search for: fvg

...ocalhost; } keys { rndc-key; }; > }; Still i've not clear how this stanza have to do with dns and windows client, but... i'll add. ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppur...

...No, i've narrowed down a bit... DNS works in this way, as expected. Touble arise in windows client accessing server aliases; I'm used to define some aliases for servers (so i use \\FILEPP\). I define aliases with: a) cname in AD DNS, and work: root at vdmtms1:~# host filepp filepp.ad.fvg.lnf.it is an alias for vdmpp1.ad.fvg.lnf.it. vdmpp1.ad.fvg.lnf.it has address 10.27.1.22 b) 'netbios aliases' in smb.conf: netbios aliases = CUPSPP FILEPP HOMEPP c) SPN aliases: samba-tool spn add HOST/filepp.ad.fvg.lnf.it vdmpp1$ samba-tool spn add HOST/FILEPP vdmpp1$ but s...

...gt; that DNS got by DHCP ARE AD DCs? Ok, DNS registration seems to work, but on a (form me) strange way... Spotted in logs: Jun 8 10:14:25 vdcud1 named[1049]: client 10.5.2.127#50250: request has invalid signature: TSIG 1592-ms-7.34-f336b9d.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634 (QUIRINIUS\$\@AD.FVG.LNF.IT): tsig verify failure (BADSIG) Jun 8 10:19:05 vdcud1 named[1049]: samba_dlz: starting transaction on zone ad.fvg.lnf.it Jun 8 10:19:05 vdcud1 named[1049]: client 10.5.2.127#56413: update 'ad.fvg.lnf.it/IN' denied Jun 8 10:19:05 vdcud1 named[1049]: samba_dlz: cancelling transact...

...he A records 2 x. Lines 1-13, show a successfull commit of the A/AAAA records. ( TSIG key ok ) If you count the below lines, after line 13, my logs shows. samba_dlz: starting transaction on zone 1.168.192.in-addr.arpa Yours is trying again to update samba_dlz: starting transaction on zone ad.fvg.lnf.it So the only thing i can think of is. 1- you get the update for your zone : ad.fvg.lnf.it 2- the gets in sucessfully. 3- it does it again, but bind changed the key. client 10.5.2.64#61734/key ( first attempt, ok ) client 10.5.2.64#50303/key ( second attempt, fail ) Where is the reve...

.... > Ok, this is easy. > Yes, that is easy... > > b) AFAI've understood i need to create a 'principal', type 'NFS', for > server and client, and store the key in ''local keytab''. Debian wiki > suggest: > addpriv -randkey NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT > ktadd NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT > > but in 'samba' lingo the same operation can be obtained with (run in > the client and server, with appropiate data): > > net -U gaio ads keytab add > NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LN...

...on, then it must be > something on that DC. is there a firewall or apparmor/selinux in the > way ? No. Anyway, note that query return correctly 'result: 0 Success', simply return no data. Another query to the same DC return data. eg: root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember | grep ^rfc822MailMember Enter LDAP Password: root at vdmpp1:~# root at vdmpp1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fv...

...si favelave... > > No. Anyway, note that query return correctly 'result: 0 Success', > > simply return no data. > That just means the search retuned without error Eh. Query succeded and return no data. Yes. > If you run the command: > ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D > CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b > DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" > Does it produce the entire users object ? No, query succeded and return no data. root at vdcsv1:~# ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D CN=mta,OU=Restricte...

...t; Ok, DNS registration seems to work, but on a (form me) strange way... > > Spotted in logs: > > Jun 8 10:14:25 vdcud1 named[1049]: client 10.5.2.127#50250: request > has invalid signature: TSIG > 1592-ms-7.34-f336b9d.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634 > (QUIRINIUS\$\@AD.FVG.LNF.IT): tsig verify failure (BADSIG) Jun 8 > 10:19:05 vdcud1 named[1049]: samba_dlz: starting transaction on zone > ad.fvg.lnf.it Jun 8 10:19:05 vdcud1 named[1049]: client > 10.5.2.127#56413: update 'ad.fvg.lnf.it/IN' denied Jun 8 10:19:05 > vdcud1 named[1049]: samba_dlz: ca...

Following: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC i've demoted and removed a DC. Seems all went as expected: root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion Password for [LNFFVG\gaio]: Deactivating inbound replication Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize from us Changing userControl and container Removing Sysvol reference: CN=VDCUD1,CN=Enterprise,CN...

