search for: dilken

On 10.03.2015 20:20, Rowland Penny wrote: > > OK, the first will not work (well not yet), the second should, I > take it you ran 'kinit Administrator at AD.DILKEN.EU' as root before > the join ? > > You could try 'net ads join -U Administrator' and enter the > password when prompted, I personally have never seen the point in > using kerberos during the join, either way you have to enter the > Administrator password :-) > &g...

Oh, I have a pair of samba-4.1.17-DC's, raspberry-pi and dc2 to which make the domain ad.dilken.eu on site Neuoetting. resolv.conf points to the two dc's: search ad.dilken.eu nameserver 192.168.2.33 nameserver 192.168.2.2 In the output I find some relations to dc2 resp. 192.168.2.2, but perhaps it doesn't work as expected.. Greetings Am 10.03.2015 um 21:23 schrieb Rowland Penny:...

...; one) it should be 'idmap_ldb:use rfc2307 = yes' two) it is only > used on a DC. > > How are you trying to do the join ? > > Rowland > > Hi, I commented it out but it didn't change the behaviour. I tried the following commands: 1.) samba-tool domain join ad.dilken.eu MEMBER -UAdministrator --realm=AD.DILKEN.EU --site=Neuoetting -d 10 Result (last lines): Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Received smb_krb5 packet of length 291 Received smb_krb5 packet of length 1293 Received smb_krb5 packet of length 1310 Received smb...

On 10/03/15 20:29, Roman Dilken wrote: > Oh, I have a pair of samba-4.1.17-DC's, raspberry-pi and dc2 to which make the domain ad.dilken.eu on site Neuoetting. > > resolv.conf points to the two dc's: > > search ad.dilken.eu > nameserver 192.168.2.33 > nameserver 192.168.2.2 > > In the output I f...

smb.conf and krb5.conf on dc2: # Global parameters [global] workgroup = AD realm = ad.dilken.eu netbios name = DC2 server role = active directory domain controller idmap_ldb:use rfc2307 = yes log level = 5 [netlogon] path = /var/lib/samba/sysvol/ad.dilken.eu/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read o...

On 10/03/15 20:14, Roman Dilken wrote: > On 10.03.2015 20:20, Rowland Penny wrote: > >> OK, the first will not work (well not yet), the second should, I >> take it you ran 'kinit Administrator at AD.DILKEN.EU' as root before >> the join ? >> >> You could try 'net ads join -U Adminis...

...39; return the same time > (allowing for being run on different machines), they need to be very > close together. > > Rowland > Time seems okay, the system is getting it from the first DC, but I found something interesting in the serverlog: Not authoritative for '_kerberos.dilken.eu', forwarding [2015/03/10 22:31:34.148561, 2] ../source4/dns_server/dns_query.c:629(dns_serve r_process_query_send) Seems that net ads does not correctly set domain name and/or realm. The DNS-question should be _kerberos.ad.dilken.eu for which the DNS is authoritative... Greetings, Roma...

....4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore kerberos_kinit_password: as Administrator using [MEMORY:cliconnect] as ccache and config [(null)] cli_session_setup_spnego: using target hostname not SPNEGO principal cli_session_setup_spnego: guessed server principal=cifs/dc2.ad.dilken.eu at AD.DILKEN.EU Doing kerberos session setup ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Mi, 11 M?r 2015 05:00:16 CET ads_krb5_mk_req: Ticket (cifs/dc2.ad.dilken.eu at AD.DILKEN.EU) in ccache (MEMORY:cliconnect) is valid until: (Mi, 11 M?r 2015 05:00:16 CET - 142604...

On 10/03/15 19:01, Roman Dilken wrote: > On 10.03.2015 19:25, Rowland Penny wrote: > >> Hi, what are you trying to join to? >> >> Remove this line 'idmap_ldp:use rfc2307 = yes' >> >> one) it should be 'idmap_ldb:use rfc2307 = yes' two) it is only >> used on a DC. >>...

On 11/03/15 04:49, Roman Dilken wrote: > smb.conf and krb5.conf on dc2: > > # Global parameters > [global] workgroup = AD > realm = ad.dilken.eu > netbios name = DC2 > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > log...

On 10/03/15 18:05, Roman Dilken wrote: > Hi, > > i've got a problem joining a domain with samba 4.1.17 on freebsd. > > Everytime I try it, the join fails with a core dump. > Debugging it, it seems that it is stuck on authentication. Kerberos > works, I get credentials, but if I try to join the domain, it...

Hi, i renamed the default-first-site-name with the windows-tools and now I see that serveral DNS-entries still point to the default-first-site-name instead of the renamed site-name. Today I joined a second DS to the renamed site wich worked perfectly, the DC's DNS-entries are in the right site. Actually I don't see any problem but should the entries not be in the renamed site and the

...he site.. Why isn't this in the wiki? > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: abartlet at samba.org [mailto:samba-bounces at lists.samba.org] >> Namens Andrew Bartlett >> Verzonden: dinsdag 3 maart 2015 10:43 >> Aan: Roman Dilken >> CC: samba at lists.samba.org >> Onderwerp: Re: [Samba] Renaming Default-First-Site >> >> On Mon, 2015-03-02 at 17:36 +0100, Roman Dilken wrote: >>> Hi, >>> >>> i renamed the default-first-site-name with the windows-tools >> and now I >...

...samba-tool domain provision --site=SITENAME .... then you wont have to rename the site.. Louis >-----Oorspronkelijk bericht----- >Van: abartlet at samba.org [mailto:samba-bounces at lists.samba.org] >Namens Andrew Bartlett >Verzonden: dinsdag 3 maart 2015 10:43 >Aan: Roman Dilken >CC: samba at lists.samba.org >Onderwerp: Re: [Samba] Renaming Default-First-Site > >On Mon, 2015-03-02 at 17:36 +0100, Roman Dilken wrote: >> Hi, >> >> i renamed the default-first-site-name with the windows-tools >and now I >> see that serveral DNS-entries...

Hi, I installed a RODC on my mailserver to have a local authentication for mailusers on the machine which doesn't rely on a always-on-connetion to the office. The problem is now that the user-preload doesn't work so that the RODC is not able to authenticate the users itself: samba-tool rodc preload <user> --server <DC1> -U Administrator Password for [AD\Administrator]: