Displaying 18 results from an estimated 18 matches for "krynn".
Did you mean:
krenn
2018 May 04
1
unexplained Replication failures...?
...c and --full-sync since the
start but in fact I wanted to make sure to force replication between the
servers.
Here is what I have noticed:
- replication works from dc00 -> dc00 but not from dc01 -> dc00:
[root at dc00 ~]# samba-tool drs replicate DC01 DC00
dc=ad,dc=lasthome,dc=solace,dc=krynn --sync-forced --full-sync
Replicate from DC00 to DC01 was successful.
[root at dc00 ~]# samba-tool drs replicate DC00 DC01
dc=ad,dc=lasthome,dc=solace,dc=krynn --sync-forced --full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync...
2018 May 03
2
unexplained Replication failures...?
...ication failures on samba
4.7.6:
dc00 : is a VM on KVM host (attached to a bridge on local LAN)
dc01 : is a similarly configured VM on another KVM host.
I've forcibly demoted and re-promoted dc01 but I still cannot get
automatic replication to work:
root at dc00 ~]# samba-tool drs showrepl
Krynn\DC00
DSA Options: 0x00000001
DSA object GUID: 204cb904-754b-4457-af09-9347f8714006
DSA invocationId: b72fc409-bf9a-45e2-a623-0e668386536a
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=ad,DC=lasthome,DC=solace,DC=krynn
Krynn\DC01 via RPC
DSA object GUID: 9ac5b74a-383a-...
2020 Aug 21
4
Using Samba AD/DC as an Active Directory OAuth provider for OpenShift
...Penny,CN=Users,DC=samdom,DC=example,DC=com
>> dn: CN=dhcpduser,CN=Users,DC=samdom,DC=example,DC=com
>> dn: CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com
>>
>> Rowland
>
> You're right, this works here too:
> ldapsearch -H ldaps://dc00.ad.lasthome.solace.krynn:636 -x -W -D
> "raistlin at ad.lasthome.solace.krynn" -b
> "dc=ad,dc=lasthome,dc=solace,dc=krynn"
> 'memberof:1.2.840.113556.1.4.1941:=cn=Domain
> Admins,CN=Users,dc=ad,dc=lasthome,dc=solace,dc=krynn'|grep 'dn:'
> Enter LDAP Password:
> dn: C...
2019 Jan 22
2
dbtool --cross-ncs and undeletable errors..
...w do I fix those errors?
[root at dc00 ~]# samba-tool dbcheck --cross-ncs --fix --yes
Checking 3574 objects
ERROR: no target object found for GUID component for link fromServer in
object
CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
- <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
ERROR: target DN is deleted for fromServer in objec...
2019 Jan 22
2
dbtool --cross-ncs and undeletable errors..
...dc00 ~]# samba-tool dbcheck --cross-ncs --fix --yes
>> Checking 3574 objects
>> ERROR: no target object found for GUID component for link fromServer
>> in object
>> CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
>> - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
>> Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
>> ERROR: target DN is dele...
2020 Aug 21
2
Using Samba AD/DC as an Active Directory OAuth provider for OpenShift
On 21/08/2020 20:08, Rowland penny via samba wrote:
> On 21/08/2020 19:28, Vincent S. Cojot via samba wrote:
>>
>> Hi everyone,
>>
>> I have a working Samba AD/DC (4.12.6 on RHEL7.8) setup I'm trying to
>> use with OpenShift (a container platform to which RedHat contributes
>> - aka OCP). I'm also not too skilled on LDAP even though I've been
2020 Aug 21
2
Using Samba AD/DC as an Active Directory OAuth provider for OpenShift
...:
> Hi Rowland,
>
> First of all, thank you for taking the time to help me.
> I tried your suggestion and all results came up empty.
>
> Then I did a few lapdsearch(es) and found this:
>
> 1) This query returns two users:
> ldapsearch -H ldaps://dc00.ad.lasthome.solace.krynn:636 -x -W -D
> "raistlin at ad.lasthome.solace.krynn" -b
> "dc=ad,dc=lasthome,dc=solace,dc=krynn"
> 'memberOf:1.2.840.113556.1.4.1941:=cn=Domain
> Admins,CN=Users,dc=ad,dc=lasthome,dc=solace,dc=krynn'
>
> 2) This query returns no users ("Domai...
2019 Jan 22
0
dbtool --cross-ncs and undeletable errors..
...> [root at dc00 ~]# samba-tool dbcheck --cross-ncs --fix --yes
> Checking 3574 objects
> ERROR: no target object found for GUID component for link fromServer
> in object
> CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
> - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
> Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
> ERROR: target DN is deleted for from...
2020 Aug 21
0
Using Samba AD/DC as an Active Directory OAuth provider for OpenShift
...=example,DC=com
>>> dn: CN=dhcpduser,CN=Users,DC=samdom,DC=example,DC=com
>>> dn: CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com
>>>
>>> Rowland
>>
>> You're right, this works here too:
>> ldapsearch -H ldaps://dc00.ad.lasthome.solace.krynn:636 -x -W -D
>> "raistlin at ad.lasthome.solace.krynn" -b
>> "dc=ad,dc=lasthome,dc=solace,dc=krynn"
>> 'memberof:1.2.840.113556.1.4.1941:=cn=Domain
>> Admins,CN=Users,dc=ad,dc=lasthome,dc=solace,dc=krynn'|grep 'dn:'
>> Enter LDAP...
