search for: ntdsconnection

On 9/24/2016 7:32 AM, Denis Cardon wrote: > > the job of the samba_kcc script is to create the ntdsConnection > objects. Afterward the repsFrom/repsTo attribute are created in > accordance with the ntdsConnection objects (you can force the creation > using samba-tool drs replicate although). You can check that the > process is asynchronous when you join a new DC, the INBOUND and > OUTBO...

...on. Shouldn't the > outbound and inbound neighbors be reflective of the KCC connection > objects? I would expect to find only inbound and outbound connections > for SOLDC1. Maybe I'm completely misinterpreting the intended behavior. the job of the samba_kcc script is to create the ntdsConnection objects. Afterward the repsFrom/repsTo attribute are created in accordance with the ntdsConnection objects (you can force the creation using samba-tool drs replicate although). You can check that the process is asynchronous when you join a new DC, the INBOUND and OUTBOUND entries are coming la...

...vol] path = /var/lib/samba/sysvol read only = No This smb.conf is the same on al DC, modulo "netbios name" of course. When trying to demote some dead DC, it always ends like that one: dc200:~# samba-tool domain demote --verbose --remove-other-dead-server=dc201 Removing nTDSConnection: CN=54e7a869-12c4-45e2-91e5-8ef015a3dec2,CN=NTDS Settings,CN=DC200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=domain,DC=tld Removing nTDSConnection: CN=26405655-8fcb-4156-ba5a-8e0b7a60e8ab,CN=NTDS Settings,CN=DC202,CN=Servers,CN=Authentification,CN=Sites,CN=Configur...

Hi all, some background : ===== recently I had to cleanup a network of 1 DC on main office and 5 RODC on remote location. On one RODC for some reason there where still ntdsConnection objects with fromServer attribute pointing to servers GUID that do not exists anymore. Those fromServer attribute with spurious guid can be seen with ldbsearch but cannot be seen through ldap connexion, so I think that is why I had the following message every 5 minutes from the kcc: Dec 10 10...

...by hand, which I don't find ideal. >> >> I'm thankful for any advice on how to accomplish this. > > samba-tool domain demote --remove-other-dead-server > Unfortunately this causes the following error: # samba-tool domain demote --remove-other-dead-server=DC Removing nTDSConnection: CN=6e15b4f5-1863-4259-8817-c7835ed7815e,CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan Removing nTDSDSA: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan (and any children) ERROR(l...

Hello Denis, Same problem here, playing with RODC Where have you found spurious entries ? sam.ldb ? I've tried searching < nTDSConnection > without success Thanks for your help

...t; Did you get any errors during the successful join ? > You do not seem to have any obvious errors, so can you run this ldbsearch on your Samba DC: ldbsearch -H /usr/local/samba/private/sam.ldb -b 'CN=Sites,CN=Configuration,DC=MyDomain,DC=lx,DC=pt' -s sub '(&(objectClass=nTDSConnection)(cn=*))' dn You should get two results, one for each DC. Rowland

...utdown windows and force delete it with command: samba-tool domain demote --remove-other-dead-server=WIN-DC 2003R2/2008 R2 success. the windows DC is destroyed. so I think the migration completed. but I can not make the final step work for 2012R2. the result below: Removing nTDSConnection: CN=da85789a-f8d0-4c3b-aa0a-4a0c3182a916,CN=NTDS Settings,CN=SAMBA-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com Removing nTDSDSA: CN=NTDS Settings,CN=WIN-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com(...

> > On 13/09/2020 22:40, Carlos Jesus wrote: > > Hi Rowland, thank you for your help. > > I've added the include "/var/lib/samba/bind-dns/named.conf in > > /etc/bind/named.conf instead of named.conf.options. > Please don't do that, it isn't a good idea, use an 'include', that way > if something changes, it will still work. > > It IS an

...t;>> >>> I'm thankful for any advice on how to accomplish this. >> >> samba-tool domain demote --remove-other-dead-server >> > > Unfortunately this causes the following error: > > # samba-tool domain demote --remove-other-dead-server=DC > Removing nTDSConnection: > CN=6e15b4f5-1863-4259-8817-c7835ed7815e,CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan > Removing nTDSDSA: CN=NTDS > Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=lan > (and...

