As has been pointed out elsewhere, the patch is incorrect.
Try this one instead:
https://attachments.samba.org/attachment.cgi?id=9210
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT
g with exact directions to reproduce.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
--
To unsubscribe from this list go to the following URL an
nge in this area.
It is actually also meant to work on our AD DC, but I know a number of
folks don't use it because a [home] share works better with ADUC
(because that creates the home directory).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Sa
-s' so I can apply it with all the right author stuff etc?
Thanks,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL an
ZIP archive
> with executables, they have no x-bit set). Should Samba4 itself set
> 'Read-And-Execute' rights, either by settin x bit or by setting these
> rights in extended attributes?
See the new parameter in Samba 4.0.10 'acl allow execute always'
Andrew Bartl
hat you use the latest tarball (4.1.0)
I totally agree. We are only now getting current Samba 4.0 packages
into Debian unstable, and Ubuntu's package, particularly on 12.04 is
very, very old.
Start with current code, and then get network traces and log files if
you still have issues.
Andrew
ll windows acl's in extended attributes, or is
> this improvement only available in combination with letting it run as
> active directory domain controller?
You can load acl_xattr as a vfs module without being an AD DC, it's just
on by default in that
On Sat, 2013-10-12 at 12:35 -0700, Mauricio Alvarez wrote:
> Is there any chance the problem I am having (drsuapi.DsBindInfoFallBack'
> object has no attribute 'supported_extensions') is related to this patch?
No.
Sorry,
Andrew Bartlett
--
Andrew Bartlett
be generated by running 'make htmlman' in the
docs-xml directory, but some of this seems to have bitrotted, at least
in my brief testing. Patches to have HTML manpages generated by our
main buildsystem (see docs-xml/wscript_build and
buildtools/wafsamba/wafsamba.py) are most welcome.
Andre
ver.
>
> Now when I try join the domain it fails with
> ERROR(): uncaught exception -
> 'drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions'
To make any progress we need the full backtrace.
Andrew Bartlett
--
Andrew Bartlett
be generated by running 'make htmlman' in the
docs-xml directory, but some of this seems to have bitrotted, at least
in my brief testing. Patches to have HTML manpages generated by our
main buildsystem (see docs-xml/wscript_build and
buildtools/wafsamba/wafsamba.py) are most welcome.
Andre
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 1072, in do_join
> ctx.join_add_objects()
> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 616, in join_add_objects
> ctx.samdb.add(msg)
> root@s
tries to set it to match
the network interfaces of the DC, because AD clients may (few actually
do, in this specific case) use this name to find a DC. See
dns_update_list.
I suggest breaking the CNAME and not using example.com to find your
website internally.
Andrew Bartlett
--
Andrew Bartlett
was
originally only for upgrades from FLATFILE to DLZ was extended, and it
should now check for the partition first, before looking for a
flat-file. Certainly it shouldn't suggest it is re-generating DNS when
it won't do that.
Andrew Bartlett
--
Andrew Bartlett
xes
> > require filling in
>
> Sure, will do that as soon as possible.
While we are talking about the release pages, I wonder with the new
colour table on that page, should we remove the Branch policy page, and
just fold the text into this page? That way, we don't have two pages
he investigation, because it relies on system-specific symbols.
I hope this is clearer.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
--
To unsu
ng for help
> > ... TIA
> > Nicolas
> Turned out that bin directory couldn't be deleted by the script.
> sudo rm -R bin
> allowed compilation to complete
This typically happens due to 'sudo make install', which creates
root-owned files during the
On Thu, 2013-10-10 at 11:05 -0300, Silvio Aparecido wrote:
> On 10/07/2013 04:30 PM, Andrew Bartlett wrote:
> > What does wbinfo -P show?
> wbinfo -p
> Ping to winbindd succeeded
>
> > Are you correctly joined to the domain.
> net ads testjoin
> Join is OK
>
a look at a wireshark trace of the success and failure
modes, and see if you can show a difference. If the traces are not
massive, these you can mail to me. Either way, the wireshark 'service
response time' over DCE/RPC would be particularly interesting to see.
