Displaying 20 results from an estimated 1000 matches similar to: "Adding a new DC - ID Mappings"
2018 Nov 26
5
Adding a new DC - ID Mappings
Hi Rowland - thank you for replying. I have now demoted and removed the temporary DC with the intention of repeating the exercise from scratch later this week. It was a Ubuntu Server 18.04.1 and the smb.conf was very vanilla:
[global]
workgroup = ACASTA
realm = ACASTA.INTRA
netbios name = UBUNTU
server role = active directory domain controller
dns forwarder - 192.168.200.3
idmap_ldb:use rfc2307 =
2018 Dec 02
1
Domain Admins default ownership is BUILTIN\Administrators
So, a little bit more investigation shows a problem with idmap ->
User - BUILTIN\Administrator uid = 30000
Group - BUILTIN\Administrators gid = 3000000
Group - SAMDOM\Domain Admins gid = 60000
POSIX file ownership is becoming 3000000:60000
It seems that the Administrators group group is set as the owner. What's more, 'Administrators' group name is not mapped when I list the
2018 Nov 30
0
Adding a new DC - ID Mappings
Hi Rowland - just wanted to follow up and say thanks. It was a dependency issue with pam. All sorted now.
May I quickly double check that the current Samba wiki is correct - there is no automatic sysvol replication? Therefore, I must replicate my old DC sysvol to the new DC before transferring FMSO roles and demoting the old DC??
-----Original Message-----
From: Rob Mason
Sent: 26 November 2018
2018 Dec 06
3
Samba4 Kerberos Authentication Error
On 12/6/2018 3:40 AM, Rowland Penny via samba wrote:
> On Wed, 5 Dec 2018 17:36:43 -0500
> Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote:
>
>>
>> On 12/5/2018 3:10 PM, Rowland Penny via samba wrote:
>>>>
>>>> That sucks. I'm assuming Centos has the same problems?
>>>
>>> No, Centos has an even bigger
2018 Nov 30
0
Adding a new DC - ID Mappings
Hi Rowland - It was krb5-user, libpam-winbind and libnss-winbind. But this was partly due to not having the Universe repo installed from the Ubuntu 18 Live image (this has to manually added when using the live image).
I've copied across idmap.ldb from the old (only) DC. Assuming no changes, I can just replicate Sysvol prior to migration?
thanks
--
Rob Mason
-----Original Message-----
On
2015 Dec 04
1
setproctitle Errors
Hi List
I've spun up a fresh Debian 8 VM to test out the upgrade steps for a Debian
samba 4.1.17 package deployment to a compiled samba 4.2.5. All seem s to
work fine (apt-get remove samba first, followed by configure/make/install),
but I get the following errors in my samba.log:
samba: setproctitle not initialized, please either call setproctitle_init()
or link against libbsd-ctor
Is this
2018 Nov 30
0
Domain Admins default ownership is BUILTIN\Administrators
I've now spun up a second DC ready for a migration from an old DC. Just checking over a few things and have hit this problem:
Objects created by Domain Admins members default to ownership by BUILTIN\Administrators. So, when JohnDoe is logged on as JohnDoe and creates a file, its ownership becomes BUILTIN\Administrators.
I've played with perms for over an hour and cannot make any sense
2019 Jan 02
1
idmap problems
Many thanks Rowland. Yes, I don't understand idmaps, but I _think_ I'm getting it. I have added the gid of 60002 for Domain Admins and undertaken some 'chgrp' tasks. I've now got a domain member with shares that presents the correct ownership. All looks good.
I'm still slightly confused why I have two ranges within my member smb.conf:
idmap config * : backend = tdb
2014 Nov 14
2
Samba4 UNIX password sync
Hi List,
I am trialling a small Samba4 AD server supporting 10 users (running
fine). I also have exim smtp and dovecot imap running on the same
Debian Wheezy box. Simplistically, what I would like to achieve is for
an AD user account to also authenticate to imap and smtp using the same
credentials. I previously used Samba3 'unix password sync' to ensure
that any domain users were
2019 Jan 02
1
idmap problems
I've spent some time updating, upgrading and generally consolidating an old Samba AD. I've managed to remove a very old unsupported (4.2) Samba AD DC following migration to a couple of new DC's - that seems to have worked out OK. Workstation logons and GPO's working fine.
