Displaying 20 results from an estimated 3000 matches similar to: "Domain 'resync', DC with FSMO roles LDAP troubles..."
2020 Jan 07
0
Domain 'resync', DC with FSMO roles LDAP troubles...
On 07/01/2020 10:44, Marco Gaiarin via samba wrote:
> Happy new year to all!
>
>
> Samba 4.9.17 on stretch, Louis package.
>
> On 22/12, at midnight, office closed, i suffered a network outgage that 'broke in
> two' my domain.
>
> On 23/12, at 14.00, network come back. After that, some scripts written
> around ldbsearch i run on DM (against vdcsv1 that is the
2019 Feb 15
6
Demoted/removed a DC, and the NS records?
Following:
https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
i've demoted and removed a DC. Seems all went as expected:
root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio
Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion
Password for [LNFFVG\gaio]:
Deactivating inbound replication
Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize
2017 Oct 20
2
Some hint reading password expiration data...
In my current ''production'' NT-like domain (samba 4.2, OpenLDAP
backend), password policies seems to ''get written'' to user data.
EG, if i set:
pdbedit -P "maximum password age" -C 7776000
and i change my password, 'Password must change' have a meningful value,
eg 90 days more then the last password change:
root at armitage:~# pdbedit -v
2017 Nov 09
2
Best practice for creating an RO LDAP User in AD...
On Thu, 9 Nov 2017 11:08:26 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > I dont beleave it.
>
> Eh. «De gustibus non disputandum est». ;-)
>
>
> > The setup for the Ad in the link below is the same but if you want
> > access without auth, Have you tried to
2017 Oct 27
2
Some hint reading password expiration data...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> It is an operational attribute. simply add
> msDS-UserPasswordExpiryTimeComputed
> to the list of attributes requested when searching for the user.
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge
# record 1
dn:
2018 Mar 21
2
log error about permissions in truncated share path...
In syslog of my DC (2:4.5.12+dfsg-2+deb9u2~bpo8+1) i found sometime rows like:
Mar 21 09:53:40 vdcsv1 smbd[22686]: [2018/03/21 09:53:40.826081, 0] ../source3/param/loadparm.c:3244(process_usershare_file)
Mar 21 09:53:40 vdcsv1 smbd[22686]: process_usershare_file: stat of /var/lib/samba/usershares/sysvo failed. Permesso negato
Mar 21 09:53:40 vdcsv1 smbd[22686]: [2018/03/21 09:53:40.831949,
2019 Dec 06
2
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba
In chel di` si favelave...
> You cannot create an ldap filter using the above, you would have to filter
> the result of the ldap search.
I can confirm:
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account-Control-Computed
# record 1
dn:
2018 Nov 22
2
NTP strangeness...
In our network we found some client with clock differences.
Some machine have effectively some troubles, eg have NO 'Windows Time'
service defined, probably some glitches happened when moving from our
old NT-like domain.
Anyway, catching for that, we have found some other strangeness.
Windows time service run:
C:\Users\gaio>sc query w32time
NOME_SERVIZIO: w32time
TIPO
2018 Nov 26
3
Different LDAP query in different DC...
I need to do a simple query, against some LDAP data in 'laster draft
schema' format i've added to te samba/AD schema.
All LDAP query return the same result on all (6) of the DC:
root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember
Enter LDAP Password:
2018 Mar 21
2
log error about permissions in truncated share path...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> I think you need to post your smb.conf, I (at least) am struggling to
> understand why you have moved 'sysvol' from /var/lib/samba/
> to /var/lib/samba/usershare/, it isn't a usershare!
I've not done that!
root at vdcsv1:/home# samba-tool testparm
Press enter to see a dump of your service definitions
#
2017 Nov 29
2
LDAP query and result: better field for username?
Currently for my user:
root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$"
cn: gaio
name: gaio
sAMAccountName: gaio
uid: gaio
msSFU30Name: gaio
what field is betetr to use for querying for user 'gaio'?
