similar to: Samba4 & Key Management Server; DNS Failure To Register

> > Initially, it appears to have worked. ... > > It shows the same on one of the S4 DCs, but the > > DomainDnsZonesMasterRole still shows as "no current owner" on the > > third S4 DC [all Sernet 4.5.2].  Argh. > You could try checking the database on the third DC, 'samba-tool > dbcheck --help' for more info. > You could also try forcing

I removed a DC using the DC removal tool mentioned in http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3 as https://bugzilla.samba.org/show_bug.cgi?id=10734 prevents normal DC demotion. The DC was still all over in DNS, so I had to pick it out. Now replication between the remaining three DCs is broken [root at larkin26 ~]# samba-tool drs showrepl

We'd like to add an adm (administrative template) to our Samba4 server. I see where the .adm files are in the filesystem - /opt/s4/var/locks/sysvol/micore.us/Policies/{ED429C7D-156A-4F75-B21D-92DB8E10ACAB}/Adm/conf.adm - but how can I add a new ADM file? The ADM file in question allows the controlling of IE Favorites and a few other items on XP (not available in the default templates for

I believe a schema change on a Windows DC (2008rc) has broken replication with our S4 DCs. Anyone have any tips or pointers to resolve this? I have three S4 DCs [CentOS6] and one Windows 2008R2 DC. The Windows 2008R2 DC has the schema master FSMO, and I believe the Exchange schema was added. I am willing to pay US dollars to get this issue resolved. I need the replication restored, the

samba-4.0.0 x86_64, CentOS6.3 My Samba4 / AD is up and running after migrating this weekend. Testing looked good and the domain *is working* but there are some issues. My log.samba file is full of the following; I'm not certain of the significance of these. [2012/12/17 05:59:09, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet) NTLMSSP NTLM2 packet check failed due to invalid

samba-4.0.0 x86_64, CentOS6.3 My Samba4 / AD is up and running after migrating this weekend. Testing looked good and the domain *is working* but there are some issues. Automatic DNS update is not working. Workstations seem to be registering their names but joining a server to the domain works but fails with a error - and the DNS record is *not* added. [root at crew etc]# net ads join -U

Package: sernet-samba-4.2.14-23.el6.x86_64 These DCs were very recently upgraded from a prior version. [2016/09/19 09:32:55.168161, 0] ../source4/libcli/smb2/signing.c:116(smb2_check_signature) Bad SMB2 signature for message of size 202 [2016/09/19 09:32:55.168511, 0] ../lib/util/util.c:559(dump_data) [0000] 77 B3 94 9B 70 78 8B 21 1E 56 D0 78 E1 80 BB 5C w...px.! .V.x...\ [2016/09/19

On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba wrote: > On Mon, 19 Sep 2016 10:42:34 -0400 > Adam Tauno Williams via samba <samba at lists.samba.org> wrote: > > On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote: > > > No it shouldn't be replicated, the big hint is > > > 'FLAG_ATTR_NOT_REPLICATED', it should only be on the

I have shutdown the last Samba4 DC in the domain, so only Windows 2008 DCs remain. I can access one Samba file server, with either username+password or kerberos (-k) To access another file server only kerberos -k works.  Attempting to access with username+password fails with NT_STATUS_ACCESS_DENIED $ smbclient -d10 -U adam -W BACKBONE \\\\arabis- red.micore.us\\cis_packs ... NTLMSSP Sign/Seal -

I added three DCs to a single DC Samba4 AD domain. They initially replicated and came up - but replication does not appear to be ongoing. A change made to a user via MMC connected to one DC does not appear on another DC. It the logs I see bursts of the following message: [2014/08/12 15:08:08.026270, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid

On Sun, 2015-04-12 at 16:14 -0400, Adam Tauno Williams wrote: > I removed a DC using the DC removal tool mentioned in > http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3 > as https://bugzilla.samba.org/show_bug.cgi?id=10734 prevents normal DC > demotion. > The DC was still all over in DNS, so I had to pick it out. > Now replication between

On Mon, 2016-12-12 at 19:45 +0000, Rowland Penny via samba wrote: > You seem to be missing two FSMO roles: > > > DomainDnsZonesMasterRole > > > ForestDnsZonesMasterRole > > > Just what version of Samba are you using ? > > My Samba 4.5.2 domain also appears to be missing these roles. > > Can I simply seize these roles? > > [root at larkin27 ~]#

On Mon, 19 Sep 2016 11:57:38 -0400 Adam Tauno Williams via samba <samba at lists.samba.org> wrote: > On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba wrote: > > On Mon, 19 Sep 2016 10:42:34 -0400 > > Adam Tauno Williams via samba <samba at lists.samba.org> wrote: > > > > On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote: > >

On Sat, 2016-11-19 at 09:57 +1300, Andrew Bartlett wrote: > On Fri, 2016-11-18 at 09:41 -0500, Adam Tauno Williams wrote: > > On Fri, 2016-11-18 at 21:32 +1300, Andrew Bartlett wrote: > > > I believe a schema change on a Windows DC (2008rc) has > > > > > > broken > > > > sernet-samba-4.2.14-23.el6.x86_64 - the same package on all > > > >

Attempting to debug issues with replication I ldapcmd finds differences with the case of the "DC" attribute? Is this normal? LARKIN28 is Samba4 4.5.4, while WINDC1 is Windows 2008R2. [root at larkin28 samba]# samba-tool ldapcmp ldap://larkin28.micore.us ldap://windc1.micore.us -Uadministrator dnsdomain Password for [BACKBONE\administrator]: * Comparing [DNSDOMAIN] context... *

Am 19.09.2016 um 19:08 schrieb Achim Gottinger via samba: > > > Am 19.09.2016 um 18:21 schrieb Rowland Penny via samba: >> On Mon, 19 Sep 2016 11:57:38 -0400 >> Adam Tauno Williams via samba <samba at lists.samba.org> wrote: >> >>> On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba wrote: >>>> On Mon, 19 Sep 2016 10:42:34 -0400

Attempting to move FSMO roles from one SerNET Samba 4.5.4 DC to another, all roles transfered except the DNS related ones - those fail with an LDAP_INSUFFICIENT_ACCESS_RIGHTS [root at larkin28 ~]# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us InfrastructureMasterRole owner: CN=NTDS

On Sun, 15 Jan 2017 20:14:12 -0500 Adam Tauno Williams via samba <samba at lists.samba.org> wrote: > On Sun, 2017-01-15 at 14:39 -0500, Adam Tauno Williams via samba > wrote: > > Adding a Windows2008RC to an SerNET S4 4.5.3 (forest level 2008R2) > > domain hangs at replication CN=Configuration received 1630 out of > > approximately 1663 objects. > > Only

On 9/19/2016 1:37 PM, Rowland Penny via samba wrote: > On Mon, 19 Sep 2016 19:19:08 +0200 > Achim Gottinger via samba <samba at lists.samba.org> wrote: > >> >> Am 19.09.2016 um 19:08 schrieb Achim Gottinger via samba: >>> >>> Am 19.09.2016 um 18:21 schrieb Rowland Penny via samba: >>>> On Mon, 19 Sep 2016 11:57:38 -0400 >>>> Adam

Quoting Adam Tauno Williams via samba <samba at lists.samba.org>: > Quoting Rowland Penny via samba <samba at lists.samba.org>: >>> samba-tool's dbcheck finds only two errors in cn=Configuration, but it >>> does not repair them.  These appear to be references to an original, >>> long since demoted, DC.  But these values appear in neither the