search for: error_dns_gss_error

...ially it worked fine, but then the AD controllers expired the DNS entries. As samba doesn't seem to natively refresh the registrations I ended up adding a simple cron job that ran "net ads dns register -P" on a daily basis. It worked for a while but that job is now failing. with "ERROR_DNS_GSS_ERROR" which starts implying that Kerberos tickets or machine account passwords are broken. I'm not sure if they need to be refreshed in a similar way or whether I should tinker with the samba config. A good guide that explains what I need to have setup to cover the convoluted AD needs for sec...

...nd selinux. Joined domain [root at penguin ~]# net ads join -U Administrator Enter Administrator's password: Using short domain name -- MYDOMAIN Joined 'PENGUIN' to dns domain 'mydomain.com' DNS Update for penguin.mydomain.com failed: ERROR_DNS_GSS_ERROR DNS update failed: NT_STATUS_UNSUCCESSFUL [root at penguin ~]# [root at penguin]# net ads testjoin Join is OK [root at penguin]# On the Win 2008 DC, AD U&C shows the linux machine. wbinfo -u (and any wbinfo command) fails [root at penguin /...

...t domain name -- NA Joined 'BUILDEL664' to realm 'na.blah.lan' [2012/10/16 14:50:36.636201, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password BUILDEL664$@NA.FOLLETT.LAN failed: Client not found in Kerberos database DNS Update for buildel664.corp.xxx.com failed: ERROR_DNS_GSS_ERROR DNS update failed! I can't seem to figure out what is causing these errors, but the domain join is successful. I am able to successfully enumerate groups and users using "wbinfo -g" and "wbinfo -u," although "getent passwd" only returns local users. I am not sur...

...SRV 0 100 389 themes.ad.wsisiz.edu.pl. 3. when I try to join another samba server (but as AD member!): [root at mask ~]# net ads join -U administrator Using short domain name -- WSISIZ.EDU.PL Joined 'MASK' to dns domain 'ad.wsisiz.edu.pl' DNS Update for mask.wsisiz.edu.pl failed: ERROR_DNS_GSS_ERROR DNS update failed: NT_STATUS_UNSUCCESSFUL message looks not good BUT domain connection in fact works..... [root at mask ~]# wbinfo --ping-dc checking the NETLOGON for domain[WSISIZ.EDU.PL] dc connection to "oceanic.ad.wsisiz.edu.pl" succeeded So how can I drop DC "oceanic"...

I'm trying to figure out a puzzling thing that we are seeing with some recently joined or re-joined samba servers. Our linux servers are in a different DNS domain than our AD machines (nwra.com or cora.nwra.com vs ad.nwra.com for the AD machines). Generally when we've joined a machine to AD the DNS name recorded in AD is their regular linux FQDN. But a couple machines have ended up with

On 16/09/2019 15:04, L.P.H. van Belle via samba wrote: > Well it was worth checking.. We just dont know what you already checked.. > > Then all i can say now is, or a different OS, or try Vincent's his packages. > I see that is should support AD-DC, but I really dont know. I only do debian/ubuntu. > At least it looks like it. > > (from :

hi everyone, .. one of the Sambas fails to authenticate users. I have four virtually identical Samba systems which are configured as AD members. All servers seem fine, I can $ net ads lookup | status | dn | user | testjoin .. and so on. But, problem is that all servers except one can successfully: smbclient -L $(hostname) -UDOM\\user here that one server fails: SPNEGO login failed: Logon

...nfig : 0x00 (0) error_string : NULL domain_is_ad : 0x01 (1) result : WERR_OK Using short domain name -- DOMAIN Joined 'VM-AE67A' to realm 'domain.com' DNS Update for vm-ae67a.**INTERNAL*** failed: ERROR_DNS_GSS_ERROR DNS update failed! [root at vm-ae67a log]# net ads info LDAP server: 10.100.0.231 LDAP server name: wegsfes19123.domain.com Realm: DOMAIN.COM Bind Path: dc=DOMAIN,dc=COM LDAP port: 389 Server time: Sun, 03 Feb 2013 11:45:05 EST KDC server: 10.100.0.231 Server time offset: 0 However pointing the s...

...uot;, line 941, in run ??? 0, server, zone, name, add_rec_buf, None) on domain member in spe: [root at mask ~]# net ads join -U administrator%XXXXXX Using short domain name -- WSISIZ.EDU.PL Joined 'MASK' to dns domain 'ad.wsisiz.edu.pl' DNS Update for mask.wsisiz.edu.pl failed: ERROR_DNS_GSS_ERROR DNS update failed: NT_STATUS_UNSUCCESSFUL > >> >> >>>> 2. How to connect internal AD LDAP server? >>>> >>>> I tried with: >>>> >>>> oceanic:/etc/pki/ca-trust/extracted/pem# ldbsearch -H >>>> ldaps://oceanic.ws...

...du.pl. > > 3. when I try to join another samba server (but as AD member!): > > [root at mask ~]# net ads join -U administrator > Using short domain name -- WSISIZ.EDU.PL > Joined 'MASK' to dns domain 'ad.wsisiz.edu.pl' > DNS Update for mask.wsisiz.edu.pl failed: ERROR_DNS_GSS_ERROR > DNS update failed: NT_STATUS_UNSUCCESSFUL > > message looks not good BUT domain connection in fact works..... > > [root at mask ~]# wbinfo --ping-dc > checking the NETLOGON for domain[WSISIZ.EDU.PL] dc connection to > "oceanic.ad.wsisiz.edu.pl" succeeded > >...

On 15/09/2019 19:08, Bart?omiej Solarz-Nies?uchowski wrote: > W dniu 2019-09-15 o?18:32, Rowland penny via samba pisze: >> On 15/09/2019 16:44, Bart?omiej Solarz-Nies?uchowski wrote: >>> I have some questions: >>> >>> I not currently understood - bind9 connected to AD server must be >>> used by the LAN workstations - or only via AD server? >>>

On Wed, 27 Mar 2019 09:45:18 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Hai, > > > I dont think one noticed this.. > > ldbsearch -H ldap://dc4 -UAdministrator > ldbsearch -H ldap://dc1 -U Administrator > > So whats the difference when you see this responce of the command: > Invalid option -U: unknown ... >