search for: smb4

...a dc configured to use the samba internal dns service. The version of samba I am using is 4.10.15 packaged for FreeBSD. Its build options state this: BIND911 : off BIND916 : off , , , GSSAPI_BUILTIN : on GSSAPI_MIT : off LDAP : on . . . NSUPDATE : off My smb4.conf file contains this: [global] bind interfaces only = Yes dns forwarder = 192.168.18.161 216.185.71.33 interfaces = lo0 localhost smb4-1 netbios name = SMB4-1 realm = BROCKLEY.HARTE-LYNE.CA server role = active directory domain controller workgroup = BROCKLEY idmap_ldb:use rfc23...

I am also seeing this in smbd.log: [2020/07/03 09:20:18.211558, 1] ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) GSS VerifyMic failed: A token had an invalid MIC: unknown mech-code 2529638943 for mech 1 2 840 113554 1 2 2 [2020/07/03 09:20:18.211625, 0] ../../source4/auth/gensec/gensec_gssapi.c:1347(gensec_gssapi_check_packet)

I have this on the DC smb4-1.brockley.harte-lyne.ca: samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=6, Children=0 SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca.,...

On 07.07.2020 21:14, Rowland penny via samba wrote: > On 07/07/2020 20:00, James B. Byrne via samba wrote: >> I have this on the DC smb4-1.brockley.harte-lyne.ca: >> >> samba-tool dns query localhost brockley.harte-lyne.ca >> brockley.harte-lyne.ca >> ALL -U administrator >> Password for [BROCKLEY\administrator]: >> ?? Name=, Records=6, Children=0 >> ???? SOA: serial=7, refresh=900, retry=6...

...ot;, line 1071, in run raise e File "/usr/local/lib/python3.7/site-packages/samba/netcmd/dns.py", line 1067, in run del_rec_buf) I thought that by demoting the second server that this would remove the offending address 192.168.216.162 but I had already corrected the smb.conf on smb4-2 and when it was demoted it removed 192.168.18.162 but not 192.168.216.162. So, I changed smb.conf on smb4-2 to not bind to specified interfaces and tried to rejoin the domain. I would then demote smb4-2 again in anticipation that this time both addresses would be removed. I intended then to reap...

[root at smb4-1 ~ (master)]# samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=4, Children=0 SOA: serial=3, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=hostm...

> Could be because you added the wrong line to your smb4.conf (why does > freebsd call it smb4.conf ?), Why does freebsd put these things in /usr/local/etc/? Some questions have answers that are not worth the effort to know. > try: > nsupdate command = /usr/local/sbin/nsupdate -g I did catch that error earlier. But it makes no difference....

...of curiosity, are you also using vfs_zfsacl? >> >> Yes. > > But only on DC1, AFAICT! > I see no mention of it on DC2's smb.conf. > That could be the reason why you have two different behaviour. > > bye > av. > That appears to make no difference: [root at smb4-1 ~ (master)]# grep acl /usr/local/etc/smb4.conf vfs objects = dfs_samba4 zfsacl [root at smb4-1 ~ (master)]# service samba_server onestart Performing sanity check on Samba configuration: OK Starting samba. [root at smb4-1 ~ (master)]# getfacl /var/db/samba4/sysvol # file: /var/db/samba4/sysvol...

...gt; You probably need both. > > Rowland If I use the -g option to nsupdate then I see this: update(nsupdate): A ForestDnsZones.brockley.harte-lyne.ca 192.168.18.161 Calling nsupdate for A ForestDnsZones.brockley.harte-lyne.ca 192.168.18.161 (add) Successfully obtained Kerberos ticket to DNS/SMB4-1.brockley.harte-lyne.ca as SMB4-1$ /usr/local/bin/nsupdate: cannot specify -g or -o, program not linked with GSS API Library Failed nsupdate: 1 When I remove the -g option then I get this: [root at smb4-1 ~ (master)]# grep nsupdate /usr/local/etc/smb4.conf dns update command = /usr/local/bi...

I changed the entries in smb4.conf (smb.conf) to this: [global] . . . dns update command = /usr/local/sbin/samba_dnsupdate nsupdate command = /usr/local/bin/samba-nsupdate -d -g And this is what results when I run: samba_dnsupdate --verbose -d8 --all-names . . . update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._s...

On 07/07/2020 20:00, James B. Byrne via samba wrote: > I have this on the DC smb4-1.brockley.harte-lyne.ca: > > samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca > ALL -U administrator > Password for [BROCKLEY\administrator]: > Name=, Records=6, Children=0 > SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600, &gt...

This is all the diagnostic information I can think of at the moment: [root at smb4-1 ~ (master)]# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: administrator at BROCKLEY.HARTE-LYNE.CA Issued Expires Principal Jul 2 10:35:11 2020 Jul 2 20:35:11 2020 krbtgt/BROCKLEY.HARTE-LYNE.CA at BROCKLEY.HARTE-LYNE.CA [root at smb4-1 ~ (mas...

