similar to: Problems removing a SBS 2008 server from a Samba AD DC.

Just responding on one point.. On Mon, 27 Aug 2018 at 21:35, Tom Diehl via samba <samba at lists.samba.org> wrote: > In addition, I tried running samba-tool dbcheck --cross-ncs --fix > that command generates over 400 errors that it claims it is going to fix > but > it does not. > > (pht-vdc1 pts9) # samba-tool dbcheck --cross-ncs --fix --yes > [...] > ERROR: Failed

Hello all, ? this is my first Post in a Mailing List I hope everything goes fine. ? We are running a Samba 4 DC (4.0.14, Version 4.1.4 has the same problem) as a second DC in our Windows Environment. This server is in a second site. ? So after a while Samba 4 hangs and it is not possible to talk to the server via the RPC Protocol. So all samba-tools Commands like ?samba-tool drs showrepl? run

Hi, We've recently upgraded a network from Win2k to 2k3 SBS. We were using samba with security = domain (which I believe stopped working - I was on vacation at the time the upgrade was done) and are now using security = ads. We're using samba-3.0.23b-0.1.35 on SuSE Enterprise Linux Server 9 SP3 x86_64 The samba machine has been sucessfully joined to the domain with: kinit

On Fri, 6 Sep 2019, Rowland penny via samba wrote: > On 06/09/2019 17:05, Tom Diehl via samba wrote: >> Hi Louis, >> >> On Fri, 6 Sep 2019, L.P.H. van Belle via samba wrote: >> >>> Hai, >>> >>> Try the script, make backups of you sysvol first. >>> >>> The script shows the correct settings, these are duplicated from a

Hi, I recently upgraded 4.1.8 installation to 4.4.2. As per documentation I ran samba-tool dbcheck. It reported some problems with userParameters: ERROR: wrongly formatted userParameters on CN=,OU=Users,OU=MyBusiness,DC=,DC=local, should not be psudo-UTF8 encoded. I ran --fix as I read in some discussion that this was actually tested. The problem after upgrade is, that it is no longer possible

Things goes further. To use GSSAPI and so the Kerberos ticket obtained with kinit I was missing "-Y GSSAPI". It seems GSSAPI and TLS are meant to be used together: ---------------------------------------- ldapsearch -Y GSSAPI -LLL -H ldaps://SAMBA.DOMAIN.TLD SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Server is unwilling to perform (53) additional info:

ERRATUM: It seems GSSAPI and TLS are *NOT* meant to be used together: 2015-10-15 16:20 GMT+02:00 mathias dufresne <infractory at gmail.com>: > Things goes further. To use GSSAPI and so the Kerberos ticket obtained > with kinit I was missing "-Y GSSAPI". > > It seems GSSAPI and TLS are meant to be used together: > ---------------------------------------- >

On Fri, 2024-04-12 at 08:03 +0200, Daniel M?ller via samba wrote: > Hello to all, > > After updating to samba 4.20 (from samba 4.19) on Debian 11, samba-tool > dbcheck --cross-ncs > results in: > samba-tool dbcheck --cross-ncs > Checking 4499 objects > Not resetting nTSecurityDescriptor on CN=Deleted > Objects,CN=Configuration,DC=tlk,DC=loc > Not resetting

On Mon, 15 Apr 2024 07:53:16 +0200 Daniel M?ller via samba <samba at lists.samba.org> wrote: > I did it: > root at dom2:~# samba-tool dbcheck --fix > Checking 705 objects > Reset nTSecurityDescriptor on CN=Deleted Objects,DC=tlk,DC=loc back > to provision default? Owner > mismatch: SY (in ref) DA(in current) Group mismatch: SY (in ref)

root at dom2:~# samba-tool dbcheck --fix --yes Checking 705 objects Checked 705 objects (0 errors) root at dom2:~# samba-tool dbcheck --cross-ncs Checking 4506 objects Not resetting nTSecurityDescriptor on CN=Deleted Objects,CN=Configuration,DC=tlk,DC=loc Not resetting nTSecurityDescriptor on CN=Deleted Objects,DC=DomainDnsZones,DC=tlk,DC=loc Not resetting nTSecurityDescriptor on CN=Deleted

