similar to: Samba with AD : SID rejected

Hai, wbinfo -Y S-1-5-21-2816186202-4468957523-2022743653-513 Does this resolve? You should see "domain users" And your missing your primary dnsdomain. (search) Go here. https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt Your missing, ( see line 370 ) search: [ internal.example.com ] Add it.. Also i missed 2 other points. smb.conf add:

Hi, Louis, Rowland, thanks for you answer. @Louis All packages were installed. I change my config file following your advices, the problem is still here. I already followed guides from thctlo's github. @Rowland Yes, my dns domain was different, but answered also to test.lan. It's now set to 'kdc=dc.foo.lab' I have my user vincent with uidNumber 10010 and gidNumber 13010

Le 03/05/2019 à 16:20, L.P.H. van Belle a écrit : > Hai, > > wbinfo -Y S-1-5-21-2816186202-4468957523-2022743653-513 > Does this resolve? > You should see "domain users" I see 13010 (that's normal according to the doc) but wbinfo --sid-to-fullname S-1-5-21-2816186202-4468957523-2022743653-513 give me "domain users" > > And your missing your

Thanks for your time. Now,  wbinfo -G 13010 and wbinfo -Y work. But I still don't see any domain users in getent passwd, and wbinfo --user-sids=S-1-5-21-2816186202-4468957523-2022743653-4403 still fails with getusersids S-1-5-21-2816186202-4468957523-2022743653-4403 [2019/05/03 15:50:51.978858,  3, pid=910, effective(0, 0), real(0, 0), class=winbind]

Hi Oracle Linux Server client with Samba 3.6.23 (file server) joined to the Samba4 AD domain. ---------------- smb.conf [global] #--authconfig--start-line-- netbios name = FS server string = "GSDAD Fileserver" workgroup = GSDAD realm = AD.GSD.LAN security = ads winbind use default domain = yes idmap config * : backend = rid idmap config * : range =

Dear list, upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3 to 3.6.3. I was successfully using idmap_ad to authenticate users but after the upgrade it stopped working and users are not seen by the OS. Obviously the users I want to see on the Linux server have all RFC2307 attributes populated and are seen by all other SLES11 SP1 servers. I checked everything (I know) from the

Hey guys, It's me again. Today I moved our NAS from our old 2000 domain to a new domain presided over by two Samba 4.7.2 domain controllers. After the move I cant access the NAS at all from my Windows 7 test pc. I keep getting an error that "The group name could not be found" I am at the end of my troubleshooting skills. I also moved the NAS' samba from sernet-samba 4.1 to

So... I've been running Samba 3.6 for too long and I upgraded. I did save my packages for 3.6, but I don't _think_ I'm going back. Points for the group: - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it seems to be a known problem (tm), so I'll move on. - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate complains. Strange thing, tho: all

hi all, I can't figure out why winbind can't find ad users with wbinfo calls. It happens on a member server, Debian GNU/Linux stretch, samba is 4.7.5 from Louis repository: [global] security = ADS workgroup = EXAMPLEAD realm = EXAMPLE.ORG idmap config * : backend = tdb idmap config * : range = 1000000-3000000 idmap config EXAMPLEAD:backend = ad idmap config

Hi Rowland, On Sun, 15 Oct 2017, Rowland Penny via samba wrote: > On Sun, 15 Oct 2017 13:38:13 -0400 (EDT) > me at tdiehl.org wrote: > >> Yes I understand, however, there are 2 things I am concerned about. >> >> When the errors are spewing, winbind never goes to sleep and the load >> on the server runs somewhere between 6-8 constantly (as shown by >>

Hi all. I'm getting mad at this. I use winbind to authenticate users in multiple domains from AD. The config worked well, before upgrading from 3.5.3 to 3.5.10 in Mandriva. Now, if I 'winbind -i user.name' (so using the joined domain PERSONALE) I get the correct info, but if I do a 'winbind -i STUDENTI\\another.name' the answer is a 'Could not get info for user

Quoting Adam Tauno Williams <awilliam at whitemice.org>: >>>> It should work, it sounds like a mis-configuration somewhere, can you >>>> post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and >>>> /etc/krb5.conf from the member server. >>> "wbinfo -u" lists 415 lines >>> "getent passwd" returns 93 lines

Hi Tom, Small update. I'am also still looking into this but im not getting much futher.. I am just reading : https://blogs.msdn.microsoft.com/openspecification/2009/12/31/verifying-the-server-signature-in-kerberos-privilege-account-certificate/ Bit older but, im trying to understand more what happens here. And the only "guess" i can make here is . A kerberos ticket, with

Dear I have connected samba 3.6.8 to my Active Directory in the lsass.exe run to 100% When stopping winbind the lsass.exe CPU is down to 0% When set winbindd to debug mode, it seems it try to scan the root user every time. I would to know how to ban nsswitch to query winbindd for system internal users such has root, apache..... Here it is my nsswitch.conf : # # Example configuration of GNU

A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6083 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20120625/569cea1a/attachment.bin>

Hello ! And i have problem with user validation. wbinfo work well, but i cant use de AD users. root at samba01:~# smbclient -L 127.0.0.1 -Ugalerna\\gcarballo Enter GALERNA\gcarballo's password: session setup failed: NT_STATUS_LOGON_FAILURE root at samba01:~# smbclient -L 127.0.0.1 -Ugalerna\\administrator Enter GALERNA\administrator's password: Administrator work with the mapping

Am 26.02.19 um 12:26 schrieb Ralph Böhme: > On Tue, Feb 26, 2019 at 11:19:45AM +0100, Alexander Spannagel via samba > wrote: >> The huge delays are seen, when user isn't known to sssd and winbind >> tries to look that user without explicitly a domain given and the >> option "winbind use default domain" is on it's default of "No" in >>

On 18/05/15 11:57, Tomasz B?asiak wrote: > /Hi > / > /sometimes 'getent group <domain group> is OK, but///sometimes is wrong. > > // > //Then I restart windind and for 5-10 minut is OK and//the situation is repeated > > Sorry for my English > /// // > / > / > > > > > />>Know problem, does 'getent group <a domain

Am 23.02.19 um 22:23 schrieb Rowland Penny via samba: > On Sat, 23 Feb 2019 21:54:31 +0100 > Alexander Spannagel via samba <samba at lists.samba.org> wrote: > >> Am 23.02.19 um 15:48 schrieb Rowland Penny via samba: >>>>>>>>> If you have, as you have, 'files sss winbind' in the the >>>>>>>>> passwd & group line

Hai, Thank you for having trust in my packages.. :-) Now if you use my package, i suggest, do read the howto's also... All you need for a good setup on debian stretch is there. if anyone find/see's improvements, please tell me... Or change it on github, thats why its there. First is this an upgraded domain? Or a new domain? What does `getent passwd username` tell you. Same for `id