similar to: Questions for minimal AD DC, DNS setup and Posix use

On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 09:20:37 -0300 > Emerson Kfuri via samba <samba at lists.samba.org> wrote: > > > Hello, > > > > Recently I started using RODC servers on my environment and noticed a > > few issues with it: > > - lack of LDAP SPNs > > -

Hello, Recently I started using RODC servers on my environment and noticed a few issues with it: - lack of LDAP SPNs - "samba_dnsupdate" not working with "insufficient access rights" (it works from RWDCs) - "samba-tool dbcheck" changes instancetype of basically all objects from 4 to 0. New replicated objects continues being created with instancetype 4 and dbcheck

Hi We are running the latest 4.6.7 Sernet samba packages on a Ubuntu 12.02 LTS servers with one PDC and 05 RODC's located at the branches. The sysvol replication is working fine from the PDC to the RODC's but the RODC's are failing to login the local clients when the link between the branch and the Main campus is offline. The branch computers and users are added into the Allowed

Hi Rowland, Thanks for you answer, specially on a sunday! :-) On Sun, May 5, 2019 at 11:31 AM Rowland Penny via samba < samba at lists.samba.org> wrote: > On Sun, 5 May 2019 10:13:07 -0300 > Emerson Kfuri <emersonkfuri at gmail.com> wrote: > > > On Sun, May 5, 2019 at 9:52 AM Rowland Penny via samba < > > samba at lists.samba.org> wrote: > > >

Hai, ? Im try to get my id for administrator groups on both server the same. ? with?4.1.17 the solution was simple.. we stop samba on both servers. scp /var/lib/samba/private/idmap.ldb root at 192.168.0.2:/var/lib/samba/private/ ? started samba, and the id's where the same. ? Im using winbindd now with samba 4.2.1 but... ? DC1:? id administrator uid=0(root) gid=100(users)

On Wed, 24 Jan 2024 15:54:38 +0100 Jakob Curdes via samba <samba at lists.samba.org> wrote: > Hello, we have setup a SAMBA4 RODC in our setup where we have two > exisitng RW Samba4 DC's. > > The RODC is joined correctly and can preload user accounts etc. It > also can resolve its own name and the name of other DC's, also the > SRV records needed. > We created

Hello, we have setup a SAMBA4 RODC in our setup where we have two exisitng RW Samba4 DC's. The RODC is joined correctly and can preload user accounts etc. It also can resolve its own name and the name of other DC's, also the SRV records needed. We created an own site with specific subnet for this RODC "area". But we did not manage to get a join of a Windows server working

> Jakob Curdes via samba<samba at lists.samba.org> wrote: > >> Hello, we have setup a SAMBA4 RODC in our setup where we have two >> exisitng RW Samba4 DC's. >> >> The RODC is joined correctly and can preload user accounts etc. It >> also can resolve its own name and the name of other DC's, also the >> SRV records needed. >> We created

On Tue, 7 Aug 2018 17:44:37 +0200 Stefan Kania via samba <samba at lists.samba.org> wrote: > Hi Andrej, > > then it works, but on a "normal" addc it works without "-U ". This is probably because you will be running the command from the RODC on the RWDC. > > One more Question: > When I do a "host -t srv _ldap._tcp.example.net" I only see

On Wed, 24 Oct 2018 09:45:39 +1300 Garming Sam <garming at catalyst.net.nz> wrote: > > On 23/10/18 9:48 PM, Rowland Penny via samba wrote: > > On Tue, 23 Oct 2018 10:07:29 +1300 > > Garming Sam via samba <samba at lists.samba.org> wrote: > > > >> Hi, > >> > >> On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > >>>  The

On Mon, 6 May 2019 08:42:03 +0200 Adam Minski <aminski316 at gmail.com> wrote: > > Good Morning. > > I've tested RODC functionality using samba-4.9.4 and > samba-4.11.0pre1-GIT-f1a1c300e19 built on Debian 9. The builds using > the internal Heimdal KDC and the internal DNS backend. > > For me there's no lack of LDAP SPNs and samba_dnsupdate works as >

When I run "gpresult /R" on one of my domain users the ". . . following security groups" listed at the bottom of the output includes "Denied RODC Password Replication Group". Did a little web search digging and found that RODC stands for Read Only Domain Controller. My domain consists of two DC's and one member server with three W10 workstations. I have never

Hello Stefan, you need to use "-U" with user from Domain Admin group(maybe it works with other users too, but I didn't test it). Andrej Am 07.08.2018 um 17:00 schrieb Stefan Kania via samba: > When I start the replication from the other DC it works as you can see: > ------- > root at addc-01:~# samba-tool drs replicate rodc-01 addc-01 dc=example,dc=net > Replicate

Am 22.01.2018 um 21:39 schrieb Andrew Bartlett: > On Mon, 2018-01-22 at 21:30 +0100, Johannes Engel via samba wrote: >> [2018/01/22 21:15:50.022197, 2] >> ../source4/auth/ntlm/auth.c:475(auth_check_password_recv) >> auth_check_password_recv: sam_failtrusts authentication for user >> [MYDOMAIN\ldap] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET, >>

Hi people. I migrate some PDC NT4 to samba 3.3.x, some users have info the Workstations parameter, I need to remove that info, because they cannot login on any other machine, I have read the pdbedit, smbldap-usermod but wont't where I can do that. Any info will be appreciated, thanks!!! -- LIving the dream...

On Tue, 23 Oct 2018 10:07:29 +1300 Garming Sam via samba <samba at lists.samba.org> wrote: > Hi, > > On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > > > >  The deployment works, and computers seems to interact with the > > RODCs as they should, but sometimes computers leave the domain > > after a password change. > > > >  This seems to

Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and

Hi all, Some of you may recall a little while ago I posted a fairly complex request about integrating samba into a solaris 10 fileserver and using Open LDAP as the primary authentication source. Well, I got no responses as I believe it may have been too complicated-a-request/ question. So, a simplification and some different questions. 1. I have a Solaris 10 x86 host that I'd like to

Hi Denis I have upgraded my samba DC-1 from 4.6.12 to 4.7.4 which has solved the replication issues between DC-1 and DC-2. Now both the DC's are running on 4.7.4. Like Rowland said previously, you should remove all RODC that have been installed prior to Samba 4.7. There are many fixes that have been added since 4.6. Before I remove my RODC's I like to clear out few doubts: 1. Instead of

While trying to resolve the loss of prefix for full_audit, I attempted to update from Samba 4.3.9 to 4.4.5. Its a very simple environment, standalone server running on i386 built from source. After performing the build and installation, I was informed that passdb backend = samba_dsdb was no longer supported, so I commented out the line, to find which default I should use. testparm advises it