search for: pre01svdeb02

"--seize" helped: root at pre01svdeb03:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pilsbacher,DC=at InfrastructureMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pilsbacher,DC=at RidAllocationMasterRole owner:

Progress: no more "dc" in rgrep on both servers PTR for the rejoined pre01svdeb02 is missing, so I assumed we need a dnsupdate: root at pre01svdeb02:~# samba_dnsupdate --verbose IPs: ['192.168.16.205'] need cache add: A pre01svdeb02.pilsbacher.at 192.168.16.205 Looking for DNS entry A pre01svdeb02.pilsbacher.at 192.168.16.205 as pre01svdeb02.pilsbacher.at. need cache...

I forgot. dig a pre01svdeb02.pilsbacher.at @192.168.16.205 dig a pre01svdeb02.pilsbacher.at @192.168.16.206 Can you run these also for me. And there are no CNAMEs pointing to the AD-DCs ?

Hai, And thanks for the other check i needed to know if the A record did exist. >> ldap1 CNAME pre01svdeb02 >> ldap2 CNAME pre01svdeb03 >sorry, typo -------------^ Yes i was expecting that. ;-) What i see, all SOA record and serialnr are same where is should be so thats ok. What i noticed is this part. dig a dc.pilsbacher.at @192.168.16.205/206 replies. DNS1 ( DC1 /pre01svdeb02 (old DC) )...

...n.at 192.168.16.205 Looking for DNS entry A mydomain.at 192.168.16.205 as mydomain.at. Looking for DNS entry SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 as _ldap._tcp.mydomain.at. Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 Lookup of _ldap._tcp.mydomain.at. succeeded, but we failed to find a matching DNS entry for SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 need update: SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 Looking for DNS entry SRV _ldap._tc...

Am 02.07.19 um 16:24 schrieb Stefan G. Weichinger via samba: > Am 02.07.19 um 16:09 schrieb Stefan G. Weichinger via samba: >> >> I get problems with group policies not applied ... seems an older >> problem surfacing now. >> >> Before I debug at current level I consider upgrading the 2 DCs from >> 4.8.12 (Debian Stretch) to 4.9.9 >> >> Anything

On 31/07/2019 12:04, Stefan G. Weichinger via samba wrote: > Am 31.07.19 um 12:50 schrieb Rowland penny via samba: >> On 31/07/2019 11:40, Stefan G. Weichinger via samba wrote: >>> Am 31.07.19 um 12:32 schrieb Rowland penny via samba: >>>> On 31/07/2019 11:22, Stefan G. Weichinger via samba wrote: >>>>> "dc" was the old name a few years ago

...server and rm-ed all containing "dc.mydomain.at" There was a SRV-record below "_msdcs.mydomain.at" "pdc" "_tcp" pointing to "dc.mydomain.at" tried to edit, didn't work, rm-ed it ... now there is only one SRV-entry there pointing to my "pre01svdeb02.mydomain.at" I assume I have to create a second one again?

Am 31.07.19 um 10:47 schrieb L.P.H. van Belle via samba: > I pointed to that link becuase of the last message. >>> The OU the users were in required read permissions on the Authenticated Users security group! > Im guyessing this is what your problem is, i just dont know where in your AD. OK, that might be the case. So the step is "add/check ACLs on the SYSVOL-share for

...y. One user gets displayed as "administrator" in smbstatus although he is named differently. Other users on other PCs are mapped correctly and files are created correctly (= get correct owner and group in linux fs). For the PC with the problematic issue I see on the DC: Jul 11 17:16:25 pre01svdeb02 samba[4657]: [2017/07/11 17:16:25.913628, 0] ../source4/rpc_server/drsuapi/writespn.c:235(dcesrv_drsuapi_DsWriteAccountSpn) Jul 11 17:16:25 pre01svdeb02 samba[4657]: Failed to modify SPNs on CN=PC-2016-03,OU=secret-Computer,DC=secret,DC=at: acl: spn validation failed for spn[TERMSRV/PC-2016-03.se...

...DC(3) first then we start thinking in kerberos corrections. > > Run samba_dnsupdate --verbose ( on both DC's ) > Post that output, ill have a look, and im getting a choco. :-) Now look at all that fun: dc.pilsbacher.at entry has been magically created again, it seems: root at pre01svdeb02:~# samba_dnsupdate --verbose IPs: ['192.168.16.205'] Looking for DNS entry A dc.pilsbacher.at 192.168.16.205 as dc.pilsbacher.at. Looking for DNS entry A pilsbacher.at 192.168.16.205 as pilsbacher.at. Looking for DNS entry SRV _ldap._tcp.pilsbacher.at dc.pilsbacher.at 389 as _ldap._tcp.pils...