I hope this helps,
And
ba
> works too when it comes to providing the sysvol share?
In Samba, sysvol is not special. It may well need to be, as the issue
you describe certainly sounds plausible.
Can you file a bug, and work with us to see how we might create a fix
for this?
Thanks,
Andrew Bartlett
--
Andrew Bartle
an also be used as an ldap proxy
> in conjunction with samba4.
Please provide that feedback back to SerNET. I also don't think the
packages should be described as breaking each other.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Sa
t in their packaging work.
Fedora shipped Samba 4.0 as soon as it was released, but does not ship
the Active Directory domain controller.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst
ally release.
I hope this clarifies things,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
--
To unsubscribe from this list go to the following
ly unexpected.
I hope this helps you make some more progress chasing this down.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
--
To unsubsc
H: NT_STATUS_ACCESS_DENIED
>
> [2013/10/01 10:30:12, 3] utils/ntlm_auth.c:329(check_plaintext_auth)
>NT_STATUS_ACCESS_DENIED: Access denied (0xc022)
What does wbinfo -P show?
Are you correctly joined to the domain. Can you authenticate using
wbinfo as root, and then as squid?
What do the winbind logs
r not passed down to the OS in this case, followed by a
unexpected loss of power. The corrupt database was then perfectly
mirrored to the DRDB clone, resulting in two corrupt mirrors. DRS
replication likely would have detected the corruption (because the
database would not have been valid) an
ort, run samba under TDB_NO_FSYNC=1. This makes samba unsafe against
a poweroff event (equivalent to linking with libeatmydata), so don't use
this in production, but it will make things much, much faster for the
initial import.
Andrew Bartlett
Andrew Bartlett
--
Andrew Bartlett
htt
mba +
> kerberos + ldap?
> Thanks
The easiest way to do Samba + kerberos + ldap is to set up Samba as an
AD DC.
That said, I shouldn't have mentioned Kerberos in the context of your
original query, as it still has the same issues of needing those
password types, which you don't have
The encryption types
are incompatible.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
most certainly relates to the lack of 'smb signing' support
in that release, but so many other things have changed in the past dozen
years that it could really be anything.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authenticati
y magic' whenever we see
'server role = active directory domain controller'. Frankly I think it
should be the default, except for the fact that we didn't want to change
it for upgrading users. We used the 'new' server role as a chance to at
least make it a defa
y just incompatible.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
> I'm concerned that backups might be incomplete when part of the access
> rights are hidden somewhere else. Will 'cp -a' really copy everything?
Can you show me your smb.conf?
Thanks,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet
e two databases to
keep 'in sync'.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
ell (others I hope will clarify).
At least that is how I understand the issue. See also the FHS:
http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE33
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http:/
SD ZFS
> support. But I am afraid I am not good enough to code it myself. I am
> a sysadmin who reads C code frequently, it does not make me a good
> coder..
The issue is essentially that the python-based provision code need to
detect the use of zfs, load the zfsacl module in t
> (2008R2) domain.
Are you able to reproduce this with winbindd running under valgrind?
eg:
valgrind --trace-children=yes winbindd
Thanks,
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsu
:
#define SEARCH_FLAG_ATTINDEX0x001
So, just add one to the existing value in the schema attribute, and you
will find it indexed. Let me know if you have more trouble.
> > - Original Message -
> > > From: "Bo Kersey"
> > > To: "Andrew Bartlett&quo
On Sun, 2013-09-15 at 11:53 -0700, Yannick Gingras wrote:
> On 09/14/2013 05:33 PM, Andrew Bartlett wrote:
> > On Fri, 2006-10-06 at 12:32 -0400, Yannick Gingras wrote:
> >> [...]
> > You can't do a domain logon without a machine account. You could set
> > the
s tool to turn on a NIS server, perhaps
it works remotly against Samba. Otherwise, I asked a user on IRC to
consider plumbing in the code that adds these objects (a python
function) into a new 'samba-tool domain enablerfc2307' (or similar)
command. I've not heard any pr
ge.