On 9/22/2016 6:31 PM, Garming Sam wrote: > On 23/09/16 00:59, lingpanda101 at gmail.com wrote: >> For clarification I'll add a few things. >> >> I initially deleted all the NTDS site links for each site and allowed >> the new KCC to create them. However it did not create them I believe >> correctly. By that I mean it defined what appeared to be a bridgehead

Hi, I'm trying to remove a DC from a site we have shutdown. The demote command is throwing up this message: [root at aragorn ~]# samba-tool domain demote --remove-other-dead-server=pippin Removing nTDSConnection: CN=eca08dbb-1f34-476e-96dd-33ec22b2bc94,CN=NTDS Settings,CN=GANDALF,CN=Servers,CN=SAOPAULO,CN=Sites,CN=Configuration,DC=e-trust,DC=com,DC=br Removing nTDSDSA: CN=NTDS Settings,CN=PIPPIN,CN=Servers,CN=TOBIAS,CN=Sites,CN=Configuration,DC=e-trust,DC=com,DC=br (and any children) Removing RID Set: C...

..._added(samdb, ro) /usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/kcc_utils.py", line 1123, in commit_added /usr/local/samba/sbin/samba_kcc: (self.dnstr, estr)) /usr/local/samba/sbin/samba_kcc: samba.kcc.kcc_utils.KCCError: Could not add nTDSConnection for (CN=862f0429-c72c-4a81-ae9a-96820bb2f96d,CN=NTDS Settings,CN=BUILDHOST,CN=Servers,CN=Testsite,CN=Sites,CN=Configuration,DC=samdom,DC=com) - (Invalid LDB reply type 1) ../source4/dsdb/kcc/kcc_periodic.c:693: Failed samba_kcc - NT_STATUS_ACCESS_DENIED root at buildhost /home/andrej/gitrepos/samb...

Hi, I'm preparing to move a small business environment away from Windows-based AD (Windows Server 2012R2, Domain and Forest downgraded to Win2008R2 level) to Samba. So far in my lab environment joining Samba as a DC works, including DNS and Sysvol replication. OS: Debian 9 Samba versions 4.5.12 (Debian repository) and 4.8.2 (latest release compiled from source), same behavior on both

Dear list, in this corona crisis a delivery of a AD to a location abroad takes longer than I expected. I demoted the AD which is in delivery with samba-tool domain demote --remove-other-dead-server=ADDC3 If I know trigger a samba-tool drs showrepl I still see him in the list: CN=Configuration,DC=example,DC=com ??? NTDS DN: CN=NTDS

...Manager$,CN=System,DC=kl01,DC=amtb-m,DC=org,DC=my ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_BADFILE - extended_ret[0x0] kccsrv_periodic_run(): update Testing kcctpl_create_intersite_connections NT_STATUS_OK all_connected=1, 0 GUIDs returned found 1 existing nTDSConnection objects 0 connections have been deleted 0 connections have been added samba-tool drs showrepl from DC1 seem to be ok and also when samba-tool drs showrepl From DC2 amtbsrv02 ~ # samba-tool drs showrepl Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c0...

...entries because it is a RODC, I'll let you handle that :-) > > Moreover, you may upgrade all your DC to 4.7.4, it handles better the > removal of dead repsfrom/repsto after removal of DC, which are harder to > delete by hand. > > Cheers, > > Denis > > > Removing nTDSConnection: CN=bcc8c224-6a9f-4103-8888-e558b91dcdb1,CN=NTDS > Settings,CN=SRVADS,CN=Servers,CN=saint-seb,CN=Sites,CN=Confi > guration,DC=test,DC=tranquil,DC=it > Removing nTDSDSA: CN=NTDS Settings,CN=WIN-6814UGPEM27,CN > =Servers,CN=saint-seb,CN=Sites,CN=Configuration,DC=test,DC=tranquil,DC=it &gt...

...entries to remove below, there may be missing entries because it is a RODC, I'll let you handle that :-) Moreover, you may upgrade all your DC to 4.7.4, it handles better the removal of dead repsfrom/repsto after removal of DC, which are harder to delete by hand. Cheers, Denis Removing nTDSConnection: CN=bcc8c224-6a9f-4103-8888-e558b91dcdb1,CN=NTDS Settings,CN=SRVADS,CN=Servers,CN=saint-seb,CN=Sites,CN=Configuration,DC=test,DC=tranquil,DC=it Removing nTDSDSA: CN=NTDS Settings,CN=WIN-6814UGPEM27,CN=Servers,CN=saint-seb,CN=Sites,CN=Configuration,DC=test,DC=tranquil,DC=it (and any children) Rem...

Hi Denis & Rowland Thanks for the suggestion to trim the smb.conf after which the DC-1 is connecting to the Windows Server 2008 shared folder smbclient -k //IUMSVRAPP01/Pastel12 -d 9 and DC-2 is also connecting after using the DNS name of the Windows server. *You'd better switch your DNS to Bind-DLZ. Internal DNS is not that good for larger site (looking at your DNS domain name, I guess