similar to: Joining_a_Samba_DC_to_an_Existing_Active_Directory

Hello all this morning i followed wiki in subject to replicate my active directory, but it fails with this error: [root at dc1 etc]#  samba-tool drs showrepl Default-First-Site-Name\DC1 DSA Options: 0x00000001 DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f DSA invocationId: 834770f4-c5a7-48c7-bc77-66e2cf37e557 ==== INBOUND NEIGHBORS ==== DC=ForestDnsZones,DC=lxcerruti,DC=com        

Hello I used https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) to migrated my old samba 3, i created a dc and a member file server, but on member i can't see id for usernames and groups. This is my smb.conf on dc [global]         netbios name = DC1         realm = LXCERRUTI.COM         server role = active directory domain controller        

Hello Rowland and thanks for fast answer according with your suggestion i modified my smb.conf like this: [global]         lanman auth = Yes         log file = /var/log/samba/%m.log         ntlm auth = ntlmv1-permitted         realm = LXCERRUTI.COM         security = ADS         winbind offline logon = Yes         winbind use default domain = Yes         workgroup = LXCERRUTI        

On Mon, 5 Nov 2018 11:51:00 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > > > Il 05/11/2018 11:41, Rowland Penny via samba ha scritto: > > You might as well remove the line 'winbind use default domain = > > Yes', it does nothing on a DC. > > I would also add 'idmap_ldb:use rfc2307 = yes' > ok, i did it > > When

On Mon, 5 Nov 2018 11:11:59 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > > > Il 05/11/2018 10:54, Rowland Penny via samba ha scritto: > > OK, you classicupgraded 3.6.x to 4.9.1, by this I take it you mean > > you have upgraded a PDC to an AD DC, is this correct ? > yes, is correct > > > > What OS are you using ? > centos 7.5

Il 26/10/2018 10:48, Rowland Penny via samba ha scritto: > I am willing to lay money that the gidNumber attribute for Domain Users > contains '513', if so, your ranges are not compatible are yuo a wizard ?? :-) > > What does 'wbinfo --group-info Domain\ Users' return ? on dc LXCERRUTI\domain users:x:100: :-( on member , after i added     idmap config LXCERRUTI :

Il 31/10/2018 16:14, Rowland Penny via samba ha scritto: > Can you post your smb.conf. [global]         netbios name = DC1         realm = LXCERRUTI.COM         server role = active directory domain controller         workgroup = LXCERRUTI         idmap_ldb:use rfc2307 = yes         idmap config DOMAIN : unix_nss_info = yes         ntlm auth = yes         winbind use default domain =

Hai, Ok, i expected a bit different outputs. On my DC, i use /home/samba/sysvol and /home/samba/netlogon. This is what i expected. getfacl /home/samba/ getfacl: Removing leading '/' from absolute path names # file: home/samba/ # owner: root # group: BUILTIN\134administrators user::rwx user:root:rwx group::rwx group:BUILTIN\134administrators:rwx

Hello Luis tomorrow i'm not in office, reply to you thursday One question : who is owner and whats rights for dir     /home     /home/samba     /home/samba/sysvol because, from windows client, user into domain admins, when i change in security tab, explorer always crash bye Il 06/11/2018 17:16, L.P.H. van Belle via samba ha scritto: > Ok, next, > > From a windows pc connect to

On Fri, 26 Oct 2018 14:25:52 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > > > Il 26/10/2018 14:03, Rowland Penny via samba ha scritto: > > ldbsearch -Hldap://$(hostname -s) -k yes -P > > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > > gidNumber | awk '{print $NF}' > > [root at dc1 ~]#

Il 26/10/2018 13:45, Rowland Penny via samba ha scritto: > ldbsearch -Hldap://$(hostname -s) -k yes -P '(&(samaccountname=Domain > Users)(gidNumber=*))' gidNumber | grep gidNumber | awk '{print $NF}' sorry but nothing happen [root at dc1 ~]# ldbsearch -H ldap://$(hostname -s) -k yes -P '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep

On Fri, 26 Oct 2018 08:27:10 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > Hello > I used > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) > to migrated my old samba 3, i created a dc and a member file server, > but on member i can't see id for usernames and groups. > This is my smb.conf on dc >

Hai, I see : ldap://lxcerruti.com So its setup with a top level domain internaly. Correct ? Check if resolv.conf contains: search lxcerruti.com nameserver IP-OF_THE_DC1 And make very sure you DNS request dont goto the internet. Monitor you gateway and outgoing dns traffic. Just a warning about this. > > > What does 'wbinfo --group-info Domain\ Users' return ? >

On Fri, 26 Oct 2018 16:47:52 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > thank you for your comprehension > > Il 26/10/2018 16:40, Rowland Penny via samba ha scritto: > > OK, two further ldbsearches: > > > > ldbsearch -Hldap://$(hostname -s) -k yes -P > > '(&(samaccountname=*)(uidNumber=*))' uidNumber | grep uidNumber

Il 05/11/2018 12:09, Rowland Penny via samba ha scritto: > Is 'massaro' one of your existing users carried over by the > classicupgrade ? yes it is, i checked also other users but id is correct : [root at dc1 var]# getent passwd cerr2012 LXCERRUTI\cerr2012:*:570:513::/home/LXCERRUTI/cerr2012:/bin/false [root at dc1 var]# getent passwd dado

On Mon, 5 Nov 2018 12:20:31 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > > > Il 05/11/2018 12:09, Rowland Penny via samba ha scritto: > > Is 'massaro' one of your existing users carried over by the > > classicupgrade ? > yes it is, i checked also other users but id is correct : > > [root at dc1 var]# getent passwd cerr2012

On Fri, 26 Oct 2018 10:20:21 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > Hello Rowland and thanks for fast answer > according with your suggestion i modified my smb.conf like this: > [global] >         lanman auth = Yes >         log file = /var/log/samba/%m.log >         ntlm auth = ntlmv1-permitted >         realm = LXCERRUTI.COM >

On Mon, 5 Nov 2018 10:28:31 +0100 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > Hello > > Il 31/10/2018 17:35, Corrado Ravinetto via samba ha scritto: > > ok, sorry, are all AD users > i taked out id map in smb.conf, but when i connect with a client in > log.smbd: > > [2018/11/05 10:20:29.489762,  0] >

On Fri, 26 Oct 2018 17:38:55 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote: > > > Il 26/10/2018 17:18, Rowland Penny via samba ha scritto: > > gidNumber: 513 > [root at dc1 ~]# ldbsearch -Hldap://$(hostname  -s) -k yes -P > '(&(samaccountname=Domain Users)(gidNumber=*))' gidNumber | grep > gidNumber | awk '{print $NF}'

Hello at all after a classicupgrade from samba 3.6 to samba 4.9.1 at first tests i found many error in log.smbd like these : [2018/10/31 15:26:51.317398,  0] ../source3/smbd/uid.c:386(change_to_user_internal)   change_to_user_internal: chdir_current_service() failed! [2018/10/31 15:26:51.317567,  0] ../source3/smbd/process.c:1627(switch_message)   Error: Could not change to user. Removing