search for: tld

...an you try this on your second DC, run >> 'samba_dnsupdate --verbose' >> >> Rowland >> > > Doesn't look too good to me: > > > [root at DC2 me]# samba_dnsupdate --verbose > IPs: ['IP_of_2nd_DC'] > Looking for DNS entry A DC2.my.domain.tld IP_of_2nd_DC as > DC2.my.domain.tld. > Looking for DNS entry A my.domain.tld IP_of_2nd_DC as my.domain.tld. > Failed to find matching DNS entry A my.domain.tld IP_of_2nd_DC > Looking for DNS entry SRV _ldap._tcp.my.domain.tld DC2.my.domain.tld > 389 as _ldap._tcp.my.domain.tld. &gt...

...gt;>>> >>>>>>> Lets start with the obvious, does the record exist, running the >>>>>>> following command should produce a record for every DC: >>>>>>> >>>>>>> host -t SRV _ldap._tcp.dc._msdcs.augusta.domain.tld. >>>>>> >>>>>> root at dc:/home/torsten# host -t SRV >>>>>> _ldap._tcp.dc._msdcs.augusta.domain.tld. >>>>>> _ldap._tcp.dc._msdcs.augusta.domain.tld has SRV record 0 100 389 >>>>>> dc.augusta.domain.tld. >&g...

On 10/12/15 14:00, Ole Traupe wrote: > > > Am 10.12.2015 um 14:38 schrieb Rowland penny: >> On 10/12/15 13:25, Ole Traupe wrote: >>> Is it possible that kdc server is always the SOA, at least if >>> derived from DNS and not specified *explicitly* in the krb5.conf? >>> >>> In my DNS-Manager console I find that >>> >>>

...> >>> >>> A setup on howto improve your samba network and simplify it. >>> This is how i setup, sure looks dificult but its all about DNS setup and >>> what you add to it. >>> >>> For AD-DC.s ( AD, TIME, NS, LDAP ) >>> Hostname.FQDN.TLD : max 63chars, incl the .'s allowed chars: a-Z 0-9 - >>> >>> Hostname : sam-dc1.internal.domain.tld >>> IP : what you need/want. ( example 192.168.1.11 ) >>> PTR : 11.0.168.192.in-addr.arpa >>> CNAME : dc1 ns1 ldap1 ntp1 >>&g...

...> >> >> > > Possibly, but can you try this on your second DC, run 'samba_dnsupdate > --verbose' > > Rowland > Doesn't look too good to me: [root at DC2 me]# samba_dnsupdate --verbose IPs: ['IP_of_2nd_DC'] Looking for DNS entry A DC2.my.domain.tld IP_of_2nd_DC as DC2.my.domain.tld. Looking for DNS entry A my.domain.tld IP_of_2nd_DC as my.domain.tld. Failed to find matching DNS entry A my.domain.tld IP_of_2nd_DC Looking for DNS entry SRV _ldap._tcp.my.domain.tld DC2.my.domain.tld 389 as _ldap._tcp.my.domain.tld. Checking 0 100 389 DC1.my.dom...

...>> 'samba_dnsupdate --verbose' >>> >>> Rowland >>> >> >> Doesn't look too good to me: >> >> >> [root at DC2 me]# samba_dnsupdate --verbose >> IPs: ['IP_of_2nd_DC'] >> Looking for DNS entry A DC2.my.domain.tld IP_of_2nd_DC as >> DC2.my.domain.tld. >> Looking for DNS entry A my.domain.tld IP_of_2nd_DC as my.domain.tld. >> Failed to find matching DNS entry A my.domain.tld IP_of_2nd_DC >> Looking for DNS entry SRV _ldap._tcp.my.domain.tld DC2.my.domain.tld >> 389 as _ldap._tc...

