Webfilter Dev
2015-Oct-05 23:36 UTC
[Samba] Fwd: net rpc lookup from group names that start with "-"
Hi , Thank you for your input. I have had tried all of the escape characters you have have tested with but I have had no luck with them. I am curious to know which versions of net have you been tested with? I do agree that the best practice for this is to remove "-" from the beginning of the object name, However, seeing that it can be created that way allowed, I would like to find a way to get it working. On Thu, Oct 1, 2015 at 5:00 AM, <samba-request at lists.samba.org> wrote:> Send samba mailing list submissions to > samba at lists.samba.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.samba.org/mailman/listinfo/samba > or, via email, send a message with subject or body 'help' to > samba-request at lists.samba.org > > You can reach the person managing the list at > samba-owner at lists.samba.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of samba digest..." > > Today's Topics: > > 1. Re: Fwd: net rpc lookup from group names that start with "-" > (mathias dufresne) > 2. Re: Joining an 2008R2 a Samba AD Takes forever. (Cesar DiMartino) > 3. Re: Joining an 2008R2 a Samba AD Takes forever. > (Stéphane PURNELLE) > 4. Re: Fwd: net rpc lookup from group names that start with "-" > (Rowland Penny) > 5. Re: Joining an 2008R2 a Samba AD Takes forever. (Rowland Penny) > 6. Re: Joining an 2008R2 a Samba AD Takes forever. (Ali Bendriss) > 7. Re: Joining an 2008R2 a Samba AD Takes forever. (Rowland Penny) > 8. Re: Joining an 2008R2 a Samba AD Takes forever. (Cesar DiMartino) > 9. Re: Joining an 2008R2 a Samba AD Takes forever. (Rowland Penny) > 10. Re: Joining an 2008R2 a Samba AD Takes forever. (Cesar DiMartino) > 11. Re: Questions About Bind_DLZ (Marc Muehlfeld) > 12. Re: Questions About Bind_DLZ (Rowland Penny) > 13. Re: Questions About Bind_DLZ (David Minard) > 14. 4th DC Unable to Replicate - WERR_DS_DRA_ACCESS_DENIED > (David Minard) > 15. Replication Failing - NT_STATUS_IO_TIMEOUT (David Minard) > 16. Re: Fwd: net rpc lookup from group names that start with "-" > (mathias dufresne) > 17. Re: Fwd: net rpc lookup from group names that start with "-" > (Rowland Penny) > 18. DDNS and internal_DNS Server (Stefan Kania) > 19. authentication problems sernet-samba (Lulzim KELMENI) > 20. Re: Replication Failing - NT_STATUS_IO_TIMEOUT (Rowland Penny) > 21. Re: DDNS and internal_DNS Server (Rowland Penny) > 22. Re: authentication problems sernet-samba (Rowland Penny) > 23. ntlm_password_check: LM password, NT MD4 password in LM field > and LMv2 failed for user username (mourik jan heupink) > > > ---------- Forwarded message ---------- > From: mathias dufresne <infractory at gmail.com> > To: samba <samba at lists.samba.org> > Cc: > Date: Wed, 30 Sep 2015 16:59:58 +0200 > Subject: Re: [Samba] Fwd: net rpc lookup from group names that start with > "-" > I bet that won't work. > net rpc ..... "\-dash group" -> the shell look into quotes and interpret > things inside quotes. Because of double quotes. So the shell will interpret > \- and send only the dash to the command. > > net rpc ..... '\-dash group' -> the shell do not interpret things inside > the quotes, because simple quotes. The shell will send [\-dash group] to > the command. > > This is the same as: > net rpc ..... "\\-dash group" -> shell interpret \\, transform it into \ > and send \- to the command. > > But the point is command is waiting for switches after dashes (-a -o... > anything to tell the command how to react). The standard to tell commands > there is no more switches is double dashes "--". And that double dashes > must be surrounded by spaces to be one word and be correctly interpreted by > the command. > > > > 2015-09-30 12:50 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > > > On 29/09/15 01:15, Webfilter Dev wrote: > > > >> # net rpc -U "administrator%<server password>" -S <my windows server IP> > >> group members "- dash group" > >> > > > > Try this: > > > > # net rpc -U "administrator%<server password>" -S <my windows server IP> > > group members "\-dash group" > > > > Rowland > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > ---------- Forwarded message ---------- > From: Cesar DiMartino <cesardimartino at gmail.com> > To: Lee Brown <leeb at ratnaling.org> > Cc: samba at lists.samba.org > Date: Wed, 30 Sep 2015 15:31:35 +0000 > Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever. > Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping > that it would be the case. > Update: samba log complains about missing rndc.conf and rndc.key. Those > should pop with bind as Dns Backend but I'm using Samba Internal! > > On Wed, Sep 30, 2015, 01:23 Lee Brown <leeb at ratnaling.org> wrote: > > > That would be this <https://bugzilla.samba.org/show_bug.cgi?id=11455> > bug. > > Still waiting for testing to push it into 4.3 and 4.2 though. > > > > On Tue, Sep 29, 2015 at 12:59 PM, Cesar DiMartino < > > cesardimartino at gmail.com> > > wrote: > > > > > Marc. Thanks for the reply. I'm sure that should work. But since samba > > 4.1 > > > FreeBSD port I was unable to make it work. > > > As I wrote both DC are Samba internal as Dns back end. The only thing > > that > > > I remember doing different from the guide is joining the 2008R2 to the > > > domain first an then running dcpromo logged as domain admin. Also the > > > strange in the logs is winbindd restarting frequently and the > Samba-tool > > > drs showrepl not working while joining. > > > > > > Cesar. > > > > > > On Tue, Sep 29, 2015, 15:37 Marc Muehlfeld <mmuehlfeld at samba.org> > wrote: > > > > > > > Hello Cesar, > > > > > > > > Am 28.09.2015 um 23:12 schrieb Cesar DiMartino: > > > > > I have a problem with Samba 4.2.4 on FreeBSD. If I add another > samba > > DC > > > > to > > > > > de Domain it works without problems, but adding a Windows Server > 2008 > > > R2 > > > > DC > > > > > is taking more than 10 hours, even days in the raeplication dialog. > > In > > > > fact > > > > > it never finishes. > > > > > > > > I'm currently working on documentation about a SYSVOL replication > > > > workaround between Samba and Windows DCs. For that yesterday I joined > > > > three times a 2008R2 DC to an existing Samba driven AD with two Samba > > > > DCs. So I can at least say, that this works, as I wrote it down a > while > > > > ago here: > > > > > > > > > > > > > > https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD > > > > > > > > Can you check this guide carefully, if you maybe missed something? > > > > > > > > Is there anything special in your AD? Maybe AD sites? What DNS are > you > > > > using? BIND9_DLZ or internal? > > > > > > > > Does the Samba log says anything during the join? > > > > > > > > > > > > Regards, > > > > Marc > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > ---------- Forwarded message ---------- > From: "Stéphane PURNELLE" <stephane.purnelle at corman.be> > To: Cesar DiMartino <cesardimartino at gmail.com> > Cc: Lee Brown <leeb at ratnaling.org>, samba at