similar to: "getent group" shows AD groups; "getent passwd" only shows local users

Hello, I have a customer that complains about slow AD authentication when accessing the share, eventually succeed (Samba is a DC memer) In the logs I can see the following errors: [2020/02/24 14:11:16.775884,? 1] ../source3/libads/ldap_utils.c:93(ads_do_search_retry_internal) ? Reducing LDAP page size from 1000 to 500 due to IO_TIMEOUT [2020/02/24 14:11:16.775902,? 3]

Hello everyone,   any ideas on why a newly installed domain member (w2k8 domain) might seem to work fine in every test (wbinfo -g, wbinfo -t, getent group, wbinfo -n username, getent passwd user, share-access.., ) but only enumeration of users with wbinfo -u and getent passwd fail? wbinfo -u just returns without any output and getent passwd just shows the default centos7 users.   Even with

Hello, I see this error when trying "wbinfo -g": [2016/06/09 13:55:33.617151, 3, pid=11847, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args) ads_do_paged_search_args: ldap_search_with_timeout((&(objectCategory=group)(&(groupType:dn:1.2.840.113556.1.4.803:=-2147483648)(!(groupType:dn:1.2.840.113556.1.4.803:=1))))) -> Time limit exceeded

We have Samba 3.2.4 on two SLES 10 (one is SP1, the other SP2 64bit) machines. Both are member servers in our ADS, which was over the past month given some additional DCs, new IPs for all DCs, and upgraded to Windows 2008 (from win2003). The krb5.conf and nsswitch.conf files on the two machines are identical; the smb.conf files are *nearly* identical in their common section; the filewall rules

Hello, I am trying to join my server to a Win2k AD domain. I have configured kerberos and can get a ticket but when I try to join the AD I get the error "Failed to join domain: No logon servers" as detailed below. I have searched the archives and google and followed some suggestions to get my files into the correct format but still have a problem. I am using Samba version 3.0.32-0.fc8

Hi all, I have an question about getting child domain users on Samba 4.10.7. 1. I have the command net ads search '(objectCategory=trustedDomain)' -P and already get the info below: objectClass: top objectClass: leaf objectClass: trustedDomain cn: hardware.qsan.ad.com distinguishedName: CN=hardware.qsan.ad.com,CN=System,DC=qsan,DC=ad,DC=com instanceType: 4 whenCreated: 20180611041431.0Z

Hi Rowland, Thank you for your reply. Yes, i have tried "net ads user -w HARDWARE -P", but it's still fail. I have add -d10 to llookup the debug mode and got the info below: ads_find_dc: (ldap) looking for realm '' and falling back to domain 'HARDWARE' Opening cache file at /mnt/pool/SYSPOOL/cache/samba/lock/gencache.tdb sitename_fetch: Returning sitename for realm

Hi Rowland, My smb.conf is showing below: server string = "Samba Server" security = ADS realm = QSAN.AD.COM workgroup = QSAN encrypt passwords = Yes winbind enum users = Yes winbind enum groups = Yes winbind cache time = 1800 idmap config * : backend = tdb idmap config * : range = 1000000-5000000 idmap config QSAN : backend = rid idmap config QSAN : range = 6000000-8000000 idmap config

I had exact the same problem. Try: client ldap sasl wrapping = plain in smb.conf Op 10 jun. 2016 10:44 p.m. schreef Dennis Xu <dxu at uoguelph.ca>: Hello, I see this error when trying "wbinfo -g": [2016/06/09 13:55:33.617151, 3, pid=11847, effective(0, 0), real(0, 0)] ../source3/libads/ldap.c:904(ads_do_paged_search_args) ads_do_paged_search_args:

Hi, we have a winbind issue with Samba (Version 4.2.7-SerNet-RedHat-19.el6) on one of our servers. After a while (once a day) one of the winbind daemons causes a very high cpu load (100%). This load remains until we kill this process. This server is a member of a AD domain with several trusted domains. I think this happens because winbind has problems with one of the trusted domains (ALS2)

Hello good people, I'm in a need of your help, authenticating samba users through AD. I'm running samba 3.0.28 on FreeBSD 7.0 i386. Also Windows 2008 Enterprise server. When I try to join the domain I get an error message "Failed to join domain: Improperly formed account name" here is my smb.conf file: [global] workgroup = LAB realm = setup.net server string = SambaServer

Hi there I have samba-3.0.27a rolled out over a large number of servers, and every once in a while one of them will start failing to allow people to connect, with winbind reporting NT_STATUS_NO_LOGON_SERVERS, and ntlm_auth failing with "NT_STATUS_NO_LOGON_SERVERS: No logon servers". The same problem occurred with earlier versions too. I think I've tracked down the cause of the

I have two networks: 192.168.1.0 with netmask 255.255.255.0 and 172.16.0.0 with netmask 255.255.254.0, when I join in domain in first network hostname registered successfully, but in second network: sudo net ads join -U admin Enter admin's password: Using short domain name -- BUTB Joined 'TH-2-011' to realm 'butb.by' DNS update failed! dpkg -l | grep samba ii samba

After migrating from 3.0.26a to 3.0.30 I cannot join my AD member server to the domain anymore: I get a DCERPC_FAULT_INVALID_TAG. As I didn't change my Windows 2000 SBS Server, this looks like a new feature in Samba 3.0.30. Do I have to also migrate my Heimdal - if so, which version is required? Kind regards, Jens P.S: Is there a way to find out the code changes in Samba 3.0.30? I

Dear list users, I have a problem when joining an Active Directory domain. In this project we have one Main Dc in capital city and one read only dc in one remote city. We join to main DC succesfully. However, we can not join to local Replicate (rodc14). We are using this method for winbind / squid ntlm authentication purposes not a full samba server. ?nternet conection is not fast and we have

I am trying to join a samba server and have the keytab file set. After joining there was no keytab file so I ran the command: /usr/sfw/sbin/net ads keytab add host -d 10 This was the result: [2007/12/04 21:40:09, 5] lib/debug.c:(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0

I am running Samba ver 3.0.37 on Solaris 10 (sparc) as a PDC with LDAP for the backend for both samba and unix accounts. Assume the samba SMBPDC is called "PDC." I have also set up a trust with an Windows domain- lets call it WINDOMAIN- (the PDC for the Windows domain is Win 2003 but is in mixed mode for backwards compat.) The SAMBA domain trusts the WINDOWS domain, not not vice

On 2016-06-09 at 10:17 -0400, Dennis Xu wrote: > Hi Michael, > > Thank you for your suggestion. > > I did clone the server. After the clone, the server was not > join to domain automatically, then I join the server to the > domain separately. I did not change the local sid. Should I > change that? Not necessarily: It is rather cosmetic and probably not the cause for

Hello, After each reboot, my Samba AD member server lost domain join after reboot, I have to re-enter the server in the domain with the "net ads join -U administrator". I use version 4.4.3 of samba. The domain controller is a Samba AD server. After reboot, when I exectute "net ads testjoin" I have: kerberos_kinit_password SMB2$@AD.SAMDOM.LOCAL failed: failed

Hi, here it attached my smb.conf and Winbind debug log after reboot. My OS is Debian Jessie and has a fixed ip. Thank you On 06/06/2016 22:05, Rowland penny wrote: > On 06/06/16 14:52, Alexis RIES wrote: >> Hello, >> >> After each reboot, my Samba AD member server lost domain join after >> reboot, I have to re-enter the server in the domain with the "net ads