...s was, strongswan is last what im on now. > > If someone has a strongswan setup with user/ldap auth, pm > me your config ;-) > > > > > > Ok, what you posted below. > > > > pre01svdeb03 : apt-get remove --purge --auroremove resolvconf > > Old dc: pre01svdeb02 : apt-get remove --purge --auroremove > resolvconf > > > > Make these changes/verify them after the remove of resolvconf > > > > pre01svdeb03 > > /etc/resolv.conf > > search pilsbacher.at > > nameserver 192.168.16.206 > > nameserver 192.168.16...

...4.8 on buster, ( hint : repo buster-squid48 ssl enabled ) What a dragon this was, strongswan is last what im on now. If someone has a strongswan setup with user/ldap auth, pm me your config ;-) Ok, what you posted below. pre01svdeb03 : apt-get remove --purge --auroremove resolvconf Old dc: pre01svdeb02 : apt-get remove --purge --auroremove resolvconf Make these changes/verify them after the remove of resolvconf pre01svdeb03 /etc/resolv.conf search pilsbacher.at nameserver 192.168.16.206 nameserver 192.168.16.205 pre01svdeb02 /etc/resolv.conf search pilsbacher.at nameserver 192.168.16.206 nam...

...0] > ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done) > ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error > code 1 rejoined the server and removed the DNS entry inbetween manually join worked ok, no DNS record after that more of this: Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]: [2019/07/10 08:16:36.662971, 0] ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done) Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]: ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error code 1 Jul 10 08:26:36 pre01s...

...ger via samba > Verzonden: vrijdag 12 juli 2019 10:24 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO infrastructure? -> 4.8.x to 4.9.x > > Am 10.07.19 um 08:40 schrieb Stefan G. Weichinger via samba: > > > more of this: > > > > Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]: > > [2019/07/10 08:16:36.662971, 0] > > ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done) > > Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]: > > ../source4/dsdb/dns/dns_update.c:353: Failed SPN update -...

...clean again. ( no need to reinstall os etc. just samba ) > > What? > > uninstall samba? > or unjoin from domain only? > > "reinstall samba" ? > > pls specify Ah, I understand this (correct me): mv FSMO-roles to pre01svdeb03 unjoin stop and totally cleanup pre01svdeb02 ... cleanup DNS at last rejoin pre01svdeb02 (= essentially joining a new DC here, right?) . correct ?

new thread, old issue been fiddling off-list with tips from Louis over the last days, and putting it back to the list to ask for help from others: 2 samba-4.9.11 DCs 1 samba-4.8.12 DM file server GPOs not working cleanly anymore tried to resync completely etc etc - right now I test gpupdate/gpresult on an older (not productive) W2008R2 server which I use for editing stuff via RSAT/MMC I

...t;administrator" in smbstatus although he is > named differently. Other users on other PCs are mapped correctly and > files are created correctly (= get correct owner and group in linux > fs). > > For the PC with the problematic issue I see on the DC: > > Jul 11 17:16:25 pre01svdeb02 samba[4657]: [2017/07/11 17:16:25.913628, > 0] > ../source4/rpc_server/drsuapi/writespn.c:235(dcesrv_drsuapi_DsWriteAccountSpn) > Jul 11 17:16:25 pre01svdeb02 samba[4657]: Failed to modify SPNs on > CN=PC-2016-03,OU=secret-Computer,DC=secret,DC=at: acl: spn validation > failed for...

...rzonden: woensdag 31 juli 2019 11:26 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO issues - getting SYSVOL cleaned up again > > > You may remember that there is some DNS-entry (does it come from > NT4-times??): > > dc.mydomain.at .. .205 (1st DC) > > pre01svdeb02 ... .205 (same machine, was the old NT4/samba-PDC) > > pre01svdeb03 ... .206 (2nd DC) > > > - > > From the w2008r2 I can access: > > \\192.168.16.205\\sysvol > \\192.168.16.206\\sysvol > > \\pre01svdeb02\\sysvol > \\pre01svdeb03\\sysvol > > But no...

...> Aan: samba at lists.samba.org > >> Onderwerp: Re: [Samba] GPO infrastructure? -> 4.8.x to 4.9.x > >> > >> Am 10.07.19 um 08:40 schrieb Stefan G. Weichinger via samba: > >> > >>> more of this: > >>> > >>> Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]: > >>> [2019/07/10 08:16:36.662971, 0] > >>> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done) > >>> Jul 10 08:16:36 pre01svdeb02 samba[25451]: task[dnsupdate][25451]: > >>> ../source4/dsdb/dns/dns_up...