You can't do a domain logon without a machine account. You could set
them up as just standalone workstation however.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
er) priority. (Sadly on the AD DC, there
isn't spare developer time just floating around).
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
it will help us advise others.
Thanks!
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
into the perf screen)
Then, can you re-run it under
'perf record -g -p '?
And then show me the output of perf report -g, expanding the first
function call stacks to find out what is the eventual high-level caller
of the spinning routine. This may give us the critical clues we need
in.
>
> Again, that's IIRC - but I think that's the case.
That is correct on both counts, we do not honour it currently (GSoC
project to do this is in progress), but if a windows DC changes the AD
database to match the GPO, we will honour that.
Andrew Bartlett
--
Andrew
ming connection.
We need to throttle things until the system clears
enough resources to handle this new socket.
If we don't then we will spin filling the log and
causing more problems. We don't panic as this is
> Here is the problems:
>
> When I run "getent passwd", it lists only the local users.
For performance reasons, by default we do not list users in the AD
domain. See winbind enum users in your smb.conf
> When I run "id Administrator", it returns "No such use
ng
DLZ_BIND9 using the samba_upgradedns script, and see if that helps. I
have had a more successful investigation with another user that
indicates an issue there, trigged by double-processing of secure DNS
updates from clients in our DNS server.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
h
In terms of the Win2008R2 server not taking over the Samba domain,
perhaps DNS is not configured on that DC, or the DNS configuration for
the domain was stored in the replicated database (the bind9 flat file
solution).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentica
#x27;s in the test environment where my samba4 server
> is, or some tool that can assist in such.
The 'Samba3' tools still work in Samba 4.0, so if you put the files in
the 'expected' locations on in the new server, then you should be able
to just edit them there, as if it
On Tue, 2013-08-20 at 09:43 -0500, Les Mikesell wrote:
> On Mon, Aug 19, 2013 at 10:29 PM, Andrew Bartlett wrote:
> >
> > OK.
> >
> >> Most (maybe not all) of the windows boxes are already logged
> >> into the domain as the appropriate user, but I don'
On Mon, 2013-08-19 at 18:22 -0500, Les Mikesell wrote:
> On Mon, Aug 19, 2013 at 5:40 PM, Andrew Bartlett wrote:
>
> >> On CentOS (and presumably RHEL), the authconfig tool can set up
> >> kerberos authentication via PAM so that locally added users can be
> >&g
change on being part of the domain or
not.
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
--
To unsubscribe f
tips.
Try just setting the DN as ldapbind...@bordengrammer.kent.sch.uk (AD
allows these kind of DNs for binds).
Otherwise, just turn up the logging on the Samba side and see what it
says.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team
alled version's
> private folder?
Ensure you also move the sysvol tree, the lock, locks and state dirs and
the etc/smb.conf file, and keep the xattrs. Essentially find the new
location for all the files, and move them to match.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
A
On Sat, 2013-08-10 at 04:37 -0400, Scott Lovenberg wrote:
> On Aug 10, 2013, at 4:22, Andrew Bartlett wrote:
>
> > On Sat, 2013-08-10 at 03:19 -0400, Scott Lovenberg wrote:
> >> On Aug 5, 2013, at 0:09, ketut.nur...@dexagroup.com wrote:
> >>
> >>> d
;
> Is there any tools or support to provide upgrade solution from Samba 3 to
> samba 4 ?
See
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
Thanks,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authenticati
ses from the 4.0 alpha
series. Use of the samba-tool domain classicupgrade command remains and
will remain fully supported.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
> Does anyone know how NTACLs in XATTR compare to using 'vfs objects =
> xattr_tdb' or any other options that I'm unaware of?
Using the TDB backend is a very poor second choice, because if something
other than Samba adds/deletes files, the inode-related entry may be
either be left
orrect.
>
> I could not find any documentation saying what the DN should be.
Perhaps I need to be clearer:
DO NOT USE --simple-bind-dn against an AD server.