On 07.07.2020 22:14, Mani Wieser via samba wrote: > > On 07.07.2020 21:14, Rowland penny via samba wrote: >> On 07/07/2020 20:00, James B. Byrne via samba wrote: >>> I have this on the DC smb4-1.brockley.harte-lyne.ca: >>> >>> samba-tool dns query localhost brockley.harte-lyne.ca >>> brockley.harte-lyne.ca >>> ALL -U administrator >>> Password for [BROCKLEY\administrator]: >>> ?? Name=, Records=6, Children=0 >>> ???? SOA: se...

.../samdb/ldb_modules/rootdse.c:518 >> Failed to find our own NTDS Settings DN in the ldb! >> >> How do I fix this? >> >> >> > Is this just on one DC ? > > If you run the same command on another DC does it complete without error ? > I have two (2) DCs, SMB4-1 and SMB4-2, and two (2) user workstations connected to the domain. SMB4-2 has all the FSMO roles. [root at smb4-2 ~ (master)]# samba-tool dbcheck --cross-ncs Checking 3542 objects Checked 3542 objects (0 errors) [root at smb4-1 ~ (master)]# samba-tool dbcheck --cross-ncs Searching for dsServi...

...ne is to finally get the domain provisioned again. And yet, something I have done has changed the behaviour of this command. This testing is all taking place inside a FreeBSD jail. The /etc/hosts file contains this: 127.0.166.1 localhost localhost.brockley.harte-lyne.ca 192.168.8.166 smb4-1 smb4-1.brockley.harte-lyne.ca 192.168.8.167 smb4-2 smb4-2.brockley.harte-lyne.ca ping smb4-1 PING smb4-1 (192.168.8.166): 56 data bytes 64 bytes from 192.168.8.166: icmp_seq=0 ttl=64 time=0.065 ms 64 bytes from 192.168.8.166: icmp_seq=1 ttl=64 time=0.070 ms 64 bytes from 192.168.8.166:...

...ea Venturoli wrote: > On 2020-07-10 14:47, James B. Byrne wrote: >> FreeBSD-12.1p6 IOCage thick jails on ZFS, samba-4.10.15: > > Can you post the smb.conf of both DCs? > > Just out of curiosity, are you also using vfs_zfsacl? Yes. smb.confs DC1 and DC2: /zroot/iocage/jails/smb4-1a/root/usr/local/etc/smb4.conf [root at vhost04 ~ (master)]# cat /zroot/iocage/jails/smb4-1/root/usr/local/etc/smb4.conf # Global parameters [global] bind interfaces only = Yes interfaces = localhost smb4-1 netbios name = SMB4-1 realm = BROCKLEY.HARTE-LYNE.CA workgroup = BROCKLEY serv...

...; >> Anyone know how to deal with this? >> > If you have lines in your smb.conf similar to these: > > ?????? bind interfaces only = yes > ?????? interfaces = lo eth0 > > Remove them, there was a bug, now fixed, that caused this. > > Rowland > > [root at smb4-2 ~ (master)]# grep 'localhost\|smb4-2' /etc/hosts #::1 localhost localhost.brockley.harte-lyne.ca #::162:1 localhost localhost.brockley.harte-lyne.ca 127.0.162.1 localhost localhost.brockley.harte-lyne.cao 192.168.18.162 smb4-2.brockley.harte-lyne.ca smb4-2 [ro...

What is the best way to authenticate users in SMB4 DC on Linux workstation? I'm using pam_winbind, but sometimes its very slow... -- []'s Jefferson B. Limeira jbl at internexxus.com.br https://br.linkedin.com/in/jlimeira (41) 9928-8628

...erything and restart from the very beginning. I created a new jail. I installed samba410 samba-nsupdate py37-dnspython as these are current. I provisioned a domain: samba-tool domain provision --adminpass=INstall166 --dns-backend=SAMBA_INTERNAL --dnspass=INstall166 --domain=BROCKLEY --host-name=SMB4-1 --host-ip=192.168.8.166 --option="bind interfaces only=yes" --option="interfaces=lo0 localhost em0 smb4-1" --option="vfs objects"="dfs_samba4 zfsacl" --realm=BROCKLEY.HARTE-LYNE.CA --server-role=dc --use-rfc2307 I modified /etc/nsswitch.conf and /usr/local...

FreeBSD-12.1p7 Samba-4.10.15 I attempted (and failed) to restart the second DC on a test domain and got this error in smbd.log Failed to find our own NTDS Settings DN in the ldb! [root at smb4-1 ~ (master)]# host -t A smb4-1.brockley.harte-lyne.ca smb4-1.brockley.harte-lyne.ca has address 192.168.18.161 [root at smb4-1 ~ (master)]# host -t A smb4-2.brockley.harte-lyne.ca smb4-2.brockley.harte-lyne.ca has address 192.168.18.162 [root at smb4-1 ~ (master)]# samba-ldbsearch -H /var/db/sam...