lists.samba.org, samba < > samba-bounces at lists.samba.org> > Date: Wed, 30 Sep 2015 17:44:35 +0200 > Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever. > > Hi, > > I have the same problem with my samba 4.1.4 on linux. > my DC use internal DNS. > > nothing in log. > samba not move new windows 2008 R2 dc as a domain controler. > > regards > > Stéphane Purnelle > > > "samba" <samba-bounces at lists.samba.org> a écrit sur 30/09/2015 17:31:35 : > > > De : Cesar DiMartino <cesardimartino at gmail.com> > > A : Lee Brown <leeb at ratnaling.org>, > > Cc : samba at lists.samba.org > > Date : 30/09/2015 17:36 > > Objet : Re: [Samba] Joining an 2008R2 a Samba AD Takes forever. > > Envoyé par : "samba" <samba-bounces at lists.samba.org> > > > > Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping > > that it would be the case. > > Update: samba log complains about missing rndc.conf and rndc.key. Those > > should pop with bind as Dns Backend but I'm using Samba Internal! > > > > On Wed, Sep 30, 2015, 01:23 Lee Brown <leeb at ratnaling.org> wrote: > > > > > That would be this <https://bugzilla.samba.org/show_bug.cgi?id=11455> > bug. > > > Still waiting for testing to push it into 4.3 and 4.2 though. > > > > > > On Tue, Sep 29, 2015 at 12:59 PM, Cesar DiMartino < > > > cesardimartino at gmail.com> > > > wrote: > > > > > > > Marc. Thanks for the reply. I'm sure that should work. But since > samba > > > 4.1 > > > > FreeBSD port I was unable to make it work. > > > > As I wrote both DC are Samba internal as Dns back end. The only > thing > > > that > > > > I remember doing different from the guide is joining the 2008R2 to > the > > > > domain first an then running dcpromo logged as domain admin. Also the > > > > strange in the logs is winbindd restarting frequently and the > Samba-tool > > > > drs showrepl not working while joining. > > > > > > > > Cesar. > > > > > > > > On Tue, Sep 29, 2015, 15:37 Marc Muehlfeld <mmuehlfeld at samba.org> > wrote: > > > > > > > > > Hello Cesar, > > > > > > > > > > Am 28.09.2015 um 23:12 schrieb Cesar DiMartino: > > > > > > I have a problem with Samba 4.2.4 on FreeBSD. If I add another > samba > > > DC > > > > > to > > > > > > de Domain it works without problems, but adding a Windows Server > 2008 > > > > R2 > > > > > DC > > > > > > is taking more than 10 hours, even days in the raeplication > dialog. > > > In > > > > > fact > > > > > > it never finishes. > > > > > > > > > > I'm currently working on documentation about a SYSVOL replication > > > > > workaround between Samba and Windows DCs. For that yesterday I > joined > > > > > three times a 2008R2 DC to an existing Samba driven AD with two > Samba > > > > > DCs. So I can at least say, that this works, as I wrote it down a > while > > > > > ago here: > > > > > > > > > > > > > > > > > https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/ > > _2008_R2_DC_to_a_Samba_AD > > > > > > > > > > Can you check this guide carefully, if you maybe missed something? > > > > > > > > > > Is there anything special in your AD? Maybe AD sites? What DNS are > you > > > > > using? BIND9_DLZ or internal? > > > > > > > > > > Does the Samba log says anything during the join? > > > > > > > > > > > > > > > Regards, > > > > > Marc > > > > > > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > ---------- Forwarded message ---------- > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Wed, 30 Sep 2015 17:04:37 +0100 > Subject: Re: [Samba] Fwd: net rpc lookup from group names that start with > "-" > On 30/09/15 15:59, mathias dufresne wrote: > >> I bet that won't work. >> net rpc ..... "\-dash group" -> the shell look into quotes and interpret >> things inside quotes. Because of double quotes. So the shell will >> interpret >> \- and send only the dash to the command. >> >> net rpc ..... '\-dash group' -> the shell do not interpret things inside >> the quotes, because simple quotes. The shell will send [\-dash group] to >> the command. >> >> This is the same as: >> net rpc ..... "\\-dash group" -> shell interpret \\, transform it into \ >> and send \- to the command. >> >> But the point is command is waiting for switches after dashes (-a -o... >> anything to tell the command how to react). The standard to tell commands >> there is no more switches is double dashes "--". And that double dashes >> must be surrounded by spaces to be one word and be correctly interpreted >> by >> the command. >> >> > Hi Mathias, This got my interest and after I thought 'why would you be > daft enough to start any object name with a dash', I wondered if it was > possible to do what the OP wanted. > I tried to create a group called '-dashtest' and I was able to create it > (after a couple of attempts). I then added a user to the group, I had to > resort to ldbedit to do this. > I then tried the command the OP posted and it didn't work (as expected), > so I tried adding the forwardslash, not really expecting it to work, but it > did. > > Rowland > > > Rowland > > > > > ---------- Forwarded message ---------- > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Wed, 30 Sep 2015 17:19:12 +0100 > Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever. > On 30/09/15 16:31, Cesar DiMartino wrote: > >> Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping >> that it would be the case. >> Update: samba log complains about missing rndc.conf and rndc.key. Those >> should pop with bind as Dns Backend but I'm using Samba Internal! >> >> >> > rndc is used by bind, so even if you were using bind it shouldn't log to > the samba logs. > Can you post a sample of this and the actual name of the logfile it > appears in. > I would also like to point out that whilst I do use bind, the rndc.key > does not appear anywhere in the conf files, so it looks like I am not > actually using it. > > Rowland > > > > > > ---------- Forwarded message ---------- > From: Ali Bendriss <ali.bendriss at gmail.com> > To: Rowland Penny <rowlandpenny241155 at gmail.com>, samba at lists.samba.org > Cc: > Date: Wed, 30 Sep 2015 19:46:11 +0200 > Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever. > On 09/30/2015 06:19 PM, Rowland Penny wrote: > >> On 30/09/15 16:31, Cesar DiMartino wrote: >> >>> Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping >>> that it would be the case. >>> Update: samba log complains about missing rndc.conf and rndc.key. Those >>> should pop with bind as Dns Backend but I'm using Samba Internal! >>> >>> >>> >> rndc is used by bind, so even if you were using bind it shouldn't log to >> the samba logs. >> Can you post a sample of this and the actual name of the logfile it >> appears in. >> I would also like to point out that whilst I do use bind, the rndc.key >> does not appear anywhere in the conf files, so it looks like I am not >> actually using it. >> >> Rowland >> >> >> > Not sure about the internal DNS but I remember that nsupdate was called by > samba when using Bind as the DNS. > > -- > Ali Bendriss > http://tele-solve.com > > > > > > ---------- Forwarded message ---------- > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Wed, 30 Sep 2015 18:50:35 +0100 > Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever. > On 30/09/15 18:46, Ali Bendriss wrote: > >> On 09/30/2015 06:19 PM, Rowland Penny wrote: >> >>> On 30/09/15 16:31, Cesar DiMartino wrote: >>> >>>> Lee. That patch is already in the 4.2.3 Samba from ports. I was hopping >>>> that it would be the case. >>>> Update: samba log complains about missing rndc.conf and rndc.key. Those >>>> should pop with bind as Dns Backend but I'm using Samba Internal! >>>> >>>> >>>> >>> rndc is used by bind, so even if you were using bind it shouldn't log to >>> the samba logs. >>> Can you post a sample of this and the actual name of the logfile it >>> appears in. >>> I would also like to point out that whilst I do use bind, the rndc.key >>> does not appear anywhere in the conf files, so it looks like I am not >>> actually using it. >>> >>> Rowland >>> >>> >>> >> Not sure about the internal DNS but I remember that nsupdate was called >> by samba when using Bind as the DNS. >> >> > That still wouldn't use rndc, so we still need the info I asked for > > Rowland > > > > > ---------- Forwarded message ---------- > From: Cesar DiMartino <cesardimartino at gmail.com> > To: Ali Bendriss <ali.bendriss at gmail.com>, Rowland Penny < > rowlandpenny241155 at gmail.com>, samba at lists.samba.org > Cc: > Date: Wed, 30 Sep 2015 18:25:05 +0000 > Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever. > That's log.Samba in freebsd. The error is generated by a call to rndc. The > error itself is a msg from rndc which Samba seems to install even If you > chose samba internal in the options for the port (installs bind9). I don't > know if some Samba update script is trying to call rndc by default or it's > necessary for Samba Internal Dns to work. Anyways seems that is related to > the FreeBsd port more than Samba itself. > > On Wed, Sep 30, 2015, 14:51 Ali Bendriss <ali.bendriss at gmail.com> wrote: > > > On 09/30/2015 06:19 PM, Rowland Penny wrote: > > > On 30/09/15 16:31, Cesar DiMartino wrote: > > >> Lee. That patch is already in the 4.2.3 Samba from ports. I was > hopping > > >> that it would be the case. > > >> Update: samba log complains about missing rndc.conf and rndc.key. > Those > > >> should pop with bind as Dns Backend but I'm using Samba Internal! > > >> > > >> > > > > > > rndc is used by bind, so even if you were using bind it shouldn't log > to > > > the samba logs. > > > Can you post a sample of this and the actual name of the logfile it > > > appears in. > > > I would also like to point out that whilst I do use bind, the rndc.key > > > does not appear anywhere in the conf files, so it looks like I am not > > > actually using it. > > > > > > Rowland > > > > > > > > > > Not sure about the internal DNS but I remember that nsupdate was called > > by samba when using Bind as the DNS. > > > > -- > > Ali Bendriss > > http://tele-solve.com > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > ---------- Forwarded message ---------- > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Wed, 30 Sep 2015 19:41:48 +0100 > Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever. > On 30/09/15 19:25, Cesar DiMartino wrote: > >> >> That's log.Samba in freebsd. The error is generated by a call to rndc. >> The error itself is a msg from rndc which Samba seems to install even If >> you chose samba internal in the options for the port (installs bind9). I >> don't know if some Samba update script is trying to call rndc by default >> or it's necessary for Samba Internal Dns to work. Anyways seems that is >> related to the FreeBsd port more than Samba itself. >> >> >> >> > You only need the portion of bind9 that contains 'nsupdate' , on debian > this is bind9-utils. Now if your 'port' has installed bind9, has it also > started it? if so, try stopping it. > > Rowland > > > > > > > ---------- Forwarded message ---------- > From: Cesar DiMartino <cesardimartino at gmail.com> > To: Rowland Penny <rowlandpenny241155 at gmail.com>, samba at lists.samba.org > Cc: > Date: Wed, 30 Sep 2015 19:32:26 +0000 > Subject: Re: [Samba] Joining an 2008R2 a Samba AD Takes forever. > Here are the logs from my las attempt.: > ==> /var/log/samba4/log.samba <=> > [2015/09/30 12:14:44.758121, 0] > > ../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1483(dnsserver_complex_operate_server) > > > ==> /var/log/samba4/log.smbd <=> > [2015/09/30 12:18:41.774189, 0] > ../source3/rpc_server/svcctl/srv_svcctl_nt.c:326(_svcctl_OpenServiceW) > > root at BSD:/usr/home/crd # [2015/09/30 12:21:42.559677, 0] > ../source3/smbd/server.c:562(smbd_accept_connection) > > accept: Software caused connection abort > > ==> /var/log/samba4/log.samba <=> > [2015/09/30 12:23:01.316110, 0] > ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) > > /usr/sbin/rndc: rndc: neither /etc/namedb/rndc.conf nor > /etc/namedb/rndc.key was found > > Regards. Cesar. > > On Wed, Sep 30, 2015, 15:47 Rowland Penny <rowlandpenny241155 at gmail.com> > wrote: > > > On 30/09/15 19:25, Cesar DiMartino wrote: > > > > > > That's log.Samba in freebsd. The error is generated by a call to rndc. > > > The error itself is a msg from rndc which Samba seems to install even > > > If you chose samba internal in the options for the port (installs > > > bind9). I don't know if some Samba update script is trying to call > > > rndc by default or it's necessary for Samba Internal Dns to work. > > > Anyways seems that is related to the FreeBsd port more than Samba > itself. > > > > > > > > > > > > > You only need the portion of bind9 that contains 'nsupdate' , on debian > > this is bind9-utils. Now if your 'port' has installed bind9, has it also > > started it? if so, try stopping it. > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > ---------- Forwarded message ---------- > From: Marc Muehlfeld <mmuehlfeld at samba.org> > To: David Minard <david at scem.uws.edu.au>, samba at lists.samba.org > Cc: > Date: Wed, 30 Sep 2015 22:01:47 +0200 > Subject: Re: [Samba] Questions About Bind_DLZ > Am 30.09.2015 um 03:50 schrieb David Minard: > > ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=dnsZone)' -b > > 'DC=SAMBA4,DC=SCEM,DC=WESTERNSYDNEY,DC=EDU,DC=AU' --cross-ncs name > > > > # record 1 > > dn: > > DC=samba4.scem.westernsydney.edu.au > ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > > > > name: samba4.scem.westernsydney.edu.au > > > > # record 2 > > dn: > > > DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > > > > name: RootDNSServers > > > > # record 3 > > dn: > > DC=_msdcs.samba4.scem.westernsydney.edu.au > ,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > > > > name: _msdcs.samba4.scem.westernsydney.edu.au > > > > # record 4 > > dn: > > > DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > > > > name: RootDNSServers > > > > # returned 4 records > > # 4 entries > > # 0 referrals > > Looks like it should. > > Do the duplicate zone messages appear in the Samba or BIND logs? > > What log level are you using in