Displaying 20 results from an estimated 1000 matches similar to: "Win2000 / Win2003 ADS dnsHostName and servicePrincipalName"
2005 Jun 01
1
CIFS/ACLs
Hi,
I am using CIFS 2.01.01 on HPUX11V2. CIFS is running in ADS
security-mode. Winbind is used to map the userers from the W2K3-Domain
(german) to an tdb-file. The user mapping works fine, but I have
problems with the ACLS: setting the ACLS to a file or folder from
windows leads in "access denied". I'm the owner of the object and have
full access. The really crazy thing is,
2003 Jun 02
0
kerberos authentication lost. MS AD update samba computer account and delete the servicePrincipalName attribute.
I am using samba as a domain member for A W2K Domain. The purpose is
provide storage services to Unix and W2K Metaframe Servers using
kerberos authentication. ( So we are using Samba 3.0 from a while and
SUN NFS with kerberos in the same storage - but no sharing locks as
Veritas products offer ).
so I used the net command:
net ads join
This command creted a samba3.0 computer account in
2011 Sep 16
0
Join a domain, Redhat 6, and servicePrincipalName
For a variety of reasons, our Redhat 6 boxes have primary DNS FQDNs that
don't match our Win2008r2 AD deployment... the Linux boxes being in a
variety of <hostname>.<subdomain>.<ourdomain> while the AD is
ds.<ourdomain>. This surprisingly doesn't cause us that much grief, so
long as we're diligent about keeping our servicePrincipalNames
maintained on the
2016 Mar 25
2
Unable to join DC to domain
"I expect you don't have just copied your VMs disks without changing VMs
hostname and FQDN. I expect you don't fully re-use smb.conf from another DC
(you can do that but you must change hostname into smb.conf)."
1) These are new Ubuntu VMs, not cloned, built from scratch. I tried
joining them with no smb.conf in /usr/local/samba/etc
You have disabled SELinux too
2) AFAIK
2016 Mar 27
0
Unable to join DC to domain
Good times...
Spent hours today rolling a fresh VM.
FAIL
itwerks at testes:~$ kinit administrator
Password for administrator at CB.CLIFFBELLS.COM:
itwerks at testes:~$ klist -e
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administrator at CB.CLIFFBELLS.COM
Valid starting Expires Service principal
03/27/2016 00:07:04 03/27/2016 10:07:04 krbtgt/
CB.CLIFFBELLS.COM
2016 Nov 15
1
Making a Samba DC under a different domain
I am trying to determine if it is mandatory for the domain controllers's
host FQDN to be within the same DNS domain as the realm's DNS domain.
For example: let's say I want the DC to be called smb1.int.example.net
but I want the realm to be AD.EXAMPLE.NET.
I set "smb1" in /etc/hostname and mapping to the FQDN in /etc/hosts, so
that "hostname -f" shows the
2004 Aug 30
1
Pb when moved AD from win2000 to win2003 server
Hello,
I've a samba 3.0.2a on a mandrake 9.2 with double authentification. A
local authentification for users not on my domain and AD
authentification for users on my domain.
AD where on two win 2k servers.
One of these server was moved on win 2003 server and then the AD
authentification don't work any more.
Here is my smb.conf file.
getent passwd give only local users
[global]
2016 Mar 27
2
Unable to join DC to domain
I ran ldbsearch on my sam.ldb
I searched for CBADC02, CBADC03, and TESTES (all VMs that fail to join
domain), results are below:
CBADC02 shows up a few times:
# record 1906
dn:
CN=CBADC02\0ADEL:de85228c-f92b-4d5d-9d6a-01c3f915dec9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu$
objectClass: top
objectClass: server
instanceType: 4
whenCreated: 20160310044543.0Z
uSNCreated: 4215
2015 Sep 02
1
DC sync
Morning,
On a DC:
[root at BPCTASRVSDC003 ~]# samba-tool drs showrepl | grep failure
0 consecutive failure(s).
0 consecutive failure(s).
0 consecutive failure(s).
0 consecutive failure(s).
0 consecutive failure(s).
0 consecutive failure(s).
0 consecutive failure(s).
0 consecutive failure(s).
0 consecutive failure(s).
0 consecutive failure(s).
0 consecutive failure(s).
