similar to: samba / winbind user authentication problem

There is additional info in the logs of the source DC (dcdo1, log level 2, manually triggered another replication): ==================== [2017/12/27 12:31:29.695121,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)   ../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on DC=ad,DC=kdu,DC=com using filter (uSNChanged>=5415) [2017/12/27

Rowland, - the DN "CN=DCNH1,..." exists on all 3 DCs (pointing the Sites and Services console to each of them). - I also checked that "samba-tool dbcheck" completes w/o showing errors. - the objectGUID DNS aliases of all DCs are resolvable against all 3 DCs' builtin DNS - I forced a full sync from the FSMO holder (dcge1) to the 2 other DCs which finished w/o errors. -

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

Hi, I had Samba 4.2.14 working as AD DC with shares. After upgrade to version 4.3.11 AD DC authentication, ADUC, etc, stopped working. Shares still work fine. OS. Oracle Linux 6.x with UEK, uptodate. Samba compiled from source. Upgrade procedure (nothing special): ./configure --enable-selftest make make install Testparm output: # Global parameters [global] workgroup = EXAMPLE realm =

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >

Hi Heinz, > i have the same problem on samba 4.7.3 and 4.7.4. > I start with 2 DCs and the sync works fine. After the join of a third > DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 > times. > > in my case i have: > DC1 (with any FSMO Roles) > DC2 > > new join as DC: > DC3 > > After the join, the sync from DC2 to DC3 fails. > >

Hi, I'm trying to setup the following configuration but encounter a problem. I'm not sure if it's a normal behavior for samba 4. I have a smartcard provided with a user principal name looking like serial_number at domain. The serial number is in the form of 0000-0000-0000-0000. The domain, let's say "upn.example.com", doesn't match my Samba Realm, that would be

Hi, i have the same problem on samba 4.7.3 and 4.7.4. I start with 2 DCs and the sync works fine. After the join of a third DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 times. in my case i have: DC1 (with any FSMO Roles) DC2 new join as DC: DC3 After the join, the sync from DC2 to DC3 fails. samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK samba-tool drs replicate

Hi all. I'm experiencing a little problem when I rename an already joined windows machine. The rename operation is done in the traditional way "Computer properties> advanced settings> Computer name> change" in a windows 7 Machine. The rename itself finishes successful, but when I check the computer name in the ADUC, the old name is still displayed. Checking the object

After a user changes their password (CTRL-ALT-DEL) in our Samba 4 domain (4.1.12) they lose access to any stored passwords on their Windows PC. I've set the log level in smb.conf to 4 and enabled the GPO to record DPAPI log entries in Windows to get the below log data. My reading of the two is that the Windows PC believes it is failing to reset the access to its DPAPI store (where the saved

Hello, We are trying to setup a SAMBA-Server with users that have empty passwords. We are using: Samba 4.0.8 Kernel 3.10.5 Slackware 14.0 x64 When we set a password the login successes! That's what we get when trying to login: [2013/08/07 13:31:46, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ media1 at BC from ipv4:10.0.99.100:62078 for

I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES NOT ########## /etc/exports ##########

Hi All, We have a mixed environment running with Windows and Linux with samba as the domain controller.  Smart card login is configured and working properly with pkinit and certs, etc (https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login) though I don't think this is related. A handful of Windows clients are regularly getting their accounts locked during what seems to be a

Hello I've migrated a samba 3 server to a samba 4 (.all the tests mentioned in this howto are succesfull) .But i can't open a session with a workstation on samba4 domain : approbation problem. The workstation name which can't connect is "admin-pc" Any idea ? *Here are the logs of log.samba * Kerberos: Looking for ENC-TS pa-data -- *admin-pc$@SC* [2012/12/06 12:50:59,

Hi, Did you find any solution? I am facing exactly the same scenario. -CentOS 6.7 -Samba Version 4.4.3 -BIND_DLZ 9.9.8 Some workstations suddenly are unable to login, unless I reboot or rejoin the domain. The only odd event I see in the client is the one already said: Log Name: System Source: Microsoft-Windows-Security-Kerberos Event ID: 4 Task Category:

Hi all, Sernet Samba 4.2.2 as Active Directory on Debian 7.8. No other DC. I can't log in with on Windows systems (Windows 7) when samAccountName are longer than 20 characters. This seems to be a LAN MAN or NT4 limitation which should not happen on AD domain. Any idea what could leads my to that limitation? I can log in using administrator account or any other having a short (enough)

On Mon, 3 Oct 2016 17:56:07 +0200 Oliver Werner <oliver.werner at kontrast.de> wrote: > hey, > > now after observe last changes on the weekend… i have also the issue. > > After 10 hours i can’t connect to the shares on my member server. > > On Log of DC i found this: > > [2016/10/02 20:35:45.601265, > 3]

Hello. Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. Windows 7 machines may fail to get a ticket: [2012/10/03 09:31:54, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: AS-REQ con-11$@KLIN.KIFATO-MK.COM from ipv4:192.168.1.138:49682 for krbtgt/KLIN.KIFATO-MK.COM at KLIN.KIFATO-MK.COM [2012/10/03 09:31:54, 3]

Hi, I try to use nslcd with samba 4 for get suers and group for AD. if I do a ldapsearch, I have a message : Server not in kerberos database if I do a getent passwd, nslcd display same error message. log of samba4: [2013/08/28 10:15:47, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: TGS-REQ Administrator at CORMANDOM.INT-CORMAN.BE from

>>This can occur when the target server principal name (SPN) is registered >>on an account other than the account the target service is using. Hmm, multiple computers with the same serial cause these things. So first make sure this computers serial isnt used before. Or 2 computers with the same name in the netwerk, happens with not syspreped computers. Keep an eye on your samba