search for: dnsdomain

Displaying 20 results from an estimated 375 matches for "dnsdomain".

2015 Mar 05
2
creating Kerberos host principals for multiple hostnames, multihomed server
Hi! I maintain Linux servers that are members of a Samba4 Domain. User authentication / login via ssh works fine with Kerberos. But: only via one hostname. Those machines need a working Kerberos login via multiple hostnames (each hostname has its own IP address and DNS is set up correctly.) "net ads keytab list" of course gives me the main hostname that was in use when joining the
2013 Jan 17
1
Samba AD DC initial join fails at schema replication
...e: 16Jan2013 Samba Version: 4.0.1 OS Version: RHEL 6.3 Windows OS: Server 2012 Forest/Domain: 2008r2 Replaced libnet_vampire.c (corrected ERROR: no subClassOf 'top' for 'samDomain') source [https://bugzilla.samba.org/show_bug.cgi?id=8680] #/usr/lobal/bin/samba-tool domain join <dnsdomain> DC -U administrator Identifies DC, joins the domain and performs adding SPNs to the Domain Controllers OU ..... Setting account password for RHELDC1$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN <dnsdomain> Starting replication...
2019 Jan 11
5
samba-tool auth in scripts
Am 10.01.19 um 14:09 schrieb Rowland Penny via samba: > You don't ;-) > You do what the script should have done (I feel version 0.8.10 will > soon make an appearance), export the cache to use <export > KRB5CCNAME="/tmp/dhcp-dyndns.cc"> and then use '$KRB5CCNAME' wherever > '/tmp/dhcp-dyndns.cc' appears, except for: > [...] Yes, that worked.
2018 Aug 07
2
setting up a RODC
On Tue, 7 Aug 2018 17:44:37 +0200 Stefan Kania via samba <samba at lists.samba.org> wrote: > Hi Andrej, > > then it works, but on a "normal" addc it works without "-U ". This is probably because you will be running the command from the RODC on the RWDC. > > One more Question: > When I do a "host -t srv _ldap._tcp.example.net" I only see
2016 Aug 25
6
missing dns records? _ldaps._tcp ?
Ok thank you guys for you input.     So we need tot add something here :  cat /var/lib/samba/private/dns_update_list | grep ldap ${IF_RWDC}SRV          _ldap._tcp.${DNSDOMAIN}                               ${HOSTNAME} 389 ${IF_RWDC}SRV          _ldap._tcp.dc._msdcs.${DNSDOMAIN}                     ${HOSTNAME} 389 ${IF_RWDC}SRV          _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST}  ${HOSTNAME} 389 ${IF_DC}SRV            _ldap._tcp.${SITE}._sites.${DNSDOMAIN}  ...
2015 Mar 06
0
creating Kerberos host principals for multiple hostnames, multihomed server
Hai, >Those machines need a working Kerberos login via multiple hostnames >(each hostname has its own IP address and DNS is set up correctly.) looks to me a bit overkill, but you wil have your reasons this a setup like this.. so.. you can try this.. asumming this : REALM=MY.REALM.TLD DNSDOMAIN=my.domain.tld and a serviceaccount the spn's. You can also use the existing "hostname" but for these extra spns I use a extra "service_account" 1) create "serviceaccount" for "HOSTNAME" : serviceaccount_name 2) create the spns for the service acc...
2016 Aug 27
1
missing dns records? _ldaps._tcp ?
...mba.org> wrote: > > Ok thank you guys for you input. > > > > > > > > > > > > So we need tot add something here : > > > > cat /var/lib/samba/private/dns_update_list | grep ldap > > > > ${IF_RWDC}SRV > > _ldap._tcp.${DNSDOMAIN} ${HOSTNAME} > > 389 > > > > ${IF_RWDC}SRV > > _ldap._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} > > 389 > > > > ${IF_RWDC}SRV > > _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME} > &...
2019 Apr 23
2
Win10 cant connect to DomainController
Hai basti, Few tips here you can check/try. A know problem, this might happen if your primary dns and/or search dns are not correct when connected to the VPN. See if you can use \\host.dnsdomain.tld\share and not \\host\share Then test \\dnsdomain.tld\sysvol and \\dc.dnsdomain.tld\sysvol Last, if you trying to access through CNAME, you might have hit this bug. https://support.microsoft.com/nl-nl/help/3181029/smb-file-server-share-access-is-unsuccessful-through-dns-cname-alias Also wha...
2019 Jan 14
0
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
...o make is little bit better to read/understand. In this line: samba-tool domain exportkeytab --principal=dehydrated-service at YOUR.DOMAIN /home/dehydrated/etc/dehydrated-service.keytab @YOUR.DOMAIN could you change this to : @YOUR.REALM Because of this. ( per example ) DNS domain = primary.dnsdomain.tld and for REALM = YOUR.REALM. ( 2 different things here dont mix them. ) YOUR.REALM is not the same as primary.dnsdomain.tld. REALM domain = PRIMARY.DNSDOMAIN.TLD or better translated as : YOUR.REALM ( to keep some confusion away and in CAPS ) Even when (dnsdomain) primary.dnsdomain.tld has...
2014 Dec 10
1
Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs
...Attributes found only in ldap://s4master: msDS-NcType FAILED * Result for [SCHEMA]: FAILURE SUMMARY --------- Attributes found only in ldap://s4master: msDS-NcType ERROR: Compare failed: -1 [root at s4slave ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave -Uadministrator dnsdomain Password for [TPLK\administrator]: * Comparing [DNSDOMAIN] context... * Objects to be compared: 191 Comparing: 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master] 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave] Attributes found only in ldap://s4master: msDS-NcTyp...
