similar to: wbinfo not resolving SID to username

> you should remove 'winbind' from the shadow line, it isn't required. Done, thanks. > That is all perfectly normal on a Samba AD DC. The only way to get all > users and groups mapped to names, is to use uidNumber & gidNumber > attributes for all users & groups. This is NOT recommended on a DC, > this is because of sysvol, where some groups have also to be

I have a working Samba 4.7.6 DC with the default /sysvol and /netlogon shares. These shares work perfectly and domain users can access them without any issue. Now, to ease experimenting with config files and stuff (it's not a production server), I've added a /rootdisk share (path=/) limiting its access ro root and domain admins: --------- # cat /etc/samba/smb.conf [global]        

Dual Samba 4.7.6 AD DC on Ubuntu 18.04 Servers + Windows 2008R2 DC. Looking at Samba logs I've noticed a lot of these lines on first DC: --- Jul 31 11:08:25 srvaddc named[32168]: samba_dlz b9_format: unhandled record type 0 Jul 31 11:08:25 srvaddc named[32168]: message repeated 92 times: [ samba_dlz b9_format: unhandled record type 0] ... Jul 31 11:19:12 srvaddc named[32168]: samba_dlz

So there's no error on my side: I have no idmap lines in my smb.conf and since I can't add any I should live with the error/warning, right? Is this error related to sysvolreset taking forever to run? What about Louis/your script here https://github.com/thctlo/samba4/blob/master/samba-check-set-sysvol.sh ? I know it's safer but... is it also faster? :) Thanks again Claudio --- #

I've added a "print" in file "/usr/lib/python2.7/dist-packages/samba/ntacls.py" just before the line raising the error to log the (missing) file causing the error. I've found I had an orphaned GPO: it was shown in RSAT but didn't have any file in sysvol folder on both DCs. Just removed it from AD (it was only a test GPO) and the error disappeared. I've

> Your glasses (or lack of) ;-) I usually agree, but in this case I've seen that warning and voluntarily ignored it because it worked for 2 days... I thought I was lucky ;-) > Or to put it another way, you must set the permissions from Windows > > This is one of the problems/features of using a DC as a fileserver. > > Remove everything after the 'read only = No'

On Mon, 2 Jul 2018 13:41:16 +0200 "Ing. Claudio Nicora" <claudio.nicora at gmail.com> wrote: > > Now winbind can map some of these xidNumbers to names, but not all > > and it will not map any xidNumbers to names if libnss_winbind isn't > > set up correctly. > Now I've changed /etc/nsswitch.conf and added "winbind" like this: > > # cat

When I run samba-tool ntacl sysvolreset on my "secondary" Samba AD DC I get the error: --- ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed} The requested operation was unsuccessful.')   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run     return self.run(*args, **kwargs)   File

On Fri, 2 Mar 2018 15:15:49 +0100 Claudio Nicora <claudio.nicora at gmail.com> wrote: > This could be the right way... > > There is a bit of a problem with that, it should be: > > > > DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL > The SAMDOM.LOCAL zone is set to replicate to the whole forest (maybe > I've missed that info

On Fri, 2 Mar 2018 16:15:43 +0100 Claudio Nicora <claudio.nicora at gmail.com> wrote: > > > Is bind9 running during the join ? > > How have you set up bind ? > No it's not. > Following the doc here > https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End > I see than the needed files (like /var/lib/samba/private/named.conf > and

On Tue, 2018-07-10 at 09:35 +0200, Ing. Claudio Nicora via samba wrote: > Some other info about this issue. > It's the same as the one described in this bug: > https://bugzilla.samba.org/show_bug.cgi?id=11415 Try with 4.8.3. We have managed to join Windows 2012R2 with that release, after doing a Samba-side schema upgrade to the 2012 schema. Andrew Bartlett -- Andrew Bartlett

On Fri, 2 Mar 2018 16:48:26 +0100 Claudio Nicora <claudio.nicora at gmail.com> wrote: > > > No, I was just checking if you where something you shouldn't, like > > creating the zone files in the Bind configs. > Good, it's better to clear out any doubt. > > > There doesn't seem to be anything wrong in any of your conf files, > > the only other

On Tue, 2018-07-10 at 10:27 +0200, Ing. Claudio Nicora wrote: > I can hardly follow your suggestion: > - my Windows server is 2008R2 and I can't easily upgrade it to 2012 That is fine, windows 2008R2 should be easier. > - Samba 4.7.6 is the latest available on Ubuntu repos > > Since I'm testing full migration to Samba, I'd like to stay on the safe > side and

> Undoubtedly '3000000' will be Administrator, who will be mapped to ID > '0' (root) in idmap.ldb and 'users' is mapped from 'Domain Users' in > idmap.ldb. Will live with that; that share is only used while playing with samba config easily from Windows clients. I'll remove it just before going to production. > There is a slight problem with the way

On Sun, 4 Mar 2018 00:14:48 +0100 Claudio Nicora <claudio.nicora at gmail.com> wrote: > > > And I can now confirm that 4.7.4 on the latest Ubuntu 18.04 snapshot > > joins to a Samba AD domain as a DC. > I'm sure it does, that's why I suspect something is wrong in my > Win2000-->Win2008R2 upgraded domain AD. > > > Another thing that comes to my

I forgot about ldbsearch. Here is a dump of xid numbers. root at dc01:~# ldbsearch -H /var/lib/samba/private/idmap.ldb | grep xidNumber xidNumber: 3000028 xidNumber: 3000013 xidNumber: 3000033 xidNumber: 3000003 xidNumber: 3000032 xidNumber: 3000023 xidNumber: 3000019 xidNumber: 3000010 xidNumber: 65534 xidNumber: 3000031 xidNumber: 3000022 xidNumber: 3000026 xidNumber: 3000017 xidNumber: 3000027

On Fri, 2 Mar 2018 11:43:37 +0100 Claudio Nicora via samba <samba at lists.samba.org> wrote: > If I create SRVAD-NEW DNS record manually, under samdom.local zone, > this is what I see with adsiedit: > > distinguishedName: > DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL > There is a bit of a problem with that, it should be:

Hello Samba team, I have 3 production samba DCs version 4.5.1 serving the same domain (2 sites) and all are having the same problems, I believe based on two duplicate xidNumbers described below. xidNumbers 3000002 & 3000003 have two SIDs assigned while xidNumbers 3000011 & 3000012 have no SIDs assigned. Is fixing this as simple as moving one of the duplicates to the empty xidNumber

Thanks for your attention > You are always receiving these: > > Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 > Join failed - cleaning up Yes, but the DNS record is created and it persists after the failure. Another thing I've noticed using RSAT "Active Directory Users and Computers" is that the new DC computer account SRVAD-NEW$@SAMDOM.LOCAL is

On Thu, 5 Jul 2018 14:03:43 +0200 "Ing. Claudio Nicora via samba" <samba at lists.samba.org> wrote: > I have a working Samba 4.7.6 DC with the default /sysvol > and /netlogon shares. > > These shares work perfectly and domain users can access them without > any issue. > > Now, to ease experimenting with config files and stuff (it's not a > production