search for: jcnengel

...Failed to find DC3$@MY.DOMAIN(kvno 6) in keytab FILE:/var/lib/samba/private/secrets.keytab (aes256-cts-hmac-sha1-96) Apparently I missed one place in the update. Any ideas how to fix this last part? Thanks a lot! Best regards Johannes Am So., 3. Nov. 2019 um 13:37 Uhr schrieb Johannes Engel <jcnengel at gmail.com >: > Dear list, > > by mistake some script (msktutil) has updated machine password and keytab > for one of my DCs (samba-4.10.10). While I could restore the keytab > (/var/lib/samba/private/secrets.keytab) using samba-tool domain > exportkeytab, I fail to come up...

Dear list, by mistake some script (msktutil) has updated machine password and keytab for one of my DCs (samba-4.10.10). While I could restore the keytab (/var/lib/samba/private/secrets.keytab) using samba-tool domain exportkeytab, I fail to come up with a way to update the secrets file (/var/lib/samba/private/secrets.ldb) with a new machine password. Can you please help me with an idea how to fix

Dear all, setting up a DMZ environment I was thinking to use an RODC there for user authentication. One of the application in the DMZ needs to access the directory via LDAP. When I tried to connect to the RODC using LDAP with simple bind, I always received the following error ldap_bind: Invalid credentials (49)         additional info: 80090308: LdapErr: DSID-0C0903A9, comment:

Am Freitag, 13. Juli 2018, 16:24:20 CEST schrieb Rowland Penny via samba: > On Fri, 13 Jul 2018 16:55:23 +0300 > > Eli Wapniarski via samba <samba at lists.samba.org> wrote: > > Opensuse > > > > Everything is there. > > Are you sure, I thought OpenSUSE suffered from the same problem as > red-hat, i.e. MIT kerberos, and there wasn't a distro AD DC

Hi Andrew, thanks a lot, however, I am not entirely sure I understand your hint: I have 3 DCs in the domain, the third of which is having the issue described. Now, here is what I did: > samba-tool drs replicate DC3 DC2 dc=my,dc=domain --local -k no Partition[dc=my,dc=domain] objects[0] linked_values[0] Incremental replication of 0 objects and 0 links from DC2 to

Dear all, as I am currently planning a network with Samba AD DC I was wondering if you can recommend any best practice for a multi-homed AD DC. My current plan is to have one NIC for Samba services and a second one dedicated to management functions (e.g. SSH) on a separate network restricted to admin users. In a testbed scenario I already discovered that once both adapters exist, samba seems to

Hi Andreas, thanks a lot for the explanation, sounds reasonable to me. ;) But what would be the right way to test DNS updates in this scenario? Best regards Johannes Am 08.11.2017 um 09:28 schrieb Andreas Schneider: > On Tuesday, 7 November 2017 21:04:09 CET Marc Muehlfeld wrote: >> Hi Johannes, >> >> Am 07.11.2017 um 18:35 schrieb Johannes Engel via samba: >>> a

Dear list, is there a comprehensive list of libraries available that can be included and excluded from build with waf using --bundled-libraries="comma separated list"? If compiling with "NONE" the build complains about a missing "System library roken of version 0.0.0 not found, and bundling disabled", and I do not know how to bundle this particular library from

Am Montag, 10. Juni 2019, 07:56:24 CEST schrieben Sie: > On Sun, 2019-06-09 at 23:34 +0200, Johannes Engel via samba wrote: > > Dear list, > > > > is there a comprehensive list of libraries available that can be > > included and > > excluded from build with waf using --bundled-libraries="comma > > separated > > list"? > > If compiling

Hi James, thanks a lot. However, in the Windows Sites & Services application the connection in question does not show up at all. It is only visible in the samba-tool output and only for the objects DomainDnsZones and ForestDnsZones... Best regards Johannes Am 27.06.2017 um 17:16 schrieb Johannes Engel: > > Hi James, > > thanks a lot. However, in the Windows Sites &

Dear all, after migrating from Samba 4.6.15 to 4.8.3 (two fresh DCs) I see that computers are no longer applying GPOs while it still works for Users. GPResult states that GPOs are not applied due to missing access rights. My smb.conf: # Global parameters [global] netbios name = DC realm = MY.DOMAIN.TLD server role = active directory domain controller server

Dear list, After (almost) successfully removing a dead DC from my domain I am left with only one visible symptom: samba-tool drs showrepl shows two stale outbound link for one of the remaining 2 DCs: DC=DomainDnsZones,DC=subdom,DC=mydom,DC=com NTDS DN: CN=NTDS

Hi all, has anyone here experience with storing BitLocker and TPM data in AD DS on Samba? I have stumbled across this Microsoft page ( https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj635854%28v%3dws.11%29) stating that Windows 2008 R2 needs a schema extension to handle this. Since this is not listed as a safe update in the wiki (

Dear all, a month ago I have filed bug #13066 about Samba 4.7 DC using BIND9_DLZ as DNS backend failing to run samba_dnsupdate using MIT Kerberos. The logs show a kerberos error "Request is a replay". Logs attached here: https://bugzilla.samba.org/show_bug.cgi?id=13066. Since I have not received any feedback on the bug report, I am trying this channel if someone has any idea how to fix

Maybe this is a stupid idea, but what we are doing here is using just the domain name for all sorts of services, i.e. LDAP. So instead of pointing a client to dc1.somedom.contoso.com or dc2.somedom.contoso.com, we point them to somedom.contoso.com which is then resolved to both and the client can pick. Best regards Johannes Am Mo., 23. Nov. 2020 um 17:02 Uhr schrieb Rowland penny via samba <

Hello list, following the guidance from here (https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs) I have set up a file server which is member of a Samba 4.6.9 AD domain. I have created ACLs using a Windows client with a domain admin account. While I have no issues with some folders, the server denies access to others to users that should have access by means of group

Am 22.01.2018 um 21:39 schrieb Andrew Bartlett: > On Mon, 2018-01-22 at 21:30 +0100, Johannes Engel via samba wrote: >> [2018/01/22 21:15:50.022197, 2] >> ../source4/auth/ntlm/auth.c:475(auth_check_password_recv) >> auth_check_password_recv: sam_failtrusts authentication for user >> [MYDOMAIN\ldap] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET, >>

Hi Andrew, I am deeply impressed by your speed! :D The RODC is actually Samba 4.7.4, the other DCs are still on 4.6.12. Any suggestion how I can debug this w/o setting everything on level 10? ;) Best regards Johannes Am 22.01.2018 um 20:45 schrieb Andrew Bartlett: > On Mon, 2018-01-22 at 20:36 +0100, Johannes Engel via samba wrote: >> Dear all, >> >> setting up a DMZ

Hi James, thanks a lot for your hint. However, I seem to be unable to find it there. Can you please be a little more specific? I tried to check the replication topology, but no success. Thanks a lot! Best regards Johannes lingpanda101 via samba <samba at lists.samba.org> schrieb am Mo., 26. Juni 2017 um 20:52 Uhr: > On 6/26/2017 2:43 PM, Johannes Engel via samba wrote: > > Dear

That was exactly what I was looking for. I hope 4.8 should not be too far away... ;) In the meantime I found this in the logs at level 2: [2018/01/22 21:15:50.010307,  3] ../source4/auth/ntlm/auth.c:240(auth_check_password_send)   auth_check_password_send: Checking password for unmapped user [(null)]\[cn=LDAP,cn=Users,dc=my,dc=domain,dc=com]@[(null)]   auth_check_password_send: user is: