search for: mediture

We are using Samba-4.1.11. I can run gpupdate /force without error on my machine. H:\>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New Group Policy Object H:\>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New Group Poli...

...tachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.

...primary_name_server) || $primary_name_server eq '192.168.168.64' || $primary_name_server eq '192.168.168.65') { open(my $resolv_conf_fh, '> /etc/resolv.conf') or die("Unable to open /etc/resolv.conf for writing: $!"); print $resolv_conf_fh "search mediture.dom\n"; print $resolv_conf_fh "options rotate timeout:1\n"; if ($random >= 4) { print $resolv_conf_fh "nameserver 192.168.168.64\n"; print $resolv_conf_fh "nameserver 192.168.168.65\n"; } else { print $resolv_conf_fh &q...

...nd replication for non PDC emulator DCs. You'll notice isn't even trying because last successful was epoch (never) yet there are no errors. Inbound replication for this DC seems fine. [root at vsc-dc02 ~]# samba-tool drs showrepl [...]==== OUTBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=mediture,DC=dom aws\AWS-DC01 via RPC DSA object GUID: 8b750a53-3d39-4bc0-8fe9-9bffa9e413aa Last attempt@ NTTIME(0) was successful 0 consecutive failure(s). Last success @ NTTIME(0) DC=DomainDnsZones,DC=mediture,DC=dom epo\EPO-DC01 via RPC DSA object GUID: 28f7281f-3955-4885-8a7d-42a36ee87590...

Changes replicate to it, but not from it. vsc\VSC-DC02 DSA Options: 0x00000001 DSA object GUID: fe066b13-6f9e-4f3c-beb4-37df1292b8cb DSA invocationId: 8a2b1405-07b1-4d92-89dd-1d993e59e378 ==== INBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=mediture,DC=dom vsc\DC01 via RPC DSA object GUID: da9bb168-47a0-4368-aff3-bf06d1b869d2 Last attempt @ Tue Mar 14 09:26:12 2017 CDT was successful 0 consecutive failure(s). Last success @ Tue Mar 14 09:26:12 2017 CDT DC=DomainDnsZo...

...isn't even trying because last >> successful was epoch (never) yet there are no errors. Inbound >> replication for this DC seems fine. >> >> [root at vsc-dc02 ~]# samba-tool drs showrepl >> [...]==== OUTBOUND NEIGHBORS ==== >> >> DC=DomainDnsZones,DC=mediture,DC=dom >> aws\AWS-DC01 via RPC >> DSA object GUID: 8b750a53-3d39-4bc0-8fe9-9bffa9e413aa >> Last attempt@ NTTIME(0) was successful >> 0 consecutive failure(s). >> Last success @ NTTIME(0) >> >> DC=DomainDnsZones,DC=meditu...

...amsey wrote: > Changes replicate to it, but not from it. > > vsc\VSC-DC02 > DSA Options: 0x00000001 > DSA object GUID: fe066b13-6f9e-4f3c-beb4-37df1292b8cb > DSA invocationId: 8a2b1405-07b1-4d92-89dd-1d993e59e378 > > ==== INBOUND NEIGHBORS ==== > > DC=DomainDnsZones,DC=mediture,DC=dom > vsc\DC01 via RPC > DSA object GUID: da9bb168-47a0-4368-aff3-bf06d1b869d2 > Last attempt @ Tue Mar 14 09:26:12 2017 CDT was > successful > 0 consecutive failure(s). > Last success @ Tue Mar 14 09:26:1...

...tachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.

...tor DCs. You'll notice isn't even trying because last successful > was epoch (never) yet there are no errors. Inbound replication for > this DC seems fine. > > [root at vsc-dc02 ~]# samba-tool drs showrepl > [...]==== OUTBOUND NEIGHBORS ==== > > DC=DomainDnsZones,DC=mediture,DC=dom > aws\AWS-DC01 via RPC > DSA object GUID: 8b750a53-3d39-4bc0-8fe9-9bffa9e413aa > Last attempt@ NTTIME(0) was successful > 0 consecutive failure(s). > Last success @ NTTIME(0) > > DC=DomainDnsZones,DC=mediture,DC=dom > epo\EPO-DC01 via RPC > DSA object...