smb.conf? > > Regards, > Marc > > > > > ---------- Forwarded message ---------- > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Wed, 30 Sep 2015 21:44:09 +0100 > Subject: Re: [Samba] Questions About Bind_DLZ > On 30/09/15 21:01, Marc Muehlfeld wrote: > >> Am 30.09.2015 um 03:50 schrieb David Minard: >> >>> ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=dnsZone)' -b >>> 'DC=SAMBA4,DC=SCEM,DC=WESTERNSYDNEY,DC=EDU,DC=AU' --cross-ncs name >>> >>> # record 1 >>> dn: >>> DC=samba4.scem.westernsydney.edu.au >>> ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au >>> >>> name: samba4.scem.westernsydney.edu.au >>> >>> # record 2 >>> dn: >>> >>> DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au >>> >>> name: RootDNSServers >>> >>> # record 3 >>> dn: >>> DC=_msdcs.samba4.scem.westernsydney.edu.au >>> ,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au >>> >>> name: _msdcs.samba4.scem.westernsydney.edu.au >>> >>> # record 4 >>> dn: >>> >>> DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au >>> >>> name: RootDNSServers >>> >>> # returned 4 records >>> # 4 entries >>> # 0 referrals >>> >> Looks like it should. >> >> Do the duplicate zone messages appear in the Samba or BIND logs? >> > > The messages are coming from Samba, to be precise, from dlz_bind9.c > > if (b9_zone_exists(state, zone)) { > state->log(ISC_LOG_WARNING, "samba_dlz: Ignoring duplicate > zone '%s' from '%s'", > zone, ldb_dn_get_linearized(zone_dn)); > continue; > } > > >> What log level are you using in smb.conf? >> > > I wonder if the log level is turned up too high, I personally have never > seen this message. > > I think it may help if the OP was to post the bind9 conf files and more of > the logfile that contains the error, bits of a log can so easily be > mis-understood. > > Rowland > >> >> Regards, >> Marc >> >> > > > > > ---------- Forwarded message ---------- > From: David Minard <david at scem.uws.edu.au> > To: Marc Muehlfeld <mmuehlfeld at samba.org>, samba at lists.samba.org > Cc: > Date: Thu, 01 Oct 2015 09:58:22 +1000 > Subject: Re: [Samba] Questions About Bind_DLZ > G'day Marc, > > On 01/10/15 06:01, Marc Muehlfeld wrote: > >> Am 30.09.2015 um 03:50 schrieb David Minard: >> >>> ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=dnsZone)' -b >>> 'DC=SAMBA4,DC=SCEM,DC=WESTERNSYDNEY,DC=EDU,DC=AU' --cross-ncs name >>> >>> # record 1 >>> dn: >>> DC=samba4.scem.westernsydney.edu.au >>> ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au >>> >>> name: samba4.scem.westernsydney.edu.au >>> >>> # record 2 >>> dn: >>> >>> DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au >>> >>> name: RootDNSServers >>> >>> # record 3 >>> dn: >>> DC=_msdcs.samba4.scem.westernsydney.edu.au >>> ,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au >>> >>> name: _msdcs.samba4.scem.westernsydney.edu.au >>> >>> # record 4 >>> dn: >>> >>> DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au >>> >>> name: RootDNSServers >>> >>> # returned 4 records >>> # 4 entries >>> # 0 referrals >>> >> Looks like it should. >> >> Do the duplicate zone messages appear in the Samba or BIND logs? >> > > I'm seeing these messages in the bind logs. The samba logs look normal. > > What log level are you using in smb.conf? >> > > Just default log levels at the moment. I was hoping someone had seen this > before. I'll up the samba and bind logs now, and see if anything more > interesting pops up. > > Regards, >> Marc >> >> > -- > > Cheers, > David Minard. > Ph: 0247 360 155 > Fax: 0247 360 770 > > School of Computing, Engineering, and Mathematics > Building Y - Penrith Campus (Kingswood) > Locked bag 1797 > Penrith South DC > NSW 1797 > > [Sometimes waking up just isn't worth the insult of the day to come.] > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > > > ---------- Forwarded message ---------- > From: David Minard <david at scem.uws.edu.au> > To: samba at lists.samba.org > Cc: > Date: Thu, 01 Oct 2015 10:24:59 +1000 > Subject: [Samba] 4th DC Unable to Replicate - WERR_DS_DRA_ACCESS_DENIED > G'day All, > > I've been setting up a new set of DCs, using 4.2.3 and all was going > well until I tried to get a 4th DC going. I'm using bind_DLZ, and I think > this is where I went wrong. > > I provisioned the new DC before having set up bind properly (I forgot > to "yum install bind bind-util bind-libs") before hand. The provision > worked okay, except that it told me that it couldn't work out what version > of bind was installed, and that I had to edit the > "/usr/local/samba/private/named.conf" file. Which I have done, and > uncommented out the 9.9 line). > > Then, I started bind, and then samba. All seemed well, except that it > has replication errors. So I went through the ownership of files, as > described by the wiki, making changes as appropriate, and compared them to > my other DCs. They now all seemed right. bind and samba restarted. > > > samba-tool drs showrepl > > ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to > samba4-40.samba4.scem.westernsydney.edu.au failed - drsException: DRS > connection to samba4-40.samba4.scem.westernsydney.edu.au failed: > (-1073741772, 'The object name is not found.') > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line > 39, in drsuapi_connect > (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) > drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds) > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line > 54, in drsuapi_connect > raise drsException("DRS connection to %s failed: %s" % (server, e)) > > > I have the server name in /etc/hosts. I have resolve.conf pointing to the > other DCs. > > If I "samba-tool drs showrepl samba4-40" I get > > Default-First-Site-Name\SAMBA4-40 > DSA Options: 0x00000001 > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > DSA invocationId: acea15ea-f471-42b9-84c3-8dc44bd98da4 > > ==== INBOUND NEIGHBORS ===> > CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:37 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:37 2015 AEST > > CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:37 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:37 2015 AEST > > CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-20 via RPC > DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11 > Last attempt @ Thu Oct 1 10:13:37 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:37 2015 AEST > > DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:37 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:37 2015 AEST > > DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:37 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:37 2015 AEST > > DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-20 via RPC > DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11 > Last attempt @ Thu Oct 1 10:13:38 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:38 2015 AEST > > DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:36 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:36 2015 AEST > > DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:36 