similar to: wbinfo isn't working on domain member

As always, posting your smb.conf might help. Oops forgot, thanks Rowland: pi at fs1:~ $ cat /etc/samba/smb.conf [global]         username map = /etc/samba/user.map         workgroup = samdom         realm = samdom.example.com         netbios name = fs1         security = ADS idmap config * : backend = tdb idmap config *: range = 3000-7999 idmap config SAMDOM:backend = ad idmap config

Hi there, I wonder if anyone can help me? I recently created an active directory setup with a primary domain controller ad1 and secondary domain controller ad2 for a domain SAMDOM. In-line with what I understand to be Samba best practices I then setup a separate file-server fs1 on which I created a file share, /fsrv/shares/OgdenFiles/. This has all been done using Samba version

Hi Rowland, I made the change you suggested to auto refresh kerberos. It didn't seem to fix the issue unfortunately, even after a machine restart. Following your line of reasoning that it is a Kerberos issue, I then tried to grab a new kerberos ticket on the server in question which appears to fail though. Perhaps this gives some further insight? pi at fs1:~ $ kinit administrator at

Can you post the following files: /etc/resolv.conf /etc/hostname /etc/hosts /etc/krb5.conf pi at fs1:/var/log/apache2 $ cat /etc/resolv.conf # Generated by resolvconf search samdom.example.com nameserver 192.168.1.229 nameserver 192.168.1.228 nameserver X.X.X.X nameserver X.X.X.X nameserver 8.8.8.8 pi at fs1:/var/log/apache2 $ cat /etc/hostname fs1 pi at fs1:/var/log/apache2 $ cat /etc/hosts

Hi everyone, I am using Samba 4.5.16-Debian on Raspbian and thanks to the help offered by everyone here I now finally have a mostly-working Active Directory network. I am now at the stage of creating inidividual user accounts for my domain and unfortunately I have a very basic but fundamental problem! I currently enter the following input at the command-line to create a new user on my DC: pi

On Fri, 29 Mar 2019 16:14:20 +0000 Stephen via samba <samba at lists.samba.org> wrote: > Hi there, I wonder if anyone can help me? > > I recently created an active directory setup with a primary domain > controller ad1 and secondary domain controller ad2 for a domain > SAMDOM. Nope, you have two AD DC's, one called 'ad1' and one called 'ad2' Apart from

Hi Rowland! On 29/03/2019 16:33, Rowland Penny via samba wrote > Roll on 'Buster' ;-) 4.5.x is well EOL. Its not ideal I know! ;) Unfortunately I (and every other Raspberry Pi user) is stuck with this for now since this is the default Samba package that Raspbian currently uses unfortunately. I did check to see if it could be upgraded using apt to something a little more recent but

Hi all, I have exactly the same problem as the OP and tried the solution below, but I still get the error: 'Username IUCNNL\PC050$ is invalid on this system'. Should I map useraccount, enable Guest account, chang eunix directory permissions or things like that? Problem: My Windows 10 computers' machine accounts cannot acces shares on a domain member (samba 4.6 , id map = ad, centos

Hi Rowland, thanks for your suggestions. I have read and re-read the Samba docs to try and understand where I went wrong here. I added the uidNumber and gidNumber exactly as per your comments and that seems to improve the situation markedly. I can now at least see that the share exists from SAMDOM\stephenellwood which wasn't possible before. File access is now possible from

On Mon, 29 Jan 2024 16:42:20 -0800 Peter Carlson via samba <samba at lists.samba.org> wrote: > > On 1/29/24 13:08, Rowland Penny via samba wrote: > > On Mon, 29 Jan 2024 12:51:37 -0800 > > Peter Carlson via samba<samba at lists.samba.org> wrote: > > > > > >> Just did a quick test, the big T comes after setting permissions in > >>

Hi Rowland, >> File server config looks exactly like this, except more shares, all >> with same simple config. I know that "use defualt domain" isn't >> necessery, but it's not the issue for me right now. ... > 'SYSTEM' is a Windows group and is meaningless to Unix, it should be > mapped to a Unix ID only on a Samba AD DC and there it is an >

On 1/29/24 13:08, Rowland Penny via samba wrote: > On Mon, 29 Jan 2024 12:51:37 -0800 > Peter Carlson via samba<samba at lists.samba.org> wrote: > > >> Just did a quick test, the big T comes after setting permissions in >> windows >> >> root at fs1:/var/log# cd /data >> root at fs1:/data# mkdir -m 1777 test2 > No it doesn't, you are setting

Dear samba-list, please disregard my previous post. Since posting I have found a way to avoid the need to create a dedicated AD service account purely to allow Redmine to authenticate via LDAPS and AD. This neatly circumvents my original issue and is much more secure to boot. For future Redmine users googling, refer to this document here:

Hi everyone, I am running Ubuntu 18.04 Bionic with Samba version 4.7.6-Ubuntu. *Background / Problem Context* I have recently setup a server where I wish to use a standalone Samba file server in conjunction with SVN and git and then have all these services share the same username and password credentials. I wish to achieve this without using any centralised LDAP or Active Directory or

Hi all, I have a couple of Samba 4 DCs on my network and I created a new service account LDAPReader on my DCs that my non-Samba third-party services such as Redmine successfully use to access AD via the LDAPS protocol. I have a couple of questions that relate to having service account of this nature implemented in Samba and I wondered if the group could possibly provide some advice? 1)

Hi Samba documentation admins, one of the the examples given on this page https://wiki.samba.org/index.php/User_and_Group_management is incorrect and probably should be updated. The snippet of code in question: $ samba-tool user add fbaggins    --random-password --use-username-as-cn    --surname="Baggins" --given-name="Frodo"    --initials=S --mail-address=fbaggins at

We're beginning a migration from FreeBSD w/ Samba Version 3.0.28a to Gentoo Linux w/ Samba Version 3.0.33. Both the BSD system and the Linux system are joined to the domain, using the same krb5.conf file and nearly identical global sections of the smb.conf file. What I've found is the UID and GID are not aligned with each other. For example: (dc2: 14:52:53 </var/db/samba>)

To be honest, the 'Dynamic Bind' method doesn't seem that secure to me, anybody could 'pretend' to be someone else. Rowland True! I agree with you Rowland that is a weakness. Unfortunately that is a universal weakness shared by all password-based authentication methods. I guess you would have to go with SSH-style encryption keys and certificates to circumvent that problem

Hi everyone, I have two AD DCs that I am experimenting with, hostnames ad1 and ad2 respectively. I am using Raspberry Pi hardware, and accordingly I am using Samba 4.5.16-Debian on Raspbian Linux. I have already had some success so far setting up a second AD DC, ad2, and joining this to my existing Active Directory domain SAMDOM. I have already verified that I can create new user accounts on

Rowland - good news - the instructions in that document you suggested appear to have made all the difference! Now I find that if I do: pi at ad2:~ $ sudo systemctl restart samba-ad-dc pi at ad2:~ $ sudo samba-tool drs showrepl Default-First-Site-Name\AD2 DSA Options: 0x00000001 DSA object GUID: e676dfc3-670d-46bb-b1f7-756bae990a30 DSA invocationId: b7fb9a73-a5c5-4672-9d0f-83e0323f9f3b ====