similar to: logging of ldap queries

Am 18.09.19 um 19:16 schrieb Kris Lou via samba: > More than likely, certificate issues. > > If you use the IP in pfsense, then the Samba certificate needs to have the > IP as the CN. So you suggest to contact the dc via hostname ... googled this query command: # openssl s_client -connect adc1:636 tells me ... CONNECTED(00000003) depth=0 O = Samba Administration, OU = Samba -

Yesterday I set up the pfsense-OpenVPN-Server to auth against the samba-AD worked great already ... Now without a change I get errors and wonder why. I used the IP as "host" and TCP-STARTTLS to port 389 log.samba shows: [2019/09/18 18:38:22.123976, 1] ../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake) TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

Hello everybody. When a user or group account is deleted, the user or group account is moved to CN=Deleted Objects,DC=domain,DC=com I can find them with the command: ldbsearch -H ldap://localhost --show-deleted "cn=*DEL:*" -U administrator Password for [DOMAIN\administrator]: # record 1 dn: CN=user1\0ADEL:f53b71f8-a3e8-4997-bd84-5504235d3b31,CN=Deleted Objects,DC=domain,DC=com

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >

Dear list, I am trying to restore an deleted user object with samba 4.9.1 (sernet packages).  I am aware that the object will lose some attributes without recycle bin enabled (enabling it is still not recommended, right?) I tried to rename the object in order to make the  necessary modifications afterward (as documented in Stefan Kania's Samba 4 book). But ldbrename already fails. root

Hello everybody I would like to recover a deleted object. I created a user, then I deleted this user and search for the deleted object with: ------------- ldbsearch --url=/var/lib/samba/private/sam.ldb --show-deleted --cross-ncs CN=no-bin\* # record 1 dn: CN=no-bin\0ADEL:0b2f3fb3-5b25-455f-979c-bd02569c832a,CN=Deleted Objects,DC=example,DC=net ... ------------ so the delete object is still

Hi, i have the same problem on samba 4.7.3 and 4.7.4. I start with 2 DCs and the sync works fine. After the join of a third DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 times. in my case i have: DC1 (with any FSMO Roles) DC2 new join as DC: DC3 After the join, the sync from DC2 to DC3 fails. samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK samba-tool drs replicate

Hi, there is no firewall, all DCs are in the same subnet. here ist the output of a test, you can see, the CNAME guid entries in the _msdcs can be resolved on any DC: (DC1 and DC2 are the first and second DCs, SAMBA3 was added at last. ldbsearch -H /srv/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-

Heinz, I had exactly the same problem, and used ldbedit to apply the fix. Thanks for digging into this! Now I'm interested in the root cause as well ... Uli Am 16.01.2018 um 16:48 schrieb Heinz Hölzl via samba: > no, it seems to work!!! > > > i did a ldapmodify on DC2: > > ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f > serverReference.ldif

It had been working up to Samba 4.8 and with the recyclebin active you could restore every attributre, but since 4.9 it's not working anymore Am 02.05.23 um 23:57 schrieb Anderson Sampaio Mello via samba: > Hello everybody. > > When a user or group account is deleted, the user or group account is moved > to CN=Deleted Objects,DC=domain,DC=com > > I can find them with the

Hi Denis, Follow the output. TOP 29723 root 20 0 1617024 487668 383560 R 99,7 6,1 54:25.11 samba Service: PID ----------------------------- dnsupdate 29734 cldap_server 29727 rpc_server 29723 rpc_server 29723 rpc_server 29723 rpc_server 29723 rpc_server 29723 rpc_server 29723

Tks Rowland, its work. But same with the new installation the server goes up for 100%. We dont have the Iptables enabled. Maybe if enable the iptables the cpu is goes down. what do you think ? 2016-08-23 16:42 GMT-03:00 Rowland Penny via samba <samba at lists.samba.org>: > On Tue, 23 Aug 2016 16:06:19 -0300 > Maiquel Consalter via samba <samba at lists.samba.org> wrote: >

Hi, I quote from the smb.conf man page: ------------------------------------ log level (G) The value of the parameter (a astring) allows the debug level (logging level) to be specified in the smb.conf file. This parameter has been extended since the 2.2.x series, now it allow to specify the debug level for multiple debug classes. [...] Example: log level = 3 passdb:5 auth:10 winbind:2

Hi Andrew, On 12/02/2017 07:20 PM, Andrew Bartlett via samba wrote: > I'm sorry, but while we do log it, the news isn't good. > > DEBUG(5, ("Locked out user %s after %d wrong passwords\n", >   ldb_dn_get_linearized(user_msg->dn), badPwdCount)); > > That will show up with level 5 globally. Ok, patches are difficult now, as we've sponsored quite a

Hi, i changed the options but the problem it's the same. I removed the dns forward, schema and smb2 leases = yes, but after 5 minutes the process smbd groes up for 100%. Follow the error (log leve = 3). http://pasted.co/6f36cf12 2016-08-21 5:54 GMT-03:00 Marc Muehlfeld <mmuehlfeld at samba.org>: > Hi Maiquel, > > Am 20.08.2016 um 21:03 schrieb Maiquel Consalter via samba: >

Hello Andrew, > On Mon, 2020-02-17 at 19:11 +0300, Alex via samba wrote: >> I'm running Samba AD DC in a VM under Proxmox. And it's eaten all RAM (1.8GB) within 3 >> days of running: > Exactly which version is this? Sorry, forgot to mention it. Samba version is 4.11.6. Some more info (if needed): [root at vm-dc3 ~]# wbinfo -u | wc -l 62 [root at vm-dc3 ~]# wbinfo -g |

Hi, i have configured a Samba PDC based on idealx.org. now, whenever i set the sambaMustChangePassword flag to 0, then from the subsequent logon, there is a popup urge me for changing password. now, the problem is after i have changed the password, the sambaMustChangePassword is set to 2147483647(unix timestamp), which if i converted it into human readable format, it will be 2038 year,

I''ve been struggling with puppet variable scope all day, well, for several months actually. I think I have pretty simple requirements. For any given node, I want to be able to set a series of variables and include a set of classes, based on three different aspects of a node, being physical location, operating system, and function. If I try and do this with classes, I find that variables

Hi, I used Samba 4.0.5 in Wheezy. Here is that I have done: --------------------------------------------------------------- samba-tool domain provision --realm=CHEZMOI.PRIV --domain=CHEZMOI \ --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass='+toto123' echo "nameserver 192.168.0.21" > /etc/resolv.conf samba ln -s /usr/local/samba/lib/libnss_winbind.so