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:36 2015 AEST > > DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-20 via RPC > DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11 > Last attempt @ Thu Oct 1 10:13:36 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:36 2015 AEST > > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:38 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:38 2015 AEST > > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:38 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:38 2015 AEST > > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-20 via RPC > DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11 > Last attempt @ Thu Oct 1 10:13:39 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:39 2015 AEST > > DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:36 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:36 2015 AEST > > DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:36 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:36 2015 AEST > > DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-20 via RPC > DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11 > Last attempt @ Thu Oct 1 10:13:36 2015 AEST failed, result 8453 > (WERR_DS_DRA_ACCESS_DENIED) > 205 consecutive failure(s). > Last success @ Thu Oct 1 10:13:36 2015 AEST > > ==== OUTBOUND NEIGHBORS ===> > ==== KCC CONNECTION OBJECTS ===> > Connection -- > Connection name: 0809eed4-d61d-4c7f-89cb-f230311fc7e3 > Enabled : TRUE > Server DNS name : samba4-00.samba4.scem.westernsydney.edu.au > Server DN name : CN=NTDS > Settings,CN=SAMBA4-00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > Connection -- > Connection name: 78bb6883-6d6a-4c5c-9d6b-39f256823401 > Enabled : TRUE > Server DNS name : samba4-10.samba4.scem.westernsydney.edu.au > Server DN name : CN=NTDS > Settings,CN=SAMBA4-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > Connection -- > Connection name: c91eece0-11bb-416f-888d-6e87e9439abf > Enabled : TRUE > Server DNS name : samba4-20.samba4.scem.westernsydney.edu.au > Server DN name : CN=NTDS > Settings,CN=SAMBA4-20,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > > > > On another dc "samba-tool drs showrepl" gives me: > > Default-First-Site-Name\SAMBA4-20 > DSA Options: 0x00000001 > DSA object GUID: 21a9f003-e429-4320-81c3-06e995652d11 > DSA invocationId: e5e45b36-50e5-4f56-97d3-11e1cb7f1b22 > > ==== INBOUND NEIGHBORS ===> > CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:55 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:55 2015 AEST > > CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:55 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:55 2015 AEST > > CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:13:55 2015 AEST failed, result 2 > (WERR_BADFILE) > 208 consecutive failure(s). > Last success @ NTTIME(0) > > DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:55 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:55 2015 AEST > > DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:56 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:56 2015 AEST > > DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:13:56 2015 AEST failed, result 2 > (WERR_BADFILE) > 208 consecutive failure(s). > Last success @ NTTIME(0) > > DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:54 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:54 2015 AEST > > DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:54 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:54 2015 AEST > > DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:13:54 2015 AEST failed, result 2 > (WERR_BADFILE) > 208 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:56 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:56 2015 AEST > > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:56 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:56 2015 AEST > > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:13:57 2015 AEST failed, result 2 > (WERR_BADFILE) > 208 consecutive failure(s). > Last success @ NTTIME(0) > > DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ Thu Oct 1 10:13:54 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:54 2015 AEST > > DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ Thu Oct 1 10:13:54 2015 AEST was successful > 0 consecutive failure(s). > Last success @ Thu Oct 1 10:13:54 2015 AEST > > DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:13:55 2015 AEST failed, result 2 > (WERR_BADFILE) > 208 consecutive failure(s). > Last success @ NTTIME(0) > > ==== OUTBOUND NEIGHBORS ===> > CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:14:58 2015 AEST failed, result 2 > (WERR_BADFILE) > 12196 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:14:59 2015 AEST failed, result 2 > (WERR_BADFILE) > 12195 consecutive failure(s). > Last success @ NTTIME(0) > > DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:14:58 2015 AEST failed, result 2 > (WERR_BADFILE) > 12197 consecutive failure(s). > Last success @ NTTIME(0) > > DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > DC=ForestDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:14:59 2015 AEST failed, result 2 > (WERR_BADFILE) > 12194 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-40 via RPC > DSA object GUID: 072d7de1-f6f3-45e0-bbcd-4ba17b0054ab > Last attempt @ Thu Oct 1 10:14:58 2015 AEST failed, result 2 > (WERR_BADFILE) > 12196 consecutive failure(s). > Last success @ NTTIME(0) > > DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-00 via RPC > DSA object GUID: 56352be2-bdf3-4a54-87a5-1355417519de > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > DC=DomainDnsZones,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > Default-First-Site-Name\SAMBA4-10 via RPC > DSA object GUID: 7fa7fc88-8d99-4217-b329-7e82324ec084 > Last attempt @ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > ==== KCC CONNECTION OBJECTS ===> > Connection -- > Connection name: 19cae640-3d3a-4c64-83f0-7cb99b8e2303 > Enabled : TRUE > Server DNS name : samba4-10.samba4.scem.westernsydney.edu.au > Server DN name : CN=NTDS > Settings,CN=SAMBA4-10,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > Connection -- > Connection name: 9648274d-fbcc-4974-8e00-32dedef0482c > Enabled : TRUE > Server DNS name : samba4-00.samba4.scem.westernsydney.edu.au > Server DN name : CN=NTDS > Settings,CN=SAMBA4-00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > Connection -- > Connection name: dd40f960-8f12-4d8e-8027-e4284a3e063b > Enabled : TRUE > Server DNS name : samba4-40.samba4.scem.westernsydney.edu.au > Server DN name : CN=NTDS > Settings,CN=SAMBA4-40,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > > > Which is what I'd expect given that samba4-40 has issues. > > So, I thought that I'd try to demote samba4-40 and re-try the domain join. > > samb-tool domain demote -U administrator > > Using samba4-00.samba4.scem.westernsydney.edu.au as partner server for > the demotion > Password for [SCEM_AD\administrator]: > Deactivating