I'm now left with one problem after joining a new Samba (4.5.12) member server to the domain for file
2018 Nov 26
0
Adding a new DC - ID Mappings
On Mon, 26 Nov 2018 09:47:06 +0000
Rob Mason via samba <samba at lists.samba.org> wrote:
> I’m looking to replace a DC within a small network by adding a new DC
> and transferring FMSO roles, then demoting the old DC
> (https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC).
>
> I am able to successfully deploy the new DC following directions in
>
2015 Aug 15
1
R Base installation not working
I am using Ubuntu 10.04 and have tried to download R-base with the
following command:
sudo apt-get install r-base
and the following happens:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package r-base is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from
2014 Nov 19
1
Cannot bind to AD using nslcd
Hi Again - following on from my last request for help, I'm now attempting to
setup LDAP auth against my working samba4 AD.
Simplistically, I'm trying initially to SSH into my AD server (working)
using nslcd.
I've tried method #1 from
https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns
lcd
My simple config is:
uid nslcd
gid nslcd
uri
2018 Nov 30
1
Ubdate Samba 4 from 4.1.11 to 4.9.3
Join new DC (from virtual machine)
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
(or 2. from 2 vm!) with bind/dhcp/..
Then demote old DC
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC and install
(clean) 4.9.3, then join it again, demote vm,..
01.12.2018 0:40, Igor Sousa via samba пишет:
> I've tried use samba-tool domain backup, but the
2017 Apr 05
2
Demoting offline DC on 4.3.11-Ubuntu
I have recently added a DC to my AD - Former DC was Samba 4.1.6, new DC is
4.3.11 (latest supported by Ubuntu).
There's also a Window 2008 server I had tried to join as an AD - that
server, wouldn't completely join and replicate to the 4.1.6 samba AD, and
now it will not Un-join the AD "domain" either via dcpromo.
This brings me to my actual question -
Now that I have
2019 Jan 03
1
idmap problems
> On Wed, 2 Jan 2019 14:42:39 +0000
> Rob Mason <rob at acasta.co.uk<mailto:rob at acasta.co.uk>>> wrote:
>
>> Many thanks Rowland. Yes, I don't understand idmaps, but I _think_
>> I'm getting it. I have added the gid of 60002 for Domain Admins and
>> undertaken some 'chgrp' tasks. I've now got a domain member with
>>
2023 Jul 06
1
Cannot access PDC shares via alias name
Hello,
I needed to replace an old Samba AD PDC with a new one, so I've installed
the new one (Ubuntu 20.04 + Samba 4.15.13 from Ubuntu repository), joined
it to the AD domain, demoted the primary, then removed it. All steps have
been done following the Samba official howtos:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
and
2019 Feb 15
6
Demoted/removed a DC, and the NS records?
Following:
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
i've demoted and removed a DC. Seems all went as expected:
root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
Password for [LNFFVG\gaio]:
Deactivating inbound replication
Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize
2023 Jul 06
2
Cannot access PDC shares via alias name
On 06/07/2023 16:16, Antonio Trogu via samba wrote:
> Hello,
>
> I needed to replace an old Samba AD PDC with a new one, so I've
> installed the new one (Ubuntu 20.04 + Samba 4.15.13 from Ubuntu
> repository), joined it to the AD domain, demoted the primary, then
> removed it.
I got totally confused the first time that I read the above, I had to
read it a few times
2019 Feb 15
1
Demoted/removed a DC, and the NS records?
Mandi! Denis Cardon via samba
In chel di` si favelave...
> what version of Samba are you running? Recent versions do a much better job
> at DNS cleaning during demote.
Eh, domain controllers are still on samba 4.5...
> I also advise you to run the demote on another DC than the one you are
> demoting (samba-tool doamin demote --remove-other-dead-server=xxxxx).
> Running a