similar to: Get id mapping for builtin users and groups on AD DC

On 19.08.2023 19:50, Rowland Penny via samba wrote: > On Sat, 19 Aug 2023 19:33:18 +0200 > Peter Milesson via samba <samba at lists.samba.org> wrote: > >> >> On 19.08.2023 19:13, Rowland Penny via samba wrote: >>> On Sat, 19 Aug 2023 18:22:32 +0200 >>> Peter Milesson via samba <samba at lists.samba.org> wrote: >>> >>>> Hi

On Sat, 19 Aug 2023 20:15:34 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > > > On 19.08.2023 19:50, Rowland Penny via samba wrote: > > On Sat, 19 Aug 2023 19:33:18 +0200 > > Peter Milesson via samba <samba at lists.samba.org> wrote: > > > >> > >> On 19.08.2023 19:13, Rowland Penny via samba wrote: > >>> On

On 19.08.2023 19:13, Rowland Penny via samba wrote: > On Sat, 19 Aug 2023 18:22:32 +0200 > Peter Milesson via samba <samba at lists.samba.org> wrote: > >> Hi folks, >> >> I have got two DCs and I want to check that the builtin ids are equal >> on both DCs. I have searched extensively, but I have not found what >> tool to use to get this information.

On Sat, 19 Aug 2023 19:33:18 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > > > On 19.08.2023 19:13, Rowland Penny via samba wrote: > > On Sat, 19 Aug 2023 18:22:32 +0200 > > Peter Milesson via samba <samba at lists.samba.org> wrote: > > > >> Hi folks, > >> > >> I have got two DCs and I want to check that the

On Sat, 19 Aug 2023 18:22:32 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > Hi folks, > > I have got two DCs and I want to check that the builtin ids are equal > on both DCs. I have searched extensively, but I have not found what > tool to use to get this information. I take it by 'builtin ids' you mean the users and groups stored in idmap.ldb,

On Thu, 2 May 2024 12:07:13 +0200 Jakob Curdes via samba <samba at lists.samba.org> wrote: > Hello all, to return to the original topic: > > My original problem was that I could not edit GP objects with the GP > Editor, even as Domain admin. I always got "access denied". A > sysvolcheck returned no errors and the Windows "Security" tab for the >

On 4/18/24 10:22 AM, Rowland Penny via samba wrote: > I used sudo because when I first ran it without sudo, I got this: > > adminuser at tmpdc1:~ $ samba-tool gpo manage scripts startup add {31B2F340-016D-11D2-945F-00C04FB984F9} test_script.sh > ERROR: Error connecting to 'rpidc2.samdom.example.com' using SMB Well that's odd. That shouldn't be necessary. > I then ran

Hello all, to return to the original topic: My original problem was that I could not edit GP objects with the GP Editor, even as Domain admin. I always got "access denied". A sysvolcheck returned no errors and the Windows "Security" tab for the object in question on the sysvol share looked correct. I now found out that the group id of the sysvol folder (and everything

Hi Rowland - thank you for replying. I have now demoted and removed the temporary DC with the intention of repeating the exercise from scratch later this week. It was a Ubuntu Server 18.04.1 and the smb.conf was very vanilla: [global] workgroup = ACASTA realm = ACASTA.INTRA netbios name = UBUNTU server role = active directory domain controller dns forwarder - 192.168.200.3 idmap_ldb:use rfc2307 =

Greetings, All! I've added a new DC to the working AD, transferred FSMO roles (checked, all 7 are ok') and (supposedly) correctly demoted the old DC. SchemaMasterRole owner: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN= InfrastructureMasterRole owner: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=S RidAllocationMasterRole owner: CN=NTDS

Hi, I have a question again about my test environment. I have dc1, dc2, fileserver1, and dc3. dc3 is on an another site, and is functioning as fileserver too. As I read in the documentation, I cannot (shouldn't) use idmap config parameters in the smb.conf on my dc3. Unfortunately, first I copied that parameters too from fileserver1 (I use rid backend on fileserver1). So, I removed the idmap

On 4/18/24 8:07 AM, Rowland Penny via samba wrote: > OK, After reading the commands help, I created a simple script and ran > the command like this: > > adminuser at tmpdc1:~ $ sudo samba-tool gpo manage scripts startup add {31B2F340-016D-11D2-945F-00C04FB984F9} test_script.sh -Uadministrator There is no reason to run this command as root. It operates via SMB, not on local files. >

Thanks for your answer. It is clearer now for me. > >> It is probably a bit late to change now, but there is only one way to > >> get the same numeric ID everywhere and that is to use the 'ad' winbind > >> backend. So, on the Linux clients? > > This is why I removed the idmap config entries from the dc3 smb.conf. > > "On a Samba Active

On Thu, 18 Apr 2024 10:05:39 -0600 David Mulder via samba <samba at lists.samba.org> wrote: > > On 4/18/24 8:07 AM, Rowland Penny via samba wrote: > > OK, After reading the commands help, I created a simple script and > > ran the command like this: > > > > adminuser at tmpdc1:~ $ sudo samba-tool gpo manage scripts startup add > >

On 14/04/2023 14:05, Luis Peromarta via samba wrote: > In my particular case, I was missing a record. It?s been recreated and all looks and feels fine. > > LP > On 14 Apr 2023 at 14:47 +0200, samba at lists.samba.org, wrote: >> >> Just remove the wrong records with samba-tool. You posted this: host -t SRV _ldap._tcp.pdc._msdcs.mad.mater.int

On 10/08/2019 09:34, Stefan G. Weichinger via samba wrote: > Am 10.08.19 um 09:49 schrieb Rowland penny via samba: >> On a DC, as standard, the numeric IDs are allocated on a first come >> basis from the '3000000' range. >> >> On Unix domain members it depends on two things, which winbind backend >> you use, linked with the Domain range set in AD, the

Hello, I just realized that my second DC does not recognize the users from the AD. wbinfo -u/-g are working just fine. [root at dc1 ~]# id bruno.castro uid=10004(POL\bruno.castro) gid=100(users) grupos=100(users),10001(POL\ti),3000009(BUILTIN\users) [root at dc2 ~]# id bruno.castro id: bruno.castro: no such user [root at dc1 ~]# wbinfo -i bruno.castro POL\bruno.castro:*:10004:100:Bruno de

Am 12.08.19 um 17:07 schrieb L.P.H. van Belle via samba: > Hai Stefan, > > Why make DC2 a member?? > Leave it as is, setup a new member, much better, and i'll bet less work/stress. In fact it's even DC1 but anyway: because of the hardware. Specific RAID arrays etc needed for backups and snapshots.

Op 17-01-2023 om 13:49 schreef Peter Milesson via samba: > Hi folks, > > Is a default route and gateway mandatory on a Samba member server? > > The AD DCs, the workstations and the Samba member server are on the > same network segment. As the member server only serves files to the > local network, I assume that neither gateway, nor default route are > necessary. For

Am 13.08.19 um 17:52 schrieb Stefan G. Weichinger via samba: > Am 13.08.19 um 08:20 schrieb Stefan G. Weichinger via samba: >> Am 12.08.19 um 17:07 schrieb L.P.H. van Belle via samba: >>> Hai Stefan, >>> >>> Why make DC2 a member?? >>> Leave it as is, setup a new member, much better, and i'll bet less work/stress. >> >> In fact