similar to: maximum ad domain controller unavialability time

I speak about working controller, not about powered off, but network segment doesn't available to other controllers, for pdc emulator, and controller is available for workstations at this network segment. 14.04.2020 13:00, L.P.H. van Belle via samba ?????: > Why would you have a server (DC) that long powered off, it for sure will give delays and less response of the network. > But you

Why would you have a server (DC) that long powered off, it for sure will give delays and less response of the network. But you could turn it off as long as you want, once it powers up it will sync the AD again. So no, the controller is not removed from you domain. You need todo that manualy. I suggest you read: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC And not, dont forget if

HI Valery A DC is never "removed" automatically from AD, but, at least from the Windows perspective, the longest period would be the tombstone lifetime. After this has passed, the DC would have objects "lingering", as the deletion of an object could have already occurred at other DCs and then the marker of the deletion itself removed, which of course means there is no way

27.06.2016 18:45, mathias dufresne: > Perhaps you don't have yet duplicate objectSid as that's not supposed to be > possible. > Rather than scripting something to look for objectSid used twice I would > start with dbcheck and other tools to verify that your database is > consistent and identical on all servers. [root at pdc ~]# samba-tool dbcheck Checking 3346 objects

Hi Valery, First thank you for this detailed information about your searches. I find them very interesting. Here I'm thinking of two workarounds. The first one would be to list deleted objects RIDs, to verify RID=2002 is really the last one used, being sure there is no deleted object with RID=2003 and so on. Then once you get the last RID used, you could change RidNextRid to match this

Hi, all! When I launch (again and again) smbcacls "//myfileserver/share" "" -U user -W domain or smbclient "//myfileserver/share" -U user -W domain -c "ls", in tcpdump output at myfileserver I see multiple calls to controller via ldap, therefore these commands are executed slowly. When I run getent groups at myfileserver, all worked fine, and tcpdump

Hi all! Today, after two years of production, I get this error: samba-tool user create test20160627 testpassword ERROR(ldb): Failed to add user 'test20160627': - ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=test20160627,CN=Users,DC=ad... - ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in CN=test20160627,CN=Users,DC=ad... Help me

Hello guys. Continuing Zhuchenko Valery question,I would like to know if someone from the list has deployed a child domain in samba 4. I have a samba 4 domain controller running on gentoo.My goal is to set up a domain and authentication domain only. But I need a root domain forest and a child domain.I am using verion 4.2.11I would like to know if someone has accomplished this either using dcpromo

hi, samba team and other, client software calls samba and samba reads /etc/samba/smb.conf where some parameter contains variable %i (client ip address), but when samba calls samba-dcerpcd, it again reads /etc/samba/smb.conf where some parameter contains variable %i and at that moment %i is not client ip address, it is equal 0.0.0.0 for example I need client ip1 and client ip2 to get

Hi, all! There is no check of NS records in this document https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record For example, with two DCs at myzone $ host -t NS myzone dc1 (or dc2, or myzone) must return two records: myzone name server dc1.myzone. myzone name server dc2.myzone. $ host -t NS _msdcs.myzone dc1 (or dc2, or myzone) must return two records: _msdcs.myzone name

Am 29.07.24 um 13:20 schrieb Zhuchenko Valery via samba: > hi, samba team and other, > > client software calls samba and samba reads /etc/samba/smb.conf where > some parameter contains variable %i (client ip address), but when samba > calls samba-dcerpcd, it again reads /etc/samba/smb.conf where some > parameter contains variable %i and at that moment %i is not client ip

Am 29.07.24 um 13:48 schrieb Zhuchenko Valery via samba: > "hosts allow" about access to browseable share, I need different shares > lists How about "access based share enum" as a Machine is also just a user you could use the "valid users" option.

"hosts allow" about access to browseable share, I need different shares lists 29.07.2024 15:33, Christian Naumer via samba: > Am 29.07.24 um 13:20 schrieb Zhuchenko Valery via samba: >> hi, samba team and other, >> >> client software calls samba and samba reads /etc/samba/smb.conf where >> some parameter contains variable %i (client ip address), but when

user may be same, but from client ip1 this user can't see shares, which can see from client ip2. need share enumeration by client ip 29.07.2024 16:20, Christian Naumer via samba ?????: > Am 29.07.24 um 13:48 schrieb Zhuchenko Valery via samba: >> "hosts allow" about access to browseable share, I need different >> shares lists > > How about "access based

Am 29.07.24 um 14:35 schrieb Zhuchenko Valery via samba: > user may be same, but from client ip1 this user can't see shares, which > can see from client ip2. > need share enumeration by client ip Have you checked if "hosts allow" in combination with "access based share enum" does what you want?

from ip1=192.168.222.96 and ip2=192.168.22.96 user zvn2 receive test in list, hosts allow = 192.168.222.96 in config for share test and global access based share enum = Yes, but I need share test in list only from ip1=192.168.222.96 when ip1=192.168.222.96 $ smbclient -L 192.168.22.135 --use-kerberos=off -U zvn2%pppppppp -W . ?? ?Sharename?????? Type????? Comment ?? ?---------??????

Hi samba-tool dbcheck ERROR(<class 'KeyError'>): uncaught exception - 'No such element' ? File "/opt/samba/lib/python3.6/site-packages/samba/netcmd/__init__.py", line 185, in _run ??? return self.run(*args, **kwargs) ? File "/opt/samba/lib/python3.6/site-packages/samba/netcmd/dbcheck.py", line 141, in run ???

On 24/07/2019 17:05, Rowland penny via samba wrote: > On 24/07/2019 16:01, Carlos via samba wrote: >> Hi >> >> samba-tool dbcheck >> ERROR(<class 'KeyError'>): uncaught exception - 'No such element' >> ? File >> "/opt/samba/lib/python3.6/site-packages/samba/netcmd/__init__.py", >> line 185, in _run >> ??? return

I need to close a site. No, no people fired, i've defined sites and DC because i hope that get (re)opened, but... There's some care i need to have to remove a DC (clearly, without FSMO roles)? I've looked on wiki to 'remove a DC' but i was not able to find something... Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra

Dear list, Does anybody know how to lower the tombstone lifetime in samba 4.5 or later? There used to be a wiki entry, but this has been deleted as it is probably not adequate anymore: https://wiki.samba.org/index.php/Restoring_deleted_AD_objects#Changing_the_defaults_for_msDS-deletedObjectLifetime_and_tombstoneLifetime I used to change the attribute tombstoneLifetime in CN=Directory