'uid' no (because RFC2307 data can be missing), so?
'sAMAccountName'? or
2019 Dec 08
3
Account locked and delayed user data propagation...
On Fri, 2019-12-06 at 12:22 +0000, Rowland penny via samba wrote:
> On 06/12/2019 11:47, Marco Gaiarin via samba wrote:
> > Mandi! Rowland penny via samba
> > In chel di` si favelave...
> >
> > > You cannot create an ldap filter using the above, you would have
> > > to filter
> > > the result of the ldap search.
> >
> > I can
2017 Dec 14
5
[Curiosity] 'netbios aliases' works in AD mode?
Ahem no one reply me.
A little fast-rewind: i need to have some 'aliases' to my servers (DM);
seems i need to add in smb.conf:
netbios aliases = FILESV
but also add a 'SPN'; trying to look around for an examples, lead me to
''nothing'', or to examples that seems to me unrelated.
Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host
is
2020 Oct 29
1
authenticate to samba using email address
Mandi! Rowland penny via samba
In chel di` si favelave...
> You are authenticating to AD, so you need to use information that AD
> understands, its dns domain (not an email domain) and the users name, or the
> Netbios domain\username.
But UPN is written 'domainful', eg 'username at ad.domain.name':
root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
2018 May 30
2
PAM only and Kerberos...
Mandi! Robert Marcano via samba
In chel di` si favelave...
> Yes, check the documentation of krb5.conf.
Ahem, 'apt-get install krb5-doc' misses. ;-)
> In summary you will need to
> disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set
> you admin and kdc hostnames there, something like:
How can i determine kdc and master_kdc values? All DC server are
2017 Sep 26
3
Domain member server: user access
Hai Rowland,
Im pretty sure this is a bug in the DC part.
I'll show.
On the DC.
dc1:~# getent passwd winadmin
NTDOM\winadmin:*:10000:100::/home/users/winadmin:/bin/bash
wbinfo --group-info="Domain Users"
NTDOM\domain users:x:100:
id winadmin
uid=10000(NTDOM\winadmin) gid=100(users) groups=100(users),3000004(BAZRTD\group policy creator owners),3000008(NTDOM\domain admins)
2017 Sep 26
1
Domain member server: user access
On Tue, 26 Sep 2017 12:49:26 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > Im pretty sure this is a bug in the DC part.
>
> Ahem, sorry, but i'm lost in following this therad. I've hust setup my
> test domain, using samba 2:4.5.8+dfsg-2+deb9u1~bpo8+1 (your package,
2017 Nov 30
4
Troubles on Roaming Profiles...
Mandi! Rowland Penny via samba
In chel di` si favelave...
> Is this on a DC ?
No, is a DM.
> If it isn't, Try setting it up exactly like it is shown on the
> wikipage, note that you only need the 'vfs objects' line if it isn't
> set in [global]
Wikipage say only:
Create a new share. For details, see Setting up a Share Using Windows ACLs.
and
2017 Oct 26
2
Some hint reading password expiration data...
On Fri, 27 Oct 2017 07:17:56 +1300
Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2017-10-26 at 09:26 +0100, Rowland Penny via samba wrote:
> > On Thu, 26 Oct 2017 13:25:00 +1300
> > Andrew Bartlett <abartlet at samba.org> wrote:
> >
> > > On Tue, 2017-10-24 at 18:13 +0100, Rowland Penny via samba wrote:
> > > >
> > > >
2017 Nov 08
4
Best practice for creating an RO LDAP User in AD...
I dont beleave it.
That 5 years old now, normaly i'll dig into it, but exim... I dropped exim about 15 years ago..
First thing i do on debian...
apt-get install --purge postfix
That installs postfix and removes exim and purges exims config.. ;-)
The setup for the Ad in the link below is the same but if you want access without auth,
Have you tried to query the GC ports. ( 3268 or 3269