...nny via samba: >>>> >>>>>> Lets start with the obvious, does the record exist, running the >>>>>> following command should produce a record for every DC: >>>>>> >>>>>> host -t SRV _ldap._tcp.dc._msdcs.augusta.domain.tld. >>>>> >>>>> root at dc:/home/torsten# host -t SRV >>>>> _ldap._tcp.dc._msdcs.augusta.domain.tld. >>>>> _ldap._tcp.dc._msdcs.augusta.domain.tld has SRV record 0 100 389 >>>>> dc.augusta.domain.tld. >>>> >>&...

...4-5 times, works very well for me. Very importent is that "old" entries are gone before you join the new But again above is a suggestion, i think you save time by doing a new correct install. And a tip, dont use any ip anyware for accessing server services. For example, ntp1.domain.tld CNAME DC1.domain.tld ntp2.domain.tld CNAME DC2.domain.tld ns1.domain.tld CNAME DC1.domain.tld ns2.domain.tld CNAME DC2.domain.tld ldap1.domain.tld CNAME DC1.domain.tld ldap2.domain.tld CNAME DC2.domain.tld now for an easy switch, also add ntp.domain.tld CNAME ntp1.domain.tld ldap.domain.tld CNAM...

...#39; >>>> >>>> Rowland >>>> >>> >>> Doesn't look too good to me: >>> >>> >>> [root at DC2 me]# samba_dnsupdate --verbose >>> IPs: ['IP_of_2nd_DC'] >>> Looking for DNS entry A DC2.my.domain.tld IP_of_2nd_DC as >>> DC2.my.domain.tld. >>> Looking for DNS entry A my.domain.tld IP_of_2nd_DC as my.domain.tld. >>> Failed to find matching DNS entry A my.domain.tld IP_of_2nd_DC >>> Looking for DNS entry SRV _ldap._tcp.my.domain.tld DC2.my.domain.tld >>&...

...mba-tool to create DNS record. This script is not clever: it tries to create all mentioned DNS record, generating warnings when record already exists. You will have to modify this awk script as the BEGIN section contains fake information related to AD domain: BEGIN { ad_zone = "YOUR.DOMAIN.TLD" msdcs_zone = "_msdcs." ad_zone dns_server = "YOUR-DC" } You must change "YOUR.DOMAIN.TLD" and "YOUR-DC" to match your domain configuration. The awk script uses kerberos authentication when running samba-tool so you will need to generate a kerberos...

...(Domain, client and server names are changed) /etc/krb5.keytab (created by net ads keytab create -P): Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 2 12/02/2016 07:54:52 host/client02.domain.tld at DOMAIN.TLD (des-cbc-crc) 2 12/02/2016 07:54:52 host/client02.domain.tld at DOMAIN.TLD (des-cbc-md5) 2 12/02/2016 07:54:52 host/client02.domain.tld at DOMAIN.TLD (aes128-cts-hmac-sha1-96) 2 12/02/2016 07:54:52 host/client02.domain.tld at DOMAIN.TLD (aes256-cts-hmac-sha1-96) 2 12/0...

This seems to work for maxPwdAge ldapsearch -LLL -Q -s base -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld maxPwdAge now I just need to query a users pwdLastSetq I tried the commands above but am not getting anything. I tried looking at the ungrepped output but I don't see how to link the pwdLastSet with any user. I get a long list. I think I'm looking for dn: and a...

Hai, ? Im working on my dhcp server + dns setup with samba4.? ? i've exported the?keytabs ? samba-tool domain exportkeytab?/home/krb5.keytab.samba4 ? when i read the contents of this keytab ? ktutil rkt /home/krb5.keytab.samba4 list ?? 1??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ?? 2??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ?? 3??? 1???????????? RTD-DC1$@INTERNAL.DOMAIN.TLD ?? 4??? 1??????? Administrator at INTERNAL.DOMAIN.TLD ?? 5??? 1??????? Administrator at INTERNAL.DOMAIN.TLD ?? 6??? 1??????? Administrator at INTERNAL.DOMAIN.TLD ?? 7??? 1????????? dns-RTD-DC1 at I...

