similar to: AD Upgrade question

On Sun, 8 Apr 2018 08:35:24 +0000 Praveen Ghimire <PGhimire at sundata.com.au> wrote: > Hi Rowland, > > Let me start my apologizing about the missed email, must have not > seen it. > > We are migrating to an AD domain , the first step was to migrate PDC > to LDAP. > > So to get around the bug, do we need to create the user in both PDC > in LDAP and also as a

On Sun, 8 Apr 2018 05:55:18 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote: > Hi, > > I've gone through the following link about member server and also the > samba 3 by example and can confirm that nsdc is not enabled. > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > > We are having some issues with LDAP

Hi, Would the Windows 2008/2012 server be looking for a particular DNS record during DCPROMO? Both the Samba and Windows box are on the same vlan/host/subnet. The UFW has been disabled. Stupid question, do I need to install any RPC package in the Samba box? Would disabling Bind9 using dnsupdate and dns in server roles help? The only issue I see with that is the SRV records will disappear and

Hi Rowland, The issue seems to be due to the groups who decided not to show up in AD. Strangely, even when we added the group with the same name in the AD, it didn't resolv the issue. Even though smb.conf dictates that the user have to a member of a group with that name. Using getent group, we can see the group. Does Samba hold on to the SID of the group somehow? Is there a way to get

Hi Rowland, The test environment is totally isolated and we testing with images of the client machines. We're just trying to iron out any issues post the PDC role move. We have a small list we are going through. The SSL bit is one of them. Once the new environment is stable, we'll be migratingto AD. Regards, Praveen Ghimire -------- Original message -------- From: Rowland Penny

On Sun, 8 Apr 2018 09:05:46 +0000 Praveen Ghimire <PGhimire at sundata.com.au> wrote: > Hi Rowland, > > I have gone through that link a few times and have done both the TDB > to AD and also LDAP to AD migration a few times. > > The AD migration is the second stage. > > Let me explain the situation. The Production server is a Samba 3 box > which acts as the DC

Hi Rowland, The group was in /etc/group and LDAP. Post the AD migration, the group didn’t show up in AD. We then added the group in AD, will check if it has a gid number. If AD doesn’t have gid, can I remove the group /etc/group and assign it the same gid in AD? The group in question was one of many which had the same issue, hence the question about importing missed groups in AD Regards,

Hi Rowland, The user's ID range would have been below 3600, the current max rid is 3506 The links have been setup following this link, then restarted the samba-ad-dc service https://wiki.samba.org/index.php/Libnss_winbind_Links I followed the following to configure the winbindd stuff, https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC template shell = /bin/bash

Hai Praveen, > -----Oorspronkelijk bericht----- > Van: Praveen Ghimire [mailto:PGhimire at sundata.com.au] > Verzonden: donderdag 27 juni 2019 13:46 > Aan: samba at lists.samba.org > CC: 'L.P.H. van Belle' > Onderwerp: RE: [Samba] Reverse DNS > > Hi Guys, > > Thank you for your emails. Here is the info > > /etc/apparmor.d/local/usr.sbin.dhcp >

Hi , We ran the classic upgrade and migrated the domain . We were then able to add a Windows Server 2008R2 and dcpromo it. Here are some of the issues we are seeing post migration - Pre the migration, the password backend was LDAP. We had some groups that we had migrated into LDAP from TBD. These groups doesn't seem to have come up in AD. - Any groups that were created in

Hi Rowland, Sorry, migration using BIND9_DLZ gives the same result Not sure if the following from the migration is of a concern Could not add posix attrs for AD entry for sid=S-1-5-21-3936576374-1604348213-1812465911-3034, ((21, 'Element loginShell has empty attribute in ldb message ()!')) Could not add posix attrs for AD entry for sid=S-1-5-21-3936576374-1604348213-1812465911-3040,

Hi Rowland, I did that initially and that came with Failed to connect to ldap URL 'ldap://lin-pdc.lin - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Hence I removed the whole ldap:// bit After your email I tried again but using ldap://localhost and it seems to have worked. Not sure what the issue is with the fqdn. I could run ldap queries when using fqdn. Regards, Praveen

Hi Rowland, I get the same error messages even with the following smb.conf, generated by the migration process. [global] workgroup = LIN realm = LIN.COM netbios name = LINSERVER01 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate idmap_ldb:use

Hi Rowland, Thank you. Yes to the first point. We are using Bind9 but to continue using it is not necessarily set in stone. If using Samba Internal DNS makes more sense then we can do that too. The question is do we need to do dns-upgrade and use Internal DNS, pre-migration? Then use internal dns during the classic migration? Also, I assume the bind9 service will have to stopped if infact we

Hi, We are having some replication issues between the our PDC and BDC LDAP servers. Here are the details Servers: Name: LIN-PDC1.LIN Role: PDC SLAPD: openldap-2.4.28 Samba: 3.6.25 Name: LIN-PDC2.LIN Role: BDC SLAPD: 2.4.31 Samba: 4.3.11 LDAP Method: cn=config with smbldap tools Database: HDB Management: PHPLAMDIN Replication Method: refreshAndPersist Replication: After importing the LDIFs

Hi, We are running test migration on the following environment in preparation for the prod migration. Any suggestions will be grealty appreciated. OS: Ubuntu18.04 Hypervisor: Proxmox Container (LXC) Samba Version 4.6.7 DNS: BIND9_DLZ AD and File server in the same server. Have gone through the Samba documentation regarding this We get the following when adding a machine (Windows 7) to the

On Mon, 6 May 2019 09:47:44 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote: > Hi Louis, > > Thank you for that. > > I don’t have a /var/lib/samba/bind-dns/dns/ , only > have /var/lib/samba/private/dns. > > Apparmor is now stopped and masked. I had masked the smbd and nmbd > post the migration, have masked the winbind now. > > Have

Hi Rowland, We are caught in a similar situation. The question is if the users and groups are defined in /etc/passwd and /etc/group, shouldn't the server auth them using these first? As nsswitch directs the server to look at "files" first . Shouldn't this be the default regardlessof winbind/ldap configs? Regards, Praveen Ghimire -------- Original message -------- From:

Harry, Thank you. Unfortunately we don't have the choice of upgrading LDAP due to distro not supporting the newer version. However we have managed to get it to work. A lot of fiddling around. I do have another question though ;). Now that we have LDAP replicating, how do I transfer the "samba classic " PDC role to our BDC. I have read that using the domain master=yes in smb.conf

On Mon, 6 May 2019 11:12:17 +0000 Praveen Ghimire <PGhimire at sundata.com.au> wrote: > Hi Rowland, > > Sorry about the confusion. It is Ubuntu 18.04 with Samba 4.7.6 > > I have a script that installs the following > > apt-get install -y acl attr autoconf bind9utils bison build-essential > \ debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev \ >