similar to: Samba with AD : SID rejected

Hai, wbinfo -Y S-1-5-21-2816186202-4468957523-2022743653-513 Does this resolve? You should see "domain users" And your missing your primary dnsdomain. (search) Go here. https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt Your missing, ( see line 370 ) search: [ internal.example.com ] Add it.. Also i missed 2 other points. smb.conf add:

Hi, Louis, Rowland, thanks for you answer. @Louis All packages were installed. I change my config file following your advices, the problem is still here. I already followed guides from thctlo's github. @Rowland Yes, my dns domain was different, but answered also to test.lan. It's now set to 'kdc=dc.foo.lab' I have my user vincent with uidNumber 10010 and gidNumber 13010

Le 03/05/2019 à 16:20, L.P.H. van Belle a écrit : > Hai, > > wbinfo -Y S-1-5-21-2816186202-4468957523-2022743653-513 > Does this resolve? > You should see "domain users" I see 13010 (that's normal according to the doc) but wbinfo --sid-to-fullname S-1-5-21-2816186202-4468957523-2022743653-513 give me "domain users" > > And your missing your

Thanks for your time. Now,  wbinfo -G 13010 and wbinfo -Y work. But I still don't see any domain users in getent passwd, and wbinfo --user-sids=S-1-5-21-2816186202-4468957523-2022743653-4403 still fails with getusersids S-1-5-21-2816186202-4468957523-2022743653-4403 [2019/05/03 15:50:51.978858,  3, pid=910, effective(0, 0), real(0, 0), class=winbind]

Le 06/05/2019 à 11:23, Rowland Penny via samba a écrit : > On Mon, 6 May 2019 10:58:56 +0200 > Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: > >> Le 06/05/2019 à 10:46, Rowland Penny via samba a écrit : >>> On Mon, 6 May 2019 09:08:10 +0200 >>> Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: >>> >>>> Hi,

On Mon, 6 May 2019 09:08:10 +0200 Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: > Hi, > > sorry for the mistake, I meaned > > getent passwd vincent shows nothing and I got in the log file: > > winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent. > > 'wbinfo -u | grep 'vincent' returns vincent, it's the good username.

Le 06/05/2019 à 12:06, Rowland Penny via samba a écrit : > On Mon, 6 May 2019 11:47:34 +0200 > Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: > >> Le 06/05/2019 à 11:23, Rowland Penny via samba a écrit : >>> On Mon, 6 May 2019 10:58:56 +0200 >>> Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: >>> >>>> Le

Le 06/05/2019 à 10:46, Rowland Penny via samba a écrit : > On Mon, 6 May 2019 09:08:10 +0200 > Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote: > >> Hi, >> >> sorry for the mistake, I meaned >> >> getent passwd vincent shows nothing and I got in the log file: >> >> winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent.

So... I've been running Samba 3.6 for too long and I upgraded. I did save my packages for 3.6, but I don't _think_ I'm going back. Points for the group: - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it seems to be a known problem (tm), so I'll move on. - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate complains. Strange thing, tho: all

Hi Oracle Linux Server client with Samba 3.6.23 (file server) joined to the Samba4 AD domain. ---------------- smb.conf [global] #--authconfig--start-line-- netbios name = FS server string = "GSDAD Fileserver" workgroup = GSDAD realm = AD.GSD.LAN security = ads winbind use default domain = yes idmap config * : backend = rid idmap config * : range =

Hey guys, It's me again. Today I moved our NAS from our old 2000 domain to a new domain presided over by two Samba 4.7.2 domain controllers. After the move I cant access the NAS at all from my Windows 7 test pc. I keep getting an error that "The group name could not be found" I am at the end of my troubleshooting skills. I also moved the NAS' samba from sernet-samba 4.1 to

Dear list, upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3 to 3.6.3. I was successfully using idmap_ad to authenticate users but after the upgrade it stopped working and users are not seen by the OS. Obviously the users I want to see on the Linux server have all RFC2307 attributes populated and are seen by all other SLES11 SP1 servers. I checked everything (I know) from the

Hi Rowland, On Sun, 15 Oct 2017, Rowland Penny via samba wrote: > On Sun, 15 Oct 2017 13:38:13 -0400 (EDT) > me at tdiehl.org wrote: > >> Yes I understand, however, there are 2 things I am concerned about. >> >> When the errors are spewing, winbind never goes to sleep and the load >> on the server runs somewhere between 6-8 constantly (as shown by >>

On Fri, 3 May 2019 17:16:41 +0200 Vincent Ducot via samba <samba at lists.samba.org> wrote: > getent passwd still only shows local unix accounts, and I got the > error "getpwent failed: NT_STATUS_NO_MORE_ENTRIES" in log.winbindd. > > getent passwd vincent shows nothing and I got in the log file: > > winbindd_getpwnam: My domain -- rejecting getpwnam() for

Hi all. I'm getting mad at this. I use winbind to authenticate users in multiple domains from AD. The config worked well, before upgrading from 3.5.3 to 3.5.10 in Mandriva. Now, if I 'winbind -i user.name' (so using the joined domain PERSONALE) I get the correct info, but if I do a 'winbind -i STUDENTI\\another.name' the answer is a 'Could not get info for user

hi all, I can't figure out why winbind can't find ad users with wbinfo calls. It happens on a member server, Debian GNU/Linux stretch, samba is 4.7.5 from Louis repository: [global] security = ADS workgroup = EXAMPLEAD realm = EXAMPLE.ORG idmap config * : backend = tdb idmap config * : range = 1000000-3000000 idmap config EXAMPLEAD:backend = ad idmap config

Hi Tom, Small update. I'am also still looking into this but im not getting much futher.. I am just reading : https://blogs.msdn.microsoft.com/openspecification/2009/12/31/verifying-the-server-signature-in-kerberos-privilege-account-certificate/ Bit older but, im trying to understand more what happens here. And the only "guess" i can make here is . A kerberos ticket, with

Quoting Adam Tauno Williams <awilliam at whitemice.org>: >>>> It should work, it sounds like a mis-configuration somewhere, can you >>>> post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and >>>> /etc/krb5.conf from the member server. >>> "wbinfo -u" lists 415 lines >>> "getent passwd" returns 93 lines

Does mdecker exist in AD ? => Yes root at solaris1:~# getent passwd "MYDOM.ADS\\mdecker" mdecker:*:13767:613::/home/mdecker:/bin/bash winbind log: getpwnam MYDOM.ADS\mdecker wb_request_done[24254:GETPWNAM]: NT_STATUS_OK Does 'getent passwd mdecker' work ? => No getent passwd mdecker getpwnam mdecker winbindd_getpwnam: My domain -- rejecting getpwnam() for

Dear I have connected samba 3.6.8 to my Active Directory in the lsass.exe run to 100% When stopping winbind the lsass.exe CPU is down to 0% When set winbindd to debug mode, it seems it try to scan the root user every time. I would to know how to ban nsswitch to query winbindd for system internal users such has root, apache..... Here it is my nsswitch.conf : # # Example configuration of GNU