2016 Aug 25
0
missing dns records? _ldaps._tcp ?
...uot;L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Ok thank you guys for you input. > >   > >   > > So we need tot add something here :  > > cat /var/lib/samba/private/dns_update_list | grep ldap > > ${IF_RWDC}SRV > _ldap._tcp.${DNSDOMAIN}                               ${HOSTNAME} 389 > > ${IF_RWDC}SRV > _ldap._tcp.dc._msdcs.${DNSDOMAIN}                     ${HOSTNAME} 389 > > ${IF_RWDC}SRV > _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST}  ${HOSTNAME} 389 > > ${IF_DC}SRV >           _ldap._tcp.${S...
2016 Nov 18
2
group policy update fails
Ok just to verify. DC name= ad41.dc.samges.ru dnsdomain= dc.samges.ru Kerberos domain ?? Im guessing you kerberos to dnsdomain mapping is wrong. Can you post the /etc/hosts /etc/resolv.conf /etc/krb5.conf And, can you post this line u used for provisioning? Greetz, Louis > -----Oorspronkelijk bericht----- > Van: Mike Lykov [mailto:c...
2019 May 01
2
Replication failures
...t... * Objects to be compared: 1321 * Result for [DOMAIN]: SUCCESS * Comparing [CONFIGURATION] context... * Objects to be compared: 1713 * Result for [CONFIGURATION]: SUCCESS * Comparing [SCHEMA] context... * Objects to be compared: 1550 * Result for [SCHEMA]: SUCCESS * Comparing [DNSDOMAIN] context... * Objects to be compared: 1691 * Result for [DNSDOMAIN]: SUCCESS * Comparing [DNSFOREST] context... * Objects to be compared: 49 * Result for [DNSFOREST]: SUCCESS Running : /usr/bin/samba-tool ldapcmp --filter="whenChanged,dc,DC,cn,CN" ldap://dc1.my.company.tld ldap:...
2017 May 22
4
Problems with Samba 4.6.3 Authentication
Hi, I have posted the following message to Squid-Users forum ( squid-users at lists.squid-cache.org). "I have migrated of Samba 4.2.1 to Samba 4.6.3 as DC, but now my Squid authentication doesn't work. In samba 4.2.1 is working properly. This is my authentication block: auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b DC=empresa,DC=com,DC=br -D
2019 Jan 14
2
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
...derstand. > > In this line: > samba-tool domain exportkeytab > --principal=dehydrated-service at YOUR.DOMAIN /home/dehydrated/etc/dehydrated-service.keytab > @YOUR.DOMAIN could you change this to : @YOUR.REALM > > Because of this. ( per example ) > DNS domain = primary.dnsdomain.tld and for REALM = YOUR.REALM. ( 2 > different things here dont mix them. ) > > YOUR.REALM is not the same as primary.dnsdomain.tld. Whilst it is quite correct to say that the REALM isn't the same as a DNS domain, there is a correlation between them. The REALM must be the DNS domai...
2019 Jul 16
0
messy replication
...blob/master/howtos/ If you follow these howtos your setup will be much better. Use that and below also to adjust you settings. P.s above is based on jessie and samba 4.5.x, small adjustments might be needed. Collected config --- 2019-07-16-14:51 ----------- Hostname: dc1 DNS Domain: internal.dnsdomain.tld FQDN: dc1.internal.dnsdomain.tld ipaddress: 192.168.1.1 ----------- Samba is running as an AD DC ----------- Checking file: /etc/os-release PRETTY_NAME="Debian GNU/Linux 9 (stretch)" NAME="Debian GNU/Linux" VERSION_ID="9" VERSION="9 (stretch)"...
2016 Jun 23
2
Unable to transfer ForestDns/DomainDNS
I did not get SUCCESS! root at DC01:/mnt# samba-tool ldapcmp ldap://dc01 ldap://pdc dnsdomain * Comparing [DNSDOMAIN] context... * Objects to be compared: 188 Comparing: 'CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local' [ldap://dc01] 'CN=Infrastructure,DC=DomainDnsZones,DC=fisherthompson,DC=local' [ldap://pdc] Attributes found only in ldap://dc01:...
2019 Jul 16
3
messy replication
...= 24 kdc:user ticket lifetime = 24 kdc:renewal lifetime = 168 Are beter if set in krb5.conf And AD-DC domain server, with guest ok = yes ? By default no guest is allowed. Shares with to long names might give problems. Bind9 auth-nxdomain yes; # because this server is autoritive for this dnsdomain name. tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; Verify if bind still has access to that file. # packages. Still Lenny and Squeeze left overs. All and all.. Hmm, well, thats a lot of time to fix this. Next DC2. Debian 9.5 , out dated, should be 9.9. Hosts Remove :...
2017 Oct 04
3
Listing user...
Mandi! Rowland Penny via samba In chel di` si favelave... > Why do you need a list of users ? Because?! ;-) I've coded some script in the past (eg, when i was using OpenLDAP and samba in NT mode) that do something on the behalf of the users, ad i was used to do a 'getent passwd' to have the list. > effect when 5.0.0 came out. I cannot see any of then being marked as >
2017 May 23
0
Problems with Samba 4.6.3 Authentication
...Authentication > > Not really a samba question but.. > > I suggest you switch to kerberos auth. > Thats this line: > auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ > --kerberos /usr/lib/squid/negotiate_kerberos_auth -s > HTTP/hostname.internal.dnsdomain.tld at REALM \ > --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego > --domain=NTDOM > > Or > auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ > --kerberos /usr/lib/squid/negotiate_kerberos_auth -s > GSS_C_NO_NAME \ > --ntlm /usr/bin/nt...