USE -U administrator
Additionally, your DN above has a typo, cs=administrator rather than
cn=administrator.
Andrew Bartlett
rate one ntlm_auth in
client mode, another in squid-2.5-ntlmssp mode and copy the blobs back
and forth), and demonstrate it? This will avoid all the complexity of
squid, and help isolate the issue.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team
the
password, it just performs calculations based on the stored hash.
How did you set the 'empty' password in Samba?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT
On Wed, 2013-08-07 at 17:58 +0100, Dominic Evans wrote:
> On 5 August 2013 01:28, Andrew Bartlett wrote:
> > On Fri, 2013-08-02 at 14:41 +0100, Dominic Evans wrote:
> >> The debian package of samba4 is still sitting at 4.0.3 in
> >> experimental. Please could someone
more to the ldb*
commands that samba-tool, which probably shouldn't show this option
except it comes from common code).
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cataly
omain controllers, and we have 2+ Windows servers doing DFS
> between each other (where the Samba 4 file server isn't involved at
> all), is that supported?
That should be fine, we just don't implement that protocol yet.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~a
On Mon, 2013-08-05 at 16:03 +1200, Andrew Bartlett wrote:
> On Fri, 2013-08-02 at 13:58 +1000, Alex Ferrara wrote:
> > I am having some trouble joining a new samba4 server as a DC. I am pretty
> > sure this stems from trying to use OpenChange and subsequently removing it.
>
his,
once that's done, the rest won't be too hard.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
--
To unsubscribe from this list go
move a dead DC from the AD domain. It shouldn't
matter that it's a Samba DC.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
--
To uns
t; at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID
> Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local' wasn't specified!")
> Checked 336 objects (1 errors)
The attached patch should resolve this issue. Let me know if it helps.
Thanks,
A
; samba-client-3.0.23b-7mdv2007.0
> samba-doc-3.0.23b-7mdv2007.0
See:
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cata
ed network upgrade
this to git master, and try to join another git master server to it?
If that fails in the same way, we may wish to get a dump of this object
(and potentially the database via a secure route) so we can investigate
further.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://sam
While I can understand the advise, this should work, just as we work with
different versions of AD. Particularly after the 4.0 release.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst
7 will follow shortly.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
--
To unsubscribe from this list go to the following URL and read the
instruct
On Thu, 2013-08-01 at 11:10 +0200, Gilles Pion wrote:
> 2013/7/31 Andrew Bartlett
> >
> > Very interesting! That we certainly can fix, thanks for the heads-up!
>
> I've also filed a bug on that issue:
> https://bugzilla.samba.org/show_bug.cgi?id=10047
If I
x27; solution - once you run provision, you should have
a working domain.
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT
nd tell it that the Samba DC is permanently off-line. The
roles can be seized from there.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
--
To u
aster, as this is based on the file handle.
Try:
vfs objects = streams_xattr
(if you use resource forks, then they may not fit, in which case perhaps
try vfs objects = streams_depot, which uses a magic directory, but is
less tidy and less efficient).
Andrew Bartlett
--
Andrew Bartlett
h
--use-xattrs=yes
> --realm=mydomain.com /samba3/smb.conf --dns-backend=BIND9_DLZ
This is clearly your issue:
> smbldap_search_domain_info: Problem during LDAPsearch: Timed out
If your LDAP server is timing out, there is no hope Samba can upgrade
this domain.
You need to work out wh
conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap',
> headers='ldap.h')
Very interesting! That we certainly can fix, thanks for the heads-up!
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, S
conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap',
> headers='ldap.h')
Very interesting! That we certainly can fix, thanks for the heads-up!
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, S
On Wed, 2013-07-31 at 10:07 +0800, Kinglok, Fong wrote:
> On 29 Jul, 2013, at 1:13 PM, Andrew Bartlett wrote:
>
> > On Sat, 2013-07-27 at 23:20 +0800, Kinglok, Fong wrote:
> >> Dear all,
> >>
> >> After using samba 3 for two years, I have just spent total
erent with Windows 2008,
rather than Samba 4.0 as an AD DC. Then I might be able to assist,
otherwise, the only 'buggy' part of this would seem to be the new
security behavior of Windows 7, which you may be able to disable.
