijk bericht----- > Van: Praveen Ghimire [mailto:PGhimire at sundata.com.au] > Verzonden: donderdag 27 juni 2019 13:46 > Aan: samba at lists.samba.org > CC: 'L.P.H. van Belle' > Onderwerp: RE: [Samba] Reverse DNS > > Hi Guys, > > Thank you for your emails. Here is the info > > /etc/apparmor.d/local/usr.sbin.dhcp >

Hi Guys, Setup: Versions: Samba: 4.6.7 Bind9: 9.10.3 Firewall disabled AD Provision: Migrated from samba 3 to 4 using classic upgrade. samba-tool domain classicupgrade --dbdir=/var/lib/samba.PDC/dbdir --realm=TEST.LOCAL --dns-backend=BIND9_FLATFILE /etc/samba.PDC/smb.PDC.conf The following was the section in regards to the upgrade Processing section

On Wed, 7 Feb 2018 10:02:10 +0000 Praveen Ghimire <PGhimire at sundata.com.au> wrote: > Hi Rowland, > > Following the > https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC, > ran some tests migrating from Bind9 to Samba Internal with the > following results > > Stopped the BIND, Samba-AD-DC services > > samba_upgradedns

Hi, We are having some replication issues between the our PDC and BDC LDAP servers. Here are the details Servers: Name: LIN-PDC1.LIN Role: PDC SLAPD: openldap-2.4.28 Samba: 3.6.25 Name: LIN-PDC2.LIN Role: BDC SLAPD: 2.4.31 Samba: 4.3.11 LDAP Method: cn=config with smbldap tools Database: HDB Management: PHPLAMDIN Replication Method: refreshAndPersist Replication: After importing the LDIFs

Hi Guys, We're trying to add a BDC in Samb4 classic domain setup. The Samba 3 How -To and Samb3 by Example covers this but uses the old slapd.conf option, we are using the slapd.d config. I couldn't find a similar document for Samba4 Can you please advise that the following steps will work? LDAP in the existing PDC is working using the smbldap tools - Setup the LDAP in BDC

On Sun, 8 Apr 2018 08:35:24 +0000 Praveen Ghimire <PGhimire at sundata.com.au> wrote: > Hi Rowland, > > Let me start my apologizing about the missed email, must have not > seen it. > > We are migrating to an AD domain , the first step was to migrate PDC > to LDAP. > > So to get around the bug, do we need to create the user in both PDC > in LDAP and also as a

On 26/06/2019 11:32, Praveen Ghimire wrote: > Hi Rowland, > > I have tried putting the whole rev-domain name. The following is the dhcpd.conf zone definition > > subnet 192.168.14.0 netmask 255.255.255.0 { > authoritative; > ddns-update-style standard; > option netbios-name-servers 192.168.14.10; #14.10 is the AD box > option

Hi, We did a classicupgrade of our Ubuntu Server (4.3.11, TDB), the server DC5 also host shares. Post the migration we are seeing some permission issues. When trying to give permission to a domain group/user to folder/file we get the following chown "LIN\\myadmin:LIN\\adgroup" adtest/ chown: invalid user: 'LIN\\myadmin:LIN\\adgroup' wbinfo --ping-dc : checking the NETLOGON

On 26/06/2019 04:38, Praveen Ghimire via samba wrote: > Hi Louis, > > Thank you for that > > I have made the changes as per below , some items might have duplicated. I then reload apparmor restarted the samba-ad-dc and bind9 services and get the same issue. Every time the forward DNS update works but the reverse doesn't > > I found a really interesting samba post going

Hi, We migrated from Samba 3 to 4 (4.6.7-Ubuntu) and added promoted a Server 2008R2 as a Domain Controller. We've come across the following issues and request some suggestions to resolve them - The migration didn't generate DNS entries for the new realm. We had to manually create a new zone file (/var/cache/bind) for the new realm. Only then we were able to promote the