Displaying 20 results from an estimated 7000 matches similar to: "Windows file ownership changed from SID to Unix User"
2020 Nov 22
2
Windows file ownership changed from SID to Unix User
>
> No, you only thought it worked using sssd on 4.8.x & 4.9.x, but it
> didn't work correctly.
>
Maybe, but it "worked". Can we speculate what change in 4.10.x prompted
Samba to export "Unix user\username" type of ownership to Windows clients
instead of SID? Is there any option to revert to previous "wrong" behavior
as a temporary workaround?
2020 Nov 22
0
Windows file ownership changed from SID to Unix User
On 22/11/2020 12:50, Gregory Giguashvili via samba wrote:
> After upgrading Samba server from 4.9 to 4.10 version running on RHEL 7.7
> OS, something changed in how Windows clients see the file ownership on the
> exported shares. Instead of SID owners, it now shows "Unix User\username"
> and "Unix group\groupname" users. This works fine in all the cases except
>
2020 Nov 22
1
Windows file ownership changed from SID to Unix User
>
> There is no one supporting the use of sssd with Samba, not even Red Hat.
>
> Now that I know what to look for (thank you, Roland!), I found
https://access.redhat.com/solutions/3802321 page explaining how to properly
bridge between SSSD and winbind.
In essence, the following configuration is in place (copy-pasting main
parts of the document for the benefit of those who has no RHEL
2018 Jul 24
2
Unable to map SID of domain admin although mapped in username map
Hello,
Lots of messages in smbd log file on a Samba file server, which is member of a Samba AD :
[2018/07/24 10:30:00.822403, 0] ../source3/smbd/posix_acls.c:2080(create_canon_ace_lists)
2016 Aug 09
3
Man page for idmap_rid
On Mon, Aug 8, 2016 at 5:06 PM, Michael Adam <obnox at samba.org> wrote:
> On 2016-08-08 at 16:31 -0300, francis picabia wrote:
> > I'm reading the man page for idmap_rid over and over and I can't
> understand
> > it. I think it needs a rewrite so a normal user can understand. Using a
> > practical example.
>
> I admit it is a little terse.
> But
2020 Nov 22
0
Windows file ownership changed from SID to Unix User
On 22/11/2020 13:51, Gregory Giguashvili wrote:
>
> No, you only thought it worked using sssd on 4.8.x & 4.9.x, but it
> didn't work correctly.
>
> Maybe, but it "worked". Can we speculate what change in 4.10.x
> prompted Samba to export "Unix user\username" type of ownership to
> Windows clients instead of SID? Is there any option to
2016 Aug 08
2
why does add_local_groups come up in only one system's logs?
I have a couple of Debian 8.5 systems set up in similar manner. Samba is
version 4.2.10-Debian
Here is the essential config...
# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
2016 Aug 08
2
why does add_local_groups come up in only one system's logs?
On Mon, Aug 8, 2016 at 10:54 AM, Rowland Penny <rpenny at samba.org> wrote:
> On Mon, 8 Aug 2016 10:24:03 -0300
> francis picabia <fpicabia at gmail.com> wrote:
>
> > I have a couple of Debian 8.5 systems set up in similar manner.
> > Samba is version 4.2.10-Debian
> >
> > Here is the essential config...
> >
> > # testparm
2014 Oct 20
1
winbind/idmap issue on samba4 member server
> You are very nearly correct, your smb.conf on the member server has
> these lines:
>
> idmap config MYDOM:backend = ad
> idmap config MYDOM:schema_mode = rfc2307
> idmap config MYDOM:range = 500-40000
>
> The first line makes winbind use the ad backend, the second ensures that
> the rfc2307 attributes are used and the third line sets the range of
> users to
2020 Feb 10
3
New DNS-Records not aviable
hi again.
after some tests, (on my operational domain and on a new testdomain) i
detected this behavior:
on samba 4.11.6 sometimes the new DNS-records finisches on a wrong dns
zone.
the problem occurs, if more then 5 records are created with the same
name in more then one domain zone
for example:
testa1.jupiter.mydom.org
testa2.jupiter.mydom.org
testa3.jupiter.mydom.org
2020 Feb 10
4
New DNS-Records not aviable
Hai Christian,
> Can someone reproduce this?