inbound replication > Asking partner server samba4-00.samba4.scem.westernsydney.edu.au to > synchronize from us > Error while demoting, re-enabling inbound replication > ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a > DsReplicaSync for partion > CN=Schema,CN=Configuration,DC=samba4,DC=scem,DC=westernsydney,DC=edu,DC=au > - drsException: DsReplicaSync failed (2, 'WERR_BADFILE') > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", > line 712, in run > sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part), > drsuapi.DRSUAPI_DRS_WRIT_REP) > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line > 83, in sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > > > HELP !! I'm now stuck. I've not seen "WERR_DS_DRA_ACCESS_DENIED" > before, and I don't know how to fix it. > > I don't know if running the domain join again is a good idea, or if > that will break more stuff.... > > -- > > Cheers, > David Minard. > Ph: 0247 360 155 > Fax: 0247 360 770 > > School of Computing, Engineering, and Mathematics > Building Y - Penrith Campus (Kingswood) > Locked bag 1797 > Penrith South DC > NSW 1797 > > [Sometimes waking up just isn't worth the insult of the day to come.] > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > > > ---------- Forwarded message ---------- > From: David Minard <david at scem.uws.edu.au> > To: samba at lists.samba.org > Cc: > Date: Thu, 01 Oct 2015 14:22:27 +1000 > Subject: [Samba] Replication Failing - NT_STATUS_IO_TIMEOUT > G'day Rowland, > > On 29/09/15 15:30, David Minard wrote: >> >>> I'm working on a brand new set of Samba DCs, as our University changed >>> it's domain name, so we thought we'd start from scratch. Working on 4.2.3 >>> at the moment. >>> >>> I finally got the new DC to join, but I had to wait until things got >>> quiet (midnight-ish). >>> >>> >>> Getting confused now, you originally posted this: >> >> I'm trying to commission another DC (number 5) in our production set up, >> as we've opened up a new site. All DCs are samba-4.0.25 self compiled. >> Yet now you say you are setting up a new domain, which is it ? >> If you are setting up a new domain, I hope you are not doing this in >> production. >> > > Sorry for the confusion. I was just commenting to Marc that I am also > running up a new set of samba servers, as he suggested moving to a > supported version. I'm loathed to jump up from this version to the > latest on the production system. Next, year, I hope the newer DCs I'm > setting up with the new samba.domain will be in production, and the current > production set will be retired. > > Our production version is 4.0.25, and this is the one with the problem > described in this thread. > > I did end up getting samba4-05 to join, but even after a day or so, it > did not have any of the domain users, groups, computers - just the standard > stuff that comes with a new DC... Strange. > > >> If you are setting up a new domain and self-compiling Samba, then you >> might as well use the latest version, this should reduce your chances of >> getting hit by a bug. >> > > Working on that. > > >> Rowland >> >> > -- > > Cheers, > David Minard. > Ph: 0247 360 155 > Fax: 0247 360 770 > > School of Computing, Engineering, and Mathematics > Building Y - Penrith Campus (Kingswood) > Locked bag 1797 > Penrith South DC > NSW 1797 > > [Sometimes waking up just isn't worth the insult of the day to come.] > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > > > ---------- Forwarded message ---------- > From: mathias dufresne <infractory at gmail.com> > To: samba <samba at lists.samba.org> > Cc: > Date: Thu, 1 Oct 2015 10:02:28 +0200 > Subject: Re: [Samba] Fwd: net rpc lookup from group names that start with > "-" > Hi Rowland, > > I'm not good at betting :p > > I didn't meant to be rough answering that. My point was the same as for the > difference between advising to run ./configure or ./configure --help: give > users information for they deal with issue themselves. That's why I took > time to explain these behaviours, with errors as shown below. > > Now if it works it's because Samba is well developed, or they - and we, > users - are lucky. Most commands don't take backslash in account: > > $ echo toto > -h > $ cat -h > cat : option invalide -- 'h' > $ cat \-h > cat : option invalide -- 'h' > $ cat '\-h' > cat: \-h: No such file or directory > $ cat "\-h" > cat: \-h: No such file or directory > $ cat -- -h > toto > > Anyway all that shows I was wrong: "\-h" is not interpreted by the shell > and the command receives \-h as file name, which is not what I expected. > I'm growing old perhaps, I don't take enough time to test, too much trust > into my experience, which is always a bad thing. > > Sorry to have been rude, have a nice day ;) > > Cheers, > > mathias > > 2015-09-30 18:04 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: > > > On 30/09/15 15:59, mathias dufresne wrote: > > > >> I bet that won't work. > >> net rpc ..... "\-dash group" -> the shell look into quotes and interpret > >> things inside quotes. Because of double quotes. So the shell will > >> interpret > >> \- and send only the dash to the command. > >> > >> net rpc ..... '\-dash group' -> the shell do not interpret things inside > >> the quotes, because simple quotes. The shell will send [\-dash group] to > >> the command. > >> > >> This is the same as: > >> net rpc ..... "\\-dash group" -> shell interpret \\, transform it into \ > >> and send \- to the command. > >> > >> But the point is command is waiting for switches after dashes (-a -o... > >> anything to tell the command how to react). The standard to tell > commands > >> there is no more switches is double dashes "--". And that double dashes > >> must be surrounded by spaces to be one word and be correctly interpreted > >> by > >> the command. > >> > >> > > Hi Mathias, This got my interest and after I thought 'why would you be > > daft enough to start any object name with a dash', I wondered if it was > > possible to do what the OP wanted. > > I tried to create a group called '-dashtest' and I was able to create it > > (after a couple of attempts). I then added a user to the group, I had to > > resort to ldbedit to do this. > > I then tried the command the OP posted and it didn't work (as expected), > > so I tried adding the forwardslash, not really expecting it to work, but > it > > did. > > > > Rowland > > > > > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > ---------- Forwarded message ---------- > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Thu, 01 Oct 2015 09:14:15 +0100 > Subject: Re: [Samba] Fwd: net rpc lookup from group names that start with > "-" > On 01/10/15 09:02, mathias dufresne wrote: > >> Hi Rowland, >> >> I'm not good at betting :p >> >> I didn't meant to be rough answering that. My point was the same as for >> the >> difference between advising to run ./configure or ./configure --help: give >> users information for they deal with issue themselves. That's why I took >> time to explain these behaviours, with errors as shown