search for: adlab

I just checked the SOA records on my samba DCs and noticed a few oddities: michael at sles-bree:~> for i in ad{1..4} sles-bree sles-shire; do host -t soa main.adlab.netdirect.ca $i | grep SOA; done main.adlab.netdirect.ca has SOA record ad1.main.adlab.netdirect.ca. hostmaster.main.adlab.netdirect.ca. 177 900 600 86400 3600 main.adlab.netdirect.ca has SOA record ad2.main.adlab.netdirect.ca. hostmaster.main.adlab.netdirect.ca. 176 900 600 86400 3600 main.adlab...

OK, further to my previous message I've configured BIND, but when I try to run samba_dnsupdate I get the following: Nov 18 16:19:23 sles-shire named[6112]: samba b9_putrr: unhandled record type 0 Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: starting transaction on zone _msdcs.main.adlab.netdirect.ca Nov 18 16:19:24 sles-shire named[6112]: samba_dlz: disallowing update of signer=SLES-SHIRE\$\@MAIN.ADLAB.NETDIRECT.CA name=gc._msdcs.main.adlab.netdirect.ca type=A error=insufficient access rights Nov 18 16:19:24 sles-shire named[6112]: client 10.0.3.11#33090/key SLES-SHIRE\$\@MAIN...

We've joined an RODC to the domain (Windows 2008R2 running a W2003 FFL/DFL AD) but are getting these errors on first startup. It was joined with: samba-tool domain join main.adlab.netdirect.ca RODC --realm=main.adlab.netdirect.ca --username=administrator at main.adlab.netdirect.ca --dns-backend=BIND9_DLZ but we get these errors right after startup: Nov 28 12:35:27 sles-bree samba[3939]: [2013/11/28 12:35:27.824986, 0] ../source4/dsdb/repl/replicated_objects.c:783(dsdb_re...

...ID: 7ea641b0-d418-4c74-a4fa-c15b852467b8 DSA invocationId: 1017ff29-756c-4777-b395-b481f4b5387c ==== INBOUND NEIGHBORS ==== ==== OUTBOUND NEIGHBORS ==== ==== KCC CONNECTION OBJECTS ==== Connection -- Connection name: 03f0970a-df52-4b65-952d-06c5954559f7 Enabled : TRUE Server DNS name : AD4.main.adlab.netdirect.ca Server DN name : CN=NTDS Settings,CN=AD4,CN=Servers,CN=Shire,CN=Sites,CN=Configuration,DC=main,DC=adlab,DC=netdirect,DC=ca TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Connection -- Connection name: 15c600f8-e8c0-4a4f-9594-5b98cdcba240 Enabled : TRU...

OK! I'm getting farther and farther! :) I've managed to preload user and computer passwords onto a samba RODC: *sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 'win7-shire$' --server main.adlab.netdirect.ca** *Replicating DN CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca Exop on[CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca] objects[1] linked_values[2] *sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 'win7-shire-2$' --server main.adla...

...g verify failure [2013/11/18 13:22:37.416396, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: update failed: REFUSED Complete output from samba_dnsupdate --verbose --all-names is here: http://paste.ubuntu.com/6438840/ ... Calling nsupdate for A sles-bree.main.adlab.netdirect.ca 10.0.2.11 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: sles-bree.main.adlab.netdirect.ca. 900 IN A 10.0.2.11 Calling nsupdate for A gc._msdcs.main.adlab.netdirect.ca...

I was hoping this would be simpler. I'd like to prepopulate an RODC with all users accounts that are permitted. But I can only pre-populate one at a time: samba-tool rodc preload (<SID>|<DN>|<accountname>) sles-shire:~ # samba-tool group listmembers 'Allowed RODC Password Replication Group - Shire' Allowed RODC Password Replication Group - Global WIN7-SHIRE$ bilbo

...erver 2003" (the highest available option with 2003) before adding the new Samba4 dc. If I run samba_dnsupdate --verbose there are no errors - everything seems to be fine. samba-tool dns zonelist <samba-testserver> shows me following zones 2 zone(s) found pszZoneName : adlab.local Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : Domain...

I would like to get samba4 working with AD and rfc2307 attributes, while allowing the nice remote management available via samba4. Using sernet-samba packages on 4.1.3-7.el6.x86_64 CentOS 6. I have samba4 configured as follows: krb5.conf: [libdefaults] default_realm = MAIN.ADLAB.NETDIRECT.CA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true smb.conf was partially generated by authconfig and is: [global] #--authconfig--start-line-- # Generated by authconfig on 2013/12/11 13:33:41 # DO NOT EDIT THIS SECTION (delimite...