search for: subzone

...machines are still looking for the old PDC. How do > the win7 machines get their IP etc, or to put it another way, is DNS > set up correctly ? We have keep unchanged our DNS and DHCP setup: machines got dns as in previous configuration, the (old) dns simply forward requests to the AD domain subzones. DNS seems to work as expected. On win7 box, event viewer seems to have useful info... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Ta...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found out problems with dynamic add of hosts to zones. If somebody has idea how to fix it, please do tell. My head is not working on this on properly. Hope you get idea from this message. I''m trying to simplify this as much as possible to get problem clear. Problem is: Zones: vpn wlan net Interfaces: net eth0 wlan eth1 Policies: vpn all

...'SVCORSI', and the new AD DC for the domain 'LNFFVG', with different SID! They are different domains! > > We have keep unchanged our DNS and DHCP setup: machines got dns as in > > previous configuration, the (old) dns simply forward requests to the > > AD domain subzones. > Your win7 machines should be using the AD DC as their dns server. Why?! Does not suffices to have working DNS? or the bind_dlz module do also some protocol extensions? > > DNS seems to work as expected. On win7 box, event viewer seems to have > > useful info... > If event v...

...dns0 > > options timeout:1 > > options attempts:2 > > Added. I'll do some more tests when back from holyday. > > Anyway, the first resolver listed is 'localhost' (that is, indeed, the > main DNS resolver); the local/main resolver have the AD domain as a > subzone, with correct resolver defined. > > Better to have a 'forward zone' defined? > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' > http://www.lanostrafamiglia.it/ > Polo FVG - Via del...

hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or

...d SYSVOL access control list from Windows-DC-SYSVOL using Win-Cmd.exe: <code>xcopy /g /c /h /r /o /x /y /s /e /t \\win-dc\sysvol\*.* \\samba-dc\sysvol\</code> * Setup RSync or similar **TODO** http://wiki.samba.org/index.php/SysVol_Replication * DNS-Server settings * DNS-SubZones check: entries for DCs - incl. Subzones for location sites * DNS-NameServer check for zone of domain: are all entries there? * **TODO** Zone my.domain.com should be replicated to all DCs (defined by setting) - but it doesn't happen currently - is there a missing link to the new Sam...

...ed sample configurations which were withdrawn on 4/8/2002. Users still employing one of those samples must upgrade to the latest samples before running Shorewall 1.3.0. 3. You may now exclude zone A from a DNAT or REDIRECT rule that applies to zone B where zone A is a subzone of sone B. 4. The whitelist capability has been deimplemented. With recent changes to the firewall structure and change 3. above, white lists are now best implemented using zones as shown at: http://www.shorewall.net/whitelisting_under_shorewall.htm 5. A ''filterping'' i...

...located on the LAN side. i.e: shorewall.conf: DYNAMIC_ZONES=Yes zones: test Testing Tests on going (dynamic) users Users Users on the LAN lan LAN Local Area Network net Inet Internet interfaces: net eth0 detect lan eth1 detect hosts: users eth1:10.0.1.128/25 # Embeded in LAN zone (subzone) #test eth1 # Undef here - i.e: dynamic #lan eth1:10.0.1.0/24 # defined implicitly #net eth0:0.0.0.0/0 # defined implicitly policy: fw all REJECT info net all DROP info test all DROP info users all REJECT info lan all DROP info all all DROP info rules (exerp): ACCEPT test net tcp...

...r the old PDC. How > > do the win7 machines get their IP etc, or to put it another way, is > > DNS set up correctly ? > > We have keep unchanged our DNS and DHCP setup: machines got dns as in > previous configuration, the (old) dns simply forward requests to the > AD domain subzones. > Your win7 machines should be using the AD DC as their dns server. > DNS seems to work as expected. On win7 box, event viewer seems to have > useful info... > If event viewer does have useful info, what is it ? Rowland

...s of 'SVCORSI', then they still might be trying to find it, best thing is to turn it off. > > > > We have keep unchanged our DNS and DHCP setup: machines got dns > > > as in previous configuration, the (old) dns simply forward > > > requests to the AD domain subzones. > > Your win7 machines should be using the AD DC as their dns server. > > Why?! Does not suffices to have working DNS? or the bind_dlz module do > also some protocol extensions? It doesn't matter if you are using the internal dns server or Bind9, they both use the data stored...

Hi, How do we do classicupgrade if the DNS server for the domain is separate to the Samba box? If we use dns-backend = SAMBA_INTERNAL , it'll setup the Samba Internal DNS. The DNS server is a linux box. Regards, Praveen Ghimire

The 3.1 Beta is now available -- check the Shorewall home page. -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Yesterday we have done our first trunk of migration from our Samba4-NT4 domains to our new Samba 4 (2:4.5.12+dfsg-2+deb9u2~bpo8+1) AD domain. Main shares are kept on old server, so we have migrated computers and users (homes and roaming profiles). We have done in the past some tests, without many troubles, so we are confident. Alla computer are Win7 Pro, alla configured in the same way via

...s > caching/forwarder only. > > Ok. > > > > All you need is for the forwarding is : > > But, sorry me, what advantage i have to use 'forward zone' instead of > using 'normal' dns zone handling (eg, supposing as suggested the AD > zone is in a subzone, using correctly glue records in the main zone)? > > If i use normal dns zone handling, i set the NS glue record > only in one place (the parent zone file), and at least until i do 'the > right thing' > (eg, i can resolv the parent zone), i'm OK. Yes, that will work b...

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

Hello, I'm running Samba 4.9.5 as domain member, when I bring down the current Window DC (10.50.50.187) the winbind seems to hang instead of switching to the other available DC (10.50.50.25) The "net ads" command show that Samba switched to the other available DC: net ads join -U 'administrator' -S 'PAVONE.HYPERFILE.LOCAL' 'HYPERFILE.LOCAL'^C root at

...> in local from samba4. > > If I try to move from a new empty windows 2008 ad, The service start and > answer well... > So I think something in my old DNS database is missing or disturbing... You may check if it is not an issue with the _msdcs zone: in win2k, the _msdcs zone was a subzone under the domain.lan zone. From win2k3 onward, it is a separate zone because it is located in a separate AD partition. The change from dc=domain,dc=lan partition to the dc=ForestDNSZones,dc=domain,dc=lan partition is not automatic. You may take a look at http://support.microsoft.com/en-us/kb/81...

...t;> >> If I try to move from a new empty windows 2008 ad, The service start and >> answer well... >> So I think something in my old DNS database is missing or disturbing... > > You may check if it is not an issue with the _msdcs zone: in win2k, > the _msdcs zone was a subzone under the domain.lan zone. From win2k3 > onward, it is a separate zone because it is located in a separate AD > partition. The change from dc=domain,dc=lan partition to the > dc=ForestDNSZones,dc=domain,dc=lan partition is not automatic. > > You may take a look at http://support.m...

Hello, I try to migrate form an old windows AD ( win 2000 ) So I use a temporary windows2008R2 to move AD from win2000 to S4. Forest and domain level are W2008R2. Now I have some problems with the dns in samba4. I have no answers even in local from samba4. If I try to move from a new empty windows 2008 ad, The service start and answer well... So I think something in my old DNS database is

Believe me: Read the FAQ Checked over and over This might be toooooo stupid to be documented. Please bear with me. Any help ? Situation: single card standalone "firewall" (used like a "personal firewall"). Have sshd running on the FW. Want the sshd daemon to be accessible only from 2 LANs: 1) My other home LAN machine 2) IBM intranet machines (9.0.0.0) Whatever I have