search for: _ldaps

Hai,   Im wondering, im missing the  _ldaps._tcp. INTERNAL.DOMAIN.TLD entries in my dns. Now, before the updates ( badlock ) etc. this wasnt notice i think. But now since im setting up that everything is doing ldaps i noticed this in my squid setup   ( squid mailing subject : [squid-users] ext_kerberos_ldap_group_acl problem )   My...

...           ${HOSTNAME} 389 ${IF_DNS_FOREST}SRV    _ldap._tcp.${SITE}._sites.ForestDnsZones.${DNSFOREST} ${HOSTNAME} 389     Ive added the SRV records now as followed, and my squid groups not repond better :-) great. Use these commands, handy for others.. samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc1.dns_zone 636 0 100' samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc2.dns_zone 636 0 100'   now i do believe, that this needs by default in the samba installs, if ssl/tls is enabled by default.     Greetz,   Louis           > -----Oorspronke...

...gt; > 389 > > > > > > > > > > > > Ive added the SRV records now as followed, and my squid groups not > > repond better :-) great. > > > > Use these commands, handy for others.. > > > > samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc1.dns_zone > > 636 0 100' > > > > samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc2.dns_zone > > 636 0 100' > > > > > > > > now i do believe, that this needs by default in the samba installs, > > if ssl/t...

...p._tcp.${SITE}._sites.ForestDnsZones.${DNSFOREST} ${HOSTNAME} 389 > >   > >   > > Ive added the SRV records now as followed, and my squid groups not > repond better :-) great. > > Use these commands, handy for others.. > > samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc1.dns_zone > 636 0 100' > > samba-tool dns add DC1.fqdn dns_zone _ldaps._tcp SRV 'dc2.dns_zone > 636 0 100' > >   > > now i do believe, that this needs by default in the samba installs, > if ssl/tls is enabled by default. > >   >...

On 8/24/2016 11:00 AM, L.P.H. van Belle via samba wrote: > Hai, > > > > Im wondering, im missing the _ldaps._tcp. INTERNAL.DOMAIN.TLD entries in my dns. > > Now, before the updates ( badlock ) etc. this wasnt notice i think. > > But now since im setting up that everything is doing ldaps i noticed this in my squid setup > > > > ( squid mailing subject : [squid-users] ext_kerbero...

> > No, I think you need to fix squid or at the very least, ask squid where > they got _ldaps from, because it doesn't seem to exist on any AD DC. > > Rowland Thats correct Rowland, found that also.. but.. i also did find. _ldaps._tcp is not any standard But that’s what usually people do if they can't use startTLS. And startTLS is prefered always before ldaps and htt...

...panda101--- via samba <samba at lists.samba.org> wrote: > > I know you asked recently but I do have them from a long ago > provisioned DC as reference. > > If you have them, I think you may be the only one who does ;-) A bit of searching doesn't turn up anything about _ldaps records, just _ldap. Rowland

...;samba at lists.samba.org> wrote: > >> I know you asked recently but I do have them from a long ago >> provisioned DC as reference. >> >> > If you have them, I think you may be the only one who does ;-) > > A bit of searching doesn't turn up anything about _ldaps records, just > _ldap. > > Rowland > > My domain was provisioned from 4.0. Here is my info. root at pfdc1:~# samba -V Version 4.4.5 root at pfdc1:~# uname -a Linux pfdc1.domain.local 3.2.0-106-generic #147-Ubuntu SMP Tue Jun 28 21:27:24 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Usi...

...|- _kerberos - dc2 | | | |- _tcp | | |- _gc - dc1 | | |- _gc - dc2 | | |- _kerberos - dc1 | | |- _kerberos - dc2 | | |- _kpasswd - dc1 | | |- _kpasswd - dc2 | | |- _ldap - dc1 | | |- _ldap - dc2 | | |- _ldaps - dc1 | | | |- _udp | | |- _kerberos - dc1 | | |- _kerberos - dc2 | | |- _kpasswd - dc1 | | |- _kpasswd - dc2 | | | |- DomainDnsZones | | |- _sites | | | |- Default-First-Site-Name | | | |- _tcp...

> Obviously there is something wrong with the dns updates on DC2. Any > ideas? > > Tom > >The problem is (as far as I understand it), you cannot write to an >RODC, it forwards write actions to a writeable DC, which then replicates >them back. >From the above, it is timing out, is there a firewall or similar in the >way ? Can you ping a DC from the RODC ? >

> > Good, the _msdcs domain is the forest domain So is it normal that DC4 is not in that? > but are there records for all three DCs in: > > DC=your.domain.com > ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=your,DC=domain,DC=com > I tried to find this path in the LDAP Browser and ASDI Edit but I did not manage in find it. In the Windows DNS Manager connected to DC1 I found _ldap