0
2015 Sep 07
1
winbind does not work+sernet package+samba 4.2
Hello
After failing to join my samba box to winAD 2012, I went and downloaded
the sernet packages
and samba box join the AD domain using "samba-tool" with no problems.
However I've got problems with winbind.
wbinfo -u returns:
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users
Here is my
2017 Jun 21
0
DRS stopped working after upgrade from debian Jessie to Stretch
Thank you very much Louis, Rowland, Mike !
I have made all the changes proposed by Louis but still have the same problem.
-> kinit works now with /var/lib/samba/private/secrets.keytab
------------------------
~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$
~#
------------------------
-> but samba-tool authentication with machine account fail :
------------------------
~#
2010 Jun 17
1
Joining an AD domain when hostname != netbios name
I'm trying to join a RHEL5 host to an AD domain, and can do this
successfully when I set those hostname to the same value as the samba
"netbios name" parameter. However, when I try with a hostname !=
netbios name, it fails. Is it possible to join a machine when the
hostname isn't the same as the netbios name?
The reason for wanting this is because I have a whole load of servers
2009 Mar 26
2
error when join my Centos machine to win2003 ADS server
Dear All,
I have succesfully managed to have my kerberos configured n working
without error when i say
kinit Administrator
and after entering password it works fine
my krb5.conf
--------------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = BALADIA.LOCAL
dns_lookup_kdc = false
2023 Oct 22
1
Question about silos and Authentication policies
Talking to myself again ;-)
Samba-tool is working a little bit different then the silo/policy
management on a Windows-DC.
On a Windows-DC after assigning the user and host to the silo you have
to assign the silo to the user and the host. When assigning the user and
host to the silo with samba-tool, the assignment to the user and the
host will be done at the same time. So now my policy looks
2009 Dec 04
1
smbtorture config issue?
Hello,
I'm trying to run smbtorture against another system. I have installed
version 4.0.0alpha9 locally. The remote system is registered with ADS
as:
distinguishedName: CN=bl-uits-cictest,CN=Computers,DC=ads,DC=iu,DC=edu
name: bl-uits-cictest
dNSHostName: bl-uits-cictest.ads.iu.edu
servicePrincipalName: HOST/bl-uits-cictest.ads.iu.edu
servicePrincipalName: HOST/BL-UITS-CICTEST
The
2023 Oct 23
2
Question about silos and Authentication policies
Hi Stefan,
We had a long weekend in New Zealand, I'm catching up now to your emails.
Some of the slight differences between Windows tools I've already picked
up on and are in my PR Andrew Bartlett mentioned on Friday, but I'm
always open to learning what things are missing or different etc.
On 23/10/23 02:58, Stefan Kania via samba wrote:
> Talking to myself again ;-)
>
>
2006 Nov 07
4
Samba v3.0.23c + FreeBSD 6.1 - Failed to set servicePrincipalNames
Hello,
We recently upgraded to the latest Samba3 version v3.0.23c. If the Samba
system and the AD belong to the same domain, I am able to perform a 'net
ads join' by supplying either a 'Domain Admins' or a 'Domain Users'
credential.
However if the Samba system and the AD belong to different domain, I can
perform the 'net ads join' by supplying a 'Domain
2017 Jun 21
4
DRS stopped working after upgrade from debian Jessie to Stretch
2017-06-21 14:29 GMT+02:00 Prunk Dump <prunkdump at gmail.com>:
> Thank you very much Louis, Rowland, Mike !
>
> I have made all the changes proposed by Louis but still have the same problem.
>
> -> kinit works now with /var/lib/samba/private/secrets.keytab
> ------------------------
> ~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$
> ~#
>
2019 May 30
2
samba-tool group removemembers, not working
> Hi Mark, can I ask just what you are trying to achieve ?
Well, it's rather simple. I want to remove a domain member from the domain. Normally, I do that
with ADUC, no problem. But for some reason I was having trouble with ADUC (since resovled,
magically), so I thought I'd try the same thing using samba-tool. That's it really.
You wrote further:
> I hope you can see that
2023 Oct 23
2
Question about silos and Authentication policies
Thanks Rob for chiming in.
Stefan,
I do want to be very clear, one of the big challanges that we as
developers face building these kind of tools is that we don't run AD
domains day-to-day. So we really value good feedback on the
ergonomics.
If you can test with our work in progress, we are keen to adapt the
tooling where possible to be more in line with what is 'naturally
expected, so