On Thu, 29 Dec 2016 17:21:19 +0100 Marc Muehlfeld via samba <samba at lists.samba.org> wrote:> Hello Bruno, > > Am 29.12.2016 um 17:01 schrieb Bruno Miguel Martins via samba: > > I've migrated from Samba NT4 to Samba AD, joined other Windows > > DC's to the domain and then demoted my Samba DC. > > > > I am not being able to login from client computers with the > > error stated on the subject. I've tried everything, from making > > sure replication is OK, client DNS configuration also. > > Registry modifications from prior Samba NT4 domain were > > reverted in the client. > > > > Are there any hints on what to do next? > > You're only having Windows DCs left? > > May I ask why you migrated from Samba AD to Windows? > > It sounds like the _ldap DNS record is missing, Windows uses to locate > the DC. Can you please verify that all required _ldap/_kerberos > records exist in the correct zones. For some examples, see: > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Verifying_DNS > or because you are no longer a Samba user: ;-) > https://technet.microsoft.com/en-us/library/cc961719.aspx > > If all required records exist and logging in still fails, I continue > guessing that it is DNS related: > - At least one of the Windows DCs runs a DNS server? > - The clients are using the DNS on the Windows DC? > Test by running on a client > > ping Short_DC_Name > > Regards, > Marc >I mis-read that, I thought he had removed the old NT4-style PDC, but if he now has (as Marc thinks) no Samba DCs and is only using windows DCs, I fail to see how this can be a Samba problem or how it can be fixed from Samba, or am I missing something ? Rowland
Am 29.12.2016 um 17:34 schrieb Rowland Penny via samba:> I mis-read that, I thought he had removed the old NT4-style PDC, but if > he now has (as Marc thinks) no Samba DCs and is only using windows DCs, > I fail to see how this can be a Samba problem or how it can be fixed > from Samba, or am I missing something ?Even if it's not our goal to help people moving from Samba to Windows, it might be a bug in Samba that prevents that the records are created correctly during the Windows DC join. If a user runs both, a Windows and Samba DC, it can happen that the Samba DC is temporarily offline and in this case the user expects that clients can continue logging in. Some further questions to the OP: * What Windows Server OS version did you joined _first_ to the Samba AD? * What other Windows Server OS versions were joined to the AD while Samba was still part of the AD forest? Regards, Marc
On Thu, 29 Dec 2016 18:15:33 +0100 Marc Muehlfeld <mmuehlfeld at samba.org> wrote:> Am 29.12.2016 um 17:34 schrieb Rowland Penny via samba: > > I mis-read that, I thought he had removed the old NT4-style PDC, > > but if he now has (as Marc thinks) no Samba DCs and is only using > > windows DCs, I fail to see how this can be a Samba problem or how > > it can be fixed from Samba, or am I missing something ? > > Even if it's not our goal to help people moving from Samba to Windows,I never said we shouldn't help people move to windows> it might be a bug in Samba that prevents that the records are created > correctly during the Windows DC join.If it was, surely it would have shown up whilst the Samba DC was running.> If a user runs both, a Windows > and Samba DC, it can happen that the Samba DC is temporarily offline > and in this case the user expects that clients can continue logging > in.If, has you think, the OP now has no Samba DCs, then 'temporarily' is an understatement ;-)> > > Some further questions to the OP: > * What Windows Server OS version did you joined _first_ to the Samba > AD? > * What other Windows Server OS versions were joined to the AD while > Samba was still part of the AD forest? >He needs to answer your questions and mine and to confirm whether he now has a Samba DC or not. If he hasn't, all we can offer is advice, no Samba tools will work on windows ;-) Rowland