similar to: Verifying idmap.ldb consistency across domain controllers

On 5/8/2018 9:07 AM, Rowland Penny via samba wrote: > On Tue, 8 May 2018 08:59:52 -0400 > lingpanda101 via samba <samba at lists.samba.org> wrote: > >> Hello, >> >>     Is there a command or quick way to verify idmap.ldb is >> consistent across domain controllers? Similar to using samba-tool to >> compare two ldap databases? Thanks. >> > No,

On Tue, 8 May 2018 09:23:42 -0400 lingpanda101 via samba <samba at lists.samba.org> wrote: > My concern is with human error and built in groups. I'm using RFC2307 > on all DC's so all UID's and GID's for manually created user & groups > I should be good. I'm pretty confident for all DC's I have added to > the domain, I took the step to copy and

Am 24.06.2016 um 21:24 schrieb Rowland penny: > On 24/06/16 19:47, lingpanda101 at gmail.com wrote: >> On 6/24/2016 11:40 AM, mathias dufresne wrote: >>> >>> >>> 2016-06-24 15:24 GMT+02:00 lingpanda101 at gmail.com >>> <mailto:lingpanda101 at gmail.com> <lingpanda101 at gmail.com >>> <mailto:lingpanda101 at gmail.com>>:

Am 24.06.2016 um 22:57 schrieb Rowland penny: > On 24/06/16 21:35, Achim Gottinger wrote: >> >> >> Am 24.06.2016 um 21:24 schrieb Rowland penny: >>> On 24/06/16 19:47, lingpanda101 at gmail.com wrote: >>>> On 6/24/2016 11:40 AM, mathias dufresne wrote: >>>>> >>>>> >>>>> 2016-06-24 15:24 GMT+02:00 lingpanda101 at

Am 25.06.2016 um 02:21 schrieb Achim Gottinger: > > > Am 24.06.2016 um 23:16 schrieb Achim Gottinger: >> >> >> Am 24.06.2016 um 22:57 schrieb Rowland penny: >>> On 24/06/16 21:35, Achim Gottinger wrote: >>>> >>>> >>>> Am 24.06.2016 um 21:24 schrieb Rowland penny: >>>>> On 24/06/16 19:47, lingpanda101 at

On 6/24/2016 11:40 AM, mathias dufresne wrote: > > > 2016-06-24 15:24 GMT+02:00 lingpanda101 at gmail.com > <mailto:lingpanda101 at gmail.com> <lingpanda101 at gmail.com > <mailto:lingpanda101 at gmail.com>>: > > On 6/22/2016 12:21 PM, mathias dufresne wrote: > > 2016-06-22 16:37 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl >

On 26/06/16 12:43, Achim Gottinger wrote: > Created an feature request > > "add resolving for well known security principals" > > https://bugzilla.samba.org/show_bug.cgi?id=11997 > > Am 25.06.2016 um 12:35 schrieb Achim Gottinger: >> >> >> Am 25.06.2016 um 02:21 schrieb Achim Gottinger: >>> >>> >>> Am 24.06.2016 um 23:16

On 24/06/16 22:08, Achim Gottinger wrote: > > > Am 24.06.2016 um 22:35 schrieb Achim Gottinger: >> >> >> Am 24.06.2016 um 21:24 schrieb Rowland penny: >>> On 24/06/16 19:47, lingpanda101 at gmail.com wrote: >>>> On 6/24/2016 11:40 AM, mathias dufresne wrote: >>>>> >>>>> >>>>> 2016-06-24 15:24 GMT+02:00

On 6/22/2016 12:21 PM, mathias dufresne wrote: > 2016-06-22 16:37 GMT+02:00 L.P.H. van Belle <belle at bazuin.nl>: > >> @Mathias, >> >> Pretty strange then, running some years like this without any problem. >> Yes we had few problems with "rights" in sysvol, but i fixed this all >> outside linux, and with that i mean. Changed rights from within

