similar to: Different LDAP query in different DC...

Displaying 20 results from an estimated 6000 matches similar to: "Different LDAP query in different DC..."

2018 Nov 29
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba In chel di` si favelave... > > No. Anyway, note that query return correctly 'result: 0 Success', > > simply return no data. > That just means the search retuned without error Eh. Query succeded and return no data. Yes. > If you run the command: > ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D >
2018 Nov 28
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba In chel di` si favelave... > If an ldap lookup works on every DC, except for one and the data is > definitely there on the one DC it doesn't work on, then it must be > something on that DC. is there a firewall or apparmor/selinux in the > way ? No. Anyway, note that query return correctly 'result: 0 Success', simply return no data. Another
2018 Nov 29
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba In chel di` si favelave... > Whilst there are attributes that do not get replicated between DC's, > the majority are, so each DC should allow the same access. > Do you have access to the DC ? > Can you run the search locally ? Sure! As just stated, local access (via ldbsearch against the local SAM) works as expected: root at vdcpp1:~# ldbsearch
2018 Nov 28
2
Different LDAP query in different DC...
> Why?! Sorry but... someone can point me in the right direction? Really i don't know how to look for that problem... I summarize: a) an LDAP lookup for some data works in ALL DC past one b) in that non-working DC, a direct query against the sam.ldb reveal that data are here (so, seems to me an ACL problem) c) checking sync status between DCs reveal no sync troubles. Where i can
2018 Nov 29
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba In chel di` si favelave... > You need to explicitly ask for it, for instance: Oh, cool! Seems effectivaly different: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=prova123)" nTSecurityDescriptor # record 1 dn: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it nTSecurityDescriptor:
2019 Feb 15
6
Demoted/removed a DC, and the NS records?
Following: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC i've demoted and removed a DC. Seems all went as expected: root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion Password for [LNFFVG\gaio]: Deactivating inbound replication Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize
2018 Nov 28
0
Different LDAP query in different DC...
On Wed, 28 Nov 2018 18:11:59 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > If an ldap lookup works on every DC, except for one and the data is > > definitely there on the one DC it doesn't work on, then it must be > > something on that DC. is there a firewall or
2018 Nov 22
2
NTP strangeness...
In our network we found some client with clock differences. Some machine have effectively some troubles, eg have NO 'Windows Time' service defined, probably some glitches happened when moving from our old NT-like domain. Anyway, catching for that, we have found some other strangeness. Windows time service run: C:\Users\gaio>sc query w32time NOME_SERVIZIO: w32time TIPO
2019 Oct 02
2
Removed a DC but...
On 02/10/2019 14:42, Marco Gaiarin via samba wrote: > Mandi! Rowland penny via samba > In chel di` si favelave... > >>> samba-tool dbcheck --cross-ncs --fix >>> Yes, should be possible, but i normaly do that after i do the following. >> Yes, but why wasn't it removed in the first place ? > [...] >>> Run : >>> dig CNAME
2019 Feb 11
2
Winbind, cached logons and 'user persistency'...
On Mon, 11 Feb 2019 14:47:01 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > > Sorry. Still on this issue. > > Today i'm upgrading my DC (with latest 4.5 from louis repo). Note that > i've 7 DC in total. > > In site 'PP' i've upgraded samba, then rebooted the container. reboot > on 'vdcpp2' happen on: > > Feb
2019 Oct 02
3
Removed a DC but...
Hai, The steps shown here dont work? https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC If that is the case and you besides that free of errors. Then upgrade, and try again once your on at least samba 4.9 or 4.10. As im hoping you are upgrade straight to Buster. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
2018 Nov 29
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba In chel di` si favelave... > S-1-5-21-160080369-3601385002-3131615632-1314 Bingo! Exactly the 'Restricted' group that own the users i use for generico LDAP access! I really think that we have found the trouble! Now... how can i fix it? ;-) And... why that vaule get not propagated?! Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66
2019 Oct 01
3
Removed a DC but...
Some month ago a local branch office closed; the local branch had a DC, that i've simply removed the dc with: samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio (see https://lists.samba.org/archive/samba/2019-February/221195.html) But this leave some old DNS records, eg: root at vdcsv1:~# host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed
2018 May 30
2
PAM only and Kerberos...
Mandi! Robert Marcano via samba In chel di` si favelave... > Yes, check the documentation of krb5.conf. Ahem, 'apt-get install krb5-doc' misses. ;-) > In summary you will need to > disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set > you admin and kdc hostnames there, something like: How can i determine kdc and master_kdc values? All DC server are
2017 Dec 14
5
[Curiosity] 'netbios aliases' works in AD mode?
Ahem no one reply me. A little fast-rewind: i need to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is
2017 Oct 27
2
Some hint reading password expiration data...
Mandi! Andrew Bartlett via samba In chel di` si favelave... > It is an operational attribute. simply add  > msDS-UserPasswordExpiryTimeComputed > to the list of attributes requested when searching for the user. root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge # record 1 dn:
2017 Nov 09
2
Best practice for creating an RO LDAP User in AD...
On Thu, 9 Nov 2017 11:08:26 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > I dont beleave it. > > Eh. «De gustibus non disputandum est». ;-) > > > > The setup for the Ad in the link below is the same but if you want > > access without auth, Have you tried to
2020 Jan 07
2
Domain 'resync', DC with FSMO roles LDAP troubles...
Happy new year to all! Samba 4.9.17 on stretch, Louis package. On 22/12, at midnight, office closed, i suffered a network outgage that 'broke in two' my domain. On 23/12, at 14.00, network come back. After that, some scripts written around ldbsearch i run on DM (against vdcsv1 that is the DC with FSMO roles) start to complain: Failed to bind - LDAP client internal error:
2017 Nov 29
2
LDAP query and result: better field for username?
Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 data can be missing), so? 'sAMAccountName'? or
2018 Mar 21
2
log error about permissions in truncated share path...
Mandi! Rowland Penny via samba In chel di` si favelave... > I think you need to post your smb.conf, I (at least) am struggling to > understand why you have moved 'sysvol' from /var/lib/samba/ > to /var/lib/samba/usershare/, it isn't a usershare! I've not done that! root at vdcsv1:/home# samba-tool testparm Press enter to see a dump of your service definitions #