similar to: demoted AD remains in samba-tool drs showrepl

Hi, sorry to bother you: I have three AD in the domain. They all deliver different IDs: root at addc2:~# id testuser uid=3000155(EXAMPLE\testuser) gid=100(users) Gruppen=100(users),3000155(EXAMPLE\testuser),3000036(EXAMPLE\TEAM1),3000014(EXAMPLE\gesch?ftsstelle),3000001(BUILTIN\users) root at addc3:~$ id testuser uid=3000133(EXAMPLE\testuser) gid=100(users)

Hi Tim, What we did: setting "log level = 10" in smb.conf then exdcute the following command: ------ samba-tool domain backup online --server=addc3 --targetdir=/root -k yes >backup.txt 2>&1 ------ Then we grep for the message with "call_nt_transact_query_security_desc" ------ grep call_nt_transact_query_security_desc backup.txt ------ And got nothing :-( still the

Hi, I have an old Fileserver which is working correct: This is the smb.conf: [global] security = ads realm = EXAMPLE.COM workgroup = example winbind refresh tickets = Yes winbind use default domain = yes template shell = /bin/bash idmap config * : range = 1000000 - 1999999 idmap config ZFD : backend = rid idmap config ZFD : range = 0 - 200000 hide dotfiles = yes server string =

Hai, Great to hear i could help one with a gluster problem :-) And ofcourse your allowed to keep us up2date. So yes, plese, by doing that and sharing the configs it might help other people. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Benedikt Kale? via samba > Verzonden: woensdag 28 augustus 2019 17:37

Hi Rowland, Thank you for replying. Please find the output here below. Just a possible tip: _kerberos._tcp.example.com??? service = 0 100 88 addc-new.example.com. output is present on the new machine but if we issue a host -t SRV _kerberos._tcp.example.com on addc2 it does not appear in the list. Kind regards. Collected config? --- 2019-12-18-20:30 ----------- Hostname: addc-new DNS Domain:

Hello, We added a new samba DC with 4.10.11-SerNet-Debian-10.buster? to our existing 5 ones and can?t obtain replication. Comparing configuration with other functioning DCs did not show any relevant difference. The only difference during the configuration procedure was that DNS PTR and A records were added after joining the domain and not before. The sernet-samba-ad service is running but

Hi, thanks for your hints! Am 10.01.19 um 03:46 schrieb Tim Beale via samba: > - As a sanity-check, you could run 'samba-tool ntacl sysvolcheck' > locally on your DC. It may tell you if there's an ACL problem. samba-tool ntacl sysvolcheck doesn't show any problems. > - Instead of an online backup, try running 'samba-tool domain backup > offline' locally on

Hi again, regarding my post "plenty of vacuuuming process" a "gluster volume heal" seems to improve the situation. But I still have a strange problem: Sometimes a user don't have permissions to? a restricted folder when h connects to a share or logs in at a windows client. In some times all permissions are granted. If the user creates a file, the user and group is

Hi, I have a ctdb cluster with 3 nodes and 3 glusterfs (version 6) nodes up and running. I observe plenty of these situations: A connected Windows-10 client doesn't react anymore. I use forder redirections.? - Smbstatus shows up some (auth in progress) processes. - In the logs of a ctdb node I get: Aug 23 10:12:29 ctdb-1 ctdbd[2167]: Ending traverse on DB locking.tdb (id 568831), records

Hi Denis, thanks a lot! > you said that the zone is empty. It is not a problem per se but for some > time Bind-DLZ has been a bit more strict and ask for a NS record for > every zone. So you just have to create a NS field in your zone pointing > to one of your DC and you should be fine. Internal DNS does not have > this requirements. > > samba-tool dns mydc

Hi, yes, I did. I get the same results with "getent passwd testuser" on each node. /etc/ctdb/nodes and /etc/ctdb/public_addresses is exactly the same on each node On each node sernet-samba/stretch,now 99:4.9.12-15 amd64 is installed Yes, I read the documentation. It is strange, that another cluster in another office configured that way is working perfect ;( The load is not as high

