search for: addc01

Hi everyone, unfortunately, I managed to break my Samba AD DC configuration :-( and would like to ask the experts on this list. When restarting my Samba AC DC I noticed, that it didn't come up properly. samba outputs the following lines to /var/log/syslog > Nov 24 12:46:52 addc01 samba[30784]: /usr/sbin/samba_dnsupdate: > RuntimeError: kinit for ADDC01$@MYDOMAIN.LAN failed (Cannot contact > any KDC for requested realm) > > Nov 24 12:46:52 addc01 samba[30784]: > ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - > NT_STATUS_ACCESS_DENIED > I...

...irective Today, I followed the wiki page <https://wiki.samba.org/index.php/User_home_drives> with all the prerequisites. Unfortunately, the automatic home folder creation still does not work. So I checked all my logs and I guess I have another problem with DDNS and DHCP: Oct 17 16:15:41 addc01 named[6074]: samba_dlz: starting transaction on zone 6.168.192.in-addr.arpa Oct 17 16:15:41 addc01 named[6074]: samba_dlz: spnego update failed Oct 17 16:15:41 addc01 named[6074]: client 127.0.0.1#59487/key rndc-key: updating zone '6.168.192.in-addr.arpa/NONE': update failed: rejected by...

...wed it myself and it does work against a Samba fileserver. Where do you expect the home directory to be created ? Is it on a Samba machine and if so what have you got in smb.conf ? > So I checked all my logs and I guess I have > another problem with DDNS and DHCP: > > Oct 17 16:15:41 addc01 named[6074]: samba_dlz: starting transaction > on zone 6.168.192.in-addr.arpa > Oct 17 16:15:41 addc01 named[6074]: samba_dlz: spnego update failed > Oct 17 16:15:41 addc01 named[6074]: client 127.0.0.1#59487/key > rndc-key: updating zone '6.168.192.in-addr.arpa/NONE': update fa...

...> necessary steps and did not forget to grant the >>>> SeDiskOperatorPrivilege rights to the Domain Admins >>>> >>>> root at fileserver2:/var/log/samba# net rpc rights list >>>> 'MYDOMAIN\Domain Admins' -U'MYDOMAIN\Administrator' -S addc01 >>>> Enter MYDOMAIN\Administrator's password: >>>> SeDiskOperatorPrivilege >>>> >>>> Now I'm stuck in the RSAT Computer Management Console where I am >>>> denied access to the share configuration. On the navigation tree in >>...

...schema extension with the same ldif-files. During the process the DB was reindexed. Then wie looked at a user in the "attribute editor" in ADUC of one of the users. We can't see the additional attributes. We reindexed the DB and got the following messages: --------------- root at addc01:~# samba-tool dbcheck --reindex Re-indexing... Reindexing: re-keyed 10000 records so far Reindexing: re-keyed 20000 records so far Reindexing: re-keyed 30000 records so far Reindexing: re-indexed 10000 records so far Reindexing: re-indexed 20000 records so far Reindexing: re-indexed 30000 records s...

...think, I have made all the necessary >> steps and did not forget to grant the SeDiskOperatorPrivilege rights >> to the Domain Admins >> >> root at fileserver2:/var/log/samba# net rpc rights list 'MYDOMAIN\Domain >> Admins' -U'MYDOMAIN\Administrator' -S addc01 >> Enter MYDOMAIN\Administrator's password: >> SeDiskOperatorPrivilege >> >> Now I'm stuck in the RSAT Computer Management Console where I am >> denied access to the share configuration. On the navigation tree in >> the left window "Local users and g...

...only = no store dos attributes = yes create mask = 0600 directory mask = 0700 guest ok = no profile acls = yes csc policy = disable > >> So I checked all my logs and I guess I have >> another problem with DDNS and DHCP: >> >> Oct 17 16:15:41 addc01 named[6074]: samba_dlz: starting transaction >> on zone 6.168.192.in-addr.arpa >> Oct 17 16:15:41 addc01 named[6074]: samba_dlz: spnego update failed >> Oct 17 16:15:41 addc01 named[6074]: client 127.0.0.1#59487/key >> rndc-key: updating zone '6.168.192.in-addr.arpa/NONE...

...NIC only, thereby reducing complexity) I think, I have made all the necessary steps and did not forget to grant the SeDiskOperatorPrivilege rights to the Domain Admins root at fileserver2:/var/log/samba# net rpc rights list 'MYDOMAIN\Domain Admins' -U'MYDOMAIN\Administrator' -S addc01 Enter MYDOMAIN\Administrator's password: SeDiskOperatorPrivilege Now I'm stuck in the RSAT Computer Management Console where I am denied access to the share configuration. On the navigation tree in the left window "Local users and groups" is shown as locked (and I remember this...

...any help you can give me. Also the windows guys have implement active directory but I want the users to authenticate using NIS. Thanks Ben # Global parameters [global] workgroup = HEALTH server string = Solaris Samba Server 3.0 security = SERVER password server = addc01 max log size = 500 name resolve order = host wins bcast preferred master = No local master = No domain master = No wins server = xxx.xxx.xx.xx ldap ssl = no hosts allow = xxx.xxx. [sowhat] path = /var/sowhat valid user...