...an Belle via samba < samba at lists.samba.org> wrote: > > A setup on howto improve your samba network and simplify it. > This is how i setup, sure looks dificult but its all about DNS setup and > what you add to it. > > For AD-DC.s ( AD, TIME, NS, LDAP ) > Hostname.FQDN.TLD : max 63chars, incl the .'s allowed chars: a-Z 0-9 - > > Hostname : sam-dc1.internal.domain.tld > IP : what you need/want. ( example 192.168.1.11 ) > PTR : 11.0.168.192.in-addr.arpa > CNAME : dc1 ns1 ldap1 ntp1 > > Hostname : sam-dc2.internal.domain.tld &...

...te: >> >> > Hi, >> > >> > Samba DC generates a krb5.conf into private directory, where the >> database >> > is hold. >> > >> > Its content should be that: >> > [libdefaults] >> > default_realm = SAMBA.DOMAIN.TLD >> > dns_lookup_realm = false >> > dns_lookup_kdc = true >> > >> > Should only as I get it from a forgotten test platform where I set >> > dns_lookup_realm = true >> > >> > Cheers, >> > >> > mathias &gt...

hai, ? I just noticed, after my pc woke up my A record disapearred. of my 64bit windows. ? ? Mar? 5 15:43:13 rtd-dc1 named[3717]: samba_dlz: starting transaction on zone INTERNAL.DOMAIN.TLD Mar? 5 15:43:13 rtd-dc1 named[3717]: client 10.249.250.64#49271: update 'INTERNAL.DOMAIN.TLD/IN' denied Mar? 5 15:43:13 rtd-dc1 named[3717]: samba_dlz: cancelling transaction on zone INTERNAL.DOMAIN.TLD Mar? 5 15:43:13 rtd-dc1 named[3717]: samba_dlz: starting transaction on zone INTERNAL.DO...

...re changed) > > /etc/krb5.keytab (created by net ads keytab create -P): > > Keytab name: FILE:/etc/krb5.keytab > KVNO Timestamp Principal > ---- ------------------- ------------------------------------------------------ > 2 12/02/2016 07:54:52 host/client02.domain.tld at DOMAIN.TLD (des-cbc-crc) > 2 12/02/2016 07:54:52 host/client02.domain.tld at DOMAIN.TLD (des-cbc-md5) > 2 12/02/2016 07:54:52 host/client02.domain.tld at DOMAIN.TLD (aes128-cts-hmac-sha1-96) > 2 12/02/2016 07:54:52 host/client02.domain.tld at DOMAIN.TLD (aes256-cts-hmac-sha1...

am getting this error in smbd.log when user try to open Share from Windows box: gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/mymember.my.domain.tld at MY.DOMAIN.TLD(kvno 58) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE I have made a research here in google and here in mail list before post this message. I see some similar issues, where the solution seems adding ?ci...

...it fails. I can't even mount the home root directory via nfs on the server itself ("mount.nfsv4: access denied by server while mounting ..."). As far as I have tracked it down, it appears to me that the server's is searching in its database for a userPrincipalName=nfs/server.dom.tld while I have added a servicePrincipalNamenfs/server.dom.tld with the samba-tool. Due to this neither the server is getting a TGT nor the client a TGS ... Am I doing anything wrong? Is that beahaviour intentional? Version affacted is samba 4.2.10 from the official debian 8 repositories (on DCs and...

...017 at 8:51 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 3 Feb 2017 07:44:39 -0700 > Jeff Sadowski via samba <samba at lists.samba.org> wrote: > > > This seems to work for maxPwdAge > > > > ldapsearch -LLL -Q -s base -h ad.mydomain.tld -b > > dc=ad,dc=mydomain,dc=tld maxPwdAge > > > > now I just need to query a users pwdLastSetq > > I tried the commands above but am not getting anything. I tried > > looking at the ungrepped output but I don't see how to link the > > pwdLastSet with any user...