search for: pre01svdeb03

...IPs: ['192.168.16.205'] Looking for DNS entry A dc.pilsbacher.at 192.168.16.205 as dc.pilsbacher.at. Looking for DNS entry A pilsbacher.at 192.168.16.205 as pilsbacher.at. Looking for DNS entry SRV _ldap._tcp.pilsbacher.at dc.pilsbacher.at 389 as _ldap._tcp.pilsbacher.at. Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV _ldap._tcp.pilsbacher.at dc.pilsbacher.at 389 Checking 0 100 389 dc.pilsbacher.at. against SRV _ldap._tcp.pilsbacher.at dc.pilsbacher.at 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.pilsbacher.at dc.pilsbacher.at 389 as _ldap._tcp.dc._msdcs.pilsbacher.at. Checking 0...

...ps.. Pfew.. But guys, when done im posting this howto also. With squid 4.8 on buster, ( hint : repo buster-squid48 ssl enabled ) What a dragon this was, strongswan is last what im on now. If someone has a strongswan setup with user/ldap auth, pm me your config ;-) Ok, what you posted below. pre01svdeb03 : apt-get remove --purge --auroremove resolvconf Old dc: pre01svdeb02 : apt-get remove --purge --auroremove resolvconf Make these changes/verify them after the remove of resolvconf pre01svdeb03 /etc/resolv.conf search pilsbacher.at nameserver 192.168.16.206 nameserver 192.168.16.205 pre01svd...

Am 31.07.19 um 17:54 schrieb Stefan G. Weichinger via samba: > Am 31.07.19 um 17:33 schrieb L.P.H. van Belle via samba: > >> Which is the DC with FSMO roles, if its DC1 then move them to pre01svdeb03.pilsbacher.at >> Remove/purge this DC and join clean again. ( no need to reinstall os etc. just samba ) > > What? > > uninstall samba? > or unjoin from domain only? > > "reinstall samba" ? > > pls specify Ah, I understand this (correct me): mv FSMO-...

"--seize" helped: root at pre01svdeb03:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pilsbacher,DC=at InfrastructureMasterRole owner: CN=NTDS Settings,CN=PRE01SVDEB03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pi...

...cher.at 192.168.16.205 Looking for DNS entry A pilsbacher.at 192.168.16.205 as pilsbacher.at. need cache add: SRV _ldap._tcp.pilsbacher.at pre01svdeb02.pilsbacher.at 389 Looking for DNS entry SRV _ldap._tcp.pilsbacher.at pre01svdeb02.pilsbacher.at 389 as _ldap._tcp.pilsbacher.at. Checking 0 100 389 pre01svdeb03.pilsbacher.at. against SRV _ldap._tcp.pilsbacher.at pre01svdeb02.pilsbacher.at 389 Checking 0 100 389 pre01svdeb02.pilsbacher.at. against SRV _ldap._tcp.pilsbacher.at pre01svdeb02.pilsbacher.at 389 need cache add: SRV _ldap._tcp.dc._msdcs.pilsbacher.at pre01svdeb02.pilsbacher.at 389 Looking for DNS...

Am 31.07.19 um 18:03 schrieb Stefan G. Weichinger via samba: > Am 31.07.19 um 17:54 schrieb Stefan G. Weichinger via samba: >> Am 31.07.19 um 17:33 schrieb L.P.H. van Belle via samba: >> >>> Which is the DC with FSMO roles, if its DC1 then move them to pre01svdeb03.pilsbacher.at >>> Remove/purge this DC and join clean again. ( no need to reinstall os etc. just samba ) >> >> What? >> >> uninstall samba? >> or unjoin from domain only? >> >> "reinstall samba" ? >> >> pls specify > >...

> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: vrijdag 12 juli 2019 10:24 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO infrastructure? -> 4.8.x to 4.9.x > > Am 10.07.19 um 08:40 schrieb Stefan G. Weichinger via samba: > > > more of this: > >

...8.16.205'] > Looking for DNS entry A dc.mydomain.at 192.168.16.205 as > dc.mydomain.at. > Looking for DNS entry A mydomain.at 192.168.16.205 as mydomain.at. > Looking for DNS entry SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 as > _ldap._tcp.mydomain.at. > Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV > _ldap._tcp.mydomain.at dc.mydomain.at 389 > Checking 0 100 389 dc.mydomain.at. against SRV _ldap._tcp.mydomain.at > dc.mydomain.at 389 > Looking for DNS entry SRV _ldap._tcp.dc._msdcs.mydomain.at > dc.mydomain.at 389 as _ldap._tcp.dc._msdcs.mydomain.at. &gt...

Hai, And thanks for the other check i needed to know if the A record did exist. >> ldap1 CNAME pre01svdeb02 >> ldap2 CNAME pre01svdeb03 >sorry, typo -------------^ Yes i was expecting that. ;-) What i see, all SOA record and serialnr are same where is should be so thats ok. What i noticed is this part. dig a dc.pilsbacher.at @192.168.16.205/206 replies. DNS1 ( DC1 /pre01svdeb02 (old DC) ) : A 192.168.16.205 dc.pilsbacher....

...; > I assume I face something similar > > > my 2 DCs seem to be out of sync for DNS I demoted and rejoined, and still see: ; TSIG error with server: tsig verify failure Failed nsupdate: 2 update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pilsbacher.at pre01svdeb03.pilsbacher.at 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pilsbacher.at pre01svdeb03.pilsbacher.at 389 (add) Successfully obtained Kerberos ticket to DNS/pre01svdeb03.pilsbacher.at as PRE01SVDEB03$ Outgoing update query: ;; ->>HEADER<<- opcode:...

