search for: zhuchenko

.... * Objects to be compared: 1550 * Result for [SCHEMA]: SUCCESS * Comparing [DNSDOMAIN] context... * Objects to be compared: 196 * Result for [DNSDOMAIN]: SUCCESS * Comparing [DNSFOREST] context... * Objects to be compared: 19 * Result for [DNSFOREST]: SUCCESS > > 2016-06-27 15:21 GMT+02:00 Zhuchenko Valery <zvn at belkam.com>: > >> Hi all! >> >> Today, after two years of production, I get this error: >> >> samba-tool user create test20160627 testpassword >> >> ERROR(ldb): Failed to add user 'test20160627': - >> ../lib/ldb/ldb_t...

Hello guys. Continuing Zhuchenko Valery question,I would like to know if someone from the list has deployed a child domain in samba 4. I have a samba 4 domain controller running on gentoo.My goal is to set up a domain and authentication domain only. But I need a root domain forest and a child domain.I am using verion 4.2.11I would...

Hi, all. What is greatest period for AD DC (non FSMO) can be unavailable, for example, because network segment is unavailable for long time (3, 4 weeks)? Is the controller will be removed from AD automatically? And what to do after this network segment will become available? I have read about tombstoneLifeTime attribute of Directory Service (Configuration, Services, Windows NT), which default

On 28/06/16 12:05, Zhuchenko Valery wrote: > I'm understand, why I get error about unique index violation on objectSid: > > samba-tool fsmo show > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,... > > Last created object h...

...would be a lazy action: change tombstoneLifetime which is by default 180 days to only 1 day. Doing that tomorrow all deleted objects will be deleted and if you are lucky - I can't guaranty that will work - you will able to reuse these RIDs. Hoping this helps... M. 2016-06-28 13:05 GMT+02:00 Zhuchenko Valery <zvn at belkam.com>: > I'm understand, why I get error about unique index violation on objectSid: > > samba-tool fsmo show > RidAllocationMasterRole owner: CN=NTDS > > Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,... >...

..._AD_DC > > And not, dont forget if pc's/servers that have there DNS pointed to that server. > If so, adjust that also. > > > Greetz, > > Louis > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Zhuchenko Valery via samba >> Verzonden: dinsdag 14 april 2020 10:38 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] maximum ad domain controller unavialability time >> >> Hi, all. >> >> What is greatest period for AD DC (non FSMO) can be unavailable, for >...

Hi, all! When I launch (again and again) smbcacls "//myfileserver/share" "" -U user -W domain or smbclient "//myfileserver/share" -U user -W domain -c "ls", in tcpdump output at myfileserver I see multiple calls to controller via ldap, therefore these commands are executed slowly. When I run getent groups at myfileserver, all worked fine, and tcpdump

...D\,... objectSid dn: CN=username\0ADEL:a230f645-268d-4ea9-8993-da3ae7032b4a,CN=Deleted Objects,DC=ad,... objectSid: S-1-5-21-763247336-2482037999-3416227170-2002 it is deleted, but exists. What I can do to solve my problem? May be change rIDNextRID to 2099 on RID Master? Valery 28.06.2016 10:00, Zhuchenko Valery: > 27.06.2016 18:45, mathias dufresne: >> Perhaps you don't have yet duplicate objectSid as that's not supposed to be >> possible. >> Rather than scripting something to look for objectSid used twice I would >> start with dbcheck and other tools to verify th...

Hi all! Today, after two years of production, I get this error: samba-tool user create test20160627 testpassword ERROR(ldb): Failed to add user 'test20160627': - ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=test20160627,CN=Users,DC=ad... - ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in CN=test20160627,CN=Users,DC=ad... Help me

On Tue, 2016-09-13 at 18:59 +0000, Cobra Koral via samba wrote: > Hello guys. Continuing Zhuchenko Valery question,I would like to know > if someone from the list has deployed a child domain in samba 4. > I have a samba 4 domain controller running on gentoo.My goal is to > set up a domain and authentication domain only. But I need a root > domain forest and a child domain. This is n...

Hi, all! There is no check of NS records in this document https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record For example, with two DCs at myzone $ host -t NS myzone dc1 (or dc2, or myzone) must return two records: myzone name server dc1.myzone. myzone name server dc2.myzone. $ host -t NS _msdcs.myzone dc1 (or dc2, or myzone) must return two records: _msdcs.myzone name

...: https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC And not, dont forget if pc's/servers that have there DNS pointed to that server. If so, adjust that also. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Zhuchenko Valery via samba > Verzonden: dinsdag 14 april 2020 10:38 > Aan: samba at lists.samba.org > Onderwerp: [Samba] maximum ad domain controller unavialability time > > Hi, all. > > What is greatest period for AD DC (non FSMO) can be unavailable, for > example, because network...

...etion itself removed, which of course means there is no way to communicate the deletion after this final point. I believe Windows automatically blocks replication and disables the netlogon service when it detects such a situation. I'm not sure what samba would do. Alex On 14/04/2020 09:37, Zhuchenko Valery via samba wrote: > Hi, all. > > What is greatest period for AD DC (non FSMO) can be unavailable, for > example, because network segment is unavailable for long time (3, 4 weeks)? > Is the controller will be removed from AD automatically? > And what to do after this network...

...get_dc_list) get_dc_list: preferred server list:.... .......... [2016/11/27 15:02:01.154279, 3] ../source3/libads/ldap.c:541(ads_connect) Successfully contacted LDAP server [2016/11/27 15:02:01.154371, 3] ../source3/libads/ldap.c:584(ads_connect) Connected to LDAP server 24.11.2016 17:26, Zhuchenko Valery via samba: > Hi, all! > > When I launch (again and again) > smbcacls "//myfileserver/share" "" -U user -W domain > or > smbclient "//myfileserver/share" -U user -W domain -c "ls", > in tcpdump output at myfileserver I see multiple...

Hi, all! I have samba 4 AD (4.1.22) and try to create new domain in existing forest with controller on windows 2008 r2. It is possible? 1. At dcpromo, after all needed containers replications, I get error: Active Directory Domain Services could not create the object CN=CHDOM,CN=Partitions,CN=Configuration,DC=ad,DC=... Log from samba: [...]

Dear samba list, I have working Samba4 AD domain controller (4.1.22). Windows server 2008 R2 have dcpromo option "Existing forest / Create a new domain in existing forest". It is possible to do it? Best regards, Valery.

Hi, all Tell me, please, how to establish outgoing REALM trust with Samba4 from Windows? It is possible? On Samba4 side I have created user with name fqdn-of-windows-host and password fqdn-of-windows-host-password and then samba-tool spn add host/fqdn-of-windows-host fqdn-of-windows-host On Windows side I have executed: ksetup /addkdc SAMBA-REALM samba-fqdn What to do then? netdom trust