similar to: Working through the PAM Offline Authentication Wiki page, but...

Hi folks, The last log record from journalctl -xeu winbind directly after winbind startup is: Jun 13 12:41:36 datasrv winbindd[582]: gpupdate_cmd_done: gpupdate failed with exit status 1 For completeness, the log entries for winbind startup is displayed below. Things seem to work though, but I have never seen it before (I don't like error messages). When I noticed the message I

On Thu, 13 Jun 2024 16:26:17 +0200 Peter Milesson via samba <samba at lists.samba.org> wrote: > Hi folks, > > The last log record from journalctl -xeu winbind directly after > winbind startup is: > > Jun 13 12:41:36 datasrv winbindd[582]: gpupdate_cmd_done: gpupdate > failed with exit status 1 > > For completeness, the log entries for winbind startup is

On 13.06.2024 17:21, Rowland Penny via samba wrote: > On Thu, 13 Jun 2024 16:26:17 +0200 > Peter Milesson via samba <samba at lists.samba.org> wrote: > >> Hi folks, >> >> The last log record from journalctl -xeu winbind directly after >> winbind startup is: >> >> Jun 13 12:41:36 datasrv winbindd[582]: gpupdate_cmd_done: gpupdate >>

Le Fri, 4 Oct 2024 09:27:12 +0100 Rowland Penny via samba <samba at lists.samba.org> ?crivait: > > > > OK, I'll try first the 4.17 version from the backports, and if it's > > not enough I'll upgrade to 4.20. > > I would upgrade to bookworm with Samba from backports, but its your > domain ;-) Well I've upgraded up to 4.20, but no dice :( No

On Fri, 4 Oct 2024 10:11:37 +0200 Emmanuel Florac <eflorac at intellique.com> wrote: > Le Thu, 3 Oct 2024 21:35:04 +0100 > Rowland Penny via samba <samba at lists.samba.org> ?crivait: > > > > Yes, I mean Windows 11 or WIndows Server 2022 machines that are > > > registered into the AD. A Win11 PC which isn't AD-connected (but > > > in the same

On 13.06.2024 20:33, Peter Milesson via samba wrote: > > > On 13.06.2024 17:21, Rowland Penny via samba wrote: >> On Thu, 13 Jun 2024 16:26:17 +0200 >> Peter Milesson via samba <samba at lists.samba.org> wrote: >> >>> Hi folks, >>> >>> The last log record from journalctl -xeu winbind directly after >>> winbind startup is:

On 11/25/24 11:26, Rowland Penny via samba wrote: > D, I must go to specsavers, I appear to be going blind ;-) > > you wrote 'smbcontrol winbind offline' and I missed it, the extra 'd' > that is, it should have been: > > smbcontrol winbindd offline > > Rowland Okay, thanks, but I'm going to start over as I appear to have related some incorrect

When I put winbindd in offline mode, ??? terra ~ # smbcontrol winbindd offline ??? terra ~ # smbcontrol winbindd onlinestatus ??? PID 20664: global:Offline BUILTIN:Online TERRA:Online HOME:Offline I can successfully log in (with the test shown in the PAM Offline Authentication Wiki article): ??? terra ~ # ssh SAMDOM\\jgraham at localhost ??? (SAMDOM\jgraham at localhost) Password: ???

On 11/27/24 13:20, John R. Graham via samba wrote: > On 11/27/24 12:38, Rowland Penny via samba wrote: >>> Hmm, PAM on Gentoo appears to be very different to Debian. For >>> instance on Debian, to include lines from another file you use >>> '@include' and it includes the entire contents of the file, Gentoo >>> appears to just include the lines

On my Linux domain members, group membership for my domain login is reported as: ??? terra #? id SAMDOM\\jgraham ??? uid=11105(SAMDOM\jgraham) gid=10513(SAMDOM\domain users) groups=10513(SAMDOM\domain users),11105(SAMDOM\jgraham),11120(SAMDOM\wheel),3001(BUILTIN\users) (I filtered local groups to make the output less noisy.) But on the ADC the same command give different results: ??? dc1