Am 13.03.19 um 17:13 schrieb Stefan G. Weichinger via samba: > Am 13.03.19 um 16:53 schrieb L.P.H. van Belle: >> Ok thats small, a dc should be rebooted within 1-2 min and 1-2 min really max for AD sync. one more observation: manually running this works: root at pre01svdeb03:~# samba-tool drs replicate dc PRE01SVDEB03 dc=blabla,dc=at --full-sync but the one user I created (and need) via Windows RSAT, is only visible via wbinfo on one DC: root at pre01svdeb03:~# wbinfo -u | grep elser root at pre01svdeb03:~# root at pre01svdeb02:~# wbinfo -u | grep elser BUERO\el...

...dc.mydomain.at 192.168.16.205, queried as dc.mydomain.at. does not exist need update: A dc.mydomain.at 192.168.16.205 Looking for DNS entry A mydomain.at 192.168.16.205 as mydomain.at. Looking for DNS entry SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 as _ldap._tcp.mydomain.at. Checking 0 100 389 pre01svdeb03.mydomain.at. against SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 Checking 0 100 389 pre01svdeb02.mydomain.at. against SRV _ldap._tcp.mydomain.at dc.mydomain.at 389 Lookup of _ldap._tcp.mydomain.at. succeeded, but we failed to find a matching DNS entry for SRV _ldap._tcp.mydomain.at dc.mydomain.at...

On 31/07/2019 12:04, Stefan G. Weichinger via samba wrote: > Am 31.07.19 um 12:50 schrieb Rowland penny via samba: >> On 31/07/2019 11:40, Stefan G. Weichinger via samba wrote: >>> Am 31.07.19 um 12:32 schrieb Rowland penny via samba: >>>> On 31/07/2019 11:22, Stefan G. Weichinger via samba wrote: >>>>> "dc" was the old name a few years ago

I figured it out myself. The kerberos configuration on the old dc cobra was bad ? no clue why it worked at all until yesterday. After fixing it, testing with kinit, and restarting the dc processes it resumed replication. Joachim Von: Joachim Lindenberg <samba at lindenberg.one> Gesendet: Friday, 19 July 2019 16:54 An: samba at lists.samba.org Betreff: replication stuck? Until

...eichinger via samba: > > Am 13.03.19 um 16:53 schrieb L.P.H. van Belle: > >> Ok thats small, a dc should be rebooted within 1-2 min and 1-2 min > >> really max for AD sync. > > one more observation: > > manually running this works: > > > root at pre01svdeb03:~# samba-tool drs replicate dc PRE01SVDEB03 > dc=blabla,dc=at --full-sync > > > but the one user I created (and need) via Windows RSAT, is only > visible via wbinfo on one DC: > > root at pre01svdeb03:~# wbinfo -u | grep elser > root at pre01svdeb03:~# > > root a...

Am 31.07.19 um 10:47 schrieb L.P.H. van Belle via samba: > I pointed to that link becuase of the last message. >>> The OU the users were in required read permissions on the Authenticated Users security group! > Im guyessing this is what your problem is, i just dont know where in your AD. OK, that might be the case. So the step is "add/check ACLs on the SYSVOL-share for

Am 13.03.19 um 12:49 schrieb Rowland Penny via samba: >> Should /etc/hosts contain pointers to own FQDN or not? To DCs? >> > > /etc/hosts should contain a line that points 127.0.0.1 to localhost and > a line that points the DC's ipaddress to its FQDN and shorthostname > > EXAMPLE: > > 127.0.0.1 localhost > 192.168.0.6 dc4.samdom.example.com dc4 >

Hai Stefan, > > ;-) > > 3000 errors ... I mean ... what? No.. Not error, out of sync objects. > > ~30 users: small Ok thats small, a dc should be rebooted within 1-2 min and 1-2 min really max for AD sync. > > maybe I risk a DC1 reboot after 6pm > Not much time tmrw, so I am hesitating. Otherwise I'd like to have it > solved (again/for a a while). If

...; Onderwerp: Re: [Samba] GPO issues - getting SYSVOL cleaned up again > > > You may remember that there is some DNS-entry (does it come from > NT4-times??): > > dc.mydomain.at .. .205 (1st DC) > > pre01svdeb02 ... .205 (same machine, was the old NT4/samba-PDC) > > pre01svdeb03 ... .206 (2nd DC) > > > - > > From the w2008r2 I can access: > > \\192.168.16.205\\sysvol > \\192.168.16.206\\sysvol > > \\pre01svdeb02\\sysvol > \\pre01svdeb03\\sysvol > > But not > > \\dc\sysvol Run : nslookup dc If this one removed, then its...

...needed ( on both servers ) So yes this is an improvement. Next, verify this, and post me the outputs. You can use any server to run this, EXECPT the DC's. dig a dc.pilsbacher.at @192.168.16.205 |grep -v ";" dig a dc.pilsbacher.at @192.168.16.206 |grep -v ";" dig a pre01svdeb03.pilsbacher.at @192.168.16.205 |grep -v ";" dig a pre01svdeb03.pilsbacher.at @192.168.16.206 |grep -v ";" dig -x 192.168.16.205 @192.168.16.205 |grep -v ";" dig -x 192.168.16.206 @192.168.16.205 |grep -v ";" dig -x 192.168.16.205 @192.168.16.206 |grep -v &qu...