similar to: Question about syncing idmap.ldb between Domain Controllers

Cheers Rowland, There is a GPO in place to do that. But it?s not working. I have my notes here: http://samba.bigbird.es/doku.php?id=samba:update-dns Also, I can?t create / update PTR records using DNS tool??from RSAT then creating / updating the A record, despite selecting the option. Thanks, On Jan 17, 2024 at 10:25 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote: >

Try: http://samba.bigbird.es/doku.php?id=samba:sync-sysvol I would recommend one way sync always from PDC FSMO owner, as this is the machine the GPOs get created in by default. And of course : http://samba.bigbird.es/doku.php?id=samba:sync-idmap.ldb Regards. LP On 5 Dec 2023 at 13:47 +0100, Jakob Curdes via samba <samba at lists.samba.org>, wrote: > Hello, > > I am wondering

Also, did you grant users rights to manage services in Member Servers ? http://samba.bigbird.es/doku.php?id=samba:server-privileges LP On Nov 27, 2023 at 19:02 +0100, Luis Peromarta via samba <samba at lists.samba.org>, wrote: > Looks like your root mapping isn?t working. > > Did you add "min domain uid = 0? to smb.conf ? > > See 'Mapping the AD Administrator user

These are my notes. I?d rather use xattr and configure shares from windows. http://samba.bigbird.es/doku.php?id=samba:configuring-shares Also, have you assigned privileges ? http://samba.bigbird.es/doku.php?id=samba:server-privileges Using autorid as the idmap backend has some limitations. I recommend using rid. Regards. On 27 Oct 2023 at 20:08 +0100, Greg Dickie via samba <samba at

The user rights I've granted, but this "min domain uid = 0? parameter seems to be important and is not documented in the Samba wiki. After adding it I can access the files and administrate the fileserver as wanted. Sinni On 27.11.2023 19:05:29, Luis Peromarta via samba wrote: > Also, did you grant users rights to manage services in Member Servers ? > >

I was able to switch to Chony and verify that it is working. Clients are now getting time from the DC. Luis has good notes! On 10/25/23 12:06, Luis Peromarta via samba wrote: > Hi there, > > In my experience NTP has been trouble lately with the NTPsec implementation. > > A few months back I decided to remove NTPsec and go with Chrony. > > These are my notes: > >

You think ntp works with samba but it doesn?t. You *must* use chrony. It will take you exactly 5 minutes to get it up and running. On 5 Jan 2024 at 20:21 +0000, Mark Foley <mfoley at novatec-inc.com>, wrote: > > > > How do you know you're syncing with the DC? What does your 'w32tm /query /source' > give you? It?s all here :

Hi there, In my experience NTP has been trouble lately with the NTPsec implementation. A few months back I decided to remove NTPsec and go with Chrony. These are my notes: http://samba.bigbird.es/doku.php?id=samba:install-chrony Hope it helps. On Oct 25, 2023 at 19:04 +0200, Ham <ham at kc0dxf.net>, wrote: > > Any ideas on what the problem is?

Try this simplified tutorial. http://samba.bigbird.es/doku.php?id=samba:start LP On 5 Jan 2024 at 07:48 +0000, lists--- via samba <samba at lists.samba.org>, wrote: > Good morning Rowland, > > is it ok for you to send you the complete, not sanitized installation > description? > ... I'm lost in getting the samba-ad-dc running ... > > Cheers, > Torsten > >

I use this for the firewall. The ports are in the article. http://samba.bigbird.es/doku.php?id=samba:hardening-samba On 5 Jan 2024 at 11:52 +0000, lists--- via samba <samba at lists.samba.org>, wrote: > Am 05.01.2024 um 12:02 schrieb Rowland Penny via samba: > > On Fri, 5 Jan 2024 08:30:15 +0100 > > lists--- via samba <samba at lists.samba.org> wrote: > > >

Looks like your root mapping isn?t working. Did you add "min domain uid = 0? to smb.conf ? See 'Mapping the AD Administrator user to ?root?' : http://samba.bigbird.es/doku.php?id=samba:file-server On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote: > Hello, > > recently I've "updated" an AD member file server to an

I don?t think you need winbind on a DC as user mapping is done by its own databases. I think you have mixed up member server configs into DC configs. A smb.conf like this should be enough: [global] dns forwarder = 1.1.1.1 netbios name = AAA realm = XXXT server role = active directory domain controller workgroup = MAD idmap_ldb:use rfc2307??= yes #Allow this for free radius to work ntlm

It?s always recommend to demote the DC, upgrade samba, and join the DC again. Did you do it this way ? You may have a broken DC, or a broken installation. Instead of troubleshooting, which you can of course do, I?d demote (or force-demote), reinstall and re join. http://samba.bigbird.es/doku.php?id=samba:upgrade-sama LP On 5 Dec 2023 at 15:45 +0100, Joachim Lindenberg via samba <samba at

I can confirm that on slackware too if I use rid as the backend for the ad domain winbind works offline and the system doesn't slow to a crawl for every process I try to start. Maybe if ad backend used to work, as stated previously in the thread, it could be fixed since the rid backend has some drawbacks and ad backend has some reasons to be the preferred option but at least for now it is

Hi there. Quick one: When syncing idmap.ldb say from DC1 -> DC2, do you need to stop samba-ad-dc service before replacing idmap.ldb in DC2 ? Or else, can this be done with the service running ? Does it need a service restart after the file is in place??? Thanks,??LP

Hi! Thank you botho for your answers! I ran into some problems with the FSMO migration caused by the "kdc default domain supported enctypes" and "kdc supported enctypes" so after correcting that and verifying that DC2 was working again I shut down DC1 just to make sure that the domain was working correctly again. During this downtime I tried installing the admx templates again

Sent with Proton Mail secure email. On Thursday, December 28th, 2023 at 15:59, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Thu, 28 Dec 2023 18:18:22 +0000 > bd730c5053df9efb via samba samba at lists.samba.org wrote: > > > Hi all! > > > > As a die hard slackware user and as a part of my learning pam process > > I installed debian

In my new bash script, I'm doing what I think is a very simple rsync command the way I'm used to doing it. I just do a lot of setup and checking before I get to it. When I run it, it gets very unhappy with me. It's probably something very simple. I need to build the rsync command in a string so that some things can go away - like if my variables DRY_RUN and DELETE are undefined,

Hi all! As a long slackware user I'm a total noob in pam and I'm banging my head against a wall trying to set it up correctly to play nice with slackware's default pam configuration. One of the things I'm trying to accomplish is to be able to logon while the ad domain is available and have pam_mount automount the samba shares and to be able to do an offline logon and skip the

On Wed, 06 Dec 2023 15:06:25 +0000 bd730c5053df9efb via samba <samba at lists.samba.org> wrote: > Hi! > > Thank you botho for your answers! I ran into some problems with the > FSMO migration caused by the "kdc default domain supported enctypes" > and "kdc supported enctypes" so after correcting that and verifying > that DC2 was working again I shut