Displaying 20 results from an estimated 800 matches similar to: "Upgrade to Samba 4.12 question"
2020 Oct 05
0
Upgrade to Samba 4.12 question
On 05/10/2020 09:49, Ji?? ?ern? via samba wrote:
> Hello, guys.
>
> I?d like to upgrade our Samba 4.11 AD to 4.12. In release notes,
> REMOVED FEATURES, I see this:
> ?Retiring DES encryption types in Kerberos.
> ------------------------------------------
> With this release, support for DES encryption types has been removed
> from
> Samba, and setting DES_ONLY flag for
2020 Nov 20
2
winbind use default domain = yes doesn't work on Samba 4.13?
Yes.
In the first name, I wrote DOMAIN, but our real workgroup is SVMETAL,
as you cas see in smb.conf.
[global]
netbios name = fs0001
workgroup = SVMETAL
security = ADS
realm = SAMDOM.SVMETAL.CZ
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
acl allow execute always = True
idmap config *:backend = tdb
idmap config *:range = 70001-99999
idmap config
2018 Aug 21
3
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
> So you never read this:
> https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC
> Which means that you probably never ran the aptly named
> 'samba_upgradedns'Of course I ran this. Many times. I'm not stupid, Rowland. At least I can read:D
If I've seen that Bind doesn't work, I had to change backend to internal DNS.I carefully read and made
2018 Aug 21
1
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
> It should work ;-)
> Can you post your smb.conf and /etc/named.conf files
> Rowland
Hello Rowland. Of course I can:
cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = SVMETAL
realm = samdom.svmetal.cz
netbios name = DC01
server services = -dns
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
allow dns updates =
2017 Sep 05
3
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Thank you both, Rowland and Louis.
I'll try to answer you both and give you more info about our domain.
Generally:
In the past, we have Samba 3.5 NT4 domain on SLES server (designed ages
before, never upgraded). In 2015 I finally decided to migrate to Samba 4
AD. In those day it was 4.2. samba-tool ntacl sysvolcheck was ok, no
errors. AD worked (and working) as expected.
This summer, I
2020 Nov 19
2
winbind use default domain = yes doesn't work on Samba 4.13?
Hello everybody.
I just upgraded our Fedora fileserver to version 30, which has Samba
4.13.2.
Now, I can see this errors in log:
check_ntlm_password: Authentication for user [dmu60evo] -> [dmu60evo]
FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
Auth: [SMB2,(null)] user []\[dmu60evo] at [?t, 19 lis 2020
15:50:26.373477 CET] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]
2018 Aug 21
1
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
> There doesn't seem anything wrong there, the only comment I would make,
> is '/var/lib/samba/bind-dns/named.conf' pointing to the correct version
> of named ?
Yes
cat /var/lib/samba/bind-dns/named.conf
dlz "AD DNS Zone" {
# For BIND 9.8.x
# database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
# For BIND 9.9.x
database "dlopen
2017 Sep 04
2
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Hello everyone.
I'm trying to fix sysvol rights, because i see errors in output of
/usr/bin/samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception
- ProvisioningError: DB ACL on GPO directory
/var/lib/samba/sysvol/samdom.svmetal.cz/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}
2018 Aug 22
1
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
Hello, guys.
First of all, I would like to thank you all for the time you spend with solving my problem. I appreciate that very much. Especially Rowland. You make great job every day here on lists.
Louis:
> ; TSIG error with server: tsig verify failure
>
> Mayabe update/setup your TSIG key.
>
2018 Aug 21
0
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
; TSIG error with server: tsig verify failure
Mayabe update/setup your TSIG key.
https://access.redhat.com/documentation/en-us/openshift_enterprise/2/html/puppet_deployment_guide/generating_a_bind_tsig_key
Im also wondering why RH is using : '--disable-isc-spnego'
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org]
2017 Sep 05
0
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Hai,
I leave the advice about the uid/gid numbering to Rowland, i can not give a good advice on that.
The script was made in such a way that it should not matter what uid/gids are where used.
The script looks them up for you, but it must be error free so we are sure what is set is correct.
If you look in the script, you see the four SID.
DC_SERVER_OPERATORS="S-1-5-32-549"
2018 Apr 23
1
NT_STATUS_TOO_MANY_OPENED_FILES on AD DCs
Hello guys
Yesterday afternoon kerberos stopped working on both of our domain controllers.
Unfortunately, I did not have time to examine it thoroughly, I needed to have it up asap.
I know that RDP authentication took a few minutes, but it ended up being logged.
LDAP was normally working.
There were a lot of these messages in the logs:
[2018/04/22 14:46:43.315705, 1]
2018 Aug 21
1
Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
Hello everyone.
In our company we use Samba 4 for about 3 years (classic upgraded from
Samba 3.5 + LDAP to Sernet Samba 4.2). We used CentOS 6 for domain
controllers and with Bind bundled in this distro was impossible to use
dynamic DNS updates. And because I don't like using compiled SW on
production servers, we used Samba internal DNS, which worked well
(dynamic updates).
With one non
2017 Sep 05
1
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
To Rowland:
> This was perfectly common, nobody thought this would ever be a
problem,mainly because you had to have a user or group in /etc/passwd>
or /etc/group mapped to a Samba. Now with AD, you do not need a user or
group in /etc/passwd or /etc/group, so any user or group that uses the
RID as a Unix ID is> probably too low and is denying the use of any
local Unix users
Yes, but where
2017 Sep 05
1
BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Well, we are getting somewere...;)
>It is probably 'greyed' out because no Windows tools use it or will
add it. You will probably need to use Unix tools (ldb or ldap) to
remove>them, but you can if you so wish ignore them. What you should
never do is to rely on them being there, because they may or may not be
there.Ok, I'll let it be there> You need to remove the gidNumber
2018 Jun 13
1
RPC Authentication Error
Hi,
Some time back I had written to the list about integrating Cisco ISE and
facing errors with RPC login. When we actually integrated using ISE
2.4.0357 we noticed that Kerberos authentication is working like a
charm. But MS-RPC authentication throws error.
From the samba logs, we noticed that ISE workstation is able to
negotiate the RPC ports switch to higher Dynamic RPC ports,
2020 Oct 05
3
Upgrade to Samba 4.12 question
On 05.10.20 11:26, Rowland penny via samba wrote:
> Stop me if I am wrong, but, from memory (long time since I saw a win95
> machine), win9x never used kerberos, it only used lanman auth, so
> changes to kerberos shouldn't affect you. If it worked on 4.11.x, it
> should work on 4.12.x
You can install an optional Active Directory Service Client for win9x,
but that only replaces
2020 Feb 19
2
[Announce] Samba 4.12.0rc3 Available for Download
Release Announcements
=====================
This is the third release candidate of Samba 4.12. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.12 will be the next version of the Samba suite.
UPGRADING
=========
NEW FEATURES/CHANGES
2020 Feb 19
2
[Announce] Samba 4.12.0rc3 Available for Download
Release Announcements
=====================
This is the third release candidate of Samba 4.12. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.12 will be the next version of the Samba suite.
UPGRADING
=========
NEW FEATURES/CHANGES
2018 Sep 02
3
winbindd crashing -- how to auto-heal?
El 2/9/18 a les 10:39, Rowland Penny via samba ha escrit:
> All of this is just a sticking plaster on the problem, if winbind is
> crashing on a regular basis, we need to know this and will need
> level 10 logs, debug info etc. Without this info, it will never get
> fixed.
Meanwhile, I need my server to keep running, so the plaster looks fine.
Besides, winbind isn't crashing,