...= yes This keep you member working and in sync with the ad password for the computer. Out of sync, your server losses ad access. > > > > Check the spn/upn in the AD with the RSAT's ADUC, this is why i do. > > Ok, added the nfs/ SPN: > samba-tool spn add nfs/vdmpp1.ad.fvg.lnf.it vdmpp1$ On my own DC ( samba 4.8.6) , im adding the nfs/FQDN to hostname$ samba-tool spn add nfs/$(hostname -f) $(hostname -s)\$ And what is my result. samba-tool spn list $(hostname -s)\$ | grep nfs Result : nfs/hostname.internal.domain.tld > > clearly you can check it also w...

I need to do a simple query, against some LDAP data in 'laster draft schema' format i've added to te samba/AD schema. All LDAP query return the same result on all (6) of the DC: root at vdcsv1:~# ldapsearch -H ldap://vdcsv2.ad.fvg.lnf.it -W -D CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=prova123)" rfc822MailMember Enter LDAP Password: # extended LDIF # # LDAPv3 # base <DC=ad,DC=fvg,DC=lnf,DC=it> with scope subtree # filter: (cn=prova123) # requesting: rfc822MailMem...

Hi Marco, > Following: > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC > > i've demoted and removed a DC. Seems all went as expected: > > root at vdcud1:~# samba-tool domain demote --server=vdcsv1.ad.fvg.lnf.it -U gaio > Using vdcsv1.ad.fvg.lnf.it as partner server for the demotion > Password for [LNFFVG\gaio]: > Deactivating inbound replication > Asking partner server vdcsv1.ad.fvg.lnf.it to synchronize from us > Changing userControl and container > Removing Sysvol referen...

...rity are, so each DC should allow the same access. > Do you have access to the DC ? > Can you run the search locally ? Sure! As just stated, local access (via ldbsearch against the local SAM) works as expected: root at vdcpp1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=prova123)" # record 1 dn: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it objectClass: top objectClass: nisMailAlias cn: prova123 instanceType: 4 whenCreated: 20171218110150.0Z uSNCreated: 7923 name: prova123 objectGUID: 82012731-c88e-49dd-a802-71...

...mba at lists.samba.org > Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > > root at vdcsv1:~# samba-tool spn list vdmpp1$ > > Hmm, > > > nfs/vdmpp1.ad.fvg.lnf.it << correct > > And these are wrong. > > > nfs/vdmpp1.ad.fvg.lnf.it/vdmpp1 > > > nfs/vdmpp1.ad.fvg.lnf.it/vdmpp1.ad.fvg.lnf.it > > Remove these 2. > > Removed, both on server and client. But, really, i've only do: > > samba-tool...

...ed to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is 'vdmsv1.ad.fvg.lnf.it', i need to do: > samba-tool spn add host/vdmsv1.ad.fvg.lnf.it filesv.ad.fvg.lnf.it Right?! Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http...

...supported' or > something like that. > > How can i cleanup 'dead' sites in DNS? Thanks. > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' > http://www.lanostrafamiglia.it/ > Polo FVG - Via della Bont?, 7 - 33078 - San Vito al > Tagliamento (PN) > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 > f +39-0434-842797 > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 > (...

...rnel-server' on server, 'nfs-common' on client. Ok, this is easy. b) AFAI've understood i need to create a 'principal', type 'NFS', for server and client, and store the key in ''local keytab''. Debian wiki suggest: addpriv -randkey NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT ktadd NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT but in 'samba' lingo the same operation can be obtained with (run in the client and server, with appropiate data): net -U gaio ads keytab add NFS/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT -k done that, effectively the...

In my scripts i'm using that query to catch DC: host -t SRV _kerberos._udp.ad.fvg.lnf.it | awk '{print $NF}'| sed 's/.$//' and works, but now that the domain get more complex, i want to limit server lookups to the DC in the same site. Googling around lead me to: https://patternbuffer.wordpress.com/2007/12/13/finding-your-active-directory-site-and-domain-contr...

...9;s with DHCP and static ips, all register within the DNS zone they should. I reviewed my logs and compaired them to yours. That looks the same execpt i dont have message like : >> request has invalid signature: TSIG 1592-ms-7.34-f336b9d.cc4eac93-69d4-11e8-1eb6-dc4a3e58a634 (QUIRINIUS\$\@AD.FVG.LNF.IT): tsig verify failure (BADSIG) The "quick fix" could be, remove these dns entries and reboot the pc. ( but wait with that ) A cause might be, - 2 x pc with the same name. - The rights op this object in the DNS are not correct and the "dhcp service" user is unable to up...

Mandi! Rowland Penny via samba In chel di` si favelave... > You need to explicitly ask for it, for instance: Oh, cool! Seems effectivaly different: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=prova123)" nTSecurityDescriptor # record 1 dn: CN=prova123,CN=Aliases,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it nTSecurityDescriptor: O:DAG:DAD:AI(A;CINPID;RPLCRC;;;S-1-5-21-160080369-360138 5002-3131615632-1314)(OA;CIIOID;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828c c14...