search for: tcsbasys

...it over to the old DC. I have turned up samba logging on each side to 3, and you can see the logs below from the time I created a record on the new DC (around 13:39:17) Here are the logs for when I create a new A record on the NEW DC OLD DC (I believe d8d2fe1e-c14c-4dcb-98b6-b6c974a49d99._msdcs.tcsbasys.com refers to a DC which no longer exists in the domain) [2017/12/12 13:39:00.724602, 3] ../libcli/nbt/lmhosts.c:184(resolve_lmhosts_file_as_sockaddr) resolve_lmhosts: Attempting lmhosts lookup for name d8d2fe1e-c14c-4dcb-98b6-b6c974a49d99._msdcs.tcsbasys.com<0x20> [2017/12/12 13:39:00.74...

I ran thru the wikipage you linked to, and the results were as they should be # record 1 dn: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tcsbasys,DC=com objectGUID: 0d5ebcac-88d7-44fb-a830-ec3eacb6757f # record 2 dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tcsbasys,DC=com objectGUID: 7da1efbb-3b68-4249-ab03-e09c3ffc0d1a # returned 2 records # 2 entries # 0 referrals root at dc1:~# host -t...

...to 3, and you can see the > > logs below from the time I created a record on the new DC (around > > 13:39:17) > > > > Here are the logs for when I create a new A record on the NEW DC > > > > OLD DC (I believe > > d8d2fe1e-c14c-4dcb-98b6-b6c974a49d99._msdcs.tcsbasys.com refers to a > > DC which no longer exists in the domain) > > > > Go and have a look here: > > https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record > > I think you are running into a problem that has been fixed in 4.7.0 > > Rowland > >...

...are giving me grief. Here is the output of the commands root at dc1:~# samba-tool fsmo transfer --role=forestdns ldb_wrap open of secrets.ldb lpcfg_load: refreshing parameters from /etc/samba/smb.conf resolve_lmhosts: Attempting lmhosts lookup for name 7da1efbb-3b68-4249-ab03-e09c3ffc0d1a._msdcs.tcsbasys.com<0x20> GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' r...

Danke! On Fri, Dec 15, 2017 at 1:03 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 15 Dec 2017 11:56:25 -0600 > Taylor Hammerling <thammerling at tcsbasys.com> wrote: > > > Interesting... How do I go about getting them/keeping them in sync? > > > > see here: > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_ > Existing_Active_Directory#Built-in_Groups_GID_Mappings > > Rowland > > -- > To uns...

..._server.c:1824(dcesrv_request) dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver] with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4: 172.28.9.100:49994] when I try to open the DNS Management RSAT On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling < thammerling at tcsbasys.com> wrote: > I cranked up the log level to 3 and found this in the log.samba file when > trying to open the DNS Manager RSAT from my client machine (which is joined > to the same domain as the DCs) > > [2017/12/12 09:59:30.601170, 2] ../source4/rpc_server/dcerpc_ > server.c:...

...ess by min_auth_level[0x4] to [dnsserver] >> with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4: >> 172.28.9.100:49994] >> >> when I try to open the DNS Management RSAT >> >> On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling < >> thammerling at tcsbasys.com> wrote: >> >> I cranked up the log level to 3 and found this in the log.samba file when >>> trying to open the DNS Manager RSAT from my client machine (which is >>> joined >>> to the same domain as the DCs) >>> >>> [2017/12/12 09:59:30...

...-s S-1-5-32-544 BUILTIN\Administrators 4 root at dc1 /# wbinfo -G 3000000 S-1-5-32-544 root at dc1 /# wbinfo -s S-1-5-32-544 BUILTIN\Administrators 4 root at dc1 /# wbinfo -U 3000008 S-1-5-21-2360315722-3846793618-1593657947-572 root at dc1 /# wbinfo -s S-1-5-21-2360315722-3846793618-1593657947-572 TCSBASYS\Denied RODC Password Replication Group 4 root at dc1 /# wbinfo -G 3000008 S-1-5-21-2360315722-3846793618-1593657947-572 root at dc1 /# wbinfo -s S-1-5-21-2360315722-3846793618-1593657947-572 TCSBASYS\Denied RODC Password Replication Group 4 DC2======------ root at dc2 /# wbinfo -U 3000000 S-1-5-32...

...h auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4: >> >> 172.28.9.100:49994] >> >> >> >> when I try to open the DNS Management RSAT >> >> >> >> On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling < >> >> thammerling at tcsbasys.com> wrote: >> >> >> >> I cranked up the log level to 3 and found this in the log.samba file >> when >> >>> trying to open the DNS Manager RSAT from my client machine (which is >> >>> joined >> >>> to the same domain as t...

