similar to: Delegation of control failure for any built-in Security Principals

Displaying 20 results from an estimated 7000 matches similar to: "Delegation of control failure for any built-in Security Principals"

2023 Jan 22
1
Delegation of control failure for any built-in Security Principals
On 22/01/2023 16:27, Sorin P. via samba wrote: > Hi Rowland. > The answers to your questions: > - Yes, it works fine with any other normal user (non-built in users), including the domain administrator user.A. I'm referring to Debian architecture like that, because that's exactly what's returned by? 'uname -m' -> aarch64B. I prefer to build by myself, in order to
2020 Oct 01
5
Failed auth attempt i don't understand.
Hi all, when i try to authenticate against my AD (rdesktop authentication) i got a wrong password/logname message despite my logname and password being exact , in the log i have the following . Nothing wrong for me. the only strange thing being the : stream_terminate_connection: Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >
2018 Jan 16
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi, i have the same problem on samba 4.7.3 and 4.7.4. I start with 2 DCs and the sync works fine. After the join of a third DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 times. in my case i have: DC1 (with any FSMO Roles) DC2 new join as DC: DC3 After the join, the sync from DC2 to DC3 fails. samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK samba-tool drs replicate
2018 Jan 16
4
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi, there is no firewall, all DCs are in the same subnet. here ist the output of a test, you can see, the CNAME guid entries in the _msdcs can be resolved on any DC: (DC1 and DC2 are the first and second DCs, SAMBA3 was added at last. ldbsearch -H /srv/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-
2018 Jan 16
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Heinz, I had exactly the same problem, and used ldbedit to apply the fix. Thanks for digging into this! Now I'm interested in the root cause as well ... Uli Am 16.01.2018 um 16:48 schrieb Heinz Hölzl via samba: > no, it seems to work!!! > > > i did a ldapmodify on DC2: > > ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f > serverReference.ldif
2015 Nov 03
2
Local Administrators (group) and delegation in AD
On 03/11/15 08:10, Davor Vusir wrote: > > > No, Davor. That won't work. The delegated user account is not member > of 'AD\Domain Admins' which is member of the group > 'SERVER\Administrators'. You have to use the username map to be able > to add the first AD-group or account to 'SERVER\Administrators'. > No, Davor, you don't have to use a
2015 Nov 04
1
Local Administrators (group) and delegation in AD
On 04/11/15 15:09, mathias dufresne wrote: > As Davor wants to delegate I expect he does not want to give > Administrator password to these persons ;) And using a keytab to > avoid giving them the password is not a solution: they would be able > to perform everything they want on samba, which is certainly far from > the delegation he initially thought... Ah, what I posted was
2005 Nov 21
1
[OT] DNSguruz pl help: whois structure, delegation & handling delegation with Tinydns.
List: Sorry for posting to this list but could not find step by step instructions anywhere nor get any concerned list to respond. Newbie to DNS technicals but can work with instructions if given in ./configure for complete idiots ;-) 1. I have taken a static IP from my ISP 203.134.221.162 and the ISP has put up an entry in APNIC whois (please check the same)...to me it seems incomplete, as it
2009 Jul 31
1
DNS zone delegation
Hi, i have configured a Master DNS server, i have also created records to delegate a zone to child dns server But when named service is started it says Jul 31 14:33:30 localhost named[21581]: dns.zone:9: ignoring out-of-zone data (child.dns.com) I am using bind-9.3.4-10.P1.el5_3.3. on CEntos 5.2 Please help. Thanks in advance. how to delegate the zone, is there any other configuration
2013 Aug 15
1
Samba4 & Delegation
Hi, It has been a while that I did not come back to this topic, however I think I found a work-around for my initial problem. For information, what I was trying to do was: - Create an OU for a group of applications - Delegate control of this OU to a normal user (not helpdesk or domain admin) to be able to create groups and assign domain users to them The problem was, whenever I
2015 Aug 18
2
NFSv4 delegation
On 8/18/2015 10:46 AM, Alessio Cecchi wrote: > Hi, > > in this tipical setup (Dovecot/Director thate share Maildir via NFS) on > your NFS Server you have (about) 90% of read operations and only 10% of > write operations. > > If you see detailed stats for NFS operations you have 40-50% of GETATTR, > this means that NFS/Dovecot clients are caching data (mainly dovecot >
2015 Oct 29
2
Local Administrators (group) and delegation in AD
mathias dufresne skrev den 2015-10-29 14:31: > I'm thick :D > I don't really understand more :( > No. I'm having trouble explaining. Maybe these threads are more enlightning: https://lists.samba.org/archive/samba/2015-April/191020.html and http://www.spinics.net/lists/samba/msg123646.html. > Samba can share file, printers and when samba hosts a domain samba is also
2015 Oct 29
3
Local Administrators (group) and delegation in AD
On 2015-10-29 12:23, Rowland Penny wrote: > On 29/10/15 09:47, Davor Vusir wrote: >> On 2015-10-29 09:52, Rowland Penny wrote: >>> On 29/10/15 08:34, Davor Vusir wrote: >>>> Hi all! >>>> >>>> We have got many delegations in our AD. To add a certain >>>> administrator group to the local Administrators group you can use
2015 Oct 30
2
Local Administrators (group) and delegation in AD
On 2015-10-29 21:32, Rowland Penny wrote: > On 29/10/15 19:38, Davor Vusir wrote: >> >> >> mathias dufresne skrev den 2015-10-29 14:31: >>> I'm thick :D >>> I don't really understand more :( >>> >> >> No. I'm having trouble explaining. Maybe these threads are more >> enlightning: >>
2011 Jan 31
8
Puppet delegation / teams
I would like to delegate access to puppet to other teams in our company. It has to be possible for them to: - create new recipes - doing some sort of check if their recipes / templates work. How should I do this without giving other teams the ability to create havoc? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this
2013 Jan 14
3
Samba4 AD delegation to read userPassword attribute
Hello Samba group, I ran into a problem concerning Dovecot LDAP authentication to the Samba4 Active Directory. Background: I want to install a Openchange+Samba4 environment using Sogo, Dovecot and Postfix. I didn't want to use openldap as described in the Openchange documentation, why should I use 2 LDAP databases? Fedora 17, latest updates applied Samba: Version 4.1.0pre1-GIT-813bd03
2023 Aug 07
2
vfs ChDir failed: Permission denied
Just upgraded a file server to Samba 4.17.9-Debian and Bullseye (Debian 11). Noticed that am now getting a number of errors in the smbd log: 'chdir_current_service: vfs_Chfir (a-directory) failed. Permission Denied uid=................ The uid on all the entries seems to correspond to a computer/machine account if I look it up with 'wbinfo --uid-info'. Thoughts? Thank you
2015 Aug 18
2
NFSv4 delegation
Hi, Just out of curiosity what is in nfsv4 delegation that you think would give a benefit on your configuration? If I read back the thread you seem to have dovecot configured with director ring in front of the backends. In that case Dovecot already manages storage in a way that only one of the backends is accessing each users data at a time. So I can?t see anything but problems form enabling