similar to: idmap problems

<snip> > > > I do hope you are not thinking of using GPO's, you have just stopped > > > > > Domain Admins from owning things in Sysvol. > > > > > > > > > > Rowland > > > > <facepalm/> Thanks Rowland - you must be getting pretty tired of my > > dumb questions... > > The only dumb question is the one

Many thanks Rowland. Yes, I don't understand idmaps, but I _think_ I'm getting it. I have added the gid of 60002 for Domain Admins and undertaken some 'chgrp' tasks. I've now got a domain member with shares that presents the correct ownership. All looks good. I'm still slightly confused why I have two ranges within my member smb.conf: idmap config * : backend = tdb

So, a little bit more investigation shows a problem with idmap -> User - BUILTIN\Administrator uid = 30000 Group - BUILTIN\Administrators gid = 3000000 Group - SAMDOM\Domain Admins gid = 60000 POSIX file ownership is becoming 3000000:60000 It seems that the Administrators group group is set as the owner. What's more, 'Administrators' group name is not mapped when I list the

I've spent some time updating, upgrading and generally consolidating an old Samba AD. I've managed to remove a very old unsupported (4.2) Samba AD DC following migration to a couple of new DC's - that seems to have worked out OK. Workstation logons and GPO's working fine. I'm now left with one problem after joining a new Samba (4.5.12) member server to the domain for file

Hi Again - following on from my last request for help, I'm now attempting to setup LDAP auth against my working samba4 AD. Simplistically, I'm trying initially to SSH into my AD server (working) using nslcd. I've tried method #1 from https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns lcd My simple config is: uid nslcd gid nslcd uri

Hi List, I am trialling a small Samba4 AD server supporting 10 users (running fine). I also have exim smtp and dovecot imap running on the same Debian Wheezy box. Simplistically, what I would like to achieve is for an AD user account to also authenticate to imap and smtp using the same credentials. I previously used Samba3 'unix password sync' to ensure that any domain users were

Hi Rowland - thank you for replying. I have now demoted and removed the temporary DC with the intention of repeating the exercise from scratch later this week. It was a Ubuntu Server 18.04.1 and the smb.conf was very vanilla: [global] workgroup = ACASTA realm = ACASTA.INTRA netbios name = UBUNTU server role = active directory domain controller dns forwarder - 192.168.200.3 idmap_ldb:use rfc2307 =

On 02/05/2020 19:28, Jelle de Jong via samba wrote: > root at s4ad01:~# samba-tool user show jdoe There is no apparent reason why the groups do not work with chgrp, the only reason I can think of is that the group was created and when you tried to 'chgrp' the file, winbind read from its cache and it wasn't in the cache. Try running 'net cache flush' and then try

On 02/05/2020 18:59, Jelle de Jong via samba wrote: > On 2020-05-02 16:42, Rowland penny via samba wrote: >> On 02/05/2020 15:07, Jelle de Jong via samba wrote: >>> Am I wrong to expect that id user and getent group should list me >>> the groups the user is part of. >>> >>> For example wbinfo --group-info=office shows me that user jdoe and

I’m looking to replace a DC within a small network by adding a new DC and transferring FMSO roles, then demoting the old DC (https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC). I am able to successfully deploy the new DC following directions in https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory. However, I am struggling with ID mappings – I’m not really

By primary group I mean the group that is set by chgrp. that is the group returned after the pound key (#) from getfacl. In other words the Unix group and not the one managed by ACLs. / Kacper > Hello, > > I've seem to have found what looks like a bug in Samba 4.8.3. It's > the same problem as described in > https://lists.samba.org/archive/samba/2018-March/214589.html.

I've now spun up a second DC ready for a migration from an old DC. Just checking over a few things and have hit this problem: Objects created by Domain Admins members default to ownership by BUILTIN\Administrators. So, when JohnDoe is logged on as JohnDoe and creates a file, its ownership becomes BUILTIN\Administrators. I've played with perms for over an hour and cannot make any sense

Hi Denis, Thank you for your mail. I assigned the GID 10000 to the domain admins group through ADUC, and wbinfo --info-group "domain admins" display the correct output. But i am still not able to execute succesfuly #chgrp "Domain Admins" /home/demo And when i go to ADUC and try to open the Unix Attribute of domain admins group, i have the error "Unable to

The same thing happen if the group on a file is wheel or any other unix group. I also now observed that this also happens to unix users that are not mapped in idmap.ldb. For example: # useradd myunixuser # touch myfile # chown myunixuser myfile # chgrp SAMDOM\sambauser myfile alos crashes explorer. / Kacper On Thu, Aug 16, 2018 at 8:55 PM, Rowland Penny via samba < samba at

Hello, all! Well, third time is *not* the charm for me. (I've been through the process 3 times with 3 different DCs). I am trying to set up a member server, using Samba 4.1.14, and washing out when getting to the winbind testing. I've tried ignoring the failure and pressing on, but that didn't get anywhere. In this instance, I have a freshly-installed, configured and functioning

Hi, On Windows Server 2008 R2 Enterprise Profiles path: \\fs\profiles\rprofile On Centos Version 7 Samba Version 4.7.1 ROLE_DOMAIN_MEMBER [profiles] comment = Users profiles path = /profiles browseable = No read only = No force create mode = 0600 force directory mode = 0700 csc policy = disable store dos attributes = yes

Hi, Yes thats correct. But try the following. Make sure you use the usermapping. username map = /etc/samba/samba_usermapping containing: !root = NTDOM\Administrator NTDOM\administrator Administrator administrator And according to the wiki. (https://wiki.samba.org/index.php/Configuring_Point%27n%27Print_automatic_printer_driver_deployment) For POSIX ACLs: # chgrp -R "SAMDOM\Domain

On Wed, Nov 18, 2015 at 6:00 AM, Rowland Penny <rowlandpenny241155 at gmail.com > wrote: > On 18/11/15 10:27, Jeff Dickens wrote: > >> >> >> On Nov 18, 2015 4:35 AM, "Rowland Penny" <rowlandpenny241155 at gmail.com >> <mailto:rowlandpenny241155 at gmail.com>> wrote: >> > >> > On 17/11/15 23:09, Jeff Dickens wrote:

Hi List I've spun up a fresh Debian 8 VM to test out the upgrade steps for a Debian samba 4.1.17 package deployment to a compiled samba 4.2.5. All seem s to work fine (apt-get remove samba first, followed by configure/make/install), but I get the following errors in my samba.log: samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor Is this

Hi Rowland - just wanted to follow up and say thanks. It was a dependency issue with pam. All sorted now. May I quickly double check that the current Samba wiki is correct - there is no automatic sysvol replication? Therefore, I must replicate my old DC sysvol to the new DC before transferring FMSO roles and demoting the old DC?? -----Original Message----- From: Rob Mason Sent: 26 November 2018