I did it: root at dom2:~# samba-tool dbcheck --fix Checking 705 objects Reset nTSecurityDescriptor on CN=Deleted Objects,DC=tlk,DC=loc back to provision default? Owner mismatch: SY (in ref) DA(in current) Group mismatch: SY (in ref) DA(in current) Part dacl is different between reference and current here is the detail:

Hello to all, After updating to samba 4.20 (from samba 4.19) on Debian 11, samba-tool dbcheck --cross-ncs results in: samba-tool dbcheck --cross-ncs Checking 4499 objects Not resetting nTSecurityDescriptor on CN=Deleted Objects,CN=Configuration,DC=tlk,DC=loc Not resetting nTSecurityDescriptor on CN=Deleted Objects,DC=DomainDnsZones,DC=tlk,DC=loc Not resetting nTSecurityDescriptor on CN=Deleted

On 5 January 2016 at 15:02, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > I'll try to use ldbedit to grant myself permissions on the OU again .. Is > ldbedit safe to use: > > - on a running Samba server (or do I need to stop samba) > - in a multi-DC environment (or do I need to run it and make the same > changes on each DC) > Answering my own question here... it

Release Announcements --------------------- This is the latest stable release of the Samba 4.19 release series. It contains the security-relevant bug CVE-2018-14628: ??? Wrong ntSecurityDescriptor values for "CN=Deleted Objects" ??? allow read of object tombstones over LDAP ??? (Administrator action required!) ??? https://www.samba.org/samba/security/CVE-2018-14628.html

Release Announcements --------------------- This is the latest stable release of the Samba 4.19 release series. It contains the security-relevant bug CVE-2018-14628: ??? Wrong ntSecurityDescriptor values for "CN=Deleted Objects" ??? allow read of object tombstones over LDAP ??? (Administrator action required!) ??? https://www.samba.org/samba/security/CVE-2018-14628.html

Hi, A while ago I successfully set permissions on a section of my LDAP / AD tree, using either ADUC or ADSIEDIT (I forget which). These permissions allowed my own user to access this section of the tree; I removed permissions for 'Domain Admins' etc. to ensure that others would not be able to view or change the data - this has worked great for many months. I have just tried to add a new

Hi, I updated my two samba DC's from 4.0.3 to serner 4.0.7. Both servers run debian wheezy and the add was created at the beginning of the year with an classic upgrade to version 4.0.0. Recent release notes do not provide information about required upgrade tasks. So i ran. samba-tool dbcheck --reset-well-known-acls. On the first DC it found a few errors about missong members in computer

Thank you, Rowland! On 4 January 2016 at 10:36, Rowland penny <rpenny at samba.org> wrote: > On 04/01/16 01:43, Jonathan Hunter wrote: > >> I can view the data using ldbsearch when logged in as root on the DC >> itself >> - but how do I view the permissions and edit them from the commandline? >> > > They are stored in a hidden attribute called

Mandi! Rowland Penny via samba In chel di` si favelave... > Whilst there are attributes that do not get replicated between DC's, > the majority are, so each DC should allow the same access. > Do you have access to the DC ? > Can you run the search locally ? Sure! As just stated, local access (via ldbsearch against the local SAM) works as expected: root at vdcpp1:~# ldbsearch

To get the automount schema to work with the git checkout of samba 4 I had to modify the automount schema files and separate the attributes from the classes. I also discovered that it's required to have the ntSecurityDescriptor , instanceType, and objectCategory attributes. Without these it will crash whenever you try to browse... I did alot of stopping samba, tarring of /usr/local/samba and