2019 Jan 22
0
dbtool --cross-ncs and undeletable errors..
...dbcheck --cross-ncs --fix --yes
> >> Checking 3574 objects
> >> ERROR: no target object found for GUID component for link
> >> fromServer in object
> >> CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
> >> - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS
> >> Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn
> >> ERROR: ta...
2020 Aug 22
0
Using Samba AD/DC as an Active Directory OAuth provider for OpenShift
...gt;> First of all, thank you for taking the time to help me.
>> I tried your suggestion and all results came up empty.
>>
>> Then I did a few lapdsearch(es) and found this:
>>
>> 1) This query returns two users:
>> ldapsearch -H ldaps://dc00.ad.lasthome.solace.krynn:636 -x -W -D
>> "raistlin at ad.lasthome.solace.krynn" -b
>> "dc=ad,dc=lasthome,dc=solace,dc=krynn"
>> 'memberOf:1.2.840.113556.1.4.1941:=cn=Domain
>> Admins,CN=Users,dc=ad,dc=lasthome,dc=solace,dc=krynn'
>>
>> 2) This query returns no...
2020 Aug 21
3
Using Samba AD/DC as an Active Directory OAuth provider for OpenShift
...there an equivalent in Samba to that AD OID
so that nested AD Groups can be expanded/flattened?
Any ideas welcomed. :)
[1]: https://examples.openshift.pub/authentication/activedirectory-ldap
Thanks for reading,
Vincent
-------------- next part --------------
# oc adm groups sync --sync-config=krynn-ad-sync-config.yaml --confirm --whitelist=krynn_group_list.txt
kind: LDAPSyncConfig
apiVersion: v1
url: ldap://dc00.ad.lasthome.solace.krynn:389
insecure: false
ca: "KrynnAD.pem"
bindDN: "CN=openshift,CN=Users,DC=ad,DC=lasthome,DC=solace,DC=krynn"
bindPassword: "OBFUSCATED&...
2018 Dec 06
5
RHEL7/Centos7 with Samba AD
...The most important part was that the RHEL7 hosts wouldn't be heavily
modified, except for the two AD DCs which run a custom build of Samba, of
course.
For sssd, I used the following (customized file):
------------------------------------------------------
[sssd]
domains = ad.lasthome.solace.krynn
config_file_version = 2
services = nss, pam, pac
[domain/ad.lasthome.solace.krynn]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
ad_gpo_access_control = disabled
override_gid = 100
ad_domain = ad.lasthome.solace.krynn
krb5_realm = AD.LASTHOME.SOLACE.KRYNN
realmd_t...
2019 Jun 10
6
please confirm: sssd not a good idea :)
On 08/06/2019 21:32, Rowland penny via samba wrote:
> On 08/06/2019 16:24, Uwe Laverenz via samba wrote:
>> Hi all,
>>
>> when you join a linux server to an active directory with "realm" it
>> uses "sssd" as default. This works well as long as you just want to
>> be a simple domain member.
>>
>> As soon as you want a real member
2019 Jun 10
3
please confirm: sssd not a good idea :)
...jot.name wrote:
>
> There is probably some amount of redtape on this but AFAIK it works
> fine for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs
> through use of realm '(and thus sssd):
>
> Here's a RHEL7.6 client:
> # realm list
> ad.lasthome.solace.krynn
> ? type: kerberos
> ? realm-name: AD.LASTHOME.SOLACE.KRYNN
> ? domain-name: ad.lasthome.solace.krynn
> ? configured: kerberos-member
> ? server-software: active-directory
> ? client-software: sssd
> ? required-package: oddjob
> ? required-package: oddjob-mkhomedir
> ? re...
2018 May 04
0
unexplained Replication failures...?
...t; dc00 : is a VM on KVM host (attached to a bridge on local LAN)
> dc01 : is a similarly configured VM on another KVM host.
>
> I've forcibly demoted and re-promoted dc01 but I still cannot get
> automatic replication to work:
>
> root at dc00 ~]# samba-tool drs showrepl
> Krynn\DC00
> DSA Options: 0x00000001
> DSA object GUID: 204cb904-754b-4457-af09-9347f8714006
> DSA invocationId: b72fc409-bf9a-45e2-a623-0e668386536a
>
> ==== INBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=ad,DC=lasthome,DC=solace,DC=krynn
> Krynn\DC01 via RPC
>...
2019 Jun 12
0
please confirm: sssd not a good idea :)
...ere is probably some amount of redtape on this but AFAIK it works
> > fine for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs
> > through use of realm '(and thus sssd):
> >
> > Here's a RHEL7.6 client:
> > # realm list
> > ad.lasthome.solace.krynn
> > type: kerberos
> > realm-name: AD.LASTHOME.SOLACE.KRYNN
> > domain-name: ad.lasthome.solace.krynn
> > configured: kerberos-member
> > server-software: active-directory
> > client-software: sssd
> > required-package: oddjob
> > requ...
2019 Jun 10
0
please confirm: sssd not a good idea :)
There is probably some amount of redtape on this but AFAIK it works fine
for me: My RHEL7.6 hypervisors are joined to my AD DC 4.10.4 VMs through
use of realm '(and thus sssd):
Here's a RHEL7.6 client:
# realm list
ad.lasthome.solace.krynn
type: kerberos
realm-name: AD.LASTHOME.SOLACE.KRYNN
domain-name: ad.lasthome.solace.krynn
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-pac...