similar to: Cannot set Windows ACL security permissions Ubuntu 18.04 LXD privileged container

After reading the instructions at https://wiki.samba.org/index.php/Time_Synchronisation, I still have questions about how samba interacts with nptd. The issue is that LXD doesn't want containers setting the time and so won't start ntpd at container startup even though it's enabled in systemd. The host does sync it's time with a national time server, so we can assume that the

Further investigations reveal: --- C:\WINDOWS\system32> w32tm /monitor GetDcList failed with error code: 0x800706BA. Exiting with error 0x800706BA --- error 0x800706BA indicates that the RPC server is unavailable. Any ideas? Thanks, Jonathan Kreider On Tue, Nov 6, 2018 at 5:48 PM Jonathan Kreider <jonathan.kreider at gmail.com> wrote: > > Thanks Robert & Marco. > >

I am trying to install samba 4.5.1 from source, as a domain controller only, under Ubuntu 16.04, with ZFS filesystem (actually inside an lxd container with ZFS backing). Out-of-the-box, samba-tool domain provision does not like the filesystem: ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix

Hi Marco, anybody, > + must be 'privileged' container (no unprivileged ones) I have seen containers with and without calling for being privileged, but you never know without trying and testing carefully... Googling I found https://github.com/lxc/lxd/issues/3442#issuecomment-312560949 but I am not really clear about the conclusion. Does it really have to be privileged? Thanks & Best

OS = Ubuntu 18.04 in an LXD container Samba 4.11.x and up Is there a way to have DNS resolution on the server that can coexist with the samba ad dc internal DNS server? The way that I have it set up, whenever samba is not running, then I can't use any web resources b/c everything goes through the samba internal DNS. So I can't do system updates and upgrades unless samba is running. I saw

https://bugzilla.netfilter.org/show_bug.cgi?id=1064 Bug ID: 1064 Summary: iptables-save fails silently in unprivileged lxc/lxd container Product: iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component:

Will I really HAVE to use the idmap backends AD or RID? I was planning to use TDB2 with a script which I've already written: [root at fs3 samba]# ./idmap.sh IDTOSID UID 1301 SID:S-1-5-21-1632654815-303659134-1628659390-1950 [root at fs3 samba]# ./idmap.sh IDTOSID GID 198 SID:S-1-5-21-1632654815-303659134-1628659390-3247 [root at fs3 samba]# ./idmap.sh SIDTOID

OS = Ubuntu 18.04 LXD container Samba version = 4.11.12 Repo = Louis' (many thanks) I recently upgraded from 4.10.14->4.10.17->4.11.12 Now the samba-ad-dc service fails with the following upon reboot: --- root at samba:~# systemctl status samba-ad-dc ? samba-ad-dc.service - Samba AD Daemon Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor preset: enabled)

Hello List! I have a Samba AD domain with two virtualized DC's running 4.1.15 and 4.1.17. I have had two member file servers with odd permissions problems that I've now given up on, and decided to start fresh. I have created a File server (FS3) with Debian wheezy, built samba 4.1.17 from source, with configure options of : --with-ads --with-shared-modules=idmap_ad ... and placed the

Thanks Robert & Marco. @Robert - I tried your solution, but couldn't get it to work because my host is ubuntu 16.04 and the chrony version for this is too old to support the ntpsigndsocket option. @Marco - your response got me searching in another direction. I had tried ntpd in the container, which LXD did not like. My research turned up that Ubuntu now strongly favors chrony as of 18.04

You might find a solution here: https://serverfault.com/questions/879164/using-host-as-ntp-client-and-lxc-router-as-ntp-server On Tue, Nov 6, 2018 at 5:59 PM Jonathan Kreider via samba <samba at lists.samba.org> wrote: > > Further investigations reveal: > --- > C:\WINDOWS\system32> w32tm /monitor > GetDcList failed with error code: 0x800706BA. > Exiting with error

Hello again List, Marc, and Louis! I'm afraid my message from yesterday may have been TL;DR. The short version is as follows: Following the wiki's for AD member server (building from source on Debian Wheezy) and Setting up shares with Windows acls did not give the expected results First, I needed to link libnss_winbind.so to /usr/lib/x86_64-linux-gnu for winbind to work. Marc - may I

Starting three days ago I have found over 4,000 of these error messages in my messages log. Mar 5 15:49:48 fs3 smbd[13785]: alloc_sub_basic: NULL source string! This should not happen Nothing has been changed on the samba config in over a week and that change was about the spin lock time setting. The server is RedHat ES 3 running Samba 3.0.2. The client machines are a mix of Win98 and WinXP

Hello all, Sorry about the top-posting. I have added the bit about the linking (YAY!, I'm helping!). Now if we can clear up the ACL issue, this will be a great day! Summary: To edit ACL's from Windows on a Debian Member server, we need to either 1) map the domain admin to root OR 2) give explicit permissions to Domain Admins with a chmod 0755 and chgrp "MYDOM\Domain Admins"

Hai, @Rowland. Yes yes, you did say you hate systemd. :-) I had a hard(er)time on this one also but i got passed it. ;-) But you and everybody else on the list, please review this setup. And a very big thank you Rowland for the start of it. This should be a good base to start with as howto for ubuntu 18.04 systemd based. Any suggestion additions please add them, below is also the order

On 7/4/19 12:49 PM, Joachim Lindenberg wrote: > * I am not (yet) familiar with LXD or nspawn. Do you have any pointer on how Samba DC works with LXD? > I've only used LXD for containerizing web applications so far.

On 7/3/19 8:21 AM, Sven Schwedas via samba wrote: > Though I'm not sure if docker is the right tool for the job; samba as a > fat daemon running a bazillion subprocesses orchestrated by a persistent > database that's very sensitive to instances leaving and joining the > domain seems the antithesis to docker's philosophy. > Docker would be a terrible choice for this;

Hi Patrick, thanks for the pointers. I tried today, and while it was easy to start my first container, I am not really happy with LXD, exactly for the reason St?phane gives in https://stgraber.org/2016/03/11/lxd-2-0-introduction-to-lxd-112/ "How does LXD relate to Docker/Rkt?"... what I really like about docker and docker-compose is, that it encourages to separate code from data and

Hi Rowland, Chown to Administrator seems less flexible than Chgrp to Domain Admins on the face of it. You could add/remove users from the Domain Admins group, which allows/denies them the ability to change the permissions on the share. By changing the owner to Administrator, only those credentials would have that ability, no? What advantages do you predict with the change owner approach? What

Hai Jonathan,? Only one question left then does it work now? ;-) if you added the ipv6 to hosts file? run hostname -I these ipnumers , add these in hosts and samba should always start.. Unless, your using dhcp.. that might be bit different.. greetz, ? Louis ? ? Van: Jonathan Kreider [mailto:jonathan.kreider at gmail.com] Verzonden: donderdag 17 september 2020 15:09 Aan: L.P.H. van