below. >> >> Now if it works it's because Samba is well developed, or they - and we, >> users - are lucky. Most commands don't take backslash in account: >> >> $ echo toto > -h >> $ cat -h >> cat : option invalide -- 'h' >> $ cat \-h >> cat : option invalide -- 'h' >> $ cat '\-h' >> cat: \-h: No such file or directory >> $ cat "\-h" >> cat: \-h: No such file or directory >> $ cat -- -h >> toto >> >> Anyway all that shows I was wrong: "\-h" is not interpreted by the shell >> and the command receives \-h as file name, which is not what I expected. >> I'm growing old perhaps, I don't take enough time to test, too much trust >> into my experience, which is always a bad thing. >> >> Sorry to have been rude, have a nice day ;) >> >> Cheers, >> >> mathias >> >> 2015-09-30 18:04 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>: >> >> On 30/09/15 15:59, mathias dufresne wrote: >>> >>> I bet that won't work. >>>> net rpc ..... "\-dash group" -> the shell look into quotes and interpret >>>> things inside quotes. Because of double quotes. So the shell will >>>> interpret >>>> \- and send only the dash to the command. >>>> >>>> net rpc ..... '\-dash group' -> the shell do not interpret things inside >>>> the quotes, because simple quotes. The shell will send [\-dash group] to >>>> the command. >>>> >>>> This is the same as: >>>> net rpc ..... "\\-dash group" -> shell interpret \\, transform it into \ >>>> and send \- to the command. >>>> >>>> But the point is command is waiting for switches after dashes (-a -o... >>>> anything to tell the command how to react). The standard to tell >>>> commands >>>> there is no more switches is double dashes "--". And that double dashes >>>> must be surrounded by spaces to be one word and be correctly interpreted >>>> by >>>> the command. >>>> >>>> >>>> Hi Mathias, This got my interest and after I thought 'why would you be >>> daft enough to start any object name with a dash', I wondered if it was >>> possible to do what the OP wanted. >>> I tried to create a group called '-dashtest' and I was able to create it >>> (after a couple of attempts). I then added a user to the group, I had to >>> resort to ldbedit to do this. >>> I then tried the command the OP posted and it didn't work (as expected), >>> so I tried adding the forwardslash, not really expecting it to work, but >>> it >>> did. >>> >>> Rowland >>> >>> >>> >>> Rowland >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> > Hi, no I didn't take what you said as rude, after all, I was surprised it > worked =-O > > It just shouldn't work, but does, well it did for me, having said that, > the correct cure is for the OP to stop being stupid and to remove the '-' > from all and any object names. > > Rowland > > > > > > ---------- Forwarded message ---------- > From: Stefan Kania <stefan at kania-online.de> > To: samba at lists.samba.org > Cc: > Date: Thu, 1 Oct 2015 09:59:35 +0200 > Subject: [Samba] DDNS and internal_DNS Server > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello everyone, > > I'm looking for a Howto to uses the intenal DNS of Samba 4 together > with isc-dhcp to create a DDNS. > > > Stefan > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.16 (Darwin) > > iEYEARECAAYFAlYM5+cACgkQ2JOGcNAHDTay7wCfawxH+CpMOvjSkChvcMtZ7Lfz > Z+MAoOUXm6bP5CKuLPEDZqccKu42UAF5 > =WM+d > -----END PGP SIGNATURE----- > > > > > ---------- Forwarded message ---------- > From: Lulzim KELMENI <lkelmeni at mairie-saint-ouen.fr> > To: <samba at lists.samba.org> > Cc: > Date: Thu, 01 Oct 2015 10:08:20 +0200 > Subject: [Samba] authentication problems sernet-samba > > > Hello, > > We have installed samba4 under Ubuntu 14.04.3 LTS. > > > > root at server:~# samba -V > > Version > 4.2.3-SerNet-Ubuntu-7.trusty > > Sometimes, we have authentication > problems. > > The only thing we found in log file, when it happend, is > this : > > > [2015/09/28 17:27:06.750675, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > [2015/09/28 > 17:27:06.792429, 3] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > > > Terminating connection - 'imessaging_init() failed' > > [2015/09/28 > 17:27:06.792568, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > [2015/09/28 > 17:27:06.856406, 3] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > > > Terminating connection - 'imessaging_init() failed' > > [2015/09/28 > 17:27:06.856444, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > [2015/09/28 > 17:27:06.908112, 3] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > > > Terminating connection - 'imessaging_init() failed' > > [2015/09/28 > 17:27:06.908157, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > [2015/09/28 > 17:27:06.965531, 3] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > > > Terminating connection - 'imessaging_init() failed' > > [2015/09/28 > 17:27:06.965580, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > [2015/09/28 > 17:27:07.027471, 3] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > > > Terminating connection - 'imessaging_init() failed' > > [2015/09/28 > 17:27:07.027564, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > [2015/09/28 > 17:27:07.151542, 3] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > > > Terminating connection - 'imessaging_init() failed' > > [2015/09/28 > 17:27:07.151599, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > [2015/09/28 > 17:27:07.153809, 3] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > > > Terminating connection - 'imessaging_init() failed' > > [2015/09/28 > 17:27:07.153875, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > [2015/09/28 > 17:27:07.155195, 3] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > > > Terminating connection - 'imessaging_init() failed' > > [2015/09/28 > 17:27:07.155233, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > [2015/09/28 > 17:27:07.263779, 3] > ../source4/smbd/service_stream.c:66(stream_terminate_connection) > > > Terminating connection - 'imessaging_init() failed' > > [2015/09/28 > 17:27:07.263830, 3] > ../source4/smbd/process_single.c:114(single_terminate) > > > single_terminate: reason[imessaging_init() failed] > > Here is the smb.conf > : > > # G > > > EST.LOCAL > > netbios name = SERVER > > server role = active > directory domain controller > > dns forwarder = xxx.xxx.xxx.xxx (IP adress > of forwarder) > > idmap_ldb:use rfc2307 = yes > > log level = 3 > > max log > size = 100000 > > > > [netlogon] > > path > /var/lib/samba/sysvol/oxygen.local/scripts > > read only = No > > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > Any help > would be appreciated > > > > Thank yo !, > im Direction des Systèmes > d'Information Service Systèmes, Réseaux, Bases de données Mairie de > Saint-Ouen > > > ---------- Forwarded message ---------- > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Thu, 01 Oct 2015 09:26:12 +0100 > Subject: Re: [Samba] Replication Failing - NT_STATUS_IO_TIMEOUT > On 01/10/15 05:22, David Minard wrote: > >> G'day Rowland, >> >> On 29/09/15 15:30, David Minard wrote: >>> >>>> I'm working