similar to: ldbsearch/kerberos issue

Now I have a some time to answer, maybe a few of your questions. Am 26.02.19 um 20:59 schrieb lists via samba: > Hi, > > No replies unfortunately. Unsure why. There are still a lot of questions open and I think a lot of things have to be done. > > We searched the list, and we found little discussion on the subject of > trusts. We see occasional questions, but they are often

Thanks everybody! The sudden burst of help (both on- and offlist) is much appreciated. :-) I'll get back to my test setup next week, and try again with these new insights. MJ On 2/28/19 3:46 PM, L.P.H. van Belle via samba wrote: > Hai Maurik-Jan, > > Stefan's work can be found here, i'm reading it myself and its really good. > >

Hi, I''m trying to develop a manifest to setup a new puppet master. To solve the SSL certificates I''ve created a root CA outside of puppet, and have generated an intermediate CA for the new puppet master to use. I''ve also configured my puppetmaster daemon to use it''s own ssl directory. So the new puppetmaster is at the same time a client of the old puppet

Hi, Having read the release notes on the status of trusts within samba, we see for 4.9 > "improved support for trusted domains" but we also always see these messages: > "Both sides of the trust need to fully trust each other!" and > "DCs of domain A can grant domain admin rights in domain B" What we would like to achieve is a one-way incoming trust

Hi, No replies unfortunately. Unsure why. We searched the list, and we found little discussion on the subject of trusts. We see occasional questions, but they are often left unanswered, like this one. If someone could point us to some good up-to-date docs on trusts with samba then we would really appreciate it. We setup a test environment (one samba 4.9.4 testad2 AD, one native windows

Hi Stefan, Thanks for your input. I'll check the dns stuff. I put resolvers for both domains as primary and secondary on both machines, but I guess that's not good enough. I'll look into setting up a (query logging) dns proxy, that should tell us at least who is asking what. Any chance to share that (german) article you wrote? My german is not perfect, but good enough to

Hai Maurik-Jan, Stefan's work can be found here, i'm reading it myself and its really good.

Hi, This might not be entirely samba server related, but the problem I am experiencing is affecting a planned implementation of a new Samba Server, and from the smbmount man page, it appears that this is the recommended list to reqest help - so hopefully someone might be able to assist :-). I am running a Debian Linux machine (kernel 2.6.0) with Samba 3.0.1 which will soon be replacing an

Hi MJ, Am 28.02.2019 15:31, schrieb mj via samba: > Hi Stefan, > > Thanks for your input. I'll check the dns stuff. I put resolvers for > both domains as primary and secondary on both machines, but I guess > that's not good enough. > NO, it's not good enough ;-) Setting up a DNS-Proxy is real easy. Just a few lines :-). > I'll look into setting up a (query

Hi Stefan, others, Just to report back that things work very nicely now that DNS is using one dns proxy that resolves both AD domains. I am testing now with a 'full' two-way trust, and everyhing seemed to work, including the tests from samba-tool and from windows "domains and trusts" perspective. From an administrative point of view, the fact that your have to add

This might be a crazy idea, but it just popped into my head, and I wanted to know if it''s possible. Perhaps not possible right now, but possible in a theoretical sense. Is it possible that puppet could be modified to be used to manage switches that have a command line based interface? When I manage our Allied Telesis switches (which have a CLI similar to cisco IOS) I wonder if I could

Hi, I've spent way too many hours trying to make this work and have hit a wall. Hoping that someone can provide me with the clue that resolves this issue.... I'm unable to print from a domain connected windows XP client to our samba server, apparently due to credential/access restrictions. The Samba Server is running on Debian linux, and is version 3.0.14a. It's LDAP

Hello there. I´ve been having problems with dynamic dns update by dhcp on my samba ADDC running on CentOS 7 on an RPI2. After a while, the dhccp_dyndns.sh stops stops being able to authenticate with named. for the longest time I was stumped with this, exploring all kinds of kerberos issues, but found out that *restartint* named did resolve the issue. I have finally traced this problem down to a

I'm hoping the issue is just load balancing, but I'm not sure. I can't see to get the traffic balanced across two DCs. I ran this script on all Linux nodes to balance the traffic. #!/usr/bin/perl use strict; use warnings; my $primary_name_server; my $random = int(rand(10)); open(my $resolv_conf_fh, '< /etc/resolv.conf') or die("Unable to open /etc/resolv.conf for

Hello there. I hope I'm in the right place for some Samba AD advice. I recently added two extra ADs to a setup I inherited. Originally there was a single Samba AD with BIND9_DLS config. DHCP was separate. Subsequently I installed Samba on two Raspberry Pis to act as backup servers. Basically, I followd this set of instructions:

Hi all, I am currently struggling to remove one of our Samba4 DC from the domain. Some time ago, adding a new Samba DC to our AD did not succeed and I had to demote the new server again. After removal, replication on one of the old/existing DCs got weird. /usr/local/samba/bin/samba-tool drs showrepl gives the following: Standardname-des-ersten-Standorts\dc02 DSA Options: 0x00000001 DSA object

We are using Samba-4.1.11. I can run gpupdate /force without error on my machine. H:\>type \\dc01.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New Group Policy Object H:\>type \\dc02.mediture.dom\SysVol\mediture.dom\Policies\{77F82F0F-AE2B-42F3-B173-D42F4BEEC0BA}\gpt.ini [General] Version=65551 displayName=New

Found the problem. There is a DNS Problem on one machine. This happend because I was testing some samba AD settings in a virtual machine, without knowing that NAT isn't shielding this properly - this vm propagated the "new" IP to one of the dcs. DC04> ping DC03 gives wrong IP! This should be fixable with the samba-tool dns update? On 03/27/2015 01:14 PM, Johannes Amorosa |

Thanks Rowland, You saved me from a world of pain, I've now got named back up and running and also accessible via windows DNS GUI. the SOA record still says ns=dc03.. which is strange and the only place dc03 exists in the ouput of samba-tool dns query localhost mydomain.com @ ALL Is this something I can fix in the windows DNS GUI or do I need to do something with like FSMO ? Which btw

I tried to synchronize the sysvol folders, on two dcs. Something went wrong since yesterday we have replication problems: One machine shows this, while the other one is happy. samba-tool drs showrepl ==== INBOUND NEIGHBORS ==== DC=DomainDnsZones,DC=ourdomain,DC=com Default-First-Site-Name\DC03 via RPC DSA object GUID: af610e1a-9e3b-4cdd-a36b-c296d77a9479 Last attempt @