similar to: Get id mapping for builtin users and groups on AD DC

On 19.08.2023 19:50, Rowland Penny via samba wrote: > On Sat, 19 Aug 2023 19:33:18 +0200 > Peter Milesson via samba <samba at lists.samba.org> wrote: > >> >> On 19.08.2023 19:13, Rowland Penny via samba wrote: >>> On Sat, 19 Aug 2023 18:22:32 +0200 >>> Peter Milesson via samba <samba at lists.samba.org> wrote: >>> >>>> Hi

On 19.08.2023 19:13, Rowland Penny via samba wrote: > On Sat, 19 Aug 2023 18:22:32 +0200 > Peter Milesson via samba <samba at lists.samba.org> wrote: > >> Hi folks, >> >> I have got two DCs and I want to check that the builtin ids are equal >> on both DCs. I have searched extensively, but I have not found what >> tool to use to get this information.

On Sat, 19 Aug 2023 20:15:34 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > > > On 19.08.2023 19:50, Rowland Penny via samba wrote: > > On Sat, 19 Aug 2023 19:33:18 +0200 > > Peter Milesson via samba <samba at lists.samba.org> wrote: > > > >> > >> On 19.08.2023 19:13, Rowland Penny via samba wrote: > >>> On

On Sat, 19 Aug 2023 19:33:18 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > > > On 19.08.2023 19:13, Rowland Penny via samba wrote: > > On Sat, 19 Aug 2023 18:22:32 +0200 > > Peter Milesson via samba <samba at lists.samba.org> wrote: > > > >> Hi folks, > >> > >> I have got two DCs and I want to check that the

On Sat, 19 Aug 2023 18:22:32 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > Hi folks, > > I have got two DCs and I want to check that the builtin ids are equal > on both DCs. I have searched extensively, but I have not found what > tool to use to get this information. I take it by 'builtin ids' you mean the users and groups stored in idmap.ldb,

Hai, If you read the post on the debian bug list. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909465 You wil seen the workaround also, thats tested and works. And I also suggest you adjest the startup order and to adjust your systemd settings is shown here. Use : systemct edit name_of_service.service This creates and override file in /etc/systemd/system/servicename.d/override.conf

Hi, I have a question again about my test environment. I have dc1, dc2, fileserver1, and dc3. dc3 is on an another site, and is functioning as fileserver too. As I read in the documentation, I cannot (shouldn't) use idmap config parameters in the smb.conf on my dc3. Unfortunately, first I copied that parameters too from fileserver1 (I use rid backend on fileserver1). So, I removed the idmap

On Thu, 2 May 2024 12:07:13 +0200 Jakob Curdes via samba <samba at lists.samba.org> wrote: > Hello all, to return to the original topic: > > My original problem was that I could not edit GP objects with the GP > Editor, even as Domain admin. I always got "access denied". A > sysvolcheck returned no errors and the Windows "Security" tab for the >

Hello, I just realized that my second DC does not recognize the users from the AD. wbinfo -u/-g are working just fine. [root at dc1 ~]# id bruno.castro uid=10004(POL\bruno.castro) gid=100(users) grupos=100(users),10001(POL\ti),3000009(BUILTIN\users) [root at dc2 ~]# id bruno.castro id: bruno.castro: no such user [root at dc1 ~]# wbinfo -i bruno.castro POL\bruno.castro:*:10004:100:Bruno de

On 10/1/18 10:02 AM, Rowland Penny via samba wrote: > On Sun, 30 Sep 2018 23:25:48 +0200 > Peter Milesson via samba <samba at lists.samba.org> wrote: > >> Hi folks, >> >> AD server CentOS 7-1804, Samba 4.9.1 compiled from source, only used >> as AD server, with netlogon and sysvol, just like any Windows AD >> server >> >> AD member server

Thanks for your answer. It is clearer now for me. > >> It is probably a bit late to change now, but there is only one way to > >> get the same numeric ID everywhere and that is to use the 'ad' winbind > >> backend. So, on the Linux clients? > > This is why I removed the idmap config entries from the dc3 smb.conf. > > "On a Samba Active

Hello Rowland, I should also mention that Samba 4.3.0 was installed from tarball, I compiled it myself. DC2 does not have the /var/lib/samba/private/sam.ldb file. Also it did not return any result on DC1. However, using /usr/local/samba/private/sam.ldb, both DCs returned the same thing: # returned 4 records # 1 entries # 3 referrals I wonder why DC1 has the /var/lib/samba/private/sam.ldb file

Hello all, to return to the original topic: My original problem was that I could not edit GP objects with the GP Editor, even as Domain admin. I always got "access denied". A sysvolcheck returned no errors and the Windows "Security" tab for the object in question on the sysvol share looked correct. I now found out that the group id of the sysvol folder (and everything

On 10/08/2019 09:34, Stefan G. Weichinger via samba wrote: > Am 10.08.19 um 09:49 schrieb Rowland penny via samba: >> On a DC, as standard, the numeric IDs are allocated on a first come >> basis from the '3000000' range. >> >> On Unix domain members it depends on two things, which winbind backend >> you use, linked with the Domain range set in AD, the

Hi Rowland - thank you for replying. I have now demoted and removed the temporary DC with the intention of repeating the exercise from scratch later this week. It was a Ubuntu Server 18.04.1 and the smb.conf was very vanilla: [global] workgroup = ACASTA realm = ACASTA.INTRA netbios name = UBUNTU server role = active directory domain controller dns forwarder - 192.168.200.3 idmap_ldb:use rfc2307 =

On 4/18/24 10:22 AM, Rowland Penny via samba wrote: > I used sudo because when I first ran it without sudo, I got this: > > adminuser at tmpdc1:~ $ samba-tool gpo manage scripts startup add {31B2F340-016D-11D2-945F-00C04FB984F9} test_script.sh > ERROR: Error connecting to 'rpidc2.samdom.example.com' using SMB Well that's odd. That shouldn't be necessary. > I then ran

Yup, compiled it myself and did not change the path. The query to the ldb returned the same thing on both DC1 and DC2. DNS and /etc/hosts are also fine, DC1 dns points to DC2 and DC2 to DC1. Everything seems to be completely fine... I was looking into this issue because I was doing the sysvol replication and noticed that the sysvol path had a '300000' as the group owner on DC2, where on

Greetings, All! I've added a new DC to the working AD, transferred FSMO roles (checked, all 7 are ok') and (supposedly) correctly demoted the old DC. SchemaMasterRole owner: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= InfrastructureMasterRole owner: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=S RidAllocationMasterRole owner: CN=NTDS

Op 17-01-2023 om 13:49 schreef Peter Milesson via samba: > Hi folks, > > Is a default route and gateway mandatory on a Samba member server? > > The AD DCs, the workstations and the Samba member server are on the > same network segment. As the member server only serves files to the > local network, I assume that neither gateway, nor default route are > necessary. For

On 17.01.2023 14:54, Kees van Vloten via samba wrote: > > Op 17-01-2023 om 13:49 schreef Peter Milesson via samba: >> Hi folks, >> >> Is a default route and gateway mandatory on a Samba member server? >> >> The AD DCs, the workstations and the Samba member server are on the >> same network segment. As the member server only serves files to the >>