...se } } fcc-mit-ticketflags = true [realms] RDOMAIN.PRV = { default_domain = RDOMAIN.PRV master_kdc = dc02.rdomain.prv admin_server = dc02.rdomain.prv kdc = aurad.rdomain.prv kdc = addc01.rdomain.prv kdc = addc02.rdomain.prv kdc = addc03.rdomain.prv #kdc = addc04.rdomain.prv kdc = addc05.rdomain.prv kdc = chlddc01.kid.rdomain.prv } KID.RDOMAIN.PRV = { default_domain = KID....

...he > >> necessary steps and did not forget to grant the > >> SeDiskOperatorPrivilege rights to the Domain Admins > >> > >> root at fileserver2:/var/log/samba# net rpc rights list > >> 'MYDOMAIN\Domain Admins' -U'MYDOMAIN\Administrator' -S addc01 > >> Enter MYDOMAIN\Administrator's password: > >> SeDiskOperatorPrivilege > >> > >> Now I'm stuck in the RSAT Computer Management Console where I am > >> denied access to the share configuration. On the navigation tree in > >> the left...

Hi all, I've been fighting with joining my samba server (debian) to my active directory domain for 4 days now. The problem here is that users in my active directory domain on windows machines are not able to browse my samba shares without being prompted for authentication. I can: - Join the domain from samba server using net ads - View list of tickets when brownsing window shares with

Hello Stefan, you need to use "-U" with user from Domain Admin group(maybe it works with other users too, but I didn't test it). Andrej Am 07.08.2018 um 17:00 schrieb Stefan Kania via samba: > When I start the replication from the other DC it works as you can see: > ------- > root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net > Replicate

...ing complexity) I think, I have made all the necessary > steps and did not forget to grant the SeDiskOperatorPrivilege rights > to the Domain Admins > > root at fileserver2:/var/log/samba# net rpc rights list 'MYDOMAIN\Domain > Admins' -U'MYDOMAIN\Administrator' -S addc01 > Enter MYDOMAIN\Administrator's password: > SeDiskOperatorPrivilege > > Now I'm stuck in the RSAT Computer Management Console where I am > denied access to the share configuration. On the navigation tree in > the left window "Local users and groups" is shown as...

...h the same ldif-files. During the > process the DB was reindexed. Then wie looked at a user in the > "attribute editor" in ADUC of one of the users. We can't see the > additional attributes. We reindexed the DB and got the following > messages: --------------- > root at addc01:~# samba-tool dbcheck --reindex > Re-indexing... > Reindexing: re-keyed 10000 records so far > Reindexing: re-keyed 20000 records so far > Reindexing: re-keyed 30000 records so far > Reindexing: re-indexed 10000 records so far > Reindexing: re-indexed 20000 records so far > Rei...

...: > samba-tool drs replicate dchost sourcedc dc=DC,dc=example,dc=com > Replicate from sourcedc to dchost was successful. Checking DNS seems to prove that replication was not instead succesful: > host -t SRV _ldap._tcp.dc.example.com > _ldap._tcp.dc.example.com has SRV record 0 100 389 addc01.dc.example.com > _ldap._tcp.dc.example.com has SRV record 0 100 389 addc02.dc.example.com > _ldap._tcp.dc.example.com has SRV record 0 100 389 addc3.dc.example.com > _ldap._tcp.dc.example.com has SRV record 0 100 389 addc2.dc.example.com > _ldap._tcp.dc.example.com has SRV record 0 100...

...till no entry for any of the srv-records on my rodc. As I said above, only RWDC's get that srv-record. > > > Adding Users for password-caching works. > Next Question :-) > Is there any way to see which users loaded with "samba-tool rodc > preload <user> --server=addc01" Not sure, but, from reading the code, it will print an error message for every user that fails. Rowland

...CNAME is there Then I did a: -------- samba_dnsupdate --verbose --all-names -------- Still no entry for any of the srv-records on my rodc. Adding Users for password-caching works. Next Question :-) Is there any way to see which users loaded with "samba-tool rodc preload <user> --server=addc01" I think, thats all (for the moment) Stefan Am 07.08.2018 um 17:13 schrieb Andrej Gessel via samba: > Hello Stefan, > > you need to use "-U" with user from Domain Admin group(maybe it works > with other users too, but I didn't test it). > > > Andrej &gt...

Hello Rowland, Am 13.10.2016 um 16:53 schrieb Rowland Penny via samba: > On Thu, 13 Oct 2016 16:22:47 +0200 > Udo Willke via samba <samba at lists.samba.org> wrote: > >> Hello Rowland, >> >> I have removed the rfc2307-IDs now. I guess going to the "Unix >> Attributes" tab in ADUC and setting "NIS Domain" to "none" is >>

...ucing complexity) I think, I have made all the necessary > steps and did not forget to grant the SeDiskOperatorPrivilege rights to > the Domain Admins > > root at fileserver2:/var/log/samba# net rpc rights list 'MYDOMAIN\Domain > Admins' -U'MYDOMAIN\Administrator' -S addc01 > Enter MYDOMAIN\Administrator's password: > SeDiskOperatorPrivilege > > Now I'm stuck in the RSAT Computer Management Console where I am denied > access to the share configuration. On the navigation tree in the left > window "Local users and groups" is shown as...