Andrew Bartlett
--
Andrew Bartlett
http://samba
seful if the member server can still
negotiate for only NTLM without protection, but waiting for that is for
another day).
Have you tested and shows windows behaves any differently?
Finally, as a workaround try connecting to the machine by IP or by a
name the KDC doesn't know.
Andrew
e might not
read that correctly in our internal handler, but nss_ldap would have, if
configured.
It's just a guess, but somewhere to start. Otherwise, perhaps look at
this group and see if there is anything different about it? Can you
show me the LDIF?
Andrew Bartlett
--
Andrew Bartlett
ht
nk
there even is an option to disable that code - but a 'cut down samba'
isn't free either. Much of the bulk comes from library code we have
come to depend on across the whole sever.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team
the work. Certainly when matching windows
(which I would like to do for this, but understand the desire to also
have the smb.conf option work) the correct way is to see if Guest is
enabled.
Otherwise, it is a known issue, so at least don't feel bad about hitting
it.
Sorry,
Andrew Bartlett
-
ot;clean" way to patch configure to fix this
>
> Anyone able to help?
Where is ldap.h on your system. It may be enough to just specify
CFLAGS="-I/usr/local/openldap/include" ./configure
(if that is where ldap.h is).
If we have found ldap.h, it will be added to those tests.
73741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
>
I think you may have cleaned too much, or not have the right settings -
this means that the ldap server listning on port 389 localhost does not
have a copy of your Samba3 domain.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
le confirm the behavior is incorrect.
NT4 doesn't know about Kerberos, I think any TGS traffic is highly
likely a red herring. Are you really sure the client is issuing it, and
you have not additional software installed on the NT4 machine?
Andrew Bartlett
--
Andrew Bartlett
http://samba.o
- be it in regards to your network, or our code, we
don't mind either way, but we need to work out which to look into.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT
, particularly
for NT System Policies, or if they change their machine account
passwords. Additionally, the DCs will fight over the PDC role netbios
name.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team
ize of 'rid' role: objectclass: modify
> message must have elements/attributes!
>
> Still.. I have now been able to successfully join my domain - which does
> solve my initial problem, so I'm happy there at least.
>
> (Interestingly, my shiny new DC does no
hen this fails for
you.
It certainly is meant to work.
Thanks,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
been searching but cannot find a way to do this in the build system, I
> can't even find where the optimisation level is set, however, I am
> unfamiliar with waf. Is there a (even hacky) way to do this?
Just pass whatever CFLAGS you desire to the ./configure wra
r ignore "-500" test but
> when script read my "administrator" account, script hang because
> administrator alread exist (created by full provision I suppose)
Just rename 'Administrator' to 'English Administrator' and then after
then upgrade, rename
tor. The issue is that we add it
in english, so if you have a second administrator (a bad idea in my
view) it will collide. Just remove that from the import source before
you start.
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samb
On Wed, 2013-04-24 at 10:31 +1000, Andrew Bartlett wrote:
> Just a heads-up, because this bug took me absolutely ages to chase down,
> and I want to save others the same pain.
>
> Samba is perhaps the most prominent reason why you might find a user in
> more than 16 groups on a U
On Fri, 2013-07-12 at 11:55 -0300, Fernando Lozano wrote:
> Hi Andrew,
>
> > I work on a NAS product myself, and at this vendor and my previous
> > vendor Samba 4.0 as an AD DC was all I ever needed to use to test the
> > AD integration features of the NAS. Thanks, A
are of course free to test.
Sorry,
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions:
ng something?
One of our outstanding tasks is to replace our KCC with a new prototype
developed in python. I don't know if it understands sites, but it was
designed rather than what we have now, which was just put in place as a
stop-gap.
Andrew Bartlett
--
Andrew Bartlett
1 - 100 of 2760 matches
Mail list logo