Displaying 20 results from an estimated 4000 matches similar to: "Problems attaching Windows server as secondary DC."
2015 May 27
1
check password script for samba 4 ad dc
I would like to bump my question
2015-05-27 10:21 GMT+03:00 Krutskikh Ivan <stein.hak at gmail.com>:
> Hmm, looks like it's not. I've just set the password for something that
> cracklib-check would argue using both ad management tools and at windows
> login. Should it work that way or I'm missing something?
>
> My dc's smb.conf:
>
> [global]
>
2016 Jan 05
3
replication fails after internal error 11 / panic
Hi,
We have three DC's, and one of them has been misbehaving a few times
lately, stopping to replicate, showing the following error in samba-tool
drs showrepl, for all DC partitions:
> DC=DomainDnsZones,DC=samba,DC=company,DC=com
> Default-First-Site-Name\DC2 via RPC
> DSA object GUID: 5e93a102-2963-496a-af16-0c51eebb2e31
> Last attempt @ Wed Nov 11 06:41:21 2015 CET
2015 May 27
2
check password script for samba 4 ad dc
Hi everyone,
A quick question: Is check password script option working for ad dc setup?
I believe, ad on it's own cannot provide password protection against
dictionaries.
2016 Jan 05
0
replication fails after internal error 11 / panic
Hai MJ, ( gelukkig nieuwjaar he .. ;-) )
First, why sernet 4.2.5 current is 4.2.7 Upgrade to 4.2.7 first i suggest.
And : Last attempt @ Wed Nov 11 <= 11 Nov ? latest really?
The "misbehaving server" check the time first.
Try to run :
knit Administrator
samba-tool drs replicate <destinationDC> <sourceDC> --full-sync -k
reboot your server, check time, check
2015 May 27
0
check password script for samba 4 ad dc
Hmm, looks like it's not. I've just set the password for something that
cracklib-check would argue using both ad management tools and at windows
login. Should it work that way or I'm missing something?
My dc's smb.conf:
[global]
workgroup = KURSK
realm = KURSK.MTT
netbios name = DEBIAN-DC
server role = active directory domain controller
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
We have 3 ADCs based on Samba-4.7.4 (compiled from source,internal DNS)/
CentOS7: dcdo1,dcnh1 and dcge1. dcge1 holds all FSMO roles. The 3 ADCs
are on different locations connected via IPSec based VPN. No traffic is
filtered out.
All 3 ADCs replicate fine except dcdo1 -->dcnh1. Symptom:
[root at dcdo1 ~]# samba-tool drs replicate dcnh1.ad.kdu.com
dcdo1.ad.kdu.com dc=ad,dc=kdu,dc=com
2017 Dec 27
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
On Wed, 27 Dec 2017 13:00:05 +0100
"Dr. Johannes-Ulrich Menzebach via samba" <samba at lists.samba.org> wrote:
> There is additional info in the logs of the source DC (dcdo1, log
> level 2, manually triggered another replication):
> ====================
> [2017/12/27 12:31:29.695121, 2]
>
2018 Apr 03
0
Renaming a joined windows workstation
Hi all.
I'm experiencing a little problem when I rename an already joined windows
machine. The rename operation is done in the traditional way "Computer
properties> advanced settings> Computer name> change" in a windows 7
Machine. The rename itself finishes successful, but when I check the
computer name in the ADUC, the old name is still displayed. Checking the
object
2017 Dec 27
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
There is additional info in the logs of the source DC (dcdo1, log level
2, manually triggered another replication):
====================
[2017/12/27 12:31:29.695121, 2]
../source4/rpc_server/drsuapi/getncchanges.c:1731(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1731: getncchanges on
DC=ad,DC=kdu,DC=com using filter (uSNChanged>=5415)
[2017/12/27
2017 Dec 27
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Rowland,
- the DN "CN=DCNH1,..." exists on all 3 DCs (pointing the Sites and
Services console to each of them).
- I also checked that "samba-tool dbcheck" completes w/o showing errors.
- the objectGUID DNS aliases of all DCs are resolvable against all 3
DCs' builtin DNS
- I forced a full sync from the FSMO holder (dcge1) to the 2 other DCs
which finished w/o errors.
-
2018 Jan 16
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi,
i have the same problem on samba 4.7.3 and 4.7.4.