Hai, After lots of testing and checking today im must concluded that achim and mathias are right. There are "BUILDIN\" security groups which make some GPOs are going wrong. Also, im getting errors again with sysvolcheck. .. i was in the understanding this was resolved.. but im but off with all info, very buzy at the office atm. samba-tool ntacl sysvolcheck ERROR(<class

@Mathias, Pretty strange then, running some years like this without any problem. Yes we had few problems with "rights" in sysvol, but i fixed this all outside linux, and with that i mean. Changed rights from within windows or added registry changes or patches, or a local clean up of the policies. At the install of my DC2 i also synced the idmap.ldb, and then a net idmap flush on

On 10/4/2016 11:22 AM, Rowland Penny via samba wrote: > See inline comments: > > On Tue, 4 Oct 2016 10:44:07 -0400 > Bob Thomas via samba <samba at lists.samba.org> wrote: > >> Hey Samba team - Thanks for all your work >> >> I have three production samba 4 DCs 2 running on Ubuntu 16.04 (Samba >> 4.4.5 and 4.4.4) and one on 14.04 (Samba 4.3.3) all

Hello, I'm using rfc2307 to enable Unix attributes on my DC's. Recently when adding a user and attempting to add a UID with the RSAT, I receiving the following error. 'Duplicate UID. Assign a uniqueUID.' How do I list all users and their UID? I tried using 'pdbedit' and wbinfo. Pdbedit appears to list the XID's and wbinfo needs me to specify a user name. I

On 06/22/2016 02:44 PM, lingpanda101 at gmail.com wrote: > Why is is when I do a getfacl I do not see the mapping of BUILTIN like > others? do you have winbind in /etc/nsswitch.conf? mj

> On 9 Dec 2016, at 14:26, lingpanda101 via samba <samba at lists.samba.org> wrote: > > Still no luck getting getent to retrieve user information. I have uid's and gid's setup for all users I am attempting to query. But did you give Domain Users a gid? If you don’t do that, winbind and getent will not find any UNIX users (doesn’t matter if the users have a uid and gid

Hi everyone The s4 Domain Users group has xidNumber: 100 and the Linux users group has gidNumber=100. I've been mapping xidNumber <--> gidNumber for s4 posix groups I've added myself, but this causes a name collision for Domain Users. This also has implications on Linux as local users have access to the group owned stuff of Domain users. I've changed the xidNumber in

I'm scripting the ''replica'' of DC xID db (idmap.ldb) between DCs, following: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings but i've two question. 1) because i've just in place the sysvol replica, i've thinked of copying the 'idmap.ldb.bak' file on sysvol share (in debian,

Just to confirm that it can be done, I followed the wiki and joined my Ubuntu 16.04 desktop to a Samba AD using the Ubuntu distro provided packages. I'm not sure if it's relevant, but the Samba AD DCs are also running Ubuntu 16.04 with the distro provided packages. Mike E. On Fri, Dec 9, 2016 at 10:55 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 9

Cheers Louis, i just ran the diagnostic snippet you sent me: pi at ad1:/var/lib/samba/private $ sudo ls -al $(samba -b | grep STATEDIR | awk {' print $NF '})/sysvol total 20 drwxrwx---+ 3 root 3000000 4096 Mar 25 16:36 . drwxr-xr-x  8 root root    4096 Mar 25 17:31 .. drwxrwx---+ 4 root 3000000 4096 Mar 25 16:36 samdom.example.com pi at ad2:/var/lib/samba/private $ sudo ls -al $(samba

On 20/06/16 19:17, lingpanda101 at gmail.com wrote: > On 6/20/2016 2:10 PM, Rowland penny wrote: >> On 20/06/16 18:49, lingpanda101 at gmail.com wrote: >>> On 6/20/2016 1:19 PM, lists wrote: >>>> Hi all, >>>> >>>> Following this thread with interest, as we are also having some >>>> issues with GPO (they work on and off,