...is will just be an easy fix of chmodding/chowing something... I've spent the last hour googling and have come up with nada. Any help you can provide would be VERY appreciated! -- *Taylor Hammerling* | *IT Manager* 2800 Laura Lane | Middleton, WI 53562 *O *(608) 669-9070 *| C *(608) 512-7849 tcsbasys.com | ubiquistat.com

Apologies, despite that error, the permissions now look good on the sysvol folder. Is there anything I need to do moving forward to keep my DCs idmap.ldbs in sync? or is this a one time thing? On Fri, Dec 15, 2017 at 1:16 PM, Taylor Hammerling <thammerling at tcsbasys.com > wrote: > ok, I followed the directions on that wikipage, made a hot backup, copied > the hot backup over to the new DC, renamed the hot backup (thus replacing > the existing idmap.ldb) and ran "samba-tool ntacl sysvolreset" and it spat > out the following after a min...

...000 > > S-1-5-32-544 > > root at dc1 /# wbinfo -s S-1-5-32-544 > > BUILTIN\Administrators 4 > > root at dc1 /# wbinfo -U 3000008 > > S-1-5-21-2360315722-3846793618-1593657947-572 > > root at dc1 /# wbinfo -s S-1-5-21-2360315722-3846793618-1593657947-572 > > TCSBASYS\Denied RODC Password Replication Group 4 > > root at dc1 /# wbinfo -G 3000008 > > S-1-5-21-2360315722-3846793618-1593657947-572 > > root at dc1 /# wbinfo -s S-1-5-21-2360315722-3846793618-1593657947-572 > > TCSBASYS\Denied RODC Password Replication Group 4 > > > &gt...

...ver needs to send a request to the DC to add/update/remove etc DNS records. This is why I'm looking for an API. On Tue, Nov 14, 2017 at 11:32 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Tue, 14 Nov 2017 11:18:04 -0600 > Taylor Hammerling <thammerling at tcsbasys.com> wrote: > > > by modify I mean add, change and/or remove DNS records (depending on > > the values passed to the API). > > Also, yes I mispoke, we would only be modifying the records on one > > DC, and replication would take care of the rest. > > > > OK,...

...a FOG server which has had several additional tables bolted onto the database and a PHP inventory page added to it. On Tue, Nov 14, 2017 at 12:05 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Tue, 14 Nov 2017 11:48:29 -0600 > Taylor Hammerling <thammerling at tcsbasys.com> wrote: > > > We aren't using BIND, we are using the builtin SAMBA backend. Also > > the requests for updates are going to come from external to the DC. > > IE, the inventory server needs to send a request to the DC to > > add/update/remove etc DNS records. T...

...erver] > >> with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4: > >> 172.28.9.100:49994] > >> > >> when I try to open the DNS Management RSAT > >> > >> On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling < > >> thammerling at tcsbasys.com> wrote: > >> > >> I cranked up the log level to 3 and found this in the log.samba file > when > >>> trying to open the DNS Manager RSAT from my client machine (which is > >>> joined > >>> to the same domain as the DCs) > >>&gt...

...ity.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service) root at dc1 samba/private# Please note, DC2 is the DC that has the correct GID mappings, DC1 does not, so I'm copying from DC2 to DC1. On Fri, Dec 15, 2017 at 1:08 PM, Taylor Hammerling <thammerling at tcsbasys.com > wrote: > Danke! > > On Fri, Dec 15, 2017 at 1:03 PM, Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> On Fri, 15 Dec 2017 11:56:25 -0600 >> Taylor Hammerling <thammerling at tcsbasys.com> wrote: >> >> > Interesting......

...dcesrv_request: restrict access by min_auth_level[0x4] to [dnsserver] > with auth[type=0xa,level=0x2] on [ncacn_ip_tcp] from [ipv4: > 172.28.9.100:49994] > > when I try to open the DNS Management RSAT > > On Tue, Dec 12, 2017 at 10:04 AM, Taylor Hammerling < > thammerling at tcsbasys.com> wrote: > >> I cranked up the log level to 3 and found this in the log.samba file when >> trying to open the DNS Manager RSAT from my client machine (which is joined >> to the same domain as the DCs) >> >> [2017/12/12 09:59:30.601170, 2] ../source4/rpc_serve...

...the output of the commands > > root at dc1:~# samba-tool fsmo transfer --role=forestdns > ldb_wrap open of secrets.ldb > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > resolve_lmhosts: Attempting lmhosts lookup for name > 7da1efbb-3b68-4249-ab03-e09c3ffc0d1a._msdcs.tcsbasys.com<0x20> > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend...

...n packages for years now, started with 4.1.x  ( still the same servers) started with debian wheezy and these are now debian stretch.   Start reading here, it wil help you ;-) https://github.com/thctlo/samba4/tree/master/howtos      Greetz,   Louis   Van: Taylor Hammerling [mailto:thammerling at tcsbasys.com] Verzonden: dinsdag 12 december 2017 15:13 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] failure joining a domain as a DC Thanks much!  I noticed that in order to get 4.7.3 I have to use stretch-unstable.  These are production DCs.  Is it safe to use unstable deb...

...> > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- *Taylor Hammerling* | *IT Manager* 2800 Laura Lane | Middleton, WI 53562 *O *(608) 669-9070 *| C *(608) 512-7849 tcsbasys.com | ubiquistat.com