on a brand new set of Samba DCs, as our University changed >>>> it's domain name, so we thought we'd start from scratch. Working on 4.2.3 >>>> at the moment. >>>> >>>> I finally got the new DC to join, but I had to wait until things got >>>> quiet (midnight-ish). >>>> >>>> >>>> Getting confused now, you originally posted this: >>> >>> I'm trying to commission another DC (number 5) in our production set up, >>> as we've opened up a new site. All DCs are samba-4.0.25 self compiled. >>> Yet now you say you are setting up a new domain, which is it ? >>> If you are setting up a new domain, I hope you are not doing this in >>> production. >>> >> >> Sorry for the confusion. I was just commenting to Marc that I am >> also running up a new set of samba servers, as he suggested moving to a >> supported version. I'm loathed to jump up from this version to the >> latest on the production system. Next, year, I hope the newer DCs I'm >> setting up with the new samba.domain will be in production, and the current >> production set will be retired. >> >> Our production version is 4.0.25, and this is the one with the >> problem described in this thread. >> >> I did end up getting samba4-05 to join, but even after a day or so, >> it did not have any of the domain users, groups, computers - just the >> standard stuff that comes with a new DC... Strange. >> >> >>> If you are setting up a new domain and self-compiling Samba, then you >>> might as well use the latest version, this should reduce your chances of >>> getting hit by a bug. >>> >> >> Working on that. >> >> >>> Rowland >>> >>> >> > I seem to remember that there was a problem with dns records and > tombstones, have you tried searching for deleted dns records? > > Rowland > > > > > ---------- Forwarded message ---------- > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Thu, 01 Oct 2015 09:28:28 +0100 > Subject: Re: [Samba] DDNS and internal_DNS Server > On 01/10/15 08:59, Stefan Kania wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hello everyone, >> >> I'm looking for a Howto to uses the intenal DNS of Samba 4 together >> with isc-dhcp to create a DDNS. >> >> >> > Hi, have a look here: > > > http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ > > Rowland > > > > > > ---------- Forwarded message ---------- > From: Rowland Penny <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Cc: > Date: Thu, 01 Oct 2015 09:39:41 +0100 > Subject: Re: [Samba] authentication problems sernet-samba > On 01/10/15 09:08, Lulzim KELMENI wrote: > >> >> Hello, >> >> We have installed samba4 under Ubuntu 14.04.3 LTS. >> >> root at server:~# samba -V >> >>> Version >>> >> 4.2.3-SerNet-Ubuntu-7.trusty >> >> Sometimes, we have authentication >> problems. >> >> The only thing we found in log file, when it happend, is >> this : >> >> [2015/09/28 17:27:06.750675, 3] >>> >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >>> [2015/09/28 >>> >> 17:27:06.792429, 3] >> ../source4/smbd/service_stream.c:66(stream_terminate_connection) >> Terminating connection - 'imessaging_init() failed' >> >>> [2015/09/28 >>> >> 17:27:06.792568, 3] >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >>> [2015/09/28 >>> >> 17:27:06.856406, 3] >> ../source4/smbd/service_stream.c:66(stream_terminate_connection) >> Terminating connection - 'imessaging_init() failed' >> >>> [2015/09/28 >>> >> 17:27:06.856444, 3] >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >>> [2015/09/28 >>> >> 17:27:06.908112, 3] >> ../source4/smbd/service_stream.c:66(stream_terminate_connection) >> Terminating connection - 'imessaging_init() failed' >> >>> [2015/09/28 >>> >> 17:27:06.908157, 3] >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >>> [2015/09/28 >>> >> 17:27:06.965531, 3] >> ../source4/smbd/service_stream.c:66(stream_terminate_connection) >> Terminating connection - 'imessaging_init() failed' >> >>> [2015/09/28 >>> >> 17:27:06.965580, 3] >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >>> [2015/09/28 >>> >> 17:27:07.027471, 3] >> ../source4/smbd/service_stream.c:66(stream_terminate_connection) >> Terminating connection - 'imessaging_init() failed' >> >>> [2015/09/28 >>> >> 17:27:07.027564, 3] >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >>> [2015/09/28 >>> >> 17:27:07.151542, 3] >> ../source4/smbd/service_stream.c:66(stream_terminate_connection) >> Terminating connection - 'imessaging_init() failed' >> >>> [2015/09/28 >>> >> 17:27:07.151599, 3] >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >>> [2015/09/28 >>> >> 17:27:07.153809, 3] >> ../source4/smbd/service_stream.c:66(stream_terminate_connection) >> Terminating connection - 'imessaging_init() failed' >> >>> [2015/09/28 >>> >> 17:27:07.153875, 3] >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >>> [2015/09/28 >>> >> 17:27:07.155195, 3] >> ../source4/smbd/service_stream.c:66(stream_terminate_connection) >> Terminating connection - 'imessaging_init() failed' >> >>> [2015/09/28 >>> >> 17:27:07.155233, 3] >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >>> [2015/09/28 >>> >> 17:27:07.263779, 3] >> ../source4/smbd/service_stream.c:66(stream_terminate_connection) >> Terminating connection - 'imessaging_init() failed' >> >>> [2015/09/28 >>> >> 17:27:07.263830, 3] >> ../source4/smbd/process_single.c:114(single_terminate) >> single_terminate: reason[imessaging_init() failed] >> >> Here is the smb.conf >> : >> >> # G >> >> EST.LOCAL >>> netbios name = SERVER >>> server role = active >>> >> directory domain controller >> >>> dns forwarder = xxx.xxx.xxx.xxx (IP adress >>> >> of forwarder) >> >>> idmap_ldb:use rfc2307 = yes >>> log level = 3 >>> max log >>> >> size = 100000 >> >>> [netlogon] >>> path >>> >> /var/lib/samba/sysvol/oxygen.local/scripts >> >>> read only = No >>> >>> >>> [sysvol] >> >>> path = /var/lib/samba/sysvol >>> read only = No >>> >>> Any help >>> >> would be appreciated >> >>> Thank yo !, >>> >> > What do you mean 'authentication problems' ? > Authenticating from what and how? > Is there any pattern? > > Rowland > > > > > > ---------- Forwarded message ---------- > From: mourik jan heupink <heupink at merit.unu.edu> > To: samba at lists.samba.org > Cc: > Date: Thu, 1 Oct 2015 13:41:33 +0200 > Subject: [Samba] ntlm_password_check: LM password, NT MD4 password in LM > field and LMv2 failed for user username > Hi, > > We're seeing these messages for some users in our DC logs. Google tells me > that lanman hashed passwords are less strong, and should not be used > anymore. > > Solutions on the internet are to enable ntlm auth and > client ntlmv2 auth in smb.conf. > > But I guess this will weaken the security of our network, and it smells as > if these users are perhaps using older windows versions, and we should > simply tell them to upgrade? Or is there a way to stop windows xp (i > guess...) from using lanman auth? > > Any ideas or suggestions how to proceed? > > MJ > > > > _______________________________________________ > samba mailing list > samba at lists.samba.org > https://lists.samba.org/mailman/listinfo/samba > >