similar to: Joining a DC does not set dns forwarder

On 16/07/2019 14:02, Jonathon Reinhart wrote: > Rowland, > > You could go another step further and run that with "notify" to > monitor for changes, instead of having to run it in a cron job. In my > experience, "notify" works using smbclient, but not so with > libsmbclient. Problem is, the script is written to be run on DC's that do not hold the PDC

Hello, Summary: "samba-tool domain join" doesn't seem to work if you pass both "-k yes" and -U. Samba version: 4.9.5-Debian I have a newly-provisioned AD domain with a single DC (dc1). I'm attempting to join a second DC (dc2), per the wiki. On dc2: - I have /etc/resolv.conf pointing at dc1 (confirmed all AD DNS resolution works) - I've copied the basic

On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba <samba at lists.samba.org> wrote: > > On 16/07/2019 14:02, Jonathon Reinhart wrote: > > Rowland, > > > > You could go another step further and run that with "notify" to > > monitor for changes, instead of having to run it in a cron job. In my > > experience, "notify" works using

On Sun, 7 Apr 2019 00:41:23 -0400 Jonathon Reinhart <jonathon.reinhart at gmail.com> wrote: > Thanks for the example, Rowland. Whilst it was an example, it was actual code lifted from Samba's user.py If you run 'samba-tool user list' on a DC, it is the actual code that is run. > > Does ldb work against remote servers as well? I thought it was only > for local,

Hello, I'm trying to use the "notify" API of libsmbclient, testing against a Samba AD DC. The function is returning with errno=22 (mapped from NT_STATUS_REVISION_MISMATCH), and I'm getting the following error message: smb1cli_req_writev_submit: called for dialect[SMB3_11] server[dc1.example.com] It looks like libsmbclient is, for some reason, using SMB1 but needs to be

Thanks for the example, Rowland. Does ldb work against remote servers as well? I thought it was only for local, file-based access. In general, I just wanted to use my Samba AD as an environment to learn more about writing software against using LDAP. There are a few applications I'm planning to develop, and I'd like to use actual LDAP so they could be applicable to Samba or Microsoft AD

Interesting, I'm getting the same error using the LDB tools: ONTHEFIVE\jreinhart-admin at samba-dc3:~$ samba-tool user list -H ldap://localhost ERROR(ldb): uncaught exception - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: Operation unavailable without authentication> <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run return

On Fri, 1 Mar 2019 08:21:54 -0500 Jonathon Reinhart via samba <samba at lists.samba.org> wrote: > Hello, > > I'm running a Samba DC on Debian 9 (version 4.5.12-Debian) in a lab > environment, set up like this: > https://jonathonreinhart.com/posts/blog/2019/02/11/setting-up-a-samba-4-domain-controller-on-debian-9/ There are a few 'not quite right' things there

Thanks for the answers. >Here is the tool: > > https://gitlab.com/JonathonReinhart/adam > > Also, look for my post on the mailing list: "Announcing "adam" - > Active Directory Automated Maintenance tool". > > Cheers, > Jonathon > > On Fri, Jun 21, 2019 at 9:46 AM Tom <kleyoneo at hotmail.com> wrote: > > > > It's really a

Hello, A user of my "adman" utility recently opened this issue [1]: "Add support for setting uidNumber for machine account" I was aware that computer accounts were also users in AD, but I hadn't considered assigning a uidNumber to them. It makes sense that winbind (in idmap="ad" mode) would not "see" the accounts with a uidNumber. Naturally, groups of

Listening to notifications can only complement another mechanism (and then reduce latency) as otherwise you are going to loose changes during downtimes. Joachim -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Jonathon Reinhart via samba Gesendet: Tuesday, 16 July 2019 22:22 An: Rowland penny <rpenny at samba.org> Cc: sambalist <samba

On 16/07/2019 14:16, Jonathon Reinhart wrote: > On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 16/07/2019 14:02, Jonathon Reinhart wrote: >>> Rowland, >>> >>> You could go another step further and run that with "notify" to >>> monitor for changes, instead of having to run it in a cron

On Sun, Apr 7, 2019 at 2:17 PM Rowland Penny via samba < samba at lists.samba.org> wrote: > > On Sun, 7 Apr 2019 13:45:11 -0400 > Jonathon Reinhart <jonathon.reinhart at gmail.com> wrote: > > > Interesting, I'm getting the same error using the LDB tools: > > > > ONTHEFIVE\jreinhart-admin at samba-dc3:~$ samba-tool user list -H > >

On 16/07/2019 16:40, Jonathon Reinhart wrote: > On Tue, Jul 16, 2019 at 9:32 AM Rowland penny via samba > <samba at lists.samba.org> wrote: >> On 16/07/2019 14:16, Jonathon Reinhart wrote: >>> On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via samba >>> <samba at lists.samba.org> wrote: >>>> On 16/07/2019 14:02, Jonathon Reinhart wrote:

On Tue, Jul 16, 2019 at 12:32 PM Rowland penny via samba <samba at lists.samba.org> wrote: > > On 16/07/2019 16:40, Jonathon Reinhart wrote: > > On Tue, Jul 16, 2019 at 9:32 AM Rowland penny via samba > > <samba at lists.samba.org> wrote: > >> On 16/07/2019 14:16, Jonathon Reinhart wrote: > >>> On Tue, Jul 16, 2019 at 9:11 AM Rowland penny via

On 27/12/2019 17:06, Jonathon Reinhart wrote: > On Wed, Dec 18, 2019 at 9:52 AM Rowland penny via samba > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: > > On 18/12/2019 14:34, Jonathon Reinhart wrote: > > On Wed, Dec 18, 2019 at 9:13 AM Rowland penny via samba > > <samba at lists.samba.org <mailto:samba at

Hello all, A recurring question is how to assign uidNumber and gidNumber attributes to users and groups in Active Directory [1]. While it is possible to avoid this by using e.g. the "rid" idmap backend, it is sometimes desirable for Active Directory to be the single source of truth for UID / GID numbers. This is especially true if not all of your UNIX domain members can use the same

Rowland, You could go another step further and run that with "notify" to monitor for changes, instead of having to run it in a cron job. In my experience, "notify" works using smbclient, but not so with libsmbclient. Another nice benefit of using smbclient + 'samba-tool ntacl sysvolreset' over rsync is that you don't need worry about the built-in user/group ID

On Wed, Dec 18, 2019 at 9:52 AM Rowland penny via samba < samba at lists.samba.org> wrote: > On 18/12/2019 14:34, Jonathon Reinhart wrote: > > On Wed, Dec 18, 2019 at 9:13 AM Rowland penny via samba > > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: > > > > Problem is, and as I said, Samba 4.3.x is EOL as far as Samba is >

On Wed, 10 Apr 2019 18:35:04 -0400 Jonathon Reinhart <jonathon.reinhart at gmail.com> wrote: > Sorry to hop on an existing conversation but this seemed like a good > point to jump in with this question. You really should have started a new thread ;-) > > Say I have a service account, with a random password that is set to > never expire. What component is expected to