No, tried, but sorry, works fine for me on my 4.11.6 server.
And what is you try it like this.
samba-tool dns add dc1.zone1.domain.de 0.168.192.in-addr.arpa 157 PTR zone1.domain.de -U Administrator
samba-tool dns add dc1.zone1.domain.de 1.168.192.in-addr.arpa 157 PTR zone2.domain.de -U Administrator
I tested on my production where i have 6
2018 Aug 07
2
Failed to modify SPNs
On Tue, 7 Aug 2018 14:59:56 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Tue, 7 Aug 2018 14:55:24 +0200
> Henry Jensen via samba <samba at lists.samba.org> wrote:
>
> > On Tue, 7 Aug 2018 12:51:33 +0100
> > Rowland Penny via samba <samba at lists.samba.org> wrote:
> >
> > > > > > Failed to modify SPNs on
2014 Oct 20
1
winbind/idmap issue on samba4 member server
Hello list,
I'm stuck since 2 days and I have no clue how to troubleshoot and solve that problem. Any help really really appreciated.
Scenario:
=========
I am using Samba 4.1.12/sernet on DC1 (172.19.100.1) and DC2 (172.19.100.2) with default [netlogon] and [sysvol] share only.
I installed an additional samba4 server with fileserving role which is called MEMBERSRV1 (172.19.100.3), which is
2018 Aug 07
2
Failed to modify SPNs
On Tue, 7 Aug 2018 12:51:33 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> > > > Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl:
> > > > spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000]
> > > > account[db1$] hostname[(null)] nbname[mydom] ntds[(null)]
> > > > forest[mydom.lan] domain[mydom.lan]
2017 Aug 21
2
Setup of Samba with Solaris 11.3 to provide Unix File Shares to Windows Users
Dear Rowland,
our windows admin assured me that they have set uidNumber and gidNumber in
the range. I have requested screenshots for confirmation.
Now we are one step further: "getent passwd | grep mdecker" now lists the
AD account.
mdecker:*:13667:7142:Decker, Martin:/home/MYDOM/mdecker:/bin/false
With "getent passwd mdecker" however, it shows
2016 Dec 06
2
Join QNAP to a Samba AD
Hello,
No it's a AD classicupgraded from a Samba 3 PDC
Here's a user example from my DC
uid=1116(MYDOM\begr00) gid=513(MYDOM\domain users) groupes=513(MYDOM\domain us
ers),1151(MYDOM\evaluation),1214(MYDOM\procedures),12021(MYDOM\s13cadre),12041
(MYDOM\s13-grh),1264(MYDOM\zsbw),1001(MYDOM\s13),3000005(BUILTIN\users)
my first user start at uid 1001 (1000 was the
2018 Aug 07
1
Failed to modify SPNs
On Tue, 7 Aug 2018 16:26:36 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Tue, 7 Aug 2018 17:13:02 +0200
> Henry Jensen via samba <samba at lists.samba.org> wrote:
>
> > On Tue, 7 Aug 2018 14:59:56 +0100
> > Rowland Penny via samba <samba at lists.samba.org> wrote:
> >
> > > On Tue, 7 Aug 2018 14:55:24 +0200
>
2016 Dec 14
1
netbios alias and AD trouble
Hello there
I've got two samba servers srv1 and srv2
smb.conf for srv1:
netbios aliases srv1-alias
smb.conf for srv2:
netbios aliases srv2-alias
DNS is configured all right and resolves the names. Each name has got
its own IP address.
Both servers are AD members, run as expected and can be connected to via
their netbios and netbios alias names.
If, for example, srv1 fails I want to add
2018 Aug 07
2
Failed to modify SPNs
Hello,
I've got some log entries like these on our DCs:
Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] account[db1$]
hostname[(null)] nbname[mydom] ntds[(null)] forest[mydom.lan] domain[mydom.lan]
At first I thought it was about missing SPN entries, but adding these did not resolve the problem:
# samba-tool
2018 Aug 07
2
Failed to modify SPNs
Hi Rowland,
On Tue, 7 Aug 2018 09:46:24 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> > Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl:
> > spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000]
> > account[db1$] hostname[(null)] nbname[mydom] ntds[(null)]
> > forest[mydom.lan] domain[mydom.lan]
> >
> > At