Hi, I have to add a second DC to a Zone. I use the sernet packages Version 4.11 on a debian 10 host. The bind refuses to start: root at addc-zone02:~# systemctl status bind9 ? bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2020-04-30 14:51:58 EEST; 5s ago Docs:

On 18/12/2019 14:07, Ilias Chasapakis forumZFD via samba wrote: > Hi Rowland, > > Thank you for replying. Please find the output here below. Just a > possible tip: > > _kerberos._tcp.example.com??? service = 0 100 88 addc-new.example.com. > > output is present on the new machine but if we issue a host -t SRV > _kerberos._tcp.example.com on addc2 it does not appear in the

Hello, We are setting up 2 AD machines: New machine with subnet 192.168.1.21: Version 4.10.11-SerNet-Debian-10.buster Bind version 9.11.5 Existing machine 1 with subnet 192.168.2.21 Version 4.10.11-SerNet-Debian-10.stretch Bind version 9.10.3 Existing machine 2 with subnet 192.168.3.21? Version 4.10.11-SerNet-Debian-10.stretch Bind version 9.10.3 All with BIND_DLZ backend, same

Dear Jeremy, thanks for your reply. I assume I load the the debug symbols by passing something in the [global] section? I now changed back to a fuse_mount to get my colleagues back to work again. Tomorrow at 17 CEST I can add a test share with vfs_glusterfs to test it. Best Bene Am 09.11.20 um 17:55 schrieb Jeremy Allison: > On Mon, Nov 09, 2020 at 04:01:47PM +0100, Benedikt Kale? via

Hi, Oh sorry, of course: The running os is debian 9.9 and I'm running the sernet-samba-ctdb in version 4.9.11-15 This is my configuration: [global] ??? winbind refresh tickets = Yes ??? winbind use default domain = yes ??? template shell = /bin/bash ??? idmap config * : range = 1000000 - 1999999 ??? idmap config ZFD : backend = rid ??? idmap config ZFD : range = 0 - 200000 ??? hide dot

Hi, I don't have the user root. No changes :( Sometimes a user gets permissions, sometimes not. This net conf is now running: [global] ??? winbind refresh tickets = Yes ??? winbind use default domain = yes ??? template shell = /bin/bash ??? idmap config * : range = 1000000 - 1999999 ??? idmap config EXAMPLE : backend = rid ??? idmap config EXAMPLE : range = 500 - 200000 ??? hide dot files

Dear List, I updated to samba 4.12.10-SerNet-Debian-9.buster from 4.12.9 and did a gluster volume set volume performance.write-behind off Now I get this in /var/log/syslog and randomly people don't get access to a shae. Nov? 9 15:56:14 ctdb-host smbd[16832]: [2020/11/09 15:56:14.078120,? 0] ../../source3/lib/popt_common.c:68(popt_s3_talloc_log_fn) Nov? 9 15:56:14 ctdb-host smbd[16832]:??

Thanks for the tip. I have still "zone has no NS records" This is the output (anonymized) of the script -- sorry, I will post it directly next time ;) Collected config? --- 2020-04-30-15:25 ----------- Hostname: addc-jor02 DNS Domain: example.com FQDN: addc-jor02.example.com ipaddress: 192.168.40.24 ----------- Kerberos SRV _kerberos._tcp.example.com record verified ok, sample

Hi, this configuration doesn't make any differenc in daily life. So perhaps an ID-Mapping problem? an ldbsearch --url=/var/lib/samba/private/sam.ldb shows dn: CN=Team IT and facilities,OU=HO,OU=example,DC=com,DC=de objectClass: top objectClass: group cn: Team instanceType: 4 whenCreated: 20180731103742.0Z uSNCreated: 3631 name: Team objectGUID: 7a27f859-97dc-4cf8-b4b1-c7b7cfe0f585