On 11/13/24 15:54, Rowland Penny via samba wrote: >> ??? log level = 1 >> >> ??? # dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool >> >> ??? # Winbindd setup for shares: >> ??? # template shell = /bin/bash >> ??? # template homedir = /home/%U >> >> ??? # idmap_nss plugin setup: >> ??? idmap config * : backend

On Fri, 14 Feb 2025 10:03:33 -0500 "John R. Graham via samba" <samba at lists.samba.org> wrote: > On my Linux domain members, group membership for my domain login is > reported as: > > ??? terra #? id SAMDOM\\jgraham > ??? uid=11105(SAMDOM\jgraham) gid=10513(SAMDOM\domain users) > groups=10513(SAMDOM\domain >

On 2/14/25 11:22, Rowland Penny via samba wrote: > Well yes, you can do it that way, but there is an easier way. > There is a group in AD called 'Domain Admins' > Add any AD users that you want to be domain administrators to that > group, then, using visudo add this line to the sudo config: > > %SAMDOM\\domain\ admins ALL=(ALL:ALL) ALL > > Where 'SAMDOM' is

On Fri, 14 Feb 2025 12:14:18 -0500 "John R. Graham via samba" <samba at lists.samba.org> wrote: > On 2/14/25 11:22, Rowland Penny via samba wrote: > > Well yes, you can do it that way, but there is an easier way. > > There is a group in AD called 'Domain Admins' > > Add any AD users that you want to be domain administrators to that > > group,

On 11/16/24 11:59, Rowland Penny via samba wrote: > Samba doesn't start any daemons on a Unix domain member, you have to do > it yourself. I did. My Gentoo samba service scripts starts smbd and nmbd. Oh. Ugh. Sorry. Found an untweaked option in the samba service script configuration file--that I had apparently known about while setting up the AD DC--which was necessary to start

Hello. I'm gradually replacing my 4.17 installations with 4.19 (on FreeBSD). As soon as I do this, I'm starting to see gobs of messages in the log like the followings: rpcd_lsad[54129]: rpcd_lsad version 4.19.5 started. samba-dcerpcd[14381]: samba-dcerpcd version 4.19.5 started. I actually experience no troubles (so far) and there are no error messages actually, but is this

On 11/14/24 10:48, Rowland Penny via samba wrote: > The only things that a Samba AD DC pulls from AD is the uidNumber and > gidNumber attributes (if they are set) and only then if 'idmap_ldb:use > rfc2307 = yes' is set in the DCs smb.conf. > > What are you expecting ? > > Rowland Oh. Well, I was expecting that the home directory and the shell attributes would be

On Fri, 17 May 2024 09:34:25 +0200 Andrea Venturoli via samba <samba at lists.samba.org> wrote: > Hello. > > I'm gradually replacing my 4.17 installations with 4.19 (on FreeBSD). > As soon as I do this, I'm starting to see gobs of messages in the log > like the followings: > > rpcd_lsad[54129]: rpcd_lsad version 4.19.5 started. > samba-dcerpcd[14381]:

Sorry, did not send it to the list (damned Thunderbird)... On 31.01.2023 18:14, Michael Tokarev via samba wrote: > 31.01.2023 09:59, Peter Milesson via samba ?????: > >> The journal on a AD domain member server is cluttered with permission >> denied entries of this message pair: >> >> ??? Jan 31 07:02:26 konsrvfast smbd[436004]: [2023/01/31 >> ???

This question has already been asked in the past, but there was no answer. The above message is logged quite often in /var/log/samba/log.samba-dcerpcd. This is a stand-alone anonymous read-only server. Is it something to worry about? It smells like samba isn't working properly. If yes, how can I fix it? If no, how can I stop samba from logging un-interesting messages? What dcerpcd is