I start with 2 DCs and the sync works fine. After the join of a third
DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10
times.
in my case i have:
DC1 (with any FSMO Roles)
DC2
new join as DC:
DC3
After the join, the sync from DC2 to DC3 fails.
samba-tool drs replicate dc2 dc1 dc=gvcc,dc=net : OK
samba-tool drs replicate
2018 Jan 16
4
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi,
there is no firewall, all DCs are in the same subnet.
here ist the output of a test, you can see, the CNAME guid entries in
the _msdcs can be resolved on any DC: (DC1 and DC2 are the first and
second DCs, SAMBA3 was added at last.
ldbsearch -H /srv/samba/private/sam.ldb '(invocationId=*)' --cross-ncs
objectguid
# record 1
dn: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-
2018 Jan 16
2
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Heinz,
I had exactly the same problem, and used ldbedit to apply the fix.
Thanks for digging into this!
Now I'm interested in the root cause as well ...
Uli
Am 16.01.2018 um 16:48 schrieb Heinz Hölzl via samba:
> no, it seems to work!!!
>
>
> i did a ldapmodify on DC2:
>
> ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f
> serverReference.ldif
2018 Jul 09
2
Repadmin fails when querying Samba server 4.7.6
I'm trying to fix a replication error that occurs between Win2008R2
(srvwin) and Samba 4.7.6 DCs (srvsamba).
Event viewer on Win2008R2 server reports that synchronization failed on
a specific Computer object because of schema version misalignment
between servers.
I've then used repadmin to compare failing object on the two servers.
Querying the windows server works but it fails
2018 Jul 03
1
Samba 4 AD DC on Fedora, problem with GPOs and denied security for machines
Hi,
i need help with strange problem.
I installed Fedora 28 to test Samba 4 AD DC with MIT Kerberos with
Windows 10 and Windows 7 clients and i can't run GPOs for machines.
GPOs for users works.
On Fedora 27 is the same problem.
After couple of hours changing settings I make a new installation of
Debian 9.4 and everything works "out of the box".
I set all like here:
2012 Jun 11
3
Samba4 Multi-Master replication
Hi guys,
I'm trying to get the Samba4 multi-master replication to work.
I set up the primary domain controller using this howto (under CentOS
6.2 x64):
http://wiki.samba.org/index.php/Samba4/HOWTO
I installed bind 9.8.3 and enabled encrypted dns updates.
I set up another VM with the same CentOS version and oriented myself on
this howto:
2018 Jan 16
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Hi Heinz,
> i have the same problem on samba 4.7.3 and 4.7.4.
> I start with 2 DCs and the sync works fine. After the join of a third
> DC mostly i get the WERR_DS_DRA_ACCESS_DENIED. I tested it for 10
> times.
>
> in my case i have:
> DC1 (with any FSMO Roles)
> DC2
>
> new join as DC:
> DC3
>
> After the join, the sync from DC2 to DC3 fails.
>
>
2017 May 08
2
Second DC won't start LDAP daemon
Hello.
I've got a network of FreeBSD servers which traditionally hosted a
classic domain.
I upgraded some months ago, removing the old PDC and BDC and migrating
to an AD DC controller in a jail.
This is working fine with Samba 4.4.13.
Now I'm trying to add a second DC, so I created a new jail on another
physical server and went on with the setup, following:
>
2018 Jan 16
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
no, it seems to work!!!
i did a ldapmodify on DC2:
ldapmodify -x -h dc2 -D cn=administrator,cn=users,dc=test,dc=net -W -f
serverReference.ldif
serverReference.ldif:
dn: CN=SAMBA3,CN=Servers,CN=Default-First-
SiteName,CN=Sites,CN=Configuration,DC=test,DC=net
changetype: modify
add: serverReference
serverReference: CN=SAMBA3,OU=Domain Controllers,DC=test,DC=net
-
now the question:
Why the
2018 Jan 16
0
AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
on DC2 in the log i found:
./source4/dsdb/common/util.c:4807: Failed to find account dn
(serverReference) for CN=SAMBA3,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=test,DC=net, parent of DSA with
objectGUID c01a335e-1794-4997-9c7e-553be77fba04, sid S-1-5-21-
1608159440-4144762864-1017073214-18962
../source4/rpc_server/drsuapi/updaterefs.c:374: Refusing
DsReplicaUpdateRefs