similar to: Problems attaching Windows server as secondary DC.

I would like to bump my question 2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>: > Hmm, looks like it's not. I've just set the password for something that > cracklib-check would argue using both ad management tools and at windows > login. Should it work that way or I'm missing something? > > My dc's smb.conf: > > [global] >

Hi, We have three DC's, and one of them has been misbehaving a few times lately, stopping to replicate, showing the following error in samba-tool drs showrepl, for all DC partitions: > DC=DomainDnsZones,DC=samba,DC=company,DC=com > Default-First-Site-Name\DC2 via RPC > DSA object GUID: 5e93a102-2963-496a-af16-0c51eebb2e31 > Last attempt @ Wed Nov 11 06:41:21 2015 CET

Hi everyone, A quick question: Is check password script option working for ad dc setup? I believe, ad on it's own cannot provide password protection against dictionaries.

Hai MJ, ( gelukkig nieuwjaar he .. ;-) ) First, why sernet 4.2.5 current is 4.2.7 Upgrade to 4.2.7 first i suggest. And : Last attempt @ Wed Nov 11 <= 11 Nov ? latest really? The "misbehaving server" check the time first. Try to run : knit Administrator samba-tool drs replicate <destinationDC> <sourceDC> --full-sync -k reboot your server, check time, check

Hmm, looks like it's not. I've just set the password for something that cracklib-check would argue using both ad management tools and at windows login. Should it work that way or I'm missing something? My dc's smb.conf: [global] workgroup = KURSK realm = KURSK.MTT netbios name = DEBIAN-DC server role = active directory domain controller

We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/ CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs are on different locations connected via IPSec based VPN. No traffic is filtered out. All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom: [root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com

On Wed, 27 Dec 2017 13:00:05 +0100 "Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote: > There is additional info in the logs of the source DC (dcdo1, log > level 2, manually triggered another replication): > ==================== > [2017/12/27 12:31:29.695121,  2] >

Hi all. I'm experiencing a little problem when I rename an already joined windows machine. The rename operation is done in the traditional way "Computer properties> advanced settings> Computer name> change" in a windows 7 Machine. The rename itself finishes successful, but when I check the computer name in the ADUC, the old name is still displayed. Checking the object

There is additional info in the logs of the source DC (dcdo1, log level 2, manually triggered another replication): ==================== [2017/12/27 12:31:29.695121,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)   ../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on DC=ad,DC=kdu,DC=com using filter (uSNChanged>=5415) [2017/12/27

Rowland, - the DN "CN=DCNH1,..." exists on all 3 DCs (pointing the Sites and Services console to each of them). - I also checked that "samba-tool dbcheck" completes w/o showing errors. - the objectGUID DNS aliases of all DCs are resolvable against all 3 DCs' builtin DNS - I forced a full sync from the FSMO holder (dcge1) to the 2 other DCs which finished w/o errors. -

Hi, i have the same problem on samba 4.7.3 and 4.7.4. I start with 2 DCs and the sync works fine. After the join of a third DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 times. in my case i have: DC1 (with any FSMO Roles) DC2 new join as DC: DC3 After the join, the sync from DC2 to DC3 fails. samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK samba-tool drs replicate

Hi, there is no firewall, all DCs are in the same subnet. here ist the output of a test, you can see, the CNAME guid entries in the _msdcs can be resolved on any DC: (DC1 and DC2 are the first and second DCs, SAMBA3 was added at last. ldbsearch -H /srv/samba/private/sam.ldb '(invocationId=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-

Heinz, I had exactly the same problem, and used ldbedit to apply the fix. Thanks for digging into this! Now I'm interested in the root cause as well ... Uli Am 16.01.2018 um 16:48 schrieb Heinz Hölzl via samba: > no, it seems to work!!! > > > i did a ldapmodify on DC2: > > ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f > serverReference.ldif

I'm trying to fix a replication error that occurs between Win2008R2 (srvwin) and Samba 4.7.6 DCs (srvsamba). Event viewer on Win2008R2 server reports that synchronization failed on a specific Computer object because of schema version misalignment between servers. I've then used repadmin to compare failing object on the two servers. Querying the windows server works but it fails

Hi, i need help with strange problem. I installed Fedora 28 to test Samba 4 AD DC with MIT Kerberos with Windows 10 and Windows 7 clients and i can't run GPOs for machines. GPOs for users works. On Fedora 27 is the same problem. After couple of hours changing settings I make a new installation of Debian 9.4 and everything works "out of the box". I set all like here:

Hi guys, I'm trying to get the Samba4 multi-master replication to work. I set up the primary domain controller using this howto (under CentOS 6.2 x64): http://wiki.samba.org/index.php/Samba4/HOWTO I installed bind 9.8.3 and enabled encrypted dns updates. I set up another VM with the same CentOS version and oriented myself on this howto:

Hi Heinz, > i have the same problem on samba 4.7.3 and 4.7.4. > I start with 2 DCs and the sync works fine. After the join of a third > DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10 > times. > > in my case i have: > DC1 (with any FSMO Roles) > DC2 > > new join as DC: > DC3 > > After the join, the sync from DC2 to DC3 fails. > >

Hello. I've got a network of FreeBSD servers which traditionally hosted a classic domain. I upgraded some months ago, removing the old PDC and BDC and migrating to an AD DC controller in a jail. This is working fine with Samba 4.4.13. Now I'm trying to add a second DC, so I created a new jail on another physical server and went on with the setup, following: >

no, it seems to work!!! i did a ldapmodify on DC2: ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f serverReference.ldif serverReference.ldif: dn: CN=SAMBA3,CN=Servers,CN=Default-First- SiteName,CN=Sites,CN=Configuration,DC=test,DC=net changetype: modify add: serverReference serverReference: CN=SAMBA3,OU=Domain Controllers,DC=test,DC=net - now the question: Why the

on DC2 in the log i found: ./source4/dsdb/common/util.c:4807: Failed to find account dn (serverReference) for CN=SAMBA3,CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configuration,DC=test,DC=net, parent of DSA with objectGUID c01a335e-1794-4997-9c7e-553be77fba04, sid S-1-5-21- 1608159440-4144762864-1017073214-18962 ../source4/rpc_server/drsuapi/updaterefs.c:374: Refusing DsReplicaUpdateRefs