...se last >>> successful was epoch (never) yet there are no errors. Inbound >>> replication for this DC seems fine. >>> >>> [root at vsc-dc02 ~]# samba-tool drs showrepl >>> [...]==== OUTBOUND NEIGHBORS ==== >>> >>> DC=DomainDnsZones,DC=mediture,DC=dom >>> aws\AWS-DC01 via RPC >>> DSA object GUID: 8b750a53-3d39-4bc0-8fe9-9bffa9e413aa >>> Last attempt@ NTTIME(0) was successful >>> 0 consecutive failure(s). >>> Last success @ NTTIME(0) >>> >>>...

...tachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.

Executing the following with nsupdate seems to have fixed replication. update add 28f7281f-3955-4885-8a7d-42a36ee87590._msdcs.mediture.dom. 900 A 192.168.222.5 show send update add 8b750a53-3d39-4bc0-8fe9-9bffa9e413aa._msdcs.mediture.dom. 900 A 172.16.1.106 show send update add fe066b13-6f9e-4f3c-beb4-37df1292b8cb._msdcs.mediture.dom. 900 A 192.168.168.65 show send New DNS records I create don't resolve though. Also, I get...

...same issue as https://lists.samba.org/archive/samba/2012-December/170426.html. I don't see that he ever reached a solution. Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS failure. Minor code may provide more information\nNo key table entry found matching host/appdb01-qa.mediture.dom@\n Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for user arthurr service ssh-connection method gssapi-with-mic Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 2 failures 0 Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for user arthurr service ssh...

I have 4 Samba 4.7.0 DCs. I have 3 clients using samba-winbind.x86_64 0:4.6.2-11.el7_4 with an identical configuration, which produce inconsistent user group membership for multiple users. I've tried using all 4 DCs explicitly (e.g., realm = dc01.mediture.dom), net cache flush and restarting winbind. I've also tested cloning a user and setting up the user as identical as possible: the cloned user showed the correct membership but not the original. The ldapcmp tools finds no relevant differences between DCs. I've had this issue through...

I increased the debug level to 10 and found this dreplsrv_notify: Failed to send DsReplicaSync to fe066b13-6f9e-4f3c-beb4-37df1292b8cb._msdcs.mediture.dom for DC=DomainDnsZones,DC=mediture,DC=dom - NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE. I manually created the DNS entry, but it doesn't resolve. Other DNS records supplied by BIND_DLZ are working. I tried adding a host file entry, but that didn't see to work either. I see s...

...= yes winbind use default domain = yes winbind nss info = rfc2307 winbind enum users = yes winbind enum groups = yes winbind nested groups = yes kerberos method = secrets and keytab idmap_ldb:use rfc2307 = yes idmap config *: backend = tdb idmap config *: range = 90000001-100000000 idmap config MEDITURE: backend = ad idmap config MEDITURE: range = 10000-90000000 idmap config MEDITURE: schema mode = rfc2307 I verified I have the schema. ldbsearch -H /usr/local/samba/private/sam.ldb -s base -b CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=mediture,DC=dom # record 1 dn: CN=ypservers,CN=ypSer...

Error joining Linux member to Samba 4.5.0 DC. /usr/bin/net join -w MEDITURE -S dc01.mediture.dom -U Administrator Enter Administrator's password: Failed to join domain: failed to lookup DC info for domain 'MEDITURE.DOM' over rpc: Indicates the SID structure is not valid. ADS join did not work, falling back to RPC... Thanks, Arthur This e-mail and any attachme...

...ent at all. showrepl: http://pastebin.com/bYfCZcNG Thanks, Arthur On 10/17/2016 12:32 PM, Arthur Ramsey wrote: > This fixed DNS issues. > > samba_upgradedns --dns-backend=BIND9_DLZ > /usr/local/samba/bin/samba-tool domain exportkeytab > /usr/local/samba/private/dns.keytab --realm=mediture.dom --principal > HOST/dc01.mediture.dom > chgrp named /usr/local/samba/private/dns.keytab > chmod g+r /usr/local/samba/private/dns.keytab > service named restart > /usr/local/samba/sbin/samba_dnsupdate -d 100 > > Restarting Samba fixed the ADUC issue. > This e-mail and an...

...mation, including PROTECTED HEALTH INFORMATION. If you are not > > the intended recipient, any use or disclosure of this information > > is STRICTLY PROHIBITED; you are requested to delete this e-mail and > > any attachments, notify the sender immediately, and notify the > > Mediture Privacy Officer at privacyofficer at mediture.com. > > > > > > I would suggest you remove the 'password server' line, this will allow > Samba to find the best DC to use. > > I also don't understand why you have a 10 million range for the > BUILTIN users...

...tachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.