search for: tcsbasi

I'm hoping this is the last issue I run into with bringing this new DC online. DNS replication is currently only working in one direction, from my old DC to my new DC. Items added or changed in the RSAT of my new DC don't ever make it over to the old DC. I have turned up samba logging on each side to 3, and you can see the logs below from the time I created a record on the new DC

I ran thru the wikipage you linked to, and the results were as they should be # record 1 dn: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tcsbasys,DC=com objectGUID: 0d5ebcac-88d7-44fb-a830-ec3eacb6757f # record 2 dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tcsbasys,DC=com objectGUID:

I'm sorry Rowland, I meant to mention in my initial email that I am running 4.7.3. and other replication (like AD object replication) is working in both directions. it is just DNS replication that is only working one way. On Tue, Dec 12, 2017 at 2:15 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Tue, 12 Dec 2017 14:00:32 -0600 > Taylor Hammerling via samba

I am attempting to transfer the all FSMO roles from an old DC to our new DC. Both DCs are running Samba 4.7.3. I have transferred the Schma, Infrastructure, RID, PDC and Naming roles without issue. unfortunately, the forestdns and domaindns roles are giving me grief. Here is the output of the commands root at dc1:~# samba-tool fsmo transfer --role=forestdns ldb_wrap open of secrets.ldb

Danke! On Fri, Dec 15, 2017 at 1:03 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 15 Dec 2017 11:56:25 -0600 > Taylor Hammerling <thammerling at tcsbasys.com> wrote: > > > Interesting... How do I go about getting them/keeping them in sync? > > > > see here: > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_ >

I found this page https://bugzilla.samba.org/show_bug.cgi?id=12807 which seemed to have someone experiencing the same issue I am. I tried adding "allow dcerpc auth level connect:dnsserver = yes" to my smb.conf, rebooted the server, but still I get the an access denied message in windows. However, what is logged in the log.samba files has changed since adding this option to my smb.conf.

The user is a member of "Domain Admins" so they should be able to access the DNS (as is evident by the fact that they can access the DNS thru RSAT on the initial DC). But just to be thorough I have added "Domain Admins" to the group "DnsAdmins" and tested again, still get the "access denied" error from within windows. On Tue, Dec 12, 2017 at 11:01 AM,

This isn't necessarily an issue (I don't think) but more so a curiosity. How are UIDs mapped to SIDs and then SIDs mapped to names in Samba4 across multiple DCs? I set up my DCs using Louis' how tos ( https://github.com/thctlo/samba4/tree/master/howtos). All of my DCs smb.confs have the line "idmap_ldp:use rfc2307 = yes" My policies folder under \sysvol\domainname\ has

Daniel, I could kiss you :D I am using the default SSL certs in samba. I tried connecting to the new DC using it's FQDN instead of it's IP, and BAM, it connected just fine. Couldn't really tell you why, but as long as I can access it I'm happy! On Tue, Dec 12, 2017 at 11:20 AM, Daniel Carrasco <d.carrasco at i2tic.com> wrote: > Are you using the default ssl certs in

Good morning all! I have two DCs, both running Samba 4.7.3. I have just joined the second DC to the domain. The second DC is replicating AD objects perfectly, I verified this by running "samba-tool drs showrepl" as well as using the ADUC RSAT snapin and adding a user to one DC, then switching the DC that ADUC connects to and verifying that the user was properly replicated. The DNS

Apologies, despite that error, the permissions now look good on the sysvol folder. Is there anything I need to do moving forward to keep my DCs idmap.ldbs in sync? or is this a one time thing? On Fri, Dec 15, 2017 at 1:16 PM, Taylor Hammerling <thammerling at tcsbasys.com > wrote: > ok, I followed the directions on that wikipage, made a hot backup, copied > the hot backup over to

Interesting... How do I go about getting them/keeping them in sync? On Fri, Dec 15, 2017 at 11:47 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 15 Dec 2017 11:09:38 -0600 > Taylor Hammerling via samba <samba at lists.samba.org> wrote: > > > This isn't necessarily an issue (I don't think) but more so a > > curiosity. > >

We aren't using BIND, we are using the builtin SAMBA backend. Also the requests for updates are going to come from external to the DC. IE, the inventory server needs to send a request to the DC to add/update/remove etc DNS records. This is why I'm looking for an API. On Tue, Nov 14, 2017 at 11:32 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Tue, 14 Nov

>From the inventory server, which is a separate server from the DC. it's a FOG server which has had several additional tables bolted onto the database and a PHP inventory page added to it. On Tue, Nov 14, 2017 at 12:05 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Tue, 14 Nov 2017 11:48:29 -0600 > Taylor Hammerling <thammerling at tcsbasys.com>

Are you using the default ssl certs in samba?. I had a similar issue, and after create my own certificate with all common names used on my domain (for example domain.com, dc1.domain.com and dc2.domain.com), I'm able to manage the dns using RSAT using that named. With ip address still failing. Greetings!! El 12 dic. 2017 6:13 p. m., "Taylor Hammerling via samba" < samba at

ok, I followed the directions on that wikipage, made a hot backup, copied the hot backup over to the new DC, renamed the hot backup (thus replacing the existing idmap.ldb) and ran "samba-tool ntacl sysvolreset" and it spat out the following after a minute or 2 of thinking... root at dc1 samba/private# samba-tool ntacl sysvolreset open: error=2 (No such file or directory) ERROR(runtime):

On 12/12/2017 11:24 AM, Taylor Hammerling via samba wrote: > I found this page https://bugzilla.samba.org/show_bug.cgi?id=12807 which > seemed to have someone experiencing the same issue I am. > I tried adding "allow dcerpc auth level connect:dnsserver = yes" to my > smb.conf, rebooted the server, but still I get the an access denied message > in windows. > However,

On Tue, 12 Dec 2017 11:56:08 -0600 Taylor Hammerling via samba <samba at lists.samba.org> wrote: > I am attempting to transfer the all FSMO roles from an old DC to our > new DC. Both DCs are running Samba 4.7.3. I have transferred the > Schma, Infrastructure, RID, PDC and Naming roles without issue. > > unfortunately, the forestdns and domaindns roles are giving me grief.

in my optinion, yes, i use my own packages for years now, started with 4.1.x  ( still the same servers) started with debian wheezy and these are now debian stretch.   Start reading here, it wil help you ;-) https://github.com/thctlo/samba4/tree/master/howtos      Greetz,   Louis   Van: Taylor Hammerling [mailto:thammerling at tcsbasys.com] Verzonden: dinsdag 12 december 2017 15:13 Aan: L.P.H.

by modify I mean add, change and/or remove DNS records (depending on the values passed to the API). Also, yes I mispoke, we would only be modifying the records on one DC, and replication would take care of the rest. On Mon, Nov 13, 2017 at 11:17 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Mon, 13 Nov 2017 11:07